Schedule - Time rules



  • I'm not really all that familiar with this option; what tasks is this option useful for?  I guess it doesn't seem useful, since I don't understand it's purpose.  Can someone explain a simple senario or something?

    Thanks.



  • its for time based rules

    so if you have a pfsense firewall on youre office
    you can give access to the internet from mo-vr from 08-17 uhr
    and block the access the other day's and times



  • Time based rules are meant to make like easier for admins. You can use them to automatically enable/disable rules at a given time. This can be useful say if you work for a company and you want to allow web traffic outbound only during the time of 8am-5pm monday through friday. Instead of the admin having to log into the firewall each morning and afternoon and enable/disable a rule to allow web traffic, the admin can create a time based rule to automatically enable/disable the rule for the specified time ranges.



  • for example RDP-Sessions 3389 to Citrix/Terminalserver from 8:00am to 17:00am from Monday to Friday.



  • :)  Ahhh… okay, so it's not some sort of parental control option for only allowing certain machines full access while limiting others.  That brings up an idea; does pfSense have a grouping option to associate firewall rules to a group of computers instead of setting up rules for separate machines?  Then you can manage your permissions by rule instead of making a rule for each machine.  I think that might be useful, but I'm guessing someone has already asked that question, and there is probably an option like that available already.
    This all probably sound dumb; I'm a little tired and may not be thinking all that clearly.  I even went through all the firewall settings looking for something similar; is there anything?

    Thanks for answering my first question.  That does make sense to have; it was a good idea.



  • Okay… Correct me if I'm wrong, but it looks as though I could do firewall limiting, but setting up a virtual ip for a group of system ip's and assign a firewall rule to the virtual ip.  I can then add or remove ips to the virtual ip to limit those systems.  I think that makes sense to me, but I'm still not quite with it.  If this is possible, then I need to setup CARP.



  • @mentalhemroids:

    :)  Ahhh… okay, so it's not some sort of parental control option for only allowing certain machines full access while limiting others.  That brings up an idea; does pfSense have a grouping option to associate firewall rules to a group of computers instead of setting up rules for separate machines?  Then you can manage your permissions by rule instead of making a rule for each machine.  I think that might be useful, but I'm guessing someone has already asked that question, and there is probably an option like that available already.
    This all probably sound dumb; I'm a little tired and may not be thinking all that clearly.  I even went through all the firewall settings looking for something similar; is there anything?

    Thanks for answering my first question.  That does make sense to have; it was a good idea.

    Aliases work as they do with firewall rules and nat rules.


Log in to reply