Parental controls, blocking access during specific time of the day



  • I'm looking for a way to deny access to the internet from midnight - 6PM, turn it on until 9PM, then back off til Midnight Sun-Thur.

    Different schedule for Friday/Sat.

    Needs to be by MAC address.

    Is this possible?



  • Go into Firewall: Schedules: Edit and make a schedule.  Give it a description and save.

    Then go into Firewall: Rules and make a rule.

    For instance, block a particular IP (computer) from  LAN access.

    At the bottom of the firewall rule creation page is an advanced section.

    Go there, click schedule.  Chose the name of the schedule you made.

    Done.  It will be blocked according to schedule.  Rest of time, not blocked.

    Services: DHCP server at bottom you can assign LAN IP a static IP according to MAC and then use that IP for the firewall block rules.

    So then, blocking by MAC.

    You are the last "customer" served for a while - Gotta sleep….



  • Thanks so much!

    I couldn't find the stinking schedule selection!



  • But you are all good now?


  • LAYER 8 Netgate

    If I did that they'd just shut off wifi and use cellular data.



  • @Derelict:

    If I did that they'd just shut off wifi and use cellular data.

    Then you just take their phone away, and the problem solves itself. :)



  • I couldn't find the stinking schedule selection!

    It's at the bottom of the rule page:




  • @Derelict:

    If I did that they'd just shut off wifi and use cellular data.

    My kids phone is republic Wireless. No data, only text and voice ($10/month, can't beat it) :) Wifi goes down, so does all the fun stuff on his phone!



  • You can either shut off or limit data on most of the major cellular carriers. One of our kids smart phones is on Sprint with no data. As I remember, you could restrict it on Verizon but had to pay for a parental control feature.



  • Follow up!

    This has worked great, but I have notice that if he is playing an online game at the time internet shuts off, he can continue playing with no issues. If he turns off the game, he cannot reconnect or start a new one (same with Skype, a conversation won't be interrupted, but if he hangs up and tries to start a new call, it fails).

    How do I shut off all internet completely at the designated time? This only appears to stop new connections, it doesn't kill existing ones.

    Thanks!


  • LAYER 8 Netgate

    I'm looking for a way to deny access to the internet from midnight - 6PM, turn it on until 9PM, then back off til Midnight Sun-Thur.

    Schedule pass rules, not block rules.

    Instead of blocking access, schedule pass rules from 1800 - 2100.  Otherwise block.



  • @Derelict:

    I'm looking for a way to deny access to the internet from midnight - 6PM, turn it on until 9PM, then back off til Midnight Sun-Thur.

    Schedule pass rules, not block rules.

    Instead of blocking access, schedule pass rules from 1800 - 2100.  Otherwise block.

    Can you be a little more specific? That doesn't make sense.


  • LAYER 8 Netgate

    States created by scheduled pass rules are automatically deleted when the rule expires.  States created due to the absence of a scheduled block rule are not deleted when the block rule schedule fires.

    So if you want to block access to port 80 except during the hours of 1800-2100 do this:

    Pass tcp source KID network dest any port 80 schedule 1800-2100
    Reject tcp source KID network dest any port 80 no schedule.

    When 2100 comes around all the states created by that scheduled rule will be deleted, stopping current connections.

    New connections will no longer match the scheduled rule will fall through to the reject rule and will be rejected.



  • @Derelict:

    States created by scheduled pass rules are automatically deleted when the rule expires.  States created due to the absence of a scheduled block rule are not deleted when the block rule schedule fires.

    So if you want to block access to port 80 except during the hours of 1800-2100 do this:

    Pass tcp source KID network dest any port 80 schedule 1800-2100
    Reject tcp source KID network dest any port 80 no schedule.

    When 2100 comes around all the states created by that scheduled rule will be deleted, stopping current connections.

    New connections will no longer match the scheduled rule will fall through to the reject rule and will be rejected.

    Understood!

    In this case, I want to kill all traffic on 2 mac addresses/IP's. Same process?


  • LAYER 8 Netgate

    The rules match what the rules match.  Instead of my made up KID Network use whatever IP addresses, networks, or aliases you want.



  • @mycholula:

    This has worked great, but I have notice that if he is playing an online game at the time internet shuts off, he can continue playing with no issues. If he turns off the game, he cannot reconnect or start a new one (same with Skype, a conversation won't be interrupted, but if he hangs up and tries to start a new call, it fails).

    What version of pfsense do you have installed?

    The killing off of existing states works in 2.2.3 and above. Its a change of behaviour in PF the packet filter shipped in FreeBSD 10.1.
    In 2.2.3 the lanside or optx states will be killed, but the wanside states wont be killed so if you have a vpn, the problem there is the VPN's between two sites will stay active and cause problems but for what you want, 2.2.3 or later will be good.



  • @Derelict:

    States created by scheduled pass rules are automatically deleted when the rule expires.  States created due to the absence of a scheduled block rule are not deleted when the block rule schedule fires.

    So if you want to block access to port 80 except during the hours of 1800-2100 do this:

    Pass tcp source KID network dest any port 80 schedule 1800-2100
    Reject tcp source KID network dest any port 80 no schedule.

    When 2100 comes around all the states created by that scheduled rule will be deleted, stopping current connections.

    New connections will no longer match the scheduled rule will fall through to the reject rule and will be rejected.

    Had the same issue with my daughter playing CoD/CS ! Thanks for the detailed explanation !


Log in to reply