(solved) firewall schedule - not killing current states

Started by RamSense, January 27, 2021, 02:52:50 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 27, 2021, 02:52:50 PM Last Edit: January 28, 2021, 09:11:47 PM by RamSense
I have added aliases on Opnsense for my kids and added their devices.
I have made a schedule for the time being allowed online.
Than I have added a firewall rule on LAN for that alias and schedule allowed access to internet.
Direct below that firewall rule on lan I added a block rule for that aliases.

It works for new stated request of the devices, but not for the current connections. So when they are already watching a YouTube movie of active on discord, the connection stays active. It gets not dropped. New initiated connection are blocked. So the current state is not killed. How to fix firewall schedule - not killing current states?!

This is what I found in an old thread: https://forum.opnsense.org/index.php?topic=13256.0
but no solution given there, other than a cron job (?)

Is this still an bug in opnsense? I read that the allow and block rule do work on pfsense?

If the solution is a cron job, what command do I have to type to arrange this referring to those aliases?

Thanks for your help in advance!
Deciso DEC850v2
January 28, 2021, 06:52:50 AM #1 Last Edit: January 28, 2021, 07:05:27 AM by Fright
is there "reload filter for configured schedules" records in General log?
AFAICS by design its should run every 15 min with command
Code Select
/usr/bin/logger "reload filter for configured schedules" ; /usr/local/etc/rc.filter_configure
not using schedules but can test when possible
Quotewhat command do I have to type to arrange this referring to those aliases?
it kills sessions by rule sid. not by alias
January 28, 2021, 08:10:15 AM #2
In the general log I see reload filter.
Here is a small selection of the latest:
So the schedule works, only the current states reset isn't (?)

Date
Process
Line
2021-01-28T08:01:00   root[36547]   reload filter for configured schedules   
2021-01-28T07:46:00   root[82242]   reload filter for configured schedules   
2021-01-28T07:31:00   root[96612]   reload filter for configured schedules   
2021-01-28T07:16:00   root[87140]   reload filter for configured schedules   
2021-01-28T07:01:00   root[43718]   reload filter for configured schedules   
2021-01-28T06:46:00   root[86769]   reload filter for configured schedules   
2021-01-28T06:31:00   root[5399]   reload filter for configured schedules   
2021-01-28T06:16:00   root[59498]   reload filter for configured schedules   
2021-01-28T06:01:00   root[79824]   reload filter for configured schedules   
2021-01-28T05:46:00   root[55744]   reload filter for configured schedules   
2021-01-28T05:31:00   root[75225]   reload filter for configured schedules   
2021-01-28T05:16:00   root[5099]   reload filter for configured schedules
Deciso DEC850v2
January 28, 2021, 08:24:35 AM #3 Last Edit: January 28, 2021, 08:26:55 AM by Fright
Hi
Quoteonly the current states reset isn't (?)
it should check rules with schedules, "enable" or "disable" this rules depending on current time and kill states set by "expired" rules if Firewall->Settings->Advanced->ScheduleStates not set
January 28, 2021, 08:28:56 AM #4
I have not selected: Firewall->Settings->Advanced->ScheduleStates not set -> Schedule States is not selected.

maybe YouTube / discord has some sort of buffer? I will do another test to see if it lasts when keeping the connection open voor about 10 min to check this?
Deciso DEC850v2
January 28, 2021, 09:12:06 AM #5
Quotemaybe YouTube / discord has some sort of buffer?
of course, youtube buffering video but not so much by default

share the result please
January 28, 2021, 05:29:56 PM #6
I have just updated the system to OPNsense 21.1
and will do a test and let you know.
Deciso DEC850v2
January 28, 2021, 09:16:36 PM #7
problem solved!
It works. I tested playing YouTube movie on iPhone and on a pc.
For the iPhone it was after the allow schedule endend the YouTube movie kept on playing for about 1 minute.
On the PC the YouTube movie kept on playing for a little bit over 4 minutes but stopped playing also.

my previous test was not long enough apparently to run out of buffer(or it is because of opnsense 21.1 fixed it ;-) ). But I am happy it works as it should. The allow rule followed with a deny rule works.

thanks for your help
Deciso DEC850v2
January 28, 2021, 10:35:15 PM #8
FWIW, I doubt 21.1 did this, but happy you could solve it in any case. :)


Cheers,
Franco
January 29, 2021, 08:16:54 AM #9
thanks for sharing the result
glad it works(ed) like it should )
February 01, 2021, 07:27:20 PM #10
For what it's worth, I'm the author of that other thread you linked to in the opening post and I never to this day have managed to get this to work... other than by hacking a cron job to force clearing states. I've never seen the states flush automatically when a rule expires neither do I know how do debug it. But according to these last comments, maybe there's hope... ;-)
Print
Go Up Pages1
User actions