{Complete} Timebased Rules
-
Hello Scott,
i´m German and excuse me for me bad english…..The Situaion:
I have 30 Firewalls up over Germany, Suisse and Russia. The locations are send there packets to the established ipsec-tunnel.
Now i need an ruleset, which can timebased active. So, i create a rule and set the acitvitiy to 8:00- 21:00 After 21.00 the rule is beeing deactivated.Thanks
Heiko -
Okay that is fair.
Just so there are no second guessing, you specified a range of euros. Can you please specify a final amount so that there are no guessing games later on in the bounty?
Also, how flexible do you want the rules?
Being able to specify ranges?
Multiple on / off times per day?Do you have an example of another product that has this implemented where I can take a look at the GUI?
-
Hello Scott,
now i go bed, i will send you the information….
Greetings
Heiko -
I started working on a possible solution for time based rules a little bit ago. I didn't finish it, but it is started. I have a lot of experience with other firewalls and their rule schedules so I could help out as well if you want Scott.
-
Hello Scott,
1500 €. That´s ist. OK? But i need an invoice, is this possible?
Also, how flexible do you want the rules?
–> as flexible as it gets :)Being able to specify ranges?
--> Yes, time range for example 10:00 - 21:00 = ON , after 21:00 AutooffMultiple on / off times per day?
--> I think so, Yes, because astaro for example can one event per rule.
For example you can go to my astarotestbox in vmware. --> https://astarov7.ath.cx:61003 (user: admin pw: pfsense)
Under the definition tab you will find the "time events". Here you can specify time events as ranges for different days. Under the Network Security Tab you can specify different rules with one time event.I think one time event ist not enough per rule, but i can live with one.....
The time events must apply for all rules in pfsense, LAN, WAN, IPSEC and so on.....With very special greetings from Germany
Heiko -
I forget, on the astarobox the keyboard layout is german. All right??
-
Okay, I will review the Astaro solution.
sdale: Fine with me, we can split the bounty.
-
Okay, I will review the Astaro solution.
sdale: Fine with me, we can split the bounty.
Ok, I'll get with you in IRC and we can discuss.
-
My idea for the schedules is this:
They will function very similar to aliases. Using cron we can do this.
You will be able to create multiple Schedules. Underneath these schedules you will be able to add multiple time ranges. These time ranges can be to run on a certain date, day(s), or repeat weekly.
I'll be posting screenshots soon.
-
Hello,
do you need ssh to the astarotestbox? cron etc.
Greetings
Heiko -
No, I think we will be ok. Here are some screens.
What you see above is in progress. It does not work right now as most of the coding behind the scenes has yet to be completed.
Note: The day selected in Dark red is the day selected by the user, and then the light red days are the repeating days due to the checkbox being selected.
-
Hello,
really nice. What is when i want a schedule not for days of months, but rather a schedule for "always".–> for example: 21:00 - 23:59 - not for a special day in the january -- for example from the year 2005 to 2008 or always.
Can i place multiple schedules to one rule?
Otherwise, i´m hooked.
The little bit coding behind is still a child´s play for you and scott, so certainly done in a few hours, i think..... :)
Greetings from Germany
Heiko -
I think there need to be weekly returning schedules as well, like blocking access on every weekend for example (or is that that small checkbox below the calender?). The screenshots cover vacation times or similiar which might be needed as well. Besides that it looks very nice :)
-
Hallo,
ja das soll so sein, halt wie bei Astaro, nur etwas besser. Wochenende Wiederholungen sind Pflicht, nicht Kür.Hello,
yes, the specs should be same as the astaro, Weekend´s repeats is nice and also duty…. not freestyle, i think :)
Greetings
Heiko -
Hello,
now i set the bounty to 1800 € (i need an invoice)
Greetings
Heiko -
Thanks for the comments all. Here's how the schedules will work.
You'll create a schedule in the Firewall Schedules area. This schedule will basically be an object holder for the time ranges. Then you go to each rule you want to use this schedule and select this schedule. Based upon the rule, the rule will be active during the time ranges specified in this schedule object.
So here's an example setup.
Let's say you create a schedule object named 'Schedule1', and in this schedule you add the time ranges: Mon-Fri 8am-5pm.
Next you will edit each of the firewall rules that you want to use this schedule. When a firewall rule has been set to use this schedule, the rule will only be active during the time range specified (Mon-Fri 8am-5pm). So if the rule is to Allow Web traffic from LAN>WAN, then this rule will allow Web traffic from LAN>WAN during Mon-Fri, 8am-5pm.I haven't had a whole lot of time to work on it this weekend since I'm having to work, but this week I will have more time to play with it.
This is of course all up for debate and discussion. Nothing is set in stone :).
-
That´s OK, but what is with the repeated weekend´s for example?
I need a production solution in two or three weeks…..
Greetings
Heiko :) -
I don't forsee any problem having this done in two weeks. BTW the schedules can be repeating in any sort of way. If you need a repeating schedule for Mon, Wed, and Thurs, it can be done. Any combination can be done. I plan on having a working demo within the next few days and then give you access to it and see if it suits your needs. First Scott and I have to get together and figure out how we're going to take care of the backend of this. :)
-
OK, that´s fine
Greetings
Heiko -
We will not have a problem providing an invoice. We have a new company that is 99% formed to handle these items.