Rule timers

Follow

Donny

• September 19, 2022 01:51

I created a group called Kids. I put my Kid's devices in this group. I configured a rule to allow Internet access until 9:30 PM. I checked at 9:35 PM and their Internet usage was still active. Is there some other config needed to get the rule to shutdown access at the chosen time?

0

• 

  Firewalla

  • September 19, 2022 02:46

  Do you have a block rule? if you do, then please send help@firewalla.com and have us take a look

  Another better way to schedule is a block rule, it is lesser intrusive. 

  0

  Comment actions Permalink
• 

  Donny

  • September 19, 2022 03:02

  This is the allow rule. It is set to expire in the evening.

  Lesser intrusive? The goal is a hard cut off of traffic at the end of the allowed schedule - terminate active sessions.

  0

  Comment actions Permalink
• 

  Michael Bierman

  • September 19, 2022 04:42
  • Edited

  @Donny

  That isn’t going to work.

  why? 
  before you created the rule kids had internet access. ALLOW does nothing. There is nothing that stops internet. What you want is this:

  1. BLOCK internet access on [kids device group] from start to end time. 

  Of course you could

  1. BLOCK internet access ALWAYS 
  2. ALLOW internet access during certain hours 

  but that is not necessary and seems cumbersome to me.

  0

  Comment actions Permalink
• 

  Donny

  • September 19, 2022 11:05
  • Edited

  Not following.

  The kids group only has one rule - allow Internet with a beginning and end time. There is no other rule granting them access. No global allows.

  So, am I to understand that when the end time is reached, Firewalla will not allow new sessions but will leave existing ones up?

  0

  Comment actions Permalink
• 

  Michael Bierman

  • September 19, 2022 16:54
  • Edited

  @donny

  On a virgin firewalla, ingress (inbound) for all traffic is blocked and egress (outbound) is allowed.

  if you put a block at 8 pm for example, no new connections can be made after 8 pm. If there is say, video streaming going on, anything already downloaded may finish, but that’s it. 

  0

  Comment actions Permalink
• 

  Donny

  • September 19, 2022 16:54

  Is the egress a hidden rule somewhere? I don't see one.

  0

  Comment actions Permalink
• 

  Michael Bierman

  • September 19, 2022 16:57
  • Edited

  @donny

  ingress: Rules > All Devices. 
  there is no default egress rule. You would only add one of you have specific need and you know why you are doing it.

  0

  Comment actions Permalink
• 

  Donny

  • September 19, 2022 16:57

  Not sure that helps. 
  
  I understand the processing priority. 
  
  I have modified the rules so that only the default deny remains (inbound from internet). Maybe I need to create a default deny all (outbound) and things may begin working better...

  0

  Comment actions Permalink
• 

  Michael Bierman

  • September 19, 2022 17:29
  • Edited

  Since there is no egress block by default, if your goal is to stop traffic between X pm and Y am all you need is a single block. If your goal is something else, can you just state what you want in simple terms?

  0

  Comment actions Permalink

Please sign in to leave a comment.