{Complete} Timebased Rules



  • Hello Everyone,
    i need timebased Rules native, not with captive Portal or other accessories.

    Timebased Rules as a Astaro Firewall is OK.

    I would pay 1000 € -2000 € for this feature.

    Greetings from Germany
    Heiko

    P.S: Attend to my words, not in one year….......



  • Okay now you have my attention.

    Can you please outline the spec that are wishing for this?

    Please spend a moment and spell it out so there is no confusion.



  • Hello Scott,
    i´m  German and excuse me for me bad english…..

    The Situaion:

    I have 30 Firewalls up over Germany, Suisse and Russia. The locations are send there packets to the established ipsec-tunnel.
    Now i need an ruleset, which can timebased active. So, i create a rule and set the acitvitiy to 8:00- 21:00 After 21.00 the rule is beeing deactivated.

    Thanks
    Heiko



  • Okay that is fair.

    Just so there are no second guessing, you specified a range of euros.  Can you please specify a final amount so that there are no guessing games later on in the bounty?

    Also, how flexible do you want the rules? 
    Being able to specify ranges? 
    Multiple on / off times per day?

    Do you have an example of another product that has this implemented where I can take a look at the GUI?



  • Hello Scott,
    now i go bed, i will send you the information….
    Greetings
    Heiko



  • I started working on a possible solution for time based rules a little bit ago. I didn't finish it, but it is started. I have a lot of experience with other firewalls and their rule schedules so I could help out as well if you want Scott.



  • Hello Scott,

    1500 €. That´s ist. OK? But i need an invoice, is this possible?

    Also, how flexible do you want the rules?
    –> as flexible as it gets :)

    Being able to specify ranges?
    --> Yes, time range for example 10:00 - 21:00 = ON , after 21:00 Autooff

    Multiple on / off times per day?

    --> I think so, Yes, because astaro for example can one event per rule.

    For example you can go to my astarotestbox in vmware. --> https://astarov7.ath.cx:61003 (user: admin pw: pfsense)
    Under the definition tab you will find the "time events". Here you can specify time events as ranges for different days. Under the Network Security Tab you can specify different rules with one time event.

    I think one time event ist not enough per rule, but i can live with one.....
    The time events must apply for all rules in pfsense, LAN, WAN, IPSEC and so on.....

    With very special greetings from Germany
    Heiko



  • I forget, on the astarobox the keyboard layout is german. All right??



  • Okay, I will review the Astaro solution.

    sdale:  Fine with me, we can split the bounty.



  • @sullrich:

    Okay, I will review the Astaro solution.

    sdale:  Fine with me, we can split the bounty.

    Ok, I'll get with you in IRC and we can discuss.



  • My idea for the schedules is this:

    They will function very similar to aliases. Using cron we can do this.

    You will be able to create multiple Schedules. Underneath these schedules you will be able to add multiple time ranges. These time ranges can be to run on a certain date, day(s), or repeat weekly.

    I'll be posting screenshots soon.



  • Hello,
    do you need ssh to the astarotestbox? cron etc.
    Greetings
    Heiko



  • No, I think we will be ok. Here are some screens.


    What you see above is in progress. It does not work right now as most of the coding behind the scenes has yet to be completed.

    Note: The day selected in Dark red is the day selected by the user, and then the light red days are the repeating days due to the checkbox being selected.



  • Hello,
    really nice. What is when i want a schedule not for days of months, but rather a schedule for "always".

    –> for example: 21:00 - 23:59 - not for a special day in the january -- for example from the year 2005 to 2008 or always.

    Can i place multiple schedules to one rule?

    Otherwise, i´m hooked.

    The little bit coding behind is still a child´s play for you and scott, so certainly done in a few hours, i think..... :)

    Greetings from Germany
    Heiko



  • I think there need to be weekly returning schedules as well, like blocking access on every weekend for example (or is that that small checkbox below the calender?). The screenshots cover vacation times or similiar which might be needed as well. Besides that it looks very nice  :)



  • Hallo,
    ja das soll so sein, halt wie bei Astaro, nur etwas besser. Wochenende Wiederholungen sind Pflicht, nicht Kür.

