Messages

That's a hoax. Presumably the writer did something wrong and hence made bad experience with schedules.

However, you have to observe a rule: use schedules only in pass-rules.
And ensure, that Firewall: Settings: Advanced: Schedule States is unchecked, which is the default setting, however.

So I guess, you also did something wrong. But maybe, this helps to get your setting work.

|
Hi and thanks so much for responding

I've been trying to use scheduling for some time now with little success - here's my setup;

I have an alias - MAC address
I also have a schedule

I then created a block rules for said alias and confirmed it to be working.
And finally, I created a pass rule for said alias' based on my set schedule


That being said, and upon observing the scheduling behaviour, I can confirm that while the indicators(icons) do change according to scheduling(from green to white), that the user will continue to have internet for as long as they are connected.

In addition to this, I have also observed that the rule will take effect immediately if I refresh the states table, thus leading to ask whether there might be an standing issue with rules being refreshed at the state level.

And finally, it has also been my observation that this does not happen with Zenarmor, in-that Policy based scheduling appears to work perfectly

Any ideas?

I've been struggling with Opnsense scheduling for awhile now, and came-across a thread which appears to say that scheduling only works if/when the states table is manually refreshed?

That said, I just wanted to confirm whether or not, that was actually the case?

Just setup a WG tunnel - very low overhead due to encryption - negligible

Went from 24.7.12, to 25.1, and found kids scheduling no longer working
Tried resetting rules, ARP table etc, without effect.

- rolled back and found it working again, anyone else come across this?

Are the rules operating as you expect otherwise?

I am please to announced that I have since resolved this particular challenge - the issue being due to several factors;

1. choosing OUT instead of IN, on the rule Direction - instinctive from other router software
2. Destination being set to 'Wan net', where this device required LAN level packet intervention
3. the need for resetting State Table, following rule change

These particular parameters, and in no particular order, were keeping the firewall rule from working as intended.

That said, and after adjusting and/or correcting the above, the device is no longer broadcasts outside world from LAN as intended.
And while it is obvious that this is on me, I'm left feeling as though State table rest should be part of the apply function

Well, the point of all of the logging was that every packet originating from or forwarded by OPNsense would hit a filter and show up in the logs. They should also be counted by pf. What are you seeing there?

I see no sign of the device(IP) in: Firewall: Log Files: Live View whatsoever

First-off, I just want to thank-you for taking the time to answer, I've been going nuts trying to figure this out lol

That said, I would also add that I can block the device(camera), in Zenarmor policy/device, without issue whatsoever

NB, my Opnsense/Zenarmor is on another Opnsense VM(same Proxmox), and is separate from this instance, though I did clone the original VM, and reinstalled Opnsense for testing

You did say that you hit "Apply"

Yes, correct, each and every time :)

...sroll down to Logging, check 'em all, and Save.

Check

In Firewall: Diagnostics: Statistics, go to the Rules tab - you can have a look at the ruleset

Correct, in-that the rules can be seen under the filter listing - would also add that the alias' are showing good with 'pfctl -t <name> -T show' command

...post more details about your config and topology and what you're seeing

Before getting into that, I would add that Zenarmors(Policy), can and will effectively block the device without issue, and on the very same hardware and setup

That said, I am running Opnsense in a Proxmox instance(VM), with an a-typical adapter setup(LAN/WAN), no fw restriction etc, whereas Opnsense itself is default, no config beyond basic wizard - no bogon, network restrictions etc

Firewall: Settings: Advanced: Disable Firewall and attempting to filter on a bridge member interface.)

Check

- hope this helps

NB, I opted out in posting screenshots in this particular response, and will provide any logs/screens upon request past this point, and in the event that something may jump-out with the above posted information

Being relatively new to Opnsense, I am perplexed as to why I can't get any rule to work with Opnsense, and after installing a default firewall and setting-up adapters, I then proceed to creating a simple rule to block a single device without any effect whatsoever.

That being said, I would add that I have moved the rule to the top of the list in the LAN ruleset page, followed by a reboot(just to be absolutely sure), the rule doesn't appear in any log, nor can I see any change in the network appliance(security camera).

Anyone have any suggestions as to why that is?

NB, have also tried conventional as well as floating rules, ipv4, as well as MAC assignments(for device), without any change or success

- I am truly stumped as to why this isn't working, and in-contrast with OpenWRT or Sophos, which work without issue whatsoever, create rule, hit apply etc

I recently noticed my two L3 switches were no longer seen in Opnsense.

Initially, I though it was something silly like an order of operations on the signal side, but then started to dig-into it a bit and found Opnsense truly could not see the switches(ARP, ping, etc)

And so knowing I was not entirely crazy, I reinstalled Opnsense and sure enough, found that both switches were present and account for

I then proceeded to update Opnsense, and low and behold, they disapeared again
And so my question now is, what the heck is going on here? lol

I just installed Opnsense on bare metal, then Zenarmor and finding an error, with packet engine stall -  failed to disable offloads for interface

That said, I have turned-off all of the offload checksums in Interface/Settings, though Zenarmor continues to fail to start based on that error - any ideas?