This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Disable Interface on timer

I want to effectively turn off any connection internet between certain hours. At first I thought that a firewall rule with a drop any kind of rule with a time period would be able to do this. However I have a web protection as well and it appears from other threads including rulz that the proxy overrides any such manual firewall rules. (I've go to say this makes no sense to me but...)

Other threads suggest a DNAT blackhole. I tried this with a small measure of success but not much and these rules don't appear to be able to be put on timer.

If I disable the internal interface that certainly works. It is brute force method and I can live with it as it certainly does the trick but is there any way I can do this between certain hours? Specifically I want it to turn off at midnight and come back at 6:30AM.

This thread was automatically locked due to age.

Top Replies

BAlfson over 7 years ago in reply to jammers +1

Hi, jammers, and a belated welcome to the UTM Community! Scott's suggestion requires using /usr/local/bin/confd-client.plx instead of cc in a cron job. Cheer - Bob

Parents

0 Scott_Klassen over 8 years ago

So, are you using the email proxy as well as Web Filtering? It just isn't that simple when various proxies are involved. For the vast majority of traffic that you've listed, blocking in the firewall and web filtering with time based rules should work. If you need much more than this, but don't want to make a lot of rules, then you may just need to stick with manually enabling/disabling the interface or just pulling the ethernet cable. What is the catalyst for this need, if I may ask?

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Scott_Klassen over 8 years ago

So, are you using the email proxy as well as Web Filtering? It just isn't that simple when various proxies are involved. For the vast majority of traffic that you've listed, blocking in the firewall and web filtering with time based rules should work. If you need much more than this, but don't want to make a lot of rules, then you may just need to stick with manually enabling/disabling the interface or just pulling the ethernet cable. What is the catalyst for this need, if I may ask?

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data