    Hello,

    yes, the specs should be same as the astaro, Weekend´s repeats is nice and also duty…. not freestyle, i think :)
    Greetings
    Heiko



  • Hello,
    now i set the bounty to 1800 € (i need an invoice)
    Greetings
    Heiko



  • Thanks for the comments all. Here's how the schedules will work.

    You'll create a schedule in the Firewall Schedules area. This schedule will basically be an object holder for the time ranges. Then you go to each rule you want to use this schedule and select this schedule. Based upon the rule, the rule will be active during the time ranges specified in this schedule object.

    So here's an example setup.

    Let's say you create a schedule object named 'Schedule1', and in this schedule you add the time ranges: Mon-Fri 8am-5pm.
    Next you will edit each of the firewall rules that you want to use this schedule. When a firewall rule has been set to use this schedule, the rule will only be active during the time range specified (Mon-Fri 8am-5pm). So if the rule is to Allow Web traffic from LAN>WAN, then this rule will allow Web traffic from LAN>WAN during Mon-Fri, 8am-5pm.

    I haven't had a whole lot of time to work on it this weekend since I'm having to work, but this week I will have more time to play with it.

    This is of course all up for debate and discussion. Nothing is set in stone :).



  • That´s OK, but what is with the repeated weekend´s for example?

    I need a production solution in two or three weeks…..

    Greetings
    Heiko :)



  • I don't forsee any problem having this done in two weeks. BTW the schedules can be repeating in any sort of way. If you need a repeating schedule for Mon, Wed, and Thurs, it can be done. Any combination can be done. I plan on having a working demo within the next few days and then give you access to it and see if it suits your needs. First Scott and I have to get together and figure out how we're going to take care of the backend of this. :)



  • OK, that´s fine
    Greetings
    Heiko



  • We will not have a problem providing an invoice.  We have a new company that is 99% formed to handle these items.



  • @sdale:

    I don't forsee any problem having this done in two weeks. BTW the schedules can be repeating in any sort of way. If you need a repeating schedule for Mon, Wed, and Thurs, it can be done. Any combination can be done. I plan on having a working demo within the next few days and then give you access to it and see if it suits your needs. First Scott and I have to get together and figure out how we're going to take care of the backend of this. :)

    Let's get together tomorrow if you will have some time.  I should be able to handle the backend code if you want to tackle the GUI.

    BTW: Is that date/time picker reused from the date/time picker that we already have?



  • Will do. No the date time is not reused, I wasn't aware we had a widget for this purpose. I'll look into that.



  • @sullrich:

    BTW: Is that date/time picker reused from the date/time picker that we already have?

    Are you referring to the date time picker thats used in the user manager for captive portal?



  • Yes, that's the one scott is talking about. However, something more interactive would be nice (like "drawing" the date/time matrix) if possible to cover a weekly schedule for example with just one "drawing" instead of clicking through all the days and setting times for each one. Makes creating schedules more fast.  ;)



  • Ok I thought so. I agree Hoba, that calendar widget is not flexible enough for the needs of this project.



  • sdale and myself have started on the project.

    Please contact me at sullrich@gmail.com so we can arrange half of the payment up front.

    Thanks!



  • Hello,

    i will send you an email in a few minutes with the essential information.

    Greetings
    Heiko



  • Hello,
    do you need any longer my astarotestbox. Otherwise i kill the port…

    Greetings
    Heiko



  • No we don't need access any longer. Thanks for opening it.



  • Hello,
    nice to know
    Greetings
    Heiko



  • Hi Scott,

    yesterday, i sent you an email with the essential information. Did you received this e-mail??

    Greetings
    Heiko



  • Most likely he did. He is currently sick and is not checking his email regularly. He hopes to be better by tomorrow. Expect a reply sometime tomorrow. I'll keep you updated.



  • Sorry, I did receive the email and I am catching back up (2+ pages of forum threads + 20+ gmail threads).  Will be in contact very soon.



  • Hi Scott,
    Did you receive my last e-mail? Did you forget me??  :'(

    Greettings
    Heiko



  • No, I have been sick all week.  Your on the top of my list.



  • Hi Scott,
    Get well soon! Thanks and Greetings from Switzerland.
    Heiko



  • Hi sdale, Hi scott,

    i have send an email. Please verify.

    Sdale –> you must update your paypal account as soon as possible.

    Greetings
    Heiko



  • I received it, thanks!  Now we just need to get Scott's paypal fixed.


Log in to reply