How to setup schedule by mac address?

shuhdonk · Nov 7, 2015, 3:10 PM

How do I set a schedule to only allow access at certain times based on mac address? I want to set a schedule for my daughter to only be allowed access between from 6am to 9pm on her ipad and pc. How do I go about configuring pfsense to do this?

thanks again all

armss001 · Nov 7, 2015, 5:44 PM

With great difficulty, First you need to set her static IP's, then create an alias for her, you then need to create an allow schedule and use the advanced options to apply that to an allow rule for the alias on the firewall. Under that rule you need a block all rule for that alias.

this is how it should work and works for some people. Unfortunately I am not one of those lucky people, so let me know how it goes please? your rules should look like this…

shuhdonk · Nov 7, 2015, 6:20 PM

I currently have static is set based on her mac addesses on her devices via dhcp server. Just not sure how to do the rest haha.

KOM · Nov 8, 2015, 2:16 AM

https://forum.pfsense.org/index.php?topic=101938.0

armss001 · Nov 8, 2015, 2:51 AM

Create an IP Alias for all her static IP's.
Create A schedule for the times you want her to be ALLOWED on the internet.
Create a pass rule with the source as the alias and in the advanced section at the bottom, select your schedule you just created.
Create a block rule, again with the source as the alias.
in the rules table make sure the pass is above the block, but the block needs to be the default an allow rule.

The rules should apply to IPV4 and "Any" protocol. Also across "any" port.

shuhdonk · Nov 8, 2015, 4:29 AM

@armss001:

Create an IP Alias for all her static IP's.

Create A schedule for the times you want her to be ALLOWED on the internet.

Create a pass rule with the source as the alias and in the advanced section at the bottom, select your schedule you just created.

Create a block rule, again with the source as the alias.

in the rules table make sure the pass is above the block, but the block needs to be the default an allow rule.

The rules should apply to IPV4 and "Any" protocol. Also across "any" port.

Not sure what you mean by "but the block needs to be the default an allow rule."

I have added everything as you mentioned here except maybe that last step because I am not sure what you mean.. as of now the devices are still able to get online.

Here are the settings I have now.

** the firewall rules suppose to be under wan or lan?

**changed to lan as instructed and working great now it seems.

awebster · Nov 8, 2015, 3:49 AM

You're almost there…but you want the rules to apply to the LAN interface.
Edit the sydpc and sydipad (4) rules and change the Interface to LAN instead of WAN.
That way it will work as you expect.

shuhdonk · Nov 8, 2015, 4:06 AM

sweet, its working.. thanks for the help all! :)

armss001 · Nov 8, 2015, 7:15 AM

Sorry I missed your reply's Glad to see its working for you.

Sorry I missed an important word out, It should have read "but the block needs to be the above the default an allow rule".