Time triggered site blocking?

jim.thornton

I've got my whole home network using pfSense as my router.  I'm having a problem with my daughter hanging out on Facebook when she is suppose to be doing other things (i.e. getting ready for bed or  homework).

I thought pfSense had this ability built in but I may be wrong.

I would like to setup specific times that specified sites will be blocked, for example, after 8pm no facebook.

Can someone help me with this please?

kalu

squid + squidguard
OR
firewall rules

squid+squidguard has problems with https sites.
there are many topics regarding it in this forum please search..

jim.thornton

@kalu:

squid + squidguard
OR
firewall rules

squid+squidguard has problems with https sites.
there are many topics regarding it in this forum please search..

Thank you for suggesting a search.  I did.  And I found the reference to Squid+Squidguard, but my understanding was that it blocks it all the time.

I only want to block it during certain times of day.  Is this possible?

wallabybob

It is possible to put a schedule in a firewall rule  (e.g. allow access to IP address a.b.c.d from 3PM to 5PM).

However I believe I have read that facebook has many IP addresses so using firewall rules for facebook could require some cunning on your part to get an exhaustive list of IP addresses to put in the firewall rule or devise an alternate plan. (If you are using pfSense DNS forwarder you could put in an override for facebook so it seems to have one IP address. For completeness you then probably should block access to DNS other than pfSense. But then someone who knows what they are doing could probably use a DNS at, say, a library to find other Facebook IP addresses and so get around these blocks.)

feadin

You could use L7 filtering. Just add a new filter for Facebook.
First make a text called facebook.pat with these contents:

# Simple L7 filter to block facebook
facebook
^.+facebook.com

Save it (I'd use UNIX line endings just in case) and upload it to the firewall into /usr/local/share/protocols/ . You can upload it using Diagnostics->Command Prompt, and then move it using the command "mv /tmp/facebook.pat /usr/local/share/protocols/" on the same page.

After that create a new L7 rule in Firewall->Traffic Shaper->Layer7 and include that filter.

Then create a new schedule in Firewall->Schedules using any time frame you like.

Lastly create a new firewall rule in the LAN interface placing it BEFORE your "default LAN to any rule". Using Pass, TCP protocol and including the schedule and L7 rules you created previously. You could limit this to a single IP if you're using static IPs or DHCP static mappings, otherwise just leave it at LAN subnet.

Wait a few sec for the filters to reload and that should be it  ;)

The regex may not be the best, it's just and example I created just now. It may block other stuff too, I didn't tested it myself.
And anyway there are ways to avoid this like using proxies and stuff like that, but it may work fine for a girl.

Hope it helps!

@jim.thornton:

I've got my whole home network using pfSense as my router.  I'm having a problem with my daughter hanging out on Facebook when she is suppose to be doing other things (i.e. getting ready for bed or  homework).

I thought pfSense had this ability built in but I may be wrong.

I would like to setup specific times that specified sites will be blocked, for example, after 8pm no facebook.

Can someone help me with this please?

jim.thornton

Thank you very much!