Page 1 of 1

Firewall Filter by Time

Posted: Tue Oct 26, 2010 6:45 am
by wilburt
Hi,

I am trying to restrict the times which people can access my hotspot. I was looking a dropping DHCP client request packets on certain times of the day.

For example drop dhcp requests after 9pm

I have seen the option available in the firewall section but can't get it to work.

What is the time format suppose to be?

Thanks

Re: Firewall Filter by Time

Posted: Tue Oct 26, 2010 8:38 am
by normis
Just use Winbox, it's much easier to understand then. It's in 24h format:

Image

Re: Firewall Filter by Time

Posted: Tue Oct 26, 2010 10:18 am
by wilburt
Thanks for the reply.

I have tried to setup a filter rule with hs-input with protocol udp and action = drop but my devices on the hotspot are still getting thier ip addresses via dhcp.

What filter setting would i need to set to prevent clients receiveing an ip address from the dhcp server on the hotspot?

thanks

Re: Firewall Filter by Time

Posted: Tue Oct 26, 2010 3:08 pm
by fewi
The DHCP server listens on a raw socket. That happens before the firewall, and you cannot filter DHCP in the firewall.

You need to write two scheduled scripts that turn the DHCP server on and off. The wiki has plenty of examples for scheduled scripts.

Re: Firewall Filter by Time

Posted: Wed Oct 27, 2010 3:43 am
by wilburt
Thanks for the pointer.

I have created a script and a schedule, but it doesn't look like the schedule is working? It runs as the counter increments but nothing happens on the script side (the counter doesn't increment)

Here is my schedule and scripts

0 name="hs-dhcp-enable" owner="admin"
policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive
last-started=jan/02/1970 10:34:08 run-count=3
source=ip dhcp-server enable dhcp1

0 ;;; To enable the dhcp server for the hs
name="hs-dhcp-enable-sch" start-date=jan/01/1970 start-time=09:48:00
interval=1d on-event=hs-dhcp-enable owner="admin" run-count=1
next-run=oct/28 09:48:00

Re: Firewall Filter by Time

Posted: Wed Oct 27, 2010 3:55 am
by fewi
That script is invalid and wouldn't execute on the CLI, either
/ip dhcp-server enable [/ip dhcp-server find name=dhcp1]
and of course the same the with a disable command for the counterpart.

Re: Firewall Filter by Time

Posted: Wed Oct 27, 2010 4:32 am
by wilburt
It turns out i need to check the read policy in my schedule (something i didn't originally do)

Thanks for the replies an assistance.

For future newbies setting up a schedule... make sure you enable the read policy :D