if i block using the outbound under firewall it works but i need this by time of day and not all the time.

ive tried "web access control" but i can still get internet using apps and it wont kill access to the xbox.

Have you seen this guide? At this is using the proxy, have you configured your devices to use the proxy (ClearOS_LAN_IP, port 8080)? I am not sure if the xBox plays well with a proxy.

Alternatively you can block with the firewall using a cron job but it is not quite so easy.
Firstly I have a file /etc/clearos/firewall.d/90-firewall_on_off with execute permissions:

#!/bin/bash

PATH=$PATH:/usr/bin:/sbin:/bin



HOSTS="NokiaPhone iPod iPad ps4 ps4_wifi motog3g"





if [ -e /usr/src/firewall_on_off.disabled ] ; then

	rm -f /usr/src/firewall_on_off.closed

fi



if [ -e /usr/src/firewall_on_off.closed ] ; then

	for HOST in $HOSTS ; do

		iptables -I FORWARD -s $HOST -j DROP > /dev/null  2>&1

		iptables -I FORWARD -d $HOST -j DROP > /dev/null  2>&1

	done

else

	for HOST in $HOSTS ; do

		IP=`host $HOST | cut -d' ' -f4`

		if [ ! -z "$IP" ]; then

			LINES=`iptables -nL FORWARD --line-numbers | grep -e "DROP.*$IP\s" | cut -d' ' -f1 | sort -nr`

			if [ ! -z "$LINES" ]; then

 				for LINE in $LINES ; do

					iptables -D FORWARD $LINE	

				done

			fi

		fi

	done

fi



# To disable the task without changing cron:

# touch /usr/src/firewall_on_off.disabled

# and to re-enable again:

# rm -f /usr/src/firewall_on_off.disabled

All you need to do is substitute the various devices in the HOSTS line for your device names. I use the hosts file (Webconfig > Network > DNS Server) to map host name to IP and I use static leases in the DHCP server. If you want to do it by IP instead, specify the IP's here. Also if doing it by IP change:

	for HOST in $HOSTS ; do

		IP=`host $HOST | cut -d' ' -f4`

		if [ ! -z "$IP" ]; then

			LINES=`iptables -nL FORWARD --line-numbers | grep -e "DROP.*$IP\s" | cut -d' ' -f1 | sort -nr`

			if [ ! -z "$LINES" ]; then

 				for LINE in $LINES ; do

					iptables -D FORWARD $LINE	

				done

			fi

		fi

	done

fi

to something like (untested):

	for IP in $HOSTS ; do

			LINES=`iptables -nL FORWARD --line-numbers | grep -e "DROP.*$IP\s" | cut -d' ' -f1 | sort -nr`

			if [ ! -z "$LINES" ]; then

 				for LINE in $LINES ; do

					iptables -D FORWARD $LINE	

				done

			fi

	done

fi

This section looks well OTT but there must have been a reason why I did it unless it was from a purist viewpoint in the case that there was more than one block by IP.

You then want to set up a cron job (use the command "crontab") to end up with something like:

# Weekdays

# Start firewall restrictions

15	22	*	*	0-4	touch /usr/src/firewall_on_off.closed && /etc/clearos/firewall.d/90-firewall_on_off

# Stop firewall restrictions

15	06	*	*	1-5	rm -f /usr/src/firewall_on_off.closed && /etc/clearos/firewall.d/90-firewall_on_off



# Weekends Sunday = 0 and 7

# Start firewall restrictions

45	22	*	*	5,6	touch /usr/src/firewall_on_off.closed && /etc/clearos/firewall.d/90-firewall_on_off

# Stop firewall restrictions

15	06	*	*	6,7	rm -f /usr/src/firewall_on_off.closed && /etc/clearos/firewall.d/90-firewall_on_off

The approach might seem a bit complicated but this is to allow the firewall to restart when it wants without losing the rules.

wow what a solution.. i was hoping for something a little more native.. gonna have to read it over a few times to get it to sink in.. thanks for taking the time to post.

It is what I do to cut my son off at night! I've gone into my backups and my original script was much simpler:

#!/bin/bash



IPS="NokiaPhone iPod iPad ps4 ps4_wifi ex-server adventtegra"



if [ -e /usr/src/firewall_on_off.disabled ] ; then

	rm -f /usr/src/firewall_on_off.closed

fi



if [ -e /usr/src/firewall_on_off.closed ] ; then

	FLAG="-I"

else

	FLAG="-D"

fi;



for IP in $IPS ; do

	/sbin/iptables $FLAG FORWARD -s $IP -j DROP > /dev/null  2>&1

	/sbin/iptables $FLAG FORWARD -d $IP -j DROP > /dev/null  2>&1

done;



# touch /usr/src/firewall_on_off.disabled

# rm -f /usr/src/firewall_on_off.disabled

It does have a weakness in that if the block is active and you then change the cron schedule, if another block is triggered before an unblock you get multiple block rules which this script does not detect and unblocking does not work fully. The first script I posted gets round that.