Text only | Text with Images

OPNsense Forum

Archive => 24.1, 24.4 Legacy Series => Topic started by: sdetroch on June 19, 2024, 11:27:49 PM

Title: Disable and enable traffic shaper via cron?[SOLVED]
Post by: sdetroch on June 19, 2024, 11:27:49 PM
Hello,

I've noticed that a scheduler for the packet shaper is not available in OpnSense and that there are no plans to implement it. Fine, but is there a possibility to disable and enable the (complete) shaper service via cron? What would the command be?

Probably not "service XXXX stop" and "service XXXX start", since the config is in the FW configfiles?
Other possibilities?

Thanks!
Title: Re: Disable and enable traffic shaper via cron?
Post by: sdetroch on June 21, 2024, 09:46:24 AM
Nobody an idea or a point in the good direction?
Title: Re: Disable and enable traffic shaper via cron?
Post by: Patrick M. Hausen on June 21, 2024, 09:59:16 AM
Use ipfw list to find the set of the rules for your shaper:
Code Select

root@opnsense:~ # ipfw -S list
00100 set 0 allow pfsync from any to any
00110 set 0 allow carp from any to any
00120 set 0 allow layer2 mac-type 0x0806,0x8035
00130 set 0 allow layer2 mac-type 0x888e,0x88c7
00140 set 0 allow layer2 mac-type 0x8863,0x8864
00150 set 0 deny layer2 not mac-type 0x0800,0x86dd
00200 set 0 skipto 60000 ip6 from ::1 to any
00201 set 0 skipto 60000 ip4 from 127.0.0.0/8 to any
00202 set 0 skipto 60000 ip6 from any to ::1
00203 set 0 skipto 60000 ip4 from any to 127.0.0.0/8
06000 set 0 skipto 60000 tcp from any to any out
06199 set 0 skipto 60000 ip from any to any
60000 set 0 return
60001 set 0 queue 10000 ip from any to any in via pppoe0 // 39c76cf4-5ca8-49a9-b389-53f000a2bcd4 wan: Download Queue
60002 set 0 queue 10001 ip from any to any out via pppoe0 // b2ae7b63-7ed7-4f30-bb41-a56e1e58d1d0 wan: Upload Queue
65533 set 0 allow ip from any to any
65534 set 0 deny ip from any to any
65535 set 31 allow ip from any to any


Then:
Code Select
root@opnsense:~ # ipfw set disable 0
root@opnsense:~ # ipfw -S list
# DISABLED 00100 set 0 allow pfsync from any to any
# DISABLED 00110 set 0 allow carp from any to any
# DISABLED 00120 set 0 allow layer2 mac-type 0x0806,0x8035
# DISABLED 00130 set 0 allow layer2 mac-type 0x888e,0x88c7
# DISABLED 00140 set 0 allow layer2 mac-type 0x8863,0x8864
# DISABLED 00150 set 0 deny layer2 not mac-type 0x0800,0x86dd
# DISABLED 00200 set 0 skipto 60000 ip6 from ::1 to any
# DISABLED 00201 set 0 skipto 60000 ip4 from 127.0.0.0/8 to any
# DISABLED 00202 set 0 skipto 60000 ip6 from any to ::1
# DISABLED 00203 set 0 skipto 60000 ip4 from any to 127.0.0.0/8
# DISABLED 06000 set 0 skipto 60000 tcp from any to any out
# DISABLED 06199 set 0 skipto 60000 ip from any to any
# DISABLED 60000 set 0 return
# DISABLED 60001 set 0 queue 10000 ip from any to any in via pppoe0 // 39c76cf4-5ca8-49a9-b389-53f000a2bcd4 wan: Download Queue
# DISABLED 60002 set 0 queue 10001 ip from any to any out via pppoe0 // b2ae7b63-7ed7-4f30-bb41-a56e1e58d1d0 wan: Upload Queue
# DISABLED 65533 set 0 allow ip from any to any
# DISABLED 65534 set 0 deny ip from any to any
65535 set 31 allow ip from any to any


