Reply
Highlighted
New Member
Posts: 18
Registered: ‎08-23-2017
Kudos: 2
Solutions: 2
Accepted Solution

Time based drop all on LAN_IN for certain devices

Hi, 

 

I've seen that there are a couple of threads here that aim for a block of devices between certain times on certain days of the week. For kids then mainly. 

The solutions posted are, as far as I can tell, all a bit different (and not entierly what I was looking for, I think) so I've done a test myself

 

 

configure
set firewall modify LAN_IN rule 10 description "Block access from LAN after 22:30"
set firewall modify LAN_IN rule 10 action drop 
set firewall modify LAN_IN rule 10 time weekdays !Fri,Sat
set firewall modify LAN_IN rule 10 time starttime 22:30:00
set firewall modify LAN_IN rule 10 time stoptime 6:00:00
set firewall modify LAN_IN rule 10 source group address-group 59b57c40e4b07668cb9f0c39
commit

 

There are two errors thrown when I try to enter this rule

 

admin@UnifiGateway# set firewall modify LAN_IN rule 10 description "Block access from LAN after 22:30"
The specified configuration node already exists
admin@UnifiGateway# set firewall modify LAN_IN rule 10 source group address-group 59b57c40e4b07668cb9f0c39
The specified configuration node already exists

What have I missed here?

 

 

Also, I have two questions:

 

1) The way I have thought about this is that you need to set up an address group that contain the IP adresses of devices that you want to block. Since these will change with new dhcp releases, you need to set up static allocations for each device first. I have not seen anywhere where I can set up an adress group by MAC adresses, and you can't use clients "User group" allocations in firewall rules it seems like. Is this the way you have to do it (MAC -> static IP -> adress group -> block adress group between certain times) or are there simpler ways?

 

2) I want to set up block times as between 22:30 and 06:00. This will work, right? 

 

Sorry for the beginner questions..

 

Fredrik

 


Accepted Solutions
New Member
Posts: 18
Registered: ‎08-23-2017
Kudos: 2
Solutions: 2

Re: Time based drop all on LAN_IN for certain devices

Hi,

 

sorry for answering my own post. Syntax error.

 

This seems to work as I wanted:

 

set firewall name LAN_IN rule 10 description "Block access from LAN from 10.00 to 16.00"
set firewall name LAN_IN rule 10 action drop 
set firewall name LAN_IN rule 10 time starttime 10:00:00
set firewall name LAN_IN rule 10 time stoptime 16:00:00
set firewall name LAN_IN rule 10 source group address-group 59b57c40e4b07668cb9f0c39

set firewall name LAN_IN rule 20 description "Block access from LAN after 22:30 on nights before week days"
set firewall name LAN_IN rule 20 action drop 
set firewall name LAN_IN rule 20 time weekdays !Fri,Sat
set firewall name LAN_IN rule 20 time starttime 22:30:00
set firewall name LAN_IN rule 20 time stoptime 06:00:00
set firewall name LAN_IN rule 20 source group address-group 59b57c40e4b07668cb9f0c39

set firewall name LAN_IN rule 21 description "Block access from LAN after 23:30 on weekends"
set firewall name LAN_IN rule 21 action drop 
set firewall name LAN_IN rule 21 time weekdays Fri,Sat
set firewall name LAN_IN rule 21 time starttime 22:30:00
set firewall name LAN_IN rule 21 time stoptime 06:00:00
set firewall name LAN_IN rule 21 source group address-group 59b57c40e4b07668cb9f0c39

set firewall name LAN_IN rule 22 description "Block access from LAN in mornings Mon-Fri"
set firewall name LAN_IN rule 22 action drop 
set firewall name LAN_IN rule 22 time weekdays Mon,Tue,Wed,Thu,Fri
set firewall name LAN_IN rule 22 time starttime 06:00:00
set firewall name LAN_IN rule 22 time stoptime 10:00:00
set firewall name LAN_IN rule 22 source group address-group 59b57c40e4b07668cb9f0c39

if someone else is interesting in setting up this kind of thing.

 

Fredrik

View solution in original post


All Replies
New Member
Posts: 18
Registered: ‎08-23-2017
Kudos: 2
Solutions: 2

Re: Time based drop all on LAN_IN for certain devices

Hi,

 

sorry for answering my own post. Syntax error.

 

This seems to work as I wanted:

 

set firewall name LAN_IN rule 10 description "Block access from LAN from 10.00 to 16.00"
set firewall name LAN_IN rule 10 action drop 
set firewall name LAN_IN rule 10 time starttime 10:00:00
set firewall name LAN_IN rule 10 time stoptime 16:00:00
set firewall name LAN_IN rule 10 source group address-group 59b57c40e4b07668cb9f0c39

set firewall name LAN_IN rule 20 description "Block access from LAN after 22:30 on nights before week days"
set firewall name LAN_IN rule 20 action drop 
set firewall name LAN_IN rule 20 time weekdays !Fri,Sat
set firewall name LAN_IN rule 20 time starttime 22:30:00
set firewall name LAN_IN rule 20 time stoptime 06:00:00
set firewall name LAN_IN rule 20 source group address-group 59b57c40e4b07668cb9f0c39

set firewall name LAN_IN rule 21 description "Block access from LAN after 23:30 on weekends"
set firewall name LAN_IN rule 21 action drop 
set firewall name LAN_IN rule 21 time weekdays Fri,Sat
set firewall name LAN_IN rule 21 time starttime 22:30:00
set firewall name LAN_IN rule 21 time stoptime 06:00:00
set firewall name LAN_IN rule 21 source group address-group 59b57c40e4b07668cb9f0c39

set firewall name LAN_IN rule 22 description "Block access from LAN in mornings Mon-Fri"
set firewall name LAN_IN rule 22 action drop 
set firewall name LAN_IN rule 22 time weekdays Mon,Tue,Wed,Thu,Fri
set firewall name LAN_IN rule 22 time starttime 06:00:00
set firewall name LAN_IN rule 22 time stoptime 10:00:00
set firewall name LAN_IN rule 22 source group address-group 59b57c40e4b07668cb9f0c39

if someone else is interesting in setting up this kind of thing.

 

Fredrik

New Member
Posts: 2
Registered: 2 weeks ago
Kudos: 1

Re: Time based drop all on LAN_IN for certain devices

Thanks for this. Where do you enter this information?

Reply