Limit Internet to certain times

VioletDragon

Hi folks,

So i've been installing a networking for a family member with a pfSense Firewall. I have configured VLANs and filtering for the kids Network that is used for connecting to Tablets / iPads however I am wondering if its possible to configure time and duration of internet access to watch Disney+ ? lets say an hour in the morning and an hour in the evenings.

I was looking at Time based rules.

Regards

nimrod

@VioletDragon

Just create a block rule that blocks traffic for a specified IP or interface. Then create another firewall rule that allows traffic for that same interface or IP and place it before block rule. Create a schedule and specify time when you want to allow access, and assign that schedule to to a pass rule.

This way, when the schedule kicks in at the specified time. Pass rule is activated. When the scheduled time passes, pass rule is deactivated and block rule takes over.

VioletDragon

@nimrod Great thank you, so what I was looking at is correct then.

Regards

Phizix

@VioletDragon,

The only caveat is that states that already exist before the block rule starts will continue to connect.

I did this for my kids when they were a little younger. They would continue to play their games (like Roblox) long after the block rule took effect.

I ended up having to have a cron item that turned on the block and then killed all states on the firewall.

The good news is that it worked to stop the kids from playing games after hours. The bad news is that if you are doing something on a website not blocked it kills your state too and you have to reconnect.

Phizix

nimrod

@Phizix said in Limit Internet to certain times:

@VioletDragon,

The only caveat is that states that already exist before the block rule starts will continue to connect.

I did this for my kids when they were a little younger. They would continue to play their games (like Roblox) long after the block rule took effect.

I ended up having to have a cron item that turned on the block and then killed all states on the firewall.

The good news is that it worked to stop the kids from playing games after hours. The bad news is that if you are doing something on a website not blocked it kills your state too and you have to reconnect.

Phizix

System / Advanced / Miscellaneous

JeGr

@Phizix said in Limit Internet to certain times:

The only caveat is that states that already exist before the block rule starts will continue to connect.

I did this for my kids when they were a little younger. They would continue to play their games (like Roblox) long after the block rule took effect.

I ended up having to have a cron item that turned on the block and then killed all states on the firewall.

The good news is that it worked to stop the kids from playing games after hours. The bad news is that if you are doing something on a website not blocked it kills your state too and you have to reconnect.

That is only/mostly then, when you did the rule logic the wrong way around. I hope I don't get it mixed up myself now as it's a bit since I did schedule rules, but it comes to this:

The state comment is absolutely on point and the case, why your rule wasn't working after it became active. If you do a blocking rule on a schedule that happens in that way. If you turn it around and do a REJECT rule for the specific traffic and BEFORE that put an allow rule with the schedule attached, that should work without any hacks, because it works like this:

• reject is the default without the schedule so all packets are blocked, no state is created
• schedule becomes active
• activated pass rule matches traffic, creating a state
• traffic works (kids can play)
• the time arrives when the schedule is disabling the rule
• rule will be deactivated and ALL states, that are attached to that rule(!) are killed
• playtime is over, traffic should cease
• rinse and repeat

the important bit is: block/reject rules can't have active states as they don't allow traffic, so if you do a scheduled block, the effect is exactly like described: kids can continue playing long after the schedule activates.
But: if you allow the traffic via a scheduled rule and have a block/reject rule directly afterwards for that specific traffic, then the scheduled rule has states attached, thus they can be cancelled out after the schedule expires and you don't have to use hacky crons to kill all states :)

Hope that clears things up :)

Cheers
\jens

Phizix

@nimrod

Cool! When I first did this, the option you showed did not exist. I have not tried this since they are grown now and I don't limit internet this way.

Phizix