Timed Internet Access



  • Hello,
    I have searched the forum and internet for what i'm trying to achieve, but there is little to no information available. I'm not sure if its even possible the way i'm thinking.

    What I want to do is, only allow 1 hour of internet access to certain computers on the LAN while others will have full unrestricted access. This 1 hour will be available to them for the entire shift, and they can use it all in one shot or use 10 min now and then 30 min at lunch time and so on.

    I know you can probably do this in captive portal but then captive portal will be active on the entire LAN.

    Is there some way I can achieve this?

    Any help will be greatly appreciated.

    Thank you



  • I probably don't have the absolute best idea. This is how I would do it.  Make yourself a firewall alias for port 53 DNS. Then go into the firewall tab again and make yourself a schedule to block dns TCP/UDP  from Lan net to destination all and make the destination port your alias that you just created. You can click all the dates that you want and the times. I personally have not tried this but it is the route that I would go with before trying anything fancy.



  • Thanx for the reply.
    How would this allow them to use internet for the their allotted time (ie 60min) throughout the day?



  • Tyring it now just to see what it can do. I don't want to block myself though.

    ok, after you make the alias. Then create the schedule for instance click July 14 and and select the proper time such as hr 8 min 00 to hr 9 min 00. Click add and then save. After that go to Lan rules and create the rule to block dns and use your alias but don't save yet or you will block yourself! Then scroll down some to look at the special options where it says schedule and then select the one that you just created.  You will have to experiment with it to get what you want. It should work though. Just make sure that the from ip address is for the specific machine that you want to block. Don't just choose lan net. So for example if it's 192.168.1.7 then put that. Just go to that machine that you want blocked and do an ipconfig /all in the powershell or cmd.exe or whatever you use(if it's a windows machine) to see exactly what it is first. Make sure that the alias port is for destination. 53 should be good enough. You could try 80 and 443 as well but 53 is a sure shot. You could just enter that one port but I would use an alias simply because you can keep adding to it without taking up too much space on your rules page.



  • You can achieve that with "captive portal + Freeradius". There is a good tutorial on pfSense wiki

    https://doc.pfsense.org/index.php/FreeRADIUS_2.x_package#HOW-TO_-FreeRADIUS.2B_Captive_Portal_configuration

    I've followed it and successfully implemented time and traffic quote for users.


Log in to reply