Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
Allow Facebook and Youtube from 14.00 to 16.00 hours daily, block all other time
« previous
next »
Print
Pages: [
1
]
Author
Topic: Allow Facebook and Youtube from 14.00 to 16.00 hours daily, block all other time (Read 2559 times)
valsaraj
Newbie
Posts: 4
Karma: 0
Allow Facebook and Youtube from 14.00 to 16.00 hours daily, block all other time
«
on:
August 22, 2016, 01:25:21 pm »
Hello
I wanted to allow all users to access facebook and youtube between 14.00 hrs to 16.00 hrs daily, but all other times to be blocked.
I have set firewall rules to block , its working.
To pass both sites, the following steps are made:
1) Defined schedule FreeHours_14_16_PM on all dates for 14.00 to 16.00 hrs.
2) Defined an alias - SocialSitesRestricted and added hosts
www.youtube.com
,
www.facebook.com
3) Created a firewall rule
Action - Pass , Interface - LAN , TCP/IP version - IPV4 , Protocol - TCP/UDP , Source - LAN Net
Destination - SocialSitesRestricted , Destination Port Range - Any - Any , Category - social_networks
Schedule - FreeHours_14_16_PM, gateway - default
I also have firewall rule for " Block HTTP bypass ", "Block HTTPS bypass " , "Default allow LAN to any rule" (IPV4) , Default allow LAN IPv6 to any rule , "NAT redirect traffic to proxy " (IPV4 and IPV6)
Unfortunately, opnsense blocks facebook and youtube between 14-16 hrs. I am on a test server. I also get https certificate error for facebook, though I have other https sites working correctly.
Please request your help...
Valsaraj
Logged
franco
Administrator
Hero Member
Posts: 8596
Karma: 578
Re: Allow Facebook and Youtube from 14.00 to 16.00 hours daily, block all other time
«
Reply #1 on:
August 23, 2016, 10:03:18 am »
Hi there,
Make sure you're not running into an alias DNS ambiguity issue:
www.facebook.com
and
www.youtube.com
have many IP addresses your alias likely won't catch.
Start fresh with a single known IP to confirm the schedule works. If it does, the alias needs to be extended to include all youtube/facebook IPs.
Cheers,
Franco
Logged
valsaraj
Newbie
Posts: 4
Karma: 0
Re: Allow Facebook and Youtube from 14.00 to 16.00 hours daily, block all other time
«
Reply #2 on:
August 23, 2016, 11:15:37 am »
Hi Franco
Tried with single IP destination, but could not succeed...Removed schedule and tried, still failed !
Other than defining alias and rule, is there any other step ?
Thanks
Valsaraj
Logged
franco
Administrator
Hero Member
Posts: 8596
Karma: 578
Re: Allow Facebook and Youtube from 14.00 to 16.00 hours daily, block all other time
«
Reply #3 on:
August 23, 2016, 11:45:55 am »
When using scheduled rules, the firewall actually reloads only every 15 minutes in the background. Can you take a look at your console file /tmp/rules.debug to see if the pass rule is properly injected?
Logged
valsaraj
Newbie
Posts: 4
Karma: 0
Re: Allow Facebook and Youtube from 14.00 to 16.00 hours daily, block all other time
«
Reply #4 on:
August 23, 2016, 12:40:22 pm »
I removed the existing rule, added a new rule with schedule. It reflected immediately.
Logged
valsaraj
Newbie
Posts: 4
Karma: 0
Re: Allow Facebook and Youtube from 14.00 to 16.00 hours daily, block all other time
«
Reply #5 on:
August 23, 2016, 12:52:28 pm »
Just wondering, none of the firewall rules defined by me is not executing...
I tried to pass an alias with single host youtube.com, not working...
tried to block an alias, with single host not working !
Anything wrong from my setup side !
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
Allow Facebook and Youtube from 14.00 to 16.00 hours daily, block all other time
