My home network observes bedtime with OpenBSD and pf
3 days ago
- #OpenBSD
- #pf Firewall
- #Home Networking
- The author sets up an OpenBSD-based home network router to automatically enforce 'bedtime' by restricting Internet access during specific hours.
- Goals include automatic scheduling, exceptions for certain devices, and local DNS control for experiments like DNS sinkholing.
- A Qotom Q305p mini PC with Intel ethernet hardware is chosen for reliability and performance, replacing a Ubiquiti UniFi Security Gateway.
- OpenBSD is installed and configured as a router with DHCP, DNS caching, NAT, and firewall functionalities using pf.
- The pf packet filter is configured to block all traffic by default, with rules to allow traffic from leased IPs during the day and exempt IPs at night.
- Anchors in pf are used to dynamically change firewall rules without reloading the entire configuration, enabling the bedtime feature.
- A custom shell script named 'bedtime' manages the enforcement and lifting of restrictions, updating IP tables, and providing status information.
- Cron jobs automate the bedtime schedule, enforcing restrictions at 22:30 and lifting them at 05:30 daily.
- The setup includes killing active connections during bedtime enforcement to immediately restrict access, despite pf's stateful connection tracking.
- Configuration files and scripts are backed up in a Git repository, ensuring easy recovery and documentation of the setup.