Need help using pfsense to schedule access to websites



  • I am new with pfsense how I can achieved this…

    I have 10 clients, 5 clients will have full access on the internet no restrictions.
    The other 5 client can access the internet except social media like facebook, twitter, youtube. They can only access this website on schedule from 12noon to 1pm

    I have installed pfsense 2.0.3
    Installed packages SQUID and SQUID GUARD

    Hope some one can give me step by step procedure :)

    Thanks in advance



  • There are multiple ways that you can accomplish what you want. I'll list some of the options, but let's address first things first. The first issue is "how do you identify the clients that have time restrictions?". The simplest and most obvious way is to assign them specific IP addresses based on the client MAC address. However, if they can switch to other machines and you still expect the restrictions to apply, you will need to force the user to authenticate somehow. I don't know about squidguard, but dansguardian implements several different authentication methods.

    Once you figure out how you want to identify the client, the question becomes "how do I time restrict client access to certain destination sites?" I can think of several options to solve this:
    1.) Firewall rules with a schedule. The biggest issue of using this approach is that you must create a URL table that has all of the IP addresses of the sites you want to block access to. Unfortunately, some of the sites you list have multiple IP addresses and those addresses can change over time. There are ways to determine the addresses that a name can resolve to and automatically update them - but it gets challenging. I have some sample code to do it if you are interested. Also, the only way to "apply" the restrictions to a client would be based on the incoming IP address.
    2.) It is my understanding that squidguard can time restrict access to a site (i.e. dns lookup rather than destination IP address), but I've never implemented it. I'm not sure how you authenticate users within squidguard to determine if a restriction should apply.
    3.) Dansguardian can block access to sites for a timeframe (similar to squidguard). You can create up to three different groups that have different filtering profiles and assign users to groups based on your authentication method.

    I think any of the above will work depending on your requirements. Filtering flexibility and capability increases in the order that I have listed them… however, complexity of setup also increases in the same order.


Log in to reply