OPNsense Forum

English Forums => General Discussion => Topic started by: nontii on December 27, 2020, 01:59:40 am

Title: Kill active connections when disabling enabling a firewall rule?
Post by: nontii on December 27, 2020, 01:59:40 am: I have an opnsense box setup at my brothers place and he want to cut the net for his children. They have an own vlan and I have set it up so they can just login and disable a rule to shutdown internet connection on that particular vlan. It works, except that when they play games or watch youtube they can continue to do so.
I know that opnsense firewall just block new connections, but is it any way to kill active connections/state when changing a rule? I need to automate this, because it is to hard for them to go and manually kill active connections or runt certain commands in the shell.

Any way to accomplish this from the gui in a "click one button" approach or something? We really need to be able to kill active connections for that vlan..
Title: Re: Kill active connections when disabling enabling a firewall rule?
Post by: Gauss23 on December 27, 2020, 09:57:33 am: Firewall: Diagnostics: States Reset
Shouldn’t be too complicated to show them how to use this.
Title: Re: Kill active connections when disabling enabling a firewall rule?
Post by: nontii on December 27, 2020, 11:30:59 am: Actually it is. To be able to shut off internet for their children (quite often) that is not a nice way to do it.
Firtst, disable a firewall rule, then find another page and click reset.

And we don't want to clear state for all connections, just for the connections belonging to that particular vlan.
The reset button resets all states for the whole firewall, and that is not the right way to do it either if you don't want to interrupt other traffic in the firewall.

So yes, it is too complicated and not the right way to do it, I'm afraid..
Title: Re: Kill active connections when disabling enabling a firewall rule?
Post by: lfirewall1243 on December 27, 2020, 02:33:01 pm: You could create a custom gateway for some rules and just shut that down
Title: Re: Kill active connections when disabling enabling a firewall rule?
Post by: nontii on December 27, 2020, 05:07:37 pm: Quote from: lfirewall1243 on December 27, 2020, 02:33:01 pm
You could create a custom gateway for some rules and just shut that down

Yes, that can be a functional solution. Right now they disable the whole vlan interface, but maybe shutdown a custom gateway is better .
Title: Re: Kill active connections when disabling enabling a firewall rule?
Post by: nontii on December 29, 2020, 09:32:18 am: Quote from: lfirewall1243 on December 27, 2020, 02:33:01 pm
You could create a custom gateway for some rules and just shut that down

How can I create a gateway for a vlan and route that just as if it were the default WAN_DHCP gateway?
(and disable the gateway when I want to disable internet for a particular VLAN)
Please give som hints, this is quite new to me. :)
Title: Re: Kill active connections when disabling enabling a firewall rule?
Post by: lfirewall1243 on January 08, 2021, 05:48:01 pm: Quote from: nontii on December 29, 2020, 09:32:18 am
Quote from: lfirewall1243 on December 27, 2020, 02:33:01 pm
You could create a custom gateway for some rules and just shut that down

How can I create a gateway for a vlan and route that just as if it were the default WAN_DHCP gateway?
(and disable the gateway when I want to disable internet for a particular VLAN)
Please give som hints, this is quite new to me. :)
Create a gateway

And on your VLan interface rules choose it as gateway for these rules