Messages

Thanks, I have a PC Engines APU2. Is this well supported for Opnsense?

Also, is Cron an available plugin?

It does not work reliably on pfsense. Before I switch to opnsense, I was hoping to confirm this feature to be operational or find another working solution to block all internet access (and kill all current connections when schedule is in effect).

So, if you were to implement a schedule to drop/block all traffic to a specific host, what method would work reliably with opnsense?

Could you reroute DNS to a bogus address?

I am currently using pfsense and can't get the scheduled blocks to work reliably..

The scheduled block leaves the UDP state intact, even with a scheduled cron task to manually kill the state for the associated host.

The only way to fix is manually clearing the states or reboot the reputed, which both are not ideal.

Has anyone successfully blocked Steam gaming on a schedule with opnsense?

Any update on flushing states?

Unfortunately I have reverted back to PFSense..

I did find OPNSense good, well polished and easier to navigate.

Hopefully with the new update my issues are addressed and resolved.

Anyone?

I hope there is a way to flush states or I will have to revert back to PFSense

I managed to get this working somewhat by creating the BLOCK rule on the WAN with an associated schedule..

Skype and Utorrent still worked after the BLOCK schedule was active.

Is this do to states not being flushed? If so, any suggestions?

I found this - "#4 - AUTO RESET STATES -
pfSense seems hit or miss on this. You setup rules to throttle bandwidth or shut off internet access but someone doing something a bit meatier like a Skype session will remain connected LONG after the rule went into effect. So, you have to cron job to either reset all states or just reset for a certain ALIAS group. Why isn't that just automatically incorporated into a firewall rule and programmed to comply with the ALIAS of that rule only? Example - Terminate internet access at 11PM for alias -  IP ADDRESS GROUP - then a state reset runs and only resets 'IP ADDRESS GROUP' and leaves everyone else untouched. Talk about making the life of an admin easier! High end firewalls terminate when told to terminate. I would think PF and OPN could do this too. "

Has this been looked at?

I tried the scheduled block and it worked however, when inverting the rule (set rule to PASS and schedule times to ALLOW) this allowed some services to work but no browsing. I checked the logs and it is blocking 80 & 443 traffic on the associated IP??

Also, states were not broken when the BLOCK rule applied.

Looks like I will still need a cron task to flush states for the IP in the rule?

Firewall Schedules are one of the areas we barely touched (GUI only), still queued for an eventual replacement. In this regard I cannot say much about the state of things. I've heard of no issues ever since we started, which may also mean it's not a feature that gets a lot of exposure.

The state should be roughly the same as pfSense 2.2. There's an option for disabling killing states on schedule under System: Settings: Misc which suggest it's doing the right thing already. Did you verify?

But as I said, this part is not maintained, only curated.

Thanks for the reply. I cut over the new firewall today, still setting up everything.. Will setup the schedules and report back.

I do like the interface over the dated PFsense  ;D Way easier to configure.

Fixed the public IP issue.

System/Settings/Firewall-NAT -

One more question..PFSense had an issue with keeping states when a scheduled block was applied. This required a cron task to manually kill off the states after the schedule. How does OPNSense handle states during a schedule change? When are the states cleared? Block or pass?

Tried it, after killing states to the single host Steam is still able to connect..

"Also, I created a port forward for my cctv cameras and can access from external WAN, but when I turn on WIFI and connect on the LAN side, it doesn't work. I have enabled 'Pure NAT' in the rule options."

Any ideas about the other question above?

This above worked with PFSense 2.2.5.. I must be missing something, I have looked through my PF configs and have setup OPNSense exactly the same.

If attempting to connect to the public IP from the internal network ( CCTV & alarm system apps ) is there an additional feature I have missed?

This worked.

Yeah, that's what I have done, only difference in what you suggest is I am testing on one LAN IP at the moment.. Not the whole network.

Tried it, after killing states to the single host Steam is still able to connect..

"Also, I created a port forward for my cctv cameras and can access from external WAN, but when I turn on WIFI and connect on the LAN side, it doesn't work. I have enabled 'Pure NAT' in the rule options."

Any ideas about the other question above?