Blocking interface by time [solved]



  • i have a pfsense  box up and running and so far things are working the right way

    question i have is there a way to block a interface by time

    EG: have a kidssubnet and i want to have control when they can go on the Internet
         say after school and after supper say between 4pm and 7pm and on weekends
         after lunch time until 2pm

    is this possible ?



  • yes and no

    You can define schedule and you can schedule rules. and if you schedule every single rule on kidssubnet you should achieve what you desire



  • couldn't you just schedule a block all to all rule to activate when the kids should be locked out and putt it first on the list?



  • @johan.helin:

    couldn't you just schedule a block all to all rule to activate when the kids should be locked out and putt it first on the list?

    This sounds good.

    Create a BLOCK any to any rule on top of all other rules you created and then shedule this rule. SO you will be flexible with your other rules if you only want to allow some ports/ips and not in general any.



  • Like this:




  • yes like that



  • @johan.helin:

    Like this:

    Yes, thats correct.
    But I think I found a little missconfiguration on your second rule with destination port "80 - 443". I am not sure but I think you only want to block webGUI access on port 80 (http) or port 443 (https). But what your rule does is blocking the port range from 80 to 443.

    Better create an Port-Alias with port 80,443 and 22 (ssh) and then put this alias as "Destination port" in your firewall rule.



  • thanks ;D that is what i want.


Locked