I need to set up 2 workstations for Internet access only between 16:30 and 22:00 on the weekdays. Tried to accomplish that using the rules below, but now it’s mid day and both still have access. Rules are enabled:
3 * * DROP all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 source IP range 10.10.10.20-10.10.10.21 TIME from 22:00:00 to 00:00:00
4 * * DROP all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 source IP range 10.10.10.20-10.10.10.21 TIME from 00:00:00 to 16:30:00 on Mon,Tue,Wed,Thu,Fri
What am I doing wrong?
This is the 1st part only. Actually I would need to leave Skype enabled, but first I want to figure why the rules above failed to block web browsing outside of permitted hours from those machines.
Thank you!
PS: But in light of the above, I find it strange that the following rule works:
5 * * DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:53
That rule successfully prevents local machines from using DNS other than OpenDNS. I tested that in nslookup and it resolves as long as router IP is used as a server. Any other DNS server does not resolve.