To re-enable:
Code Select
root@opnsense:~ # ipfw set enable 0
root@opnsense:~ # ipfw -S list
00100 set 0 allow pfsync from any to any
00110 set 0 allow carp from any to any
00120 set 0 allow layer2 mac-type 0x0806,0x8035
00130 set 0 allow layer2 mac-type 0x888e,0x88c7
00140 set 0 allow layer2 mac-type 0x8863,0x8864
00150 set 0 deny layer2 not mac-type 0x0800,0x86dd
00200 set 0 skipto 60000 ip6 from ::1 to any
00201 set 0 skipto 60000 ip4 from 127.0.0.0/8 to any
00202 set 0 skipto 60000 ip6 from any to ::1
00203 set 0 skipto 60000 ip4 from any to 127.0.0.0/8
06000 set 0 skipto 60000 tcp from any to any out
06199 set 0 skipto 60000 ip from any to any
60000 set 0 return
60001 set 0 queue 10000 ip from any to any in via pppoe0 // 39c76cf4-5ca8-49a9-b389-53f000a2bcd4 wan: Download Queue
60002 set 0 queue 10001 ip from any to any out via pppoe0 // b2ae7b63-7ed7-4f30-bb41-a56e1e58d1d0 wan: Upload Queue
65533 set 0 allow ip from any to any
65534 set 0 deny ip from any to any
65535 set 31 allow ip from any to any


Possibly the set is always 0 but i don't know.

HTH,
Patrick
Title: Re: Disable and enable traffic shaper via cron?
Post by: sdetroch on June 21, 2024, 04:06:32 PM
Thanks for the feedback Patrick:
when enabled (via GUI):

root@opnjg29:/home/backup # ipfw -S list
00100 set 0 allow pfsync from any to any
00110 set 0 allow carp from any to any
00120 set 0 allow layer2 mac-type 0x0806,0x8035
00130 set 0 allow layer2 mac-type 0x888e,0x88c7
00140 set 0 allow layer2 mac-type 0x8863,0x8864
00150 set 0 deny layer2 not mac-type 0x0800,0x86dd
00200 set 0 skipto 60000 ip6 from ::1 to any
00201 set 0 skipto 60000 ip4 from 127.0.0.0/8 to any
00202 set 0 skipto 60000 ip6 from any to ::1
00203 set 0 skipto 60000 ip4 from any to 127.0.0.0/8
06000 set 0 skipto 60000 tcp from any to any out
06199 set 0 skipto 60000 ip from any to any
60000 set 0 return
60001 set 0 pipe 10000 ip from 192.168.60.100 to any via igc1 // a3b39633-a293-4c97-a7d6-f533666706e1 wan: Limit to 20 mbps upload
60002 set 0 pipe 10001 ip from any to 192.168.60.100 via igc1 // 706561f7-1d0e-45a5-8d94-c6e11c95daaa wan: Limit to 3 mbps download
65533 set 0 allow ip from any to any
65534 set 0 deny ip from any to any
65535 set 31 allow ip from any to any

when disabled (via GUI):

root@opnjg29:/home/backup # ipfw -S list
00100 set 0 allow pfsync from any to any
00110 set 0 allow carp from any to any
00120 set 0 allow layer2 mac-type 0x0806,0x8035
00130 set 0 allow layer2 mac-type 0x888e,0x88c7
00140 set 0 allow layer2 mac-type 0x8863,0x8864
00150 set 0 deny layer2 not mac-type 0x0800,0x86dd
00200 set 0 skipto 60000 ip6 from ::1 to any
00201 set 0 skipto 60000 ip4 from 127.0.0.0/8 to any
00202 set 0 skipto 60000 ip6 from any to ::1
00203 set 0 skipto 60000 ip4 from any to 127.0.0.0/8
06000 set 0 skipto 60000 tcp from any to any out
06199 set 0 skipto 60000 ip from any to any
60000 set 0 return
65533 set 0 allow ip from any to any
65534 set 0 deny ip from any to any
65535 set 31 allow ip from any to any


but not working when changing via the set enable/disable 0 commands:
the shaper rules are not in the config ... see below
The only difference with your config is that you are using queues and I'm using pipes.

root@opnjg29:/home/backup # ipfw set enable 0
root@opnjg29:/home/backup # ipfw -S list
00100 set 0 allow pfsync from any to any
00110 set 0 allow carp from any to any
00120 set 0 allow layer2 mac-type 0x0806,0x8035
00130 set 0 allow layer2 mac-type 0x888e,0x88c7
00140 set 0 allow layer2 mac-type 0x8863,0x8864
00150 set 0 deny layer2 not mac-type 0x0800,0x86dd
00200 set 0 skipto 60000 ip6 from ::1 to any
00201 set 0 skipto 60000 ip4 from 127.0.0.0/8 to any
00202 set 0 skipto 60000 ip6 from any to ::1
00203 set 0 skipto 60000 ip4 from any to 127.0.0.0/8
06000 set 0 skipto 60000 tcp from any to any out
06199 set 0 skipto 60000 ip from any to any
60000 set 0 return
65533 set 0 allow ip from any to any
65534 set 0 deny ip from any to any
65535 set 31 allow ip from any to any
root@opnjg29:/home/backup # ipfw set disable 0
root@opnjg29:/home/backup # ipfw -S list
# DISABLED 00100 set 0 allow pfsync from any to any
# DISABLED 00110 set 0 allow carp from any to any
# DISABLED 00120 set 0 allow layer2 mac-type 0x0806,0x8035
# DISABLED 00130 set 0 allow layer2 mac-type 0x888e,0x88c7
# DISABLED 00140 set 0 allow layer2 mac-type 0x8863,0x8864
# DISABLED 00150 set 0 deny layer2 not mac-type 0x0800,0x86dd
# DISABLED 00200 set 0 skipto 60000 ip6 from ::1 to any
# DISABLED 00201 set 0 skipto 60000 ip4 from 127.0.0.0/8 to any
# DISABLED 00202 set 0 skipto 60000 ip6 from any to ::1
# DISABLED 00203 set 0 skipto 60000 ip4 from any to 127.0.0.0/8
# DISABLED 06000 set 0 skipto 60000 tcp from any to any out
# DISABLED 06199 set 0 skipto 60000 ip from any to any
# DISABLED 60000 set 0 return
# DISABLED 65533 set 0 allow ip from any to any
# DISABLED 65534 set 0 deny ip from any to any
65535 set 31 allow ip from any to any
Title: Re: Disable and enable traffic shaper via cron?
Post by: sdetroch on June 21, 2024, 04:23:11 PM
update: after doing some tests, it seemed to work (and the pipes are in the config as well)
thanks a lot Patrick!
Title: Re: Disable and enable traffic shaper via cron?
Post by: sdetroch on June 21, 2024, 04:41:06 PM
And some info for anyone else:

1) create /usr/local/opnsense/service/conf/actions.d/actions_enableshaper.conf

[enableshaper]
command:/sbin/ipfw set enable 0
parameters:
type:script
message:Enable Shaper
description: Enable Shaper

2) create /usr/local/opnsense/service/conf/actions.d/actions_disableshaper.conf
[disableshaper]
command:/sbin/ipfw set disable 0
parameters:
type:script
message:Disable Shaper
description: Disable Shaper

3) activate with:
service configd restart

4) test with:
configctl disableshaper disableshaper
and
configctl enableshaper enableshaper

5) if tests are fine (you should get an "OK"), you can create 2 cronjobs in the OpnSense WebGUI Cron/System to enable and disable the packet shaper when you'd like. Disadvantage of this method: it's all or nothing (not rule per rule)

(again, thanks Patrick for pointing me in the good direction!)
Text only | Text with Images