"
Franco:
Thanks! I'll give it a try. I really appreciate the help you have provided today!
George
Thanks! I'll give it a try. I really appreciate the help you have provided today!
George
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
General Discussion / Re: OpenDNS and Firewall Rule to Block other DNS traffic
April 12, 2016, 03:19:13 AM #2
General Discussion / Re: Firewall Rule to Allow Access by MAC Address
April 12, 2016, 03:18:01 AM
Franco:
The use case is rather simple. I want to prevent my children from accessing the Internet during certain hours (10 p.m. to 7 a.m.), but they have to be able to access the internal network to use resources (i.e. printers, shared drives, etc). At the same time, I don't want to limit my (or my wife's) access to the Internet.
My thought was to get the MAC addresses for my devices and those of my wife, set a rule to block all external traffic from 10 p.m. to 7 a.m., with another rule to allow traffic from the whitelist of devices.
I did a quick read over the Captive Portal documentation and it seems like overkill -- mostly the need to log in will have a very low WAF. I'll have to continue hunting for an approach. If you have any thoughts about another way to address this use case, I'd enjoy hearing about it.
Thanks,
George
The use case is rather simple. I want to prevent my children from accessing the Internet during certain hours (10 p.m. to 7 a.m.), but they have to be able to access the internal network to use resources (i.e. printers, shared drives, etc). At the same time, I don't want to limit my (or my wife's) access to the Internet.
My thought was to get the MAC addresses for my devices and those of my wife, set a rule to block all external traffic from 10 p.m. to 7 a.m., with another rule to allow traffic from the whitelist of devices.
I did a quick read over the Captive Portal documentation and it seems like overkill -- mostly the need to log in will have a very low WAF. I'll have to continue hunting for an approach. If you have any thoughts about another way to address this use case, I'd enjoy hearing about it.
Thanks,
George
#3
General Discussion / Re: Firewall Rule to Allow Access by MAC Address
April 11, 2016, 10:12:09 PM
Franco:
Thanks. As you can probably guess from my use of an iptables rule, I've got more familiarity with Linux. I'll take a look at Captive Portals and see what I can do.
George
Thanks. As you can probably guess from my use of an iptables rule, I've got more familiarity with Linux. I'll take a look at Captive Portals and see what I can do.
George
#4
General Discussion / Firewall Rule to Allow Access by MAC Address
April 11, 2016, 08:22:40 PM
All:
I'm new to OPNsense, so it may be that I just can't find the correct location for this option, but is it possible to filter (block or allow) traffic based on MAC Address? I'm thinking of a simply rule like: /sbin/iptables -A INPUT -m mac --mac-source 01:00:E6:9A:14:B8 -j DROP. Any thoughts?
George
I'm new to OPNsense, so it may be that I just can't find the correct location for this option, but is it possible to filter (block or allow) traffic based on MAC Address? I'm thinking of a simply rule like: /sbin/iptables -A INPUT -m mac --mac-source 01:00:E6:9A:14:B8 -j DROP. Any thoughts?
George
#5
General Discussion / OpenDNS and Firewall Rule to Block other DNS traffic
April 11, 2016, 08:13:45 PM
All: I'm new to Opnsense and so it may be that I'm missing something simple. I'm trying to follow this guide https://www.kirkg.us/posts/using-opendns-with-opnsense/ to prevent other users (my son) from bypassing OpenDNS. Specifically, the guide sets a firewall rule that prevents all traffic on port 53 (the DNS port) from computers inside the firewall. The destination domain to which the rule is applied is called "this firewall". AFAICT, this was used in pfsense and earlier iterations of OPNsense, but that option is no longer available. What does appear to be available is an option of "WAN net". Is "WAN net" the correct destination domain for this rule?
Thanks,
George
Thanks,
George
Pages1
