Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
Op sense any better at blocking steam on schedule?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Op sense any better at blocking steam on schedule? (Read 8350 times)
cableguy187
Newbie
Posts: 18
Karma: 0
Op sense any better at blocking steam on schedule?
«
on:
August 18, 2017, 02:20:26 pm »
I am currently using pfsense and can't get the scheduled blocks to work reliably..
The scheduled block leaves the UDP state intact, even with a scheduled cron task to manually kill the state for the associated host.
The only way to fix is manually clearing the states or reboot the reputed, which both are not ideal.
Has anyone successfully blocked Steam gaming on a schedule with opnsense?
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Op sense any better at blocking steam on schedule?
«
Reply #1 on:
August 18, 2017, 09:37:02 pm »
This is how pf works. Packets which belong to an active connection are not evaluated and are passed directly (for performance reasons), for new connections the rules are evaluated. If you really want to avoid this behaviour, you have to disable state tracking for this rule but this will make pf a simple packet filter (you will loose all the advantages of a stateful firewall). Note that this is discouraged.
Logged
cableguy187
Newbie
Posts: 18
Karma: 0
Re: Op sense any better at blocking steam on schedule?
«
Reply #2 on:
August 28, 2017, 01:37:43 pm »
So, if you were to implement a schedule to drop/block all traffic to a specific host, what method would work reliably with opnsense?
Could you reroute DNS to a bogus address?
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Op sense any better at blocking steam on schedule?
«
Reply #3 on:
August 28, 2017, 01:42:31 pm »
Under Firewall: Settings: Advanced there is a checkbox "Schedule States" which states "By default schedules clear the states of existing connections when the expiration time has come. This option overrides that behavior by not clearing states for existing connections."
Does that not work as intended in a particular circumstance? If so, which version would be helpful.
Cheers,
Franco
Logged
cableguy187
Newbie
Posts: 18
Karma: 0
Re: Op sense any better at blocking steam on schedule?
«
Reply #4 on:
August 28, 2017, 02:12:36 pm »
It does not work reliably on pfsense. Before I switch to opnsense, I was hoping to confirm this feature to be operational or find another working solution to block all internet access (and kill all current connections when schedule is in effect).
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Op sense any better at blocking steam on schedule?
«
Reply #5 on:
August 28, 2017, 02:30:44 pm »
We do have FreeBSD 11.0 and no bug report in that area in 2017. I would expect it to work, unless you