Netgate m1n1wall

Author Topic: {Complete} Timebased Rules  (Read 68321 times)

0 Members and 1 Guest are viewing this topic.

Offline heiko

  • Hero Member
  • *****
  • Posts: 663
  • Get a load of that!
    • View Profile
{Complete} Timebased Rules
« on: March 09, 2007, 04:28:07 pm »
Hello Everyone,
i need timebased Rules native, not with captive Portal or other accessories.

Timebased Rules as a Astaro Firewall is OK.

I would pay 1000 € -2000 € for this feature.

Greetings from Germany
Heiko

P.S: Attend to my words, not in one year..........
« Last Edit: April 08, 2007, 12:37:10 am by sdale »

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5111
    • View Profile
    • pfSense
Re: Timebased Rules
« Reply #1 on: March 09, 2007, 04:37:07 pm »
Okay now you have my attention.

Can you please outline the spec that are wishing for this?

Please spend a moment and spell it out so there is no confusion.

Offline heiko

  • Hero Member
  • *****
  • Posts: 663
  • Get a load of that!
    • View Profile
Re: Timebased Rules
« Reply #2 on: March 09, 2007, 04:54:33 pm »
Hello Scott,
iīm  German and excuse me for me bad english.....


The Situaion:

I have 30 Firewalls up over Germany, Suisse and Russia. The locations are send there packets to the established ipsec-tunnel.
Now i need an ruleset, which can timebased active. So, i create a rule and set the acitvitiy to 8:00- 21:00 After 21.00 the rule is beeing deactivated.

Thanks
Heiko

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5111
    • View Profile
    • pfSense
Re: Timebased Rules
« Reply #3 on: March 09, 2007, 05:12:45 pm »
Okay that is fair.

Just so there are no second guessing, you specified a range of euros.  Can you please specify a final amount so that there are no guessing games later on in the bounty?

Also, how flexible do you want the rules? 
Being able to specify ranges?   
Multiple on / off times per day?

Do you have an example of another product that has this implemented where I can take a look at the GUI?

Offline heiko

  • Hero Member
  • *****
  • Posts: 663
  • Get a load of that!
    • View Profile
Re: Timebased Rules
« Reply #4 on: March 09, 2007, 05:36:46 pm »
Hello Scott,
now i go bed, i will send you the information....
Greetings
Heiko

Offline sdale

  • Sr. Member
  • ****
  • Posts: 377
    • View Profile
    • pfSense
Re: Timebased Rules
« Reply #5 on: March 09, 2007, 07:28:12 pm »
I started working on a possible solution for time based rules a little bit ago. I didn't finish it, but it is started. I have a lot of experience with other firewalls and their rule schedules so I could help out as well if you want Scott.

Offline heiko

  • Hero Member
  • *****
  • Posts: 663
  • Get a load of that!
    • View Profile
Re: Timebased Rules
« Reply #6 on: March 10, 2007, 02:43:23 pm »
Hello Scott,

1500 €. Thatīs ist. OK? But i need an invoice, is this possible?

Also, how flexible do you want the rules?
--> as flexible as it gets :)

Being able to specify ranges?
--> Yes, time range for example 10:00 - 21:00 = ON , after 21:00 Autooff

Multiple on / off times per day?

--> I think so, Yes, because astaro for example can one event per rule.

For example you can go to my astarotestbox in vmware. --> https://astarov7.ath.cx:61003 (user: admin pw: pfsense)
Under the definition tab you will find the "time events". Here you can specify time events as ranges for different days. Under the Network Security Tab you can specify different rules with one time event.

I think one time event ist not enough per rule, but i can live with one.....
The time events must apply for all rules in pfsense, LAN, WAN, IPSEC and so on.....

With very special greetings from Germany
Heiko




Offline heiko

  • Hero Member
  • *****
  • Posts: 663
  • Get a load of that!
    • View Profile
Re: Timebased Rules
« Reply #7 on: March 10, 2007, 03:17:15 pm »
I forget, on the astarobox the keyboard layout is german. All right??

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5111
    • View Profile
    • pfSense
Re: Timebased Rules
« Reply #8 on: March 10, 2007, 03:54:06 pm »
Okay, I will review the Astaro solution.

sdale:  Fine with me, we can split the bounty.


Offline sdale

  • Sr. Member
  • ****
  • Posts: 377
    • View Profile
    • pfSense
Re: Timebased Rules
« Reply #9 on: March 10, 2007, 06:06:39 pm »
Okay, I will review the Astaro solution.

sdale:  Fine with me, we can split the bounty.


Ok, I'll get with you in IRC and we can discuss.

Offline sdale

  • Sr. Member
  • ****
  • Posts: 377
    • View Profile
    • pfSense
Re: Timebased Rules
« Reply #10 on: March 11, 2007, 03:44:18 am »
My idea for the schedules is this:

They will function very similar to aliases. Using cron we can do this.

You will be able to create multiple Schedules. Underneath these schedules you will be able to add multiple time ranges. These time ranges can be to run on a certain date, day(s), or repeat weekly.

I'll be posting screenshots soon.

Offline heiko

  • Hero Member
  • *****
  • Posts: 663
  • Get a load of that!
    • View Profile
Re: Timebased Rules
« Reply #11 on: March 11, 2007, 04:04:59 am »
Hello,
do you need ssh to the astarotestbox? cron etc.
Greetings
Heiko

Offline sdale

  • Sr. Member
  • ****
  • Posts: 377
    • View Profile
    • pfSense
Re: Timebased Rules
« Reply #12 on: March 11, 2007, 06:29:54 am »
No, I think we will be ok. Here are some screens.




What you see above is in progress. It does not work right now as most of the coding behind the scenes has yet to be completed.

Note: The day selected in Dark red is the day selected by the user, and then the light red days are the repeating days due to the checkbox being selected.
« Last Edit: March 11, 2007, 06:32:20 am by sdale »

Offline heiko

  • Hero Member
  • *****
  • Posts: 663
  • Get a load of that!
    • View Profile
Re: Timebased Rules
« Reply #13 on: March 11, 2007, 07:06:36 am »
Hello,
really nice. What is when i want a schedule not for days of months, but rather a schedule for "always".

--> for example: 21:00 - 23:59 - not for a special day in the january -- for example from the year 2005 to 2008 or always.

Can i place multiple schedules to one rule?

Otherwise, iīm hooked.

The little bit coding behind is still a childīs play for you and scott, so certainly done in a few hours, i think..... :)

Greetings from Germany
Heiko


Offline hoba

  • Administrator
  • Hero Member
  • *****
  • Posts: 5837
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: Timebased Rules
« Reply #14 on: March 11, 2007, 08:22:23 am »
I think there need to be weekly returning schedules as well, like blocking access on every weekend for example (or is that that small checkbox below the calender?). The screenshots cover vacation times or similiar which might be needed as well. Besides that it looks very nice  :)