March 26, 2026
Goodnight, Wi‑Fi!
My home network observes bedtime with OpenBSD and pf
Geek dad puts the internet to bed — and the comments wake up
TLDR: A DIYer used OpenBSD’s firewall to put home Internet on a nightly schedule with a few devices exempt. Comments split between “use a separate network for bedtime devices” and “scheduled firewall rules are cleaner,” with side drama over flaky Realtek hardware and warnings that blocking only one traffic type breaks apps.
A home tinkerer just gave the household Wi‑Fi a bedtime using OpenBSD (a security‑focused operating system) and pf (its built‑in firewall), swapping a store‑bought router for a $60 fanless mini‑PC. The plan: automatic lights‑out for the Internet at night, with exceptions for backups and updates, plus homegrown DNS blocking for ads. The guide he used is short, the vibes are cozy, and yes—there are watercolor illustrations. The comments? Not cozy.
The strongest battle breaks out over how to enforce kid‑proof hours: one camp shouts “make a separate VLAN” (think: a virtual lane for bedtime devices) so the rest of the house stays on 24/7, while others applaud the anchor‑based pf rules—scheduled on/off blocks that keep everything tidy without rewriting configs. A network‑nerd hype train forms around “pf is deterministic,” dunking on the usual “cron hack” approach that rewrites rules at midnight. Then hardware drama kicks in: the author ditched a Realtek network card for Intel, and commenters bring receipts, blaming Realtek for random stalls across Linux, BSD, and even Windows.
Meanwhile, the peanut gallery spots a potential faceplant: one reader warns that allowing only TCP (one type of traffic) will “break a lot of stuff.” Amid the flame war, someone chimes in: “Love your watercolors!” The Internet: grounded, but still adorable.
Key Points
- •The author builds a home router using a fanless mini‑PC running OpenBSD 7.8 and pf to enforce scheduled “bedtime” Internet access.
- •Goals include automatic scheduling, exceptions for specific devices at night, and local DNS control with potential sinkhole experiments.
- •A Ubiquiti UniFi Security Gateway USG‑3P is replaced to gain non‑proprietary control and learn OpenBSD.
- •Due to Realtek Ethernet issues on OpenBSD, the hardware is switched to a Qotom Q305p 3205u with Intel Ethernet; the unit cost $60.
- •Router functions (DHCP, NAT, DNS caching, firewall) are configured following the OpenBSD Handbook guide; configuration files are shared via a ‘pf‑bedtime’ repo.