Policy schedule and active connections

Started by GreenMatter, February 28, 2021, 05:20:19 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 28, 2021, 05:20:19 PM
I use a few policies, one of them is based on time schedule and in theory suppose to affect my kids online gaming  :D .
Problem is that policy doesn't stop active communication - at the time when policy kicks in. For example: Policy starts at 00:00 and when my kids are playing at that time nothing happens. I mean, I can see in logs a few addresses have been blocked but world of tanks is still going on... Only if I reconnect ethernet cable or restart the game, the game is blocked. Otherwise nothing happens.
Is it the way it should work?
OPNsense on:
Intel(R) Xeon(R) E-2278G CPU @ 3.40GHz (4 cores)
8 GB RAM
50 GB HDD
and plenty of vlans ;-)
February 28, 2021, 06:13:58 PM #1
Hi @GreenMatter,

For performance reasons we apply policies during initial phases of the connection establishment (or when we initially spot flows). This is a known side-effect.

We've devised a new way to handle these cases; though awaiting further validation that it does not affect performance.

I've just raised its priority. Hope to have some news soon.
February 28, 2021, 06:32:44 PM #2
Quote from: mb on February 28, 2021, 06:13:58 PM
I've just raised its priority. Hope to have some news soon.
Thanks, what's a timeline to introduce this functionality? Without that schedule based policies doesn't make sense...
OPNsense on:
Intel(R) Xeon(R) E-2278G CPU @ 3.40GHz (4 cores)
8 GB RAM
50 GB HDD
and plenty of vlans ;-)
Print
Go Up Pages1
User actions