Solved - Blocking established connections?

Started by pablo, April 29, 2023, 06:47:29 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 29, 2023, 06:47:29 PM Last Edit: April 30, 2023, 12:40:02 AM by pablo
Hi,

I've set up a single, scheduled IP blocking rule on my LAN.  It works for new connections but it does not block an established connection.

I tried with and without Firewall > Settings > Advanced > Schedule States checked.

How would I go about blocking established connections?

I've searched the forum and I didn't get any hits.  It's possible that my searching -fu isn't all that great.  :\

Thx!
pablo
April 29, 2023, 10:51:10 PM #1
Firewall > Diagnostics > States | Actions : Reset state table
But it resets all connections, not just the ones you might want new rules to apply as far as I can see. I think there has been discussion of it in the past but right now is an action on all connections.
April 29, 2023, 11:14:42 PM #2 Last Edit: April 30, 2023, 12:39:40 AM by pablo
Thx!  Any way to make it programmatic?  I suppose I could try a curl/cron from another machine....

Edits

I should have done a better search.  I found how to do it via the CLI:

Code Select
/sbin/pfctl -F state

For others, here's the source of the above and how to automate it:

https://forum.opnsense.org/index.php?topic=10740.0

pablo
Print
Go Up Pages1
User actions