Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Time triggered site blocking?

    General pfSense Questions
    4
    6
    3443
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jim.thornton last edited by

      I've got my whole home network using pfSense as my router.  I'm having a problem with my daughter hanging out on Facebook when she is suppose to be doing other things (i.e. getting ready for bed or  homework).

      I thought pfSense had this ability built in but I may be wrong.

      I would like to setup specific times that specified sites will be blocked, for example, after 8pm no facebook.

      Can someone help me with this please?

      1 Reply Last reply Reply Quote 0
      • K
        kalu last edited by

        squid + squidguard
        OR
        firewall rules

        squid+squidguard has problems with https sites.
        there are many topics regarding it in this forum please search..

        1 Reply Last reply Reply Quote 0
        • J
          jim.thornton last edited by

          @kalu:

          squid + squidguard
          OR
          firewall rules

          squid+squidguard has problems with https sites.
          there are many topics regarding it in this forum please search..

          Thank you for suggesting a search.  I did.  And I found the reference to Squid+Squidguard, but my understanding was that it blocks it all the time.

          I only want to block it during certain times of day.  Is this possible?

          1 Reply Last reply Reply Quote 0
          • W
            wallabybob last edited by

            It is possible to put a schedule in a firewall rule  (e.g. allow access to IP address a.b.c.d from 3PM to 5PM).

            However I believe I have read that facebook has many IP addresses so using firewall rules for facebook could require some cunning on your part to get an exhaustive list of IP addresses to put in the firewall rule or devise an alternate plan. (If you are using pfSense DNS forwarder you could put in an override for facebook so it seems to have one IP address. For completeness you then probably should block access to DNS other than pfSense. But then someone who knows what they are doing could probably use a DNS at, say, a library to find other Facebook IP addresses and so get around these blocks.)

            1 Reply Last reply Reply Quote 0
            • F
              feadin last edited by

              You could use L7 filtering. Just add a new filter for Facebook.
              First make a text called facebook.pat with these contents:

              # Simple L7 filter to block facebook
              facebook
              ^.+facebook.com
              
              

              Save it (I'd use UNIX line endings just in case) and upload it to the firewall into /usr/local/share/protocols/ . You can upload it using Diagnostics->Command Prompt, and then move it using the command "mv /tmp/facebook.pat /usr/local/share/protocols/" on the same page.

              After that create a new L7 rule in Firewall->Traffic Shaper->Layer7 and include that filter.

              Then create a new schedule in Firewall->Schedules using any time frame you like.

              Lastly create a new firewall rule in the LAN interface placing it BEFORE your "default LAN to any rule". Using Pass, TCP protocol and including the schedule and L7 rules you created previously. You could limit this to a single IP if you're using static IPs or DHCP static mappings, otherwise just leave it at LAN subnet.

              Wait a few sec for the filters to reload and that should be it  ;)

              The regex may not be the best, it's just and example I created just now. It may block other stuff too, I didn't tested it myself.
              And anyway there are ways to avoid this like using proxies and stuff like that, but it may work fine for a girl.

              Hope it helps!

              @jim.thornton:

              I've got my whole home network using pfSense as my router.  I'm having a problem with my daughter hanging out on Facebook when she is suppose to be doing other things (i.e. getting ready for bed or  homework).

              I thought pfSense had this ability built in but I may be wrong.

              I would like to setup specific times that specified sites will be blocked, for example, after 8pm no facebook.

              Can someone help me with this please?

              1 Reply Last reply Reply Quote 0
              • J
                jim.thornton last edited by

                Thank you very much!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy