Hi, how would I go about blocking a website ie facebook on a IP then have a timeout to reset, example, after 10mins of using facebook it will the block that ip for 30mins then reset?
Cheers!
This is not a simple thing. First off Facebook doesn’t just have an ip but it has many. Therefor your probably going to have to creat a layer 7 matching rule to look at the packets in order to ID the Facebook traffic. Send any facebook traffic to a chain that can manage address lists and make the decision to accept or drop the traffic.
Once the Facebook traffic is identified you can add internal ips that matches that rule to two address lists with timeouts when it is not already in the lists. You need one list for 40 minute blocks and one to 10 minute allows.
First accept when the ip is in the Allow list. Then drop when it’s in the block list. If its in neither add it to both and accept. Because the lists can have the timeouts this should do what you desire
You may get lucky and find some good rules to match Facebook traffic. That is the hardest part.