Blocking interface by time [solved]

pcbosrders · Aug 15, 2011, 4:41 PM

i have a pfsense box up and running and so far things are working the right way

question i have is there a way to block a interface by time

EG: have a kidssubnet and i want to have control when they can go on the Internet
say after school and after supper say between 4pm and 7pm and on weekends
after lunch time until 2pm

is this possible ?

Metu69salemi · Aug 15, 2011, 1:51 PM

yes and no

You can define schedule and you can schedule rules. and if you schedule every single rule on kidssubnet you should achieve what you desire

johan.helin · Aug 15, 2011, 2:20 PM

couldn't you just schedule a block all to all rule to activate when the kids should be locked out and putt it first on the list?

Nachtfalke · Aug 15, 2011, 2:23 PM

@johan.helin:

couldn't you just schedule a block all to all rule to activate when the kids should be locked out and putt it first on the list?

This sounds good.

Create a BLOCK any to any rule on top of all other rules you created and then shedule this rule. SO you will be flexible with your other rules if you only want to allow some ports/ips and not in general any.

johan.helin · Aug 15, 2011, 2:26 PM

Like this:

Metu69salemi · Aug 15, 2011, 3:54 PM

yes like that

Nachtfalke · Aug 15, 2011, 4:08 PM

@johan.helin:

Like this:

Yes, thats correct.
But I think I found a little missconfiguration on your second rule with destination port "80 - 443". I am not sure but I think you only want to block webGUI access on port 80 (http) or port 443 (https). But what your rule does is blocking the port range from 80 to 443.

Better create an Port-Alias with port 80,443 and 22 (ssh) and then put this alias as "Destination port" in your firewall rule.

pcbosrders · Aug 15, 2011, 4:40 PM

thanks ;D that is what i want.