I just created my first scheduled firewall rule and its not working as expected. Maybe I did something wrong? Surf SOHO MK3 firmware 7.1.2.
I have a NAS that makes off-site backups between 9PM and 9:30PM every day.
At other times, I want it blocked from connecting to the Internet. This as a defense against malware on the NAS sending all my files to bad guys.
First, I created a schedule, shown here that is on at all times, except for the half hour every day when the NAS makes the off-site backup.
Then, I created a new outbound firewall rule shown here that blocks the NAS and assigned the rule to the schedule. The firewall rule is on top of all others.
The problem is that the firewall rule blocked the NAS even between 9 and 9:30PM.
I tested outside this normal backup window and the NAS was blocked, as expected. I disabled the firewall rule and the backup ran fine, outside the allowed window. Anyone have an idea? Thanks in advance.
Update:
I think the old movie quote applies: “what we have here, is a failure to communicate”.
When used with a firewall rule, what does a green box on a schedule mean? Does it mean the firewall rule is in effect or NOT in effect? As someone new to scheduling firewall rules, I assumed green meant the rule was in effect. It seems that I have that backwards.
Update 2: Seems like a bug, I will submit it as such. Ran another test with a different time and different LAN IP. Device was blocked when the schedule had a green box, but not unblocked when the time advanced to a gray box.
At least in firmware 7.1.2, what I attempted to do does work. It was tested in a different Surf SOHO and all was well. Why it did not work in this first router …
The concept is simple: create a schedule that is ON all the time except for the backup window. Create a DENY firewall rule that applies to the NAS and is assigned to the schedule. The Event Log shows when the schedule changes state.
Elsewhere it has been suggested that you need two rules, you do not. However, the downside of a single DENY firewall rule is that you can not audit the ALLOW time period.
On the one hand, my fault. Scheduling was disabled system wide, which I did not know was possible. It was my first scheduled firewall rule. Only after testing on a different router and seeing the Event Log messages when a schedule changes state, did the light bulb go off in my head that I was not seeing these messages on the first router. On the other hand, I am able to create scheduled firewall rules with no indication or warning that the schedule will not be honored. When you create/edit a schedule there is a warning about the ripple effect of disabling it. But when you create/edit an object that uses a schedule, there is no equivalent warning that the schedule will not be honored. Kind of like going to a restaurant, ordering an entree and not being told that it is out of stock. The waiter takes your order, leaves and that’s that. Still, user error in the end.
