Previously, we explained to you how to create rules in the firewall.
But, you can also configure pfSense to enable rules only on specific days (weekends, for example) and/or at specific times (outside office hours, for example).

In this tutorial, we will create a rule to block remote desktop access via RDP during weekends.
This prevents hackers from having fun launching attacks on this protocol during weekends when remote access is not necessary.

1. Schedule activation of a pfSense firewall rule
2. Add a rule in the pfSense firewall by scheduling its activation
3. Delete a rule schedule for the firewall

1. Schedule activation of a pfSense firewall rule

To schedule the activation of a rule in the pfSense firewall, you must first create the schedule via the menu: Firewall -> Schedules.

On the "Schedules" page that appears, click on: Add.

On the "Schedule Information" page that appears, you can configure these settings:

• Schedule Name: specify a name for this schedule.
  In our case, we specified "BlockRDPaccessWE" as the name.
• Description: provide a descriptive description for this time range.
  In our case, we indicated "Block RDP access during the weekend".
• Month: select the desired month. By default, this is the current month.
• Date: select several days by clicking on them or click on the name of the day of the week to select all Saturdays, Sundays, ... of this month.
• Time: specify the time range during which the firewall rule you create later should be active.
  By default, all day. So, from 12:00 a.m. to 11:59 p.m.
• Time range description: a description for this time range for purely indicative purposes.

Click on "Add Time" to save this date/time range and be able to add others for this same rule schedule.

The configured date/time range appears in the "Configured Ranges" section located just below.

For the example, we did the same thing for the following month.
Click "Add Time" again to save this new date/time range.

Once the desired date/time ranges have been added, click "Save" to save this schedule.

The configured schedule appears in the list.

Note: as indicated at the bottom of the list, if the clock icon appears, the schedule is currently active.
Which is normal given that we made this tutorial over the weekend.

2. Add a rule in the pfSense firewall by scheduling its activation

Now that the desired schedule is configured, you can create a rule in the firewall via the menu: Firewall -> Rules.

Click on: Add.

On the "Edit Firewall Rule" page, configure these settings:

• Action: Block. To block network traffic.
• Address Family: IPv4.
• Protocol: TCP.

In the "Destination" section of this rule:

• select "Destination: DMZ net" to target DMZ servers.
• select "Destination Port Range: MS RDP" to block network traffic to TCP port 3389 (RDP) of the DMZ servers.

In the "Extra Options" section:

• Log: check the "Log packets that are handled by this rule" box to record RDP access attempts on weekends in the pfSense firewall log.
• Description: provide a purely indicative description for this rule if you wish.
• Advanced Options: click on the "Display Advanced" button to be able to add the previously created schedule.

An "Advanced Options" section appears with many options.

Among these advanced options you will find the "Schedule" option where you can select your previously created "BlockRDPaccessWE" schedule.

At the bottom of the page, click "Save" to save this new rule.

The new firewall rule appears with a gray icon with several "v" (on the left) indicating that the traffic will be recorded in pfSense logs.
You will also see the name of the schedule linked to this rule. You can also easily modify the linked schedule by clicking on its name.

Click "Apply Changes" to apply the new firewall rule.

The new rule has been applied.

3. Delete a rule schedule for the firewall

To delete a rule schedule for the firewall, you must first delete the firewall rule that uses that rule schedule.
Otherwise, the error below will appear showing you the description of the firewall rule that uses the schedule you are trying to delete.
In our case, pfSense tells us that the "BlockRDPaccessWE" schedule we are trying to delete is used by our firewall rule with description "Block RDP access to servers of the DMZ".

Plain Text

Cannot delete schedule. Currently in use by Block RDP access to servers of the DMZ.

To get started, go to "Firewall -> Rules" and delete the rule using your rule schedule.

Confirm the removal of this rule from the firewall.

Plain Text

Are you sure you wish to delete this rule?

Then click "Apply Changes" to apply the changes to the firewall.

The changes have been applied.

Now that the associated firewall rule has been deleted, you can go to "Firewall -> Schedules" to delete the desired rule schedule.

Delete the desired rule schedule.

Confirm its deletion.

Plain Text

Are you sure you wish to delete schedule?

The deleted schedule disappears from the list.