Time based rules allow firewall rules to activate for specific days and/or time ranges.

Time based rules work as any other rules, except they are effectively not present in the ruleset outside of their scheduled times.

This kind of rules is useful for example to open temporary accesses for the time of planned updates, to differentiate Internet access schedules for professional / personal use or even for an event.

Set up a schedule

The first step is to configure a schedule. Go to Firewall > Settings > Schedules:

[OPNsense] menu Firewall > Settings > Schedules

Click on the “+ Add” button at the top right corner of the page.
The fields to be filled in are the following:

  • Name : the name of your schedule. No space or special characters.
  • Description : only for administrative reference (not parsed).
  • Month : the month you want to configure. You can only choose one month at a time.
  • Days : click individual date to select that date only. The background color of a selected day become red. Click the appropriate weekday Header to select all occurrences of that weekday (like alle the Saturdays). The background of selected days become pink.
  • Time : The time range for the day(s) selected. A full day is 0:00-23:59.

For example, if we want to select every Saturday in May 2020 on the 12h – 14h time slot, the result will look like this:

[OPNsense] Schedule example

Once your configuration is done, you have to validate it by clicking on the “Add Time” button.
This also allows you to add to your schedule other time slots or other days.

Then click on the “Save” button to validate the configuration.

Using the Schedule in a Firewall Rule

To create or modify a firewall rule, go to Firewall > Rules:

[OPNsense] menu Firewall > Rules

Once on your filter rule, for the Schedule field, choose the previously created schedule:

[OPNsense] Time based firewall rule example

Once done, save the configuration. Example of a result:

[OPNsense] firewall rule example

The green icon indicates that the rule is currently active; this is the case of the second rule with the provya_sunday schedule.
The grey icon indicates that the rule is not currently inactive; this is the case of the first rule with the provya_saturday schedule.

Finally to conclude this short article: by default schedules clear the states of existing connections when the expiration time has come.

If you wish to keep active sessions until their expiration, you must check the Schedule States checkbox accessible in Firewall > Settings > Advanced.

Did you like this article? Are you looking for professional equipment? Visit our shop.


Take a look at our SSD firewalls
For pfSense or OPNsense
Assembled in France
3 year warranty

provya.com

Leave a Reply