Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Blocking scheduling not quite working

    Scheduled Pinned Locked Moved Firewalling
    16 Posts 4 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GertjanG
      Gertjan
      last edited by

      👍

      So, it seems @heper is right.
      Make the first two rules allow rules for "AlexanderDevices" - these two will be scheduled.
      Add a new rule after these two, and make this one blocking "AlexanderDevices" all time time (not scheduled).

      See, for example, https://forum.netgate.com/topic/92932/schedules-for-rules-want-to-reset-states-just-before-blocking/4

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      1 Reply Last reply Reply Quote 1
      • T
        Techsanity
        last edited by

        Ok, I will have to change this later after work. I had set this up this way just because I had found a “guide” that set it up this way.

        1 Reply Last reply Reply Quote 0
        • T
          Techsanity
          last edited by

          so it should be like this then? do I need to make any changes to the "Default allow LAN to any rule"?
          0_1535402254598_Screen Shot 2018-08-27 at 4.36.34 PM.png

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by

            Looks better.
            As soon as Alex goes outside the schedule, he'll be hitting rule "3", the wall ....

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • T
              Techsanity
              last edited by Techsanity

              ok, well its after 8pm and my son was still sitting on his computer playing roblox. So I am now confused as to how he is continuing to have internet access.
              I went into his room and he shut his computer off, so i turned it back on and tried to access the internet and could not.
              He says it only works if he goes into a roblox game before 8pm, then he can continue to play after the 8pm cut off.

              1 Reply Last reply Reply Quote 0
              • GrimsonG
                Grimson Banned
                last edited by

                https://redmine.pfsense.org/issues/8820

                T 1 Reply Last reply Reply Quote 0
                • T
                  Techsanity @Grimson
                  last edited by Techsanity

                  @grimson so basically my son has found a bug and is exploiting it... pfSense FAIL 👎
                  and it seems they don't care to fix this bug with any definite time line.

                  1 Reply Last reply Reply Quote 0
                  • GertjanG
                    Gertjan
                    last edited by Gertjan

                    ☹

                    Still, you haven't said your last word.
                    According to https://redmine.pfsense.org/issues/8820 checkout the last post here :
                    https://forum.netgate.com/topic/69331/scheduled-blocks-won-t-work-without-manual-states-reset/61

                    Use the cron package.
                    If you have all the MAC address of Alex's devices, give them static DHCP IP addresses, this way you will know his IP addresses.
                    Then, with a cron rule you can force to flush the states table.

                    edit : I have a wired PC called "left". It has both an DHCP static IPv4 and IPv6.
                    I killed all states for PC "left" : 2001:470:1f13:5c0:2::c7 and 192.168.1.7
                    Placed a block rule that blocks "left". And just above a scheduled rule for PC "left" that gives access between 10h30 and 10h45 every day.
                    I executed "pfctl " by hand, but it is easy to create a cron rule that kills all states for an IPv4 (and IPv6) each day at 10h45 every day (make that 10h46 ;) ).

                    Results : my PC was blocked before 10h30.
                    The PC "left" regained access between 10h30 and 10h45
                    When the clocks showed 10h45, I executed

                    /sbin/pfctl -k 192.168.1.7
                    /sbin/pfctl -k 2001:470:1f13:5c0:2::c7
                    

                    Worked for me.

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    1 Reply Last reply Reply Quote 1
                    • T
                      Techsanity
                      last edited by Techsanity

                      does this look right?
                      0_1535450703661_Screen Shot 2018-08-28 at 6.02.30 AM.png

                      1 Reply Last reply Reply Quote 0
                      • GertjanG
                        Gertjan
                        last edited by

                        I guess so.

                        Keep in mind that you only need to flush states when you want to break present connections == at the end of the authorized scheduled time.
                        The IP should be the one that "Alex" is using.

                        Never wonder if something works. You should proof it to yourself. Like : use you own smartphone ** - look up it's IP, introduce some rules and a scheduled time, and test drive, see if what you see is what you want to see.
                        If it works for an "IP", it also works for another IP.

                        ** or any other networked device you have.

                        No "help me" PM's please. Use the forum, the community will thank you.
                        Edit : and where are the logs ??

                        T 1 Reply Last reply Reply Quote 0
                        • T
                          Techsanity @Gertjan
                          last edited by Techsanity

                          @gertjan I guess my question was more if the “day” was correct. I have the times set for 8:01pm Monday-Thursday and Sunday and then for 11:01pm Friday & Saturday
                          But it showed in putting numbers for the days

                          1 Reply Last reply Reply Quote 0
                          • GertjanG
                            Gertjan
                            last edited by Gertjan

                            Checkout : Status => System Logs => System General

                            Enter console mode or SSH access, goto god mode (option 8) and type

                            logger hello there !!!
                            

                            Refresh the Status => System Logs => System General page.
                            You will see this :

                            0_1535464081309_7a4971a9-9f9d-494a-9ba7-89099c22cd23-image.png

                            Use this to check (== logger command) that you obtain the result that you expect. In your case : double both cron rules (== one for the start and one for the end of the schedule) with a "logger Alex may go ahead ...." and "logger Alex shutting down ....."
                            Now, you only have to look at your log to see if the commands executed when you want them to execute ;)

                            Btw : I'm not a cron expert, I'm using the trail and error method which always gives the wanted result.

                            No "help me" PM's please. Use the forum, the community will thank you.
                            Edit : and where are the logs ??

                            1 Reply Last reply Reply Quote 1
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.