Allow internet access in different cases
Hello guys, I want to arrange the following situation for a company:
One part of the employees have full access to all sites except for example facebook.
Between 12.00 and 13.00 I want to give access to facebook as well as all the other sites.
Another part of the company has no access to the internet.
Is it a good idea to work with a captive portal. Then I can add all the mac's from the first user group to pass through.
In case someone of the second group needs access to internet, I can temporary provide a username en password for him.
What about the limitation of facebook between 12.00 and 13.00? How can I arrange this?
Another difficulty, what about teamviewer, can I still use it to give support when there is no internet access available in the second group?
Thanks in advance!
You could create a teamviewer alias and create a rule that basically says from noallowed internet to !teamview (negated rules) block, with a default allow afterwards. In the alias, you would put something like www.teamviewer.com teamviewer.com and any custom url. You could also put and IP range for teamviewer if you know it.
There are schedules in pfsense. It is considered better if you use them in an opposite manner than expected. There are docs and forum posts on this.
You can also create an alias with a fireall rule at the top for facebook (DNS Entries or IP Ranges) that blocks it.