2016-11-05, 19:16
I've been using a few policies to block a few devices on my network from accessing the internet. CP was nice enough to build this functionality including time of day to block. Only thing they forgot was allowing me to set days of the week.

The policy I've set up says no internet access from 9:30pm to 6:00am. Now what I want is those hours from sun-thurs.

I'm thinking I could use cron to give the the days of the week. I found an article about setting up cron http://blog.spikefishsolutions.com/2016/04/enabling-cron-scheduling-services-on.html but It only gives info on how to get cron set up and working. I'm wondering what I'd have to write to enable/disable the policy that I set up? Either that, or have cron create a policy?

Not entirely sure how I should proceed.

Good thing is I have a spare 600 that I can experiment on.



2016-11-07, 17:31
I'll poke around tonight to give you some options.

2016-11-07, 23:19
Haven't tried this, but here is an idea. It seems access rules support time but not date.

My thinking is make a access rule you want to deny during the magic times. Give it a name you can find.

ssh into the firewall, enter expert, run bashUser on, exit all the way out and log back in.


clish -c "show configuration" > output.txt

look at output.txt for the rule you created. I'd also keep it low in your rule base so if you add rules the position doesn't change.

You can flip the rule from accept to permit like this.

clish -c "set access-rule type outgoing position 1 action accept"
clish -c "set access-rule type outgoing position 1 action block"

Now you just need to add a cron job to set the rule to block once you want it blocking and to accept after that. Hopefully that gets you started.

2016-11-08, 09:35
Right in line my thinking about using cron to turn this rule on and off I'll dig in with my spare 600 and will report back once I have some results. Thanks for the help with syntax and process.


2016-11-08, 23:49
keep me posted. Want to see how well this turns out.