I Setup VYOS on a Virtaul box with the following configuration:
eth0 - DHCP - WAN
eth1 - 192.168.15.0/24 - LAN
I want to block 192.168.15.50 virtual machine at a specific time of day. The default will drop any connections going into LAN IN. I’m only allowing 192.168.15.50 to go through LAN IN at a specific time. Before entering the time command the rule will work. It will allow 192.168.15.15 to bypass the LAN in. So this rule is working.
I check the date on router:
date -> Wed Aug 29 19:13:26 EDT 2018
Here is my rule:
set firewall name block rule 10 action accept
set firewall name block rule 10 source address 192.168.15.50
set interfaces ethernet eth1 firewall in name block
Default action is to drop
At this point My device can ping google.ca and the web is working.
Next I will add the time:
set firewall name block rule 10 time starttime 19:20:00
set firewall name block rule 10 time stoptime 19:30:00
commit
I’m assuming at this point that the 192.168.15.50 should be blocked until 19:20:00 arrives.
date
Wed Aug 29 19:17:26 EDT 2018
192.168.15.50 can still ping and still has access to the internet. nothing is being blocked.
This is where I’m lost. Need help please.
First of all, you need to use UTC time in firewall rules.
Try to enable logging in your rule
set firewall name block enable-default-log
set firewall name block rule 10 log enable
commit
exit
Generate traffic and check logs
sh log firewall name block
HI,
Thanks for your quick response.
I checked the UTC time on my VYOS router and adjusted the time rule to match the UTC time. That seems to have resolved the issue. This allows the PC access to the internet at the correct time and disconnects it at the correct time. Awesome!!