OPNsense Forum

Archive => 20.7 Legacy Series => Topic started by: slackadelic on November 02, 2020, 06:14:35 am

Title: Firewall schedules
Post by: slackadelic on November 02, 2020, 06:14:35 am
Scenario:  I have a schedule setup Monday - Friday from 0:00 to 22:00 which works great

Problem:  There are certain times/days/dates I would like to cause this schedule to NOT be active.

I've tried a couple of things like adding a secondary rule above the one that is normally active with it's own schedule, but it appears that the M - F rule still triggers some how.

Question:

Does anyone else use schedules in their firewall and can give me a hint as to how they are able to override the schedule so it isn't active at certain times?

Hopefully I'm not missing something simple!

Thank you!
Title: Re: Firewall schedules
Post by: slackadelic on November 05, 2020, 08:37:23 pm
So after fiddling around with different scenarios and reading up on how the sister firewall operates with schedules, it appears that when you create a schedule, there's no easy way to 'override' the schedules themselves.

Example: If you have a rule set to 'block' traffic Monday - Friday from 0:00 to 22:00 then want to 'exclude' a day say November 5th then set that rule to say 0:00 to 08:00 so that it won't be 'active' for that day/date only, it doesn't apply and is ignored.


The work around, I had to create a mirrored rule to 'allow' traffic and build it's own schedule.  Then placed that rule above the 'disable' rule.

Seems counter intuitive, but it is what it is.
Title: Re: Firewall schedules
Post by: slackadelic on November 06, 2020, 04:34:55 pm
Ok ignore that, tested this last night and it 'looked' like it was working, but that wasn't the case apparently
Title: Re: Firewall schedules
Post by: chemlud on November 06, 2020, 04:51:54 pm
For scheduled block rules you had to kill established states 1 min after blocking time to really kll off internet access. That's the way I have implemented that, no idea if it is still needed.

If I want the block rule to be not effective, I turn it off manually... ;-)
Title: Re: Firewall schedules
Post by: slackadelic on November 06, 2020, 04:54:12 pm
Well, I did SOME MORE testing, as long as my rules are in proper order, I DO have to use a different schedule.

So allow rule above the block rule, then I can overrule the block schedule as needed.

Now when I tested this last night, my daughter's xbox showed it had access, but said some games didn't work until I redid the 'block' schedule and disabled my pass rule.. so not sure what it up.

Guessing there's a state issue somewhere I need to kill.
Title: Re: Firewall schedules
Post by: slackadelic on November 13, 2020, 03:43:37 pm
So, it appears it 'works' but not fully.

When the allow rule schedule is priority and active, then most functions work on the Xbox, however, games won't play which makes no sense.

If I get rid of th e'pass' rule and it's schedule, then edit the 'block' rule to disable the day like Thursday itself and remove it from the schedule.. it works.