Messages

1

17.7 Legacy Series / Re: Op sense any better at blocking steam on schedule?

« on: September 02, 2017, 03:49:06 am »

Thanks, I have a PC Engines APU2. Is this well supported for Opnsense?

Also, is Cron an available plugin?

2

17.7 Legacy Series / Re: Op sense any better at blocking steam on schedule?

« on: August 28, 2017, 02:12:36 pm »

It does not work reliably on pfsense. Before I switch to opnsense, I was hoping to confirm this feature to be operational or find another working solution to block all internet access (and kill all current connections when schedule is in effect).

3

17.7 Legacy Series / Re: Op sense any better at blocking steam on schedule?

« on: August 28, 2017, 01:37:43 pm »

So, if you were to implement a schedule to drop/block all traffic to a specific host, what method would work reliably with opnsense?

Could you reroute DNS to a bogus address?

4

17.7 Legacy Series / Op sense any better at blocking steam on schedule?

« on: August 18, 2017, 02:20:26 pm »

I am currently using pfsense and can't get the scheduled blocks to work reliably..

The scheduled block leaves the UDP state intact, even with a scheduled cron task to manually kill the state for the associated host.

The only way to fix is manually clearing the states or reboot the reputed, which both are not ideal.

Has anyone successfully blocked Steam gaming on a schedule with opnsense?

5

16.1 Legacy Series / Re: Blocking ports using alias not working?

« on: November 05, 2016, 01:48:46 pm »

Any update on flushing states?

6

16.1 Legacy Series / Re: Blocking ports using alias not working?

« on: May 02, 2016, 09:46:24 pm »

Unfortunately I have reverted back to PFSense..

I did find OPNSense good, well polished and easier to navigate.

Hopefully with the new update my issues are addressed and resolved.

7

16.1 Legacy Series / Re: Blocking ports using alias not working?

« on: May 01, 2016, 12:32:33 am »

Anyone?

I hope there is a way to flush states or I will have to revert back to PFSense

8

16.1 Legacy Series / Re: Blocking ports using alias not working?

« on: April 30, 2016, 03:12:51 am »

I managed to get this working somewhat by creating the BLOCK rule on the WAN with an associated schedule..

Skype and Utorrent still worked after the BLOCK schedule was active.

Is this do to states not being flushed? If so, any suggestions?

I found this - "#4 - AUTO RESET STATES -
pfSense seems hit or miss on this. You setup rules to throttle bandwidth or shut off internet access but someone doing something a bit meatier like a Skype session will remain connected LONG after the rule went into effect. So, you have to cron job to either reset all states or just reset for a certain ALIAS group. Why isn't that just automatically incorporated into a firewall rule and programmed to comply with the ALIAS of that rule only? Example - Terminate internet access at 11PM for alias -  IP ADDRESS GROUP - then a state reset runs and only resets 'IP ADDRESS GROUP' and leaves everyone else untouched. Talk about making the life of an admin easier! High end firewalls terminate when told to terminate. I would think PF and OPN could do this too. "

Has this been looked at?

9

16.1 Legacy Series / Re: Blocking ports using alias not working?

« on: April 29, 2016, 12:22:29 pm »

I tried the scheduled block and it worked however, when inverting the rule (set rule to PASS and schedule times to ALLOW) this allowed some services to work but no browsing. I checked the logs and it is blocking 80 & 443 traffic on the associated IP??

Also, states were not broken when the BLOCK rule applied.

Looks like I will still need a cron task to flush states for the IP in the rule?

10

16.1 Legacy Series / Re: Blocking ports using alias not working?

« on: April 28, 2016, 01:44:27 pm »

Firewall Schedules are one of the areas we barely touched (GUI only), still queued for an eventual replacement. In this regard I cannot say much about the state of things. I've heard of no issues ever since we started, which may also mean it's not a feature that gets a lot of exposure.

The state should be roughly the same as pfSense 2.2. There's an option for disabling killing states on schedule under System: Settings: Misc which suggest it's doing the right thing already. Did you verify?

But as I said, this part is not maintained, only curated.

Thanks for the reply. I cut over the new firewall today, still setting up everything.. Will setup the schedules and report back.

I do like the interface over the dated PFsense  Way easier to configure.

11

16.1 Legacy Series / Re: Blocking ports using alias not working?

« on: April 28, 2016, 01:31:02 pm »

Fixed the public IP issue.

System/Settings/Firewall-NAT -

One more question..PFSense had an issue with keeping states when a scheduled block was applied. This required a cron task to manually kill off the states after the schedule. How does OPNSense handle states during a schedule change? When are the states cleared? Block or pass?

12

16.1 Legacy Series / Re: Blocking ports using alias not working?

« on: April 28, 2016, 11:29:13 am »

Tried it, after killing states to the single host Steam is still able to connect..

"Also, I created a port forward for my cctv cameras and can access from external WAN, but when I turn on WIFI and connect on the LAN side, it doesn't work. I have enabled 'Pure NAT' in the rule options."

Any ideas about the other question above?

This above worked with PFSense 2.2.5.. I must be missing something, I have looked through my PF configs and have setup OPNSense exactly the same.

If attempting to connect to the public IP from the internal network ( CCTV & alarm system apps ) is there an additional feature I have missed?

13

16.1 Legacy Series / Re: Blocking ports using alias not working?

« on: April 28, 2016, 11:11:16 am »

This worked.

14

16.1 Legacy Series / Re: Blocking ports using alias not working?

« on: April 28, 2016, 10:56:23 am »

Yeah, that's what I have done, only difference in what you suggest is I am testing on one LAN IP at the moment.. Not the whole network.

15

16.1 Legacy Series / Re: Blocking ports using alias not working?

« on: April 28, 2016, 09:26:55 am »

Tried it, after killing states to the single host Steam is still able to connect..

"Also, I created a port forward for my cctv cameras and can access from external WAN, but when I turn on WIFI and connect on the LAN side, it doesn't work. I have enabled 'Pure NAT' in the rule options."

Any ideas about the other question above?