Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Schedule Based Firewall Rules
« previous
next »
Print
Pages: [
1
]
Author
Topic: Schedule Based Firewall Rules (Read 6234 times)
PWCDC
Newbie
Posts: 17
Karma: 2
Schedule Based Firewall Rules
«
on:
February 21, 2021, 05:52:58 pm »
What is the current recommended way to set up scheduled firewall rules for blocking specific clients from internet?
I've found a few threads on this forum, but they are quite old and trying the recommendations doesn't work entirely. For instance, simply setting a scheduled block rule in the floating rules is effective, but won't kill existing connections.
I have the schedule and the alias' set up the way I want them, and they appear to work. The only quirk is terminating existing connections. Is there a trick I'm missing?
Logged
chemlud
Hero Member
Posts: 2485
Karma: 112
Re: Schedule Based Firewall Rules
«
Reply #1 on:
February 21, 2021, 06:12:58 pm »
Strange enough we had a thread quite recently, which I can't find anymore (and not my posts either...).
I use scheduled block rules and run cron jobs to kill all (!) states the minute after the block becomes effective. In the recent thread a user described scheduled allow rules, which apparently worked iirc, but no way to confirm. :-(
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
PWCDC
Newbie
Posts: 17
Karma: 2
Re: Schedule Based Firewall Rules
«
Reply #2 on:
February 23, 2021, 05:57:20 pm »
Hmm.
I don't see that as an option in the Cron dropdown.
Is there a way to invert schedules? I had thought about using two rules: one to allow, based on a schedule, and then another to block based on the same schedule. The problem is I would have to create redundant schedules for each block and pas rule. Seems awkward.
Logged
chemlud
Hero Member
Posts: 2485
Karma: 112
Re: Schedule Based Firewall Rules
«
Reply #3 on:
February 23, 2021, 06:07:25 pm »
It's a little more complicated.
https://forum.opnsense.org/index.php?topic=10740.msg49334#msg49334
:-)
Still don't understand why the thread from December 2020 (or so) is not there anymore...
only found this one
https://forum.opnsense.org/index.php?topic=13256.0
«
Last Edit: February 23, 2021, 06:09:13 pm by chemlud
»
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
Atomical
Newbie
Posts: 6
Karma: 0
Re: Schedule Based Firewall Rules
«
Reply #4 on:
March 03, 2021, 12:11:27 pm »
Hi PWCDC,
I have set mine up to block the kids internet access at certain times..
Create a schedule to allow times that you want to allow internet traffic.
(Here's mine currently)
https://ibb.co/Jz1z3Q1
Now go to your LAN firewall rules and create a block internet rule for the IP addresses you want to restrict.. Then add an allow rule for the same IP addresses and add the schedule for this..
Make sure you add this to the Lan Net
https://ibb.co/SBqH9CX
Make sure you add your schedule to this (not shown in the screenshot)
https://ibb.co/6rKHpNX
As chemlud say's its a stated firewall so the rule doesn't kick in dead on the time you allow but the minute later.
So if you have a cut off say 21:59hrs it will stop at 22:00hrs
@chemlud, i think it was my post you was talking about but it didn't work correctly the way I originally had it as the connections stayed active slightly until I changed it to this method. Now connections drop and dont access or ping any internet connections at all.
«
Last Edit: March 03, 2021, 12:20:07 pm by Atomical
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Schedule Based Firewall Rules
