Community discussions

 
User avatar
mdsekawsar
just joined
Topic Author
Posts: 18
Joined: Tue Nov 04, 2014 12:55 am
Location: Joypurhat, Bangladesh
Contact:

Firewall rules for time based

Thu Mar 12, 2015 3:20 am

Hello,

I am a new learner on mikrotik. I set a rule for some clients that they can't access facebook-Youtube for 8 am to 2 pm. when I set the rule on advance tab on firewall rule window and save/apply for the rule it shows "Inactive Time" and turns red mark. If I remove the time from the rule its working fine for 24 hours. Is anyone can help me to solve the problem? Here I am attaching the screen shot which I have taken from the winbox window.

Thanks
Kawsar
You do not have the required permissions to view the files attached to this post.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2946
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: Firewall rules for time based

Thu Mar 12, 2015 3:10 pm

If the rule start 08:00 AM and your clock are 07:06AM, OBVIOUSLY the rule are inactive....
I'm Italian, not English. Sorry for my imperfect grammar.
 
DLNoah
Member Candidate
Member Candidate
Posts: 144
Joined: Fri Nov 12, 2010 5:33 pm

Re: Firewall rules for time based

Thu Mar 12, 2015 4:28 pm

The comment is indicating that the rule is currently inactive because the time on the router doesn't fall within the time interval that the rule is supposed to be active.

Also, with time-based rules, you need to make sure that the clock on the router is accurate -- you need to check both the Time Zone within System > Clock, and either manually set the time there, or use System > SNTP Client to sync with a time server.
 
NHBFan
just joined
Posts: 1
Joined: Sat May 02, 2015 11:30 am

Re: Firewall rules for time based

Sat May 02, 2015 9:24 pm

just dont want to start new topic with the same question.

how to get firewall rules working from 22:00:00 (10pm) till 07:00:00 (7am of netx day)?
I can`t set 22:00:00-07:00:00 couse system says "error start time bigest than end time"
Thanx!
 
User avatar
bholler
Trainer
Trainer
Posts: 82
Joined: Wed Feb 09, 2005 10:22 pm
Location: Nigeria
Contact:

Re: Firewall rules for time based

Tue May 05, 2015 3:18 pm

@NHBFan, you can reverse the rule by creating a drop rule for 06:59:00 - 21:59:00. You are still doing the same thing. Thanks
Mikrotik Certified Trainer Partner, MTCNA, MTCTCE, MTCWE, MTCRE. YIM: oseniabiola Skye: habholler1, Tel.+2348060319130, +2348182556717, Email: abiola@trisatcom.net
 
User avatar
dunga
Member Candidate
Member Candidate
Posts: 254
Joined: Fri Jan 23, 2009 9:51 am
Location: Nigeria

Re: Firewall rules for time based

Fri Apr 15, 2016 10:52 am

Hello all,
Can someone share the firewall rules that applied to such settings.

Mine I need to block internet connectivity in the network (No internet browsing from 7:00am - 16:00) but allow sharing of files in the network for every time of the day
 
User avatar
soonwai
Member Candidate
Member Candidate
Posts: 162
Joined: Mon Feb 06, 2012 10:50 pm
Location: Kuala Lumpur

Re: Firewall rules for time based

Fri Apr 15, 2016 1:17 pm

Here's a real life example from my friend's router. He's blocking his daughter's phone from the internet according to the day and time in the comments below.

Here it's blocking by MAC address but that's easily changed to IP address or your subnet.

Current time when I copied this is Friday so none of the rules are active hence the "# inactive time" which displays as red colour in Winbox. She's allowed to use the internet whole of Friday.
# inactive time
add action=drop chain=forward comment="Block 0000 to 1830. Mon-Thu" src-mac-address=AC:38:70:14:B4:50 \
time=0s-18h30m,mon,tue,wed,thu
# inactive time
add action=drop chain=forward comment="Block 0000 to 0700. Sunday" src-mac-address=AC:38:70:14:B4:50 \
time=0s-7h,sun
# inactive time
add action=drop chain=forward comment="Block 2100 to 2230. Mon-Thu, Sun" src-mac-address=AC:38:70:14:B4:50 \
time=21h-22h30m,sun,mon,tue,wed,thu
# inactive time
add action=drop chain=forward comment="Block 2300 to 0000. Mon-Thu, Sun" src-mac-address=AC:38:70:14:B4:50 \
time=23h-23h59m59s,sun,mon,tue,wed,thu
 
User avatar
dunga
Member Candidate
Member Candidate
Posts: 254
Joined: Fri Jan 23, 2009 9:51 am
Location: Nigeria

Re: Firewall rules for time based

Thu Jun 02, 2016 4:17 pm

Here's a real life example from my friend's router. He's blocking his daughter's phone from the internet according to the day and time in the comments below.

Here it's blocking by MAC address but that's easily changed to IP address or your subnet.

Current time when I copied this is Friday so none of the rules are active hence the "# inactive time" which displays as red colour in Winbox. She's allowed to use the internet whole of Friday.
# inactive time
add action=drop chain=forward comment="Block 0000 to 1830. Mon-Thu" src-mac-address=AC:38:70:14:B4:50 \
time=0s-18h30m,mon,tue,wed,thu
# inactive time
add action=drop chain=forward comment="Block 0000 to 0700. Sunday" src-mac-address=AC:38:70:14:B4:50 \
time=0s-7h,sun
# inactive time
add action=drop chain=forward comment="Block 2100 to 2230. Mon-Thu, Sun" src-mac-address=AC:38:70:14:B4:50 \
time=21h-22h30m,sun,mon,tue,wed,thu
# inactive time
add action=drop chain=forward comment="Block 2300 to 0000. Mon-Thu, Sun" src-mac-address=AC:38:70:14:B4:50 \
time=23h-23h59m59s,sun,mon,tue,wed,thu
Tried you rule, it worked for me but I want a reverse of the above configurations, where we want to allow access only to 3 systems on the network with their src-mac address, but block the internet for all other on the network. Their server will have internet access freely, the admin, the IT guy and the manager, while others will have their systems restricted by say from 16:00 till 23:00.

Thanks

Who is online

Users browsing this forum: Bing [Bot] and 84 guests