Firewall Rule - Block Device on Schedule

[jpichie]

Hello,
I tried making a firewall rule to block a specific device during a scheduled timeframe.
I am having trouble getting this to work properly, can someone point me in the right direction or offer a solution?

I have a schedule created already, just no sure of the order/requirement for the firewall Rule or where to set it.

Thanks

[chemlud]

Highly depends on your existing ruleset ;-)

With "allow any any" you have to have a scheduled blockrule for the respective client(s) on top of your list of rules. If your rules are more fine grain you can have scheduled allow rules.

Have an eye on existing states (allowing further traffic to go back and forth) after the block kicks in or the allow rule expires...

[jpichie]

I currently just have the default 2 rules under Firewall -> Rules -> LAN (Default Allow LAN to Any Rule ipv4 and 6)
Am I looking to do a LAN rule? Or a WAN rule?

Block all outgoing on specific HOST?

Thanks

[chemlud]

The scheduled block rule has to be the first (!) on LAN. Direction is always relative to the interface, so IN is correct. You should spend SOME time to understand the logic of a stateful firewall and opnsense. ;-)

The allow any any rule is just for the start, you don't control anything outgoing from your LAN. That's not what a firewall is intended for. ;-) 

If you don't use ipv6 disable it completely in your opnsense, otherwise there might be surprises waiting.

[jpichie]

Hello,
I have time to work on this again, and would really need to get this going.
In theory, I would just need the block rule 1st, then technically I can leave the next 2 default rules?

So far, the way I tried creating it, it seems to kill internet on ALL hosts, even if I say single host and specify the IP...