Time Based Content Filtering Policy

turiyain

Dear Experts,

I have installed 2.0-RC3 (i386) built on Tue Jun 21 16:50:25 EDT 2011. It is working wonderful. I have to set up a time based content filtering policy.
e.g. Want to allow facebook.com at 1:00-2:00 PM and 6:30 - 9:00 PM. I know that this can be done by proxy filter, but not getting success. Kindly guide me.

Vijay TH.

kalu

I have done that using squid & squidguard.
But the time based restriction was not working properly.

Nachtfalke

If you just want to block "facebook.com" this can be easy realized:

Create a "host" alias with "facebook.com"
Create a shedule with the times when you want to block facebook
Create a BLOCK firewall rule on your lan interface with the alias you created above as "destination IP" and scroll down and select the shedule you created

So this rule blocks traffic to facebook.com when the shedule times are active and if they are not active this rule is disabled.

PS: The alias "facebook.com" just blocks facebook.com. It does not automatically block "xyz.facebook.com" So you need to add every subdomain to the alias if you want to block them.

The other possibility is squid + squidguard but then there is the problem of tranparent and non-tranparent proxy and filter http and https sites which makes all more complicated.

Try and give feedback.

kalu

Is Custom Error Page Possible with Firewall-Alias method.

turiyain

Thanks for your kind reply. But i want to block the category "Social Networking". And i want to allow this category for limited time only, in the off time, i want to block it for my corporate users. I am using transparent proxy.

@Nachtfalke:

If you just want to block "facebook.com" this can be easy realized:

Create a "host" alias with "facebook.com"
Create a shedule with the times when you want to block facebook
Create a BLOCK firewall rule on your lan interface with the alias you created above as "destination IP" and scroll down and select the shedule you created

So this rule blocks traffic to facebook.com when the shedule times are active and if they are not active this rule is disabled.

PS: The alias "facebook.com" just blocks facebook.com. It does not automatically block "xyz.facebook.com" So you need to add every subdomain to the alias if you want to block them.

The other possibility is squid + squidguard but then there is the problem of tranparent and non-tranparent proxy and filter http and https sites which makes all more complicated.

Try and give feedback.

kalu

This is what i did,
But it's blocking sometimes. And sometimes it's allowing.

1. Logged into the router
2. Firewall-Aliases
       (Created Aliases with type -hosts and added www.facebook.com , facebook.com , www.fb.com, fb.com
3. Firewall-Rules
       (Created a Rule on LAN Interface, Action-Block, Protocol-any, single host or alist-<mytestip>, Destination Single host or alias and selected the created alias. move the rule to second top after anti lock our rule.
   saved everything.</mytestip>

It worked..
I was happy…
after an hour i tried.. i was able to browse facebook. while i was browsing it again blocked after few minutes.
so it's acting funny.
Did i miss something important
Thanks
kalu

kalu

also i reset the firewall state
:)

turiyain

Will you share the screenshot of Alias Page & Rule.

@kalu:

This is what i did,
But it's blocking sometimes. And sometimes it's allowing.

1. Logged into the router
2. Firewall-Aliases
       (Created Aliases with type -hosts and added www.facebook.com , facebook.com , www.fb.com, fb.com
3. Firewall-Rules
       (Created a Rule on LAN Interface, Action-Block, Protocol-any, single host or alist-<mytestip>, Destination Single host or alias and selected the created alias. move the rule to second top after anti lock our rule.
   saved everything.</mytestip>

It worked..
I was happy…
after an hour i tried.. i was able to browse facebook. while i was browsing it again blocked after few minutes.
so it's acting funny.
Did i miss something important
Thanks
kalu

kalu

here are my screen shots

alias

rules

kalu

by the way i'm using

2.1-DEVELOPMENT (i386)
built on Wed May 2 08:30:27 EDT 2012
FreeBSD 8.3-RELEASE

so i'm not quite sure the menus and features are exactly same or not.
thanks

turiyain

I have followed this thread: http://forum.pfsense.org/index.php/topic,46324.0.html. Every thing is working very nice. May be this is the right way to do it.

Really pfSense is having great sense.

kalu

please let us know.
if the schedule based blocking is also working.
Thanks
kalu

turiyain

Yes it is working perfectly. I have implemented it, in my office.

@kalu:

please let us know.
if the schedule based blocking is also working.
Thanks
kalu

kalu

oh that's great.
could you please let us know your
pfsene, squid and squidguard version information ?

turiyain

The information is given below:

Version 2.0-RC3 (i386)
built on Tue Jun 21 16:50:25 EDT 2011

Ask if you need any other detail.

Regards,

VJ@@@//

@kalu:

oh that's great.
could you please let us know your
pfsene, squid and squidguard version information ?

kalu

@turiyain:

The information is given below:

Version 2.0-RC3 (i386)
built on Tue Jun 21 16:50:25 EDT 2011

Ask if you need any other detail.

Regards,

VJ@@@//

@kalu:

oh that's great.
could you please let us know your
pfsene, squid and squidguard version information ?

oh yes. please tell me your squid and squidguard version.
Thanks