Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
Firewall Rule - Block Device on Schedule
« previous
next »
Print
Pages: [
1
]
Author
Topic: Firewall Rule - Block Device on Schedule (Read 820 times)
jpichie
Newbie
Posts: 9
Karma: 0
Firewall Rule - Block Device on Schedule
«
on:
March 05, 2024, 04:37:12 pm »
Hello,
I tried making a firewall rule to block a specific device during a scheduled timeframe.
I am having trouble getting this to work properly, can someone point me in the right direction or offer a solution?
I have a schedule created already, just no sure of the order/requirement for the firewall Rule or where to set it.
Thanks
Logged
chemlud
Hero Member
Posts: 2485
Karma: 112
Re: Firewall Rule - Block Device on Schedule
«
Reply #1 on:
March 05, 2024, 04:55:49 pm »
Highly depends on your existing ruleset ;-)
With "allow any any" you have to have a scheduled blockrule for the respective client(s) on top of your list of rules. If your rules are more fine grain you can have scheduled allow rules.
Have an eye on existing states (allowing further traffic to go back and forth) after the block kicks in or the allow rule expires...
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
jpichie
Newbie
Posts: 9
Karma: 0
Re: Firewall Rule - Block Device on Schedule
«
Reply #2 on:
March 05, 2024, 05:02:25 pm »
I currently just have the default 2 rules under Firewall -> Rules -> LAN (Default Allow LAN to Any Rule ipv4 and 6)
Am I looking to do a LAN rule? Or a WAN rule?
Block all outgoing on specific HOST?
Thanks
Logged
chemlud
Hero Member
Posts: 2485
Karma: 112
Re: Firewall Rule - Block Device on Schedule
«
Reply #3 on:
March 05, 2024, 06:09:48 pm »
The scheduled block rule has to be the first (!) on LAN. Direction is always relative to the interface, so IN is correct. You should spend SOME time to understand the logic of a stateful firewall and opnsense. ;-)
The allow any any rule is just for the start, you don't control anything outgoing from your LAN. That's not what a firewall is intended for. ;-)
If you don't use ipv6 disable it completely in your opnsense, otherwise there might be surprises waiting.
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
jpichie
Newbie
Posts: 9
Karma: 0
Re: Firewall Rule - Block Device on Schedule
«
Reply #4 on:
April 22, 2024, 04:56:46 pm »
Hello,
I have time to work on this again, and would really need to get this going.
In theory, I would just need the block rule 1st, then technically I can leave the next 2 default rules?
So far, the way I tried creating it, it seems to kill internet on ALL hosts, even if I say single host and specify the IP...
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
Firewall Rule - Block Device on Schedule