How to Set Up a Schedule in pfSense

 

Introduction

 

The post is all about how to set up a schedule in pfSense. Not all routers allow you to determine when devices can access the internet. And when they do, it’s fairly limited in how you can control access. For instance, my previous router (an Apple Airport Extreme) allowed time-based access control, but it just wasn’t robust enough to accomodate real life. My options were:

  1. No access
  2. Everyday
  3. Weekdays
  4. Weekends
  5. A single day of the week

Sure, this was good enough for most occasions. The problem was that it couldn’t handle a flexible schedule. I couldn’t tell the router “I want you to block access Monday through Friday, except on Monday, January 15th, because that’s Martin Luther King Jr’s birthday and my kids won’t have school.” pfSense does  have this capability. In fact, I can set my kids’ entire school schedule for the whole year in 10 minutes!

Furthermore, to achieve a schedule close to what I wanted with the Apple Airport Extreme , it look a crazy amount of time to set up. Not only that, but I couldn’t easily duplicate a schedule. If I set up any kind of advanced schedule, I knew I was going to have to do it all over again for Kid #2. This is definitely not  the case with pfSense.



 

Schedules

 

A schedule in pfSense is just that, it’s a schedule. So why state the obvious? Because a schedule doesn’t do anything  until you apply it to a firewall rule. It’s a two-step process. Let’s have a look at how I use schedules to restrict my kids’ online access throughout the school year.


Tap or click for larger image



I basically use two different “block” schedules for each child- one schedule for weekdays, and another schedule for weekends. If either schedule is active, the router won’t allow that child’s device(s) to access the internet. We’ve caught our older kids sneaking their devices to bed too many times. Seriously, all kids want to do nowadays is text nonstop. Now they know that it won’t do any good, so they don’t even try anymore. As far as parenting goes, this is a win!

Let’s discuss how a schedule can be used in more detail:


Slideshow- Tap or click to view

I leave a gap in the schedule from 6 to 7 a.m. since she has a before-school activity and she may need to text a friend for a ride.

If she has school the next day, her internet gets cut off at 9:30 p.m.

The weekends are little more lenient. She’s allowed to stay up until 11 p.m. and can pretty much use her devices as long as she’s not supposed to be asleep.

Kid #2 follows a similar schedule, except she’s younger so she goes to bed a little earlier.



As you can tell from the slideshow above, the schedule is composed of times I don’t want the kids to access the internet. It’s possible to block access all the time, and then set up a schedule in pfSense for when they can get on the internet. If you go this route, be warned. It’s a headache. It’s much better to use pfSense’s default “allow” LAN rule and then choose when to block.

Set Up a Schedule in pfSense

 

Now that you see how the schedules are set up to manage my kids’ internet time during the school week and weekends, we’re going to walk through creating a schedule that overrides those on school holidays. When I first started using pfSense, I created the block schedules and firewall rules but neglected to account for days when the kids didn’t have school. It was a mess to say the least. Being the home IT guy and working away from home don’t always mix. Now at the start of every year I take their school calendar and set up a schedule in pfSense. Here’s how to do it:


Slideshow- Tap or click to view

Here’s a list of the schedules that control my kids’ online activity. They are allowed access after school, up until bedtime. The weekends are slightly less restrictive.

The first time I used pfSense with block rules set up, I learned an important lesson…the kids aren’t in school all year round! So I had to create a holiday schedule to override the block rules. This is the schedule we want to make.

To get started, click + Add.

The Schedule Name can’t have any spaces, but the Description can.

Choose the Month, then select the day(s) on the calendar.

Next, you need to select the time frame.

The Time range description is helpful because I’m going to be creating quite a few holidays. Once you’re satisfied, click + Add Time.

You’ll see your selection(s) show up at the bottom. I’m just creating a single holiday for the moment. Click Save.

You’ll see your new schedule in the list now.

I need to add a lot more holidays. Instead of creating a new schedule, I can just edit this one.

You can select multiple dates by clicking on the individual day blocks on the calendar. When you set up a range like this, this is how it will appear once you click + Add Time.

You can select all dates in the month if you want to. pfSense knows you want to set a range, and it’s reflected in the text to keep it readable.

If you click on the days of the week in the calendar, you can create a recurring schedule for those days. The blocks turn blue instead of green for a visual indication. Neat!

So here’s what my kids’ school schedule will look like for the entire year. pfSense will only allow you to plan a year in advance from today’s date, which is plenty. All of this took about 10 minutes to create.

So there it is. A complete year’s worth of school holidays so I don’t get nagged that the internet isn’t working when my kids don’t have school.






Apply the Firewall Rule

 

Now that we set up a schedule in pfSense, we need to apply it to a firewall rule. The firewall rule is what actually enforces the schedule. Before we get to that, there’s one very important piece of information you’ll need to understand. pfSense gives priority to firewall rules according to their position in the firewall rule list- a rule will override all other rules that are listed below it. Let’s see how this works:



Tap or click for larger image



When you install pfSense, it will automatically create two default LAN allow rules (as shown above). These rules should always be positioned at the bottom of the list. If you were to create a “block” rule below these rules, it would never do anything because the default rules are saying everything is always allowed to access the LAN.



Tap or click for larger image



Next we’ll take a look at the rules that enforce my kids’ weekday/weekend schedule for school. These must  be positioned above the default allow rules as previously discussed. Notice the red “X” for each rule- this indicates that it’s a “block” rule. The protocols I’m blocking are TCP & UDP. This effectively shuts down any type of online activity.



Tap or click for larger image



Finally, there’s the schedule we just created. These rules are positioned above the “block” rules, so that means they will override all other rules below them. Notice the green check mark. That means these are “allow” rules- the router will pass the data coming from my kids’ devices. Also notice how the same schedule is reused three different times. This helps save a lot of time and makes administration easier.

To actually create the firewall rule, follow the slideshow below:


Slideshow- Tap or click to view

First, click ↑ Add button so the new rule will go to the top of the rule list.

Since I normally block my children’s online activity during the school week, I want to add a Pass rule. You can leave everything else in this section at the default values.

For Source, choose Single host or alias. I’m using an alias to include multiple devices. You could also just type in the IP address of the device you want to target.

Leave Destination at the default values. You can add a Description if you want.

Advanced should be displayed already. Scroll down until you find Schedule. Add the schedule we just created.

Now scroll to the bottom of the page and click Save.

Click Apply Changes.

You’ll get a confirmation message. That’s it!






Conclusion

 

pfSense is the best deal on the market as far as routers go (it’s free!). As you can see, controlling your kids’ internet access is just a few clicks away. Schedules can be set up quickly, easily, and intuitively. If you can set up a calendar event in Android or iOS, you’ll have no problem learning how to set up a schedule in pfSense.

Schedules allow for flexibility. They can be easily adjusted and applied to multiple users or devices. They are recyclable. They save time. In short, a pfSense schedule is an administrator’s best friend.

As an added bonus, I find that pfSense is a great way to control mobile phones as well. We use AT&T as our provider, which allows us to toggle our children’s data on and off. As parents, we want our kids to have phones so we can stay in touch with them. Instead of having to physically take their phones away as a punishment, I can set a firewall rule to block them from using the WiFi. With no data and no WiFi access, they get exactly what we need them to have- a phone.

Related topics:


 

About Adam Bollmeyer

I'm a home technology enthusiast with a penchant for home automation, networking, and computers. My goal is to help others improve their knowledge of how available technology can be used at home.