Block rules for CP account users but not for voucher users



  • @gbreadman:

    Oh. Looks like someone's not paying attention.. lol. Thanks!!

    Edit: I am trying to experiment on alias table creation (will later move this topic).. Here's the situation:

    I managed to set up a captive portal with user authentication (non-RADIUS) and voucher support.
    Since this is a company network, we need to be able to separate employees from guests; Account logins be considered as employees, while voucher users are guests.

    Now, to prevent the employees from surfing the net for their personal interests, we need to block them on the firewall..
    I have successfully made block rules but so far, they are only good for blocking EVERYONE; The guests are prohibited from surfing the net as well.
    How do we solve this without using VLANs or multiple Captive Portals?
    I came upon the solution of adding account logins into an alias and make a block rule with this alias as the Source. (n00b question: Is what I'm saying correct? lol)

    IF I understood correctly, it is possible to use pfBlockerNG IPv4 List feature to load a local file containing IP or MAC addresses and refresh the list from time to time.
    We can then use this alias to apply rules for the addresses on the list.
    We can add their addresses on the list by configuring the captive portal to write them on the local file for every login.
    (Yet another n00b question: Am I right so far? aha)

    Now, where I need the most help with is how to be able to REMOVE addresses from the list once the users disconnect.

    OR if there is a better approach on this situation (coz really, I'm super new and I can only exercise what I know so far) xD

    Or if there is already an existing auto-updated file which separates account-user addresses from the voucher-user addresses