Blocking local ip's on a schedule with pfSense problem

Hi, I’m using pfSense at home and would like to stop internet connection on my kids PC’s on a schedule. I’ve followed several forum posts and youtube videos and all say to add a firewall rule based on that schedule using the Action BLOCK with Source as my Kids PC ip’s (I’ve set up an Alias). Protocol is IP4 and I’ve selected LAN and WAN. Direction is IN, Quick is Checked and Gateway is WAN_DHCP Gateway. I’ve tried this as a LAN rule and the above is my current Floating Rule setting. However, neither seems to stop the internet access on time. So for example, if I set the schedule to stop at 8:00 pm, the kids are able to keep playing until 8:30 - 9:00 pm. And I know they still have internet access because they continue to voice chat with their online friends.

One thing to note is I am using pi-hole instead of phSense to block certain sites and so their pc’s point to the pi-hole ip address for DNS calls. But I have included the address of the pi-hole in the Alias above.

Any ideas will be greatly appreciated!

Thank you!

Much easier to setup vlans then controls the WAN connection on the vlan rules with the schedule you want.

If not you can probably combine an alias with the IP addresses with a rule and schedule.

Thanks - I was trying to avoid that since I’ve never used vlans. Is there a solution that does not require vlans? The schedule method eventually works so I just don’t know why access is not blocked “on time.”

My guess is your schedule doesn’t work or packets continue to be transmitted once started. If I put a schedule on my vlan, the traffic stops precisely.

Thanks. I think the schedule is working correctly since I see the “clock” sign next to the schedule and a red X on the rule which I think means it’s currently blocking. And so I’m struggling to figure out why the packets continue to get through.

This is stated in the manual:

By default, states are cleared for active connections permitted by a scheduled rule when the schedule expires. This shuts down access for anyone allowed by the rule while it was active. To allow these connections to remain open, check Do not kill connections when schedule expires under System > Advanced on the Miscellaneous tab.

Try setting the opposite.

That is currently unchecked so I think it means states are not saved which is what I want…and yet, traffic continues. Thanks again for helping me with this!


perhaps it might be related to the state tables. Diagnostics > States then Reset States

Doing that will force all clients to reconnect, after that it may follow the rule precisely.

Thanks…flushed and rebooted. Will report back after the schedule kicks in at 8 pm tonight to see if it works!

Hi, tried a few more things and traffic is still getting through. It’s weird that when the schedule kicks in, I cannot google from the pc (and so somethings are blocked, but their game still works and they can talk to their friends. I’m guessing the game is able to circumvent the block, but how?!

The other thing you can do is implement vlans, then apply the rules etc. to the vlan which will stop all traffic.

Ensure on the block rule that it’s any traffic. Think it defaults to TCP. I think games tend to use UDP so the connect will still be active