Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
Blocking internet access through scheduling
« previous
next »
Print
Pages: [
1
]
2
Author
Topic: Blocking internet access through scheduling (Read 16171 times)
jehujehu
Newbie
Posts: 15
Karma: 0
Blocking internet access through scheduling
«
on:
June 01, 2018, 01:57:29 pm »
I'm trying to block internet access from 3 AM to 11:00 AM and it doesn't seem to be working.
I created an Alias with the IP addresses I want to block (they are static IP). Then create a schedule with these times...start time 3 AM and stop time 11 AM.
Then create a firewall block rule on the Vlan he's on and add the alias and schedule.
It doesn't seem to be working...he can't seem to access the internet outside these block times above.
I had this issue with Pfsense and was one of the reason among others why I decided to use Opnsense.
Help what am I doing wrong?
Jehu
Logged
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: Blocking internet access through scheduling
«
Reply #1 on:
June 01, 2018, 10:56:34 pm »
But he can during the block times or he cannot access the net at any time?
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: Blocking internet access through scheduling
«
Reply #2 on:
June 01, 2018, 11:34:29 pm »
Don't use the rule scheduler on my system, but I've just created a rule to block a specific website, created the schedule, it's only a fifteen minute block, but it came in within 60 seconds of when it was supposed to start and ended when I had specified...
Hmm I could really annoy the wife with this.
Remove the schedule for now.
First things first then. Does the rule do what it's supposed to do when enabled and does it clear and allow access when disabled?
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: Blocking internet access through scheduling
«
Reply #3 on:
June 02, 2018, 12:19:52 am »
You're right... it worked once.
I'll raise an issue on Github and take a look.
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
jehujehu
Newbie
Posts: 15
Karma: 0
Re: Blocking internet access through scheduling
«
Reply #4 on:
June 02, 2018, 02:03:20 am »
Yes it's very flaky I can't have this as hit and miss...I need the schedule for internet access time, I not blocking websites. So how would this be done without schedule?
Thanks
Logged
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: Blocking internet access through scheduling
«
Reply #5 on:
June 02, 2018, 09:00:40 am »
That's what it's for amongst other things and I'll get on to it and we'll see if we can get it fixed.. Need to raise an issue first and I'll do that this morning, We'll fix it..
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
franco
Administrator
Hero Member
Posts: 17677
Karma: 1613
Re: Blocking internet access through scheduling
«
Reply #6 on:
June 02, 2018, 09:52:14 am »
Fundamentally, it's easy to double check:
* /tmp/rules.debug during and outside the schedule window
* make sure rules order is correct (scheduled block before normal pass, scheduled pass before normal block)
* Log your schedule rules to be able to inspect the firewall log to see if a schedule is blocking, passing or something else
All of this info is missing, which points to schedules being hard to use, but there also isn't a lot to improve in this regard with the current design.
Cheers,
Franco
Logged
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: Blocking internet access through scheduling
«
Reply #7 on:
June 02, 2018, 10:52:50 am »
Yes, doing those things now. I've proved the rule manually.. just waiting for the schedule to kick in and then I'll post.
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: Blocking internet access through scheduling
«
Reply #8 on:
June 02, 2018, 11:06:08 am »
OK, first test this morning - blocking one site to one LAN address worked.. I've now edited the schedule, moving it forward by 15 minutes.. report to follow shortly.
«
Last Edit: June 02, 2018, 11:20:06 am by marjohn56
»
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
jehujehu
Newbie
Posts: 15
Karma: 0
Re: Blocking internet access through scheduling
«
Reply #9 on:
June 07, 2018, 02:21:28 pm »
Any updates?
Logged
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: Blocking internet access through scheduling
«
Reply #10 on:
June 07, 2018, 07:19:31 pm »
I checked this again with a specific address and it was working, it was the logging that wasn't. Logging is an issue we are trying to get our heads around. What happens is when the rule is in place, the logs correctly show it, when it's not, the rule is no longer there, so when the log goes to look to find the ID for that rule, it's in a list, the list has changed and the log displays the wrong rule.
I've not tried it with VLAN's or LAN segments, I'll spin up a VM tomorrow and test that.
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: Blocking internet access through scheduling
«
Reply #11 on:
June 08, 2018, 12:49:31 pm »
OK... I've checked this on LAN and VLAN, Hosts etc and it does work,
@jehujehu - Try this:
Delete any block rules you have created on that VLAN - Can he now access the internet?
Create a block rule for the alias table or whatever you want to block - Are they now blocked?
If the answer to 1 and 2 is yes, then apply the schedule to that rule.
One other thing. I created a new setup on a test APU to prove all this and scratched my head when it did not work at first. Then I realised I had not set the time correctly... sigh, it started working when I did.
«
Last Edit: June 08, 2018, 12:52:23 pm by marjohn56
»
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
jehujehu
Newbie
Posts: 15
Karma: 0
Re: Blocking internet access through scheduling
«
Reply #12 on:
June 14, 2018, 01:59:45 pm »
Sorry was really busy looking at some other firewalls...was about to choose Sophos UTM free version.
I created a block rule for the alias table and it block my phone that I used as an example (after I disconnect/connect to wifi) and it works.
I add the schedule and it doesn't work.
This is driving me mad I left Pfsense for this same reason...at this point I willing to go the way of my friend...cheap router Linksys etc and it works with one click. He keeps telling me your fancy router can't work and mine works
I've attached some screenshots of my setup maybe you can see where I'm going wrong.
Or else it's a cheap router another VLAN and only put him on that access point.
Also will it disconnect him if he's streaming or will he need to disconnect first...this wouldn't be good.
Thanks for your help in advance.
P.S where do I find the log files for this.
Logged
jehujehu
Newbie
Posts: 15
Karma: 0
Re: Blocking internet access through scheduling
«
Reply #13 on:
June 14, 2018, 02:04:24 pm »
Here are the others...reached limit.
Logged
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: Blocking internet access through scheduling
«
Reply #14 on:
June 14, 2018, 02:09:43 pm »
and in the firewall rule itself you have selected the schedule to use?
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
Print
Pages: [
1
]
2
« previous
next »
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
Blocking internet access through scheduling