Need to create a rule to block certain sites during the weekdays and allow them during the weekend
-
Greetings Experts,
I am looking to create a rule to block access to certain websites on a schedule and/or manually enable/disable access when needed.
For instance:
Need to be able to block access to certain gaming sites during schoolweek and only allow access during weekends but would also like to be able to manually enable rule when kids get grounded. I have one who likes to get out of bed at 3am to play and then walk around cranky and grouchy all day for lack of sleep. If he has physical access, he WILL access the sites so they need to be blocked to prevent access.This was a simple matter with the old Netgear router but with pfSense it seems to be buried.
Does this ask make sense or do you need me to provide more info?
Also, how does one use the "object group" concept to add the IP's of several sites (or the multiple IP's of one site) to a single firewall rule instead of one rule one IP? The IP's are not in the same subnet and cannot be summarized.
Thanks in advance!
-
I personally block per device using a schedule and firewall rules. Meaning I have all their IP addresses for all their devices setup in allow rules and then i have one rule that is a deny rule. So once the allow rule expires then the firewall goes on down the list to find something that matches the traffic and hits the deny rule. It seems to be working out well for me except its allowing existing connections to stay active after the pass rule deactivates. New connections are denied though.
To make sure my devices have the same IP every time, I have my DHCP server to assign an IP based upon MAC address if provided. So that covers iPhones, iPads, and other things that dont allow for manual IP address configuration.
To block certain sites though thats a bit difficult. SquidGuard may be your friend there. I havent looked much into SquidGuard but a lot of sites use HTTPS. Google and youtube are great examples of sites that are going encrypted. You cant, at least the last time i checked, use a Squid proxy server passively (catching all traffic by default and filtering) when using SSL. If you want it to block sites that are using SSL then your devices must have an SSL certificate installed on each device provided by whatever server is filtering it (assuming your squidguard server on pfsense). That can get kinda complicated.
-
You can use schedules in squidguard.
You can prevent access to https sites without SSL MITM but you can't give the users a pretty denied page. The connections just break. This is peek/splice and works by looking at the SNI in the initial connection.
https://www.youtube.com/watch?v=xm_wEezrWf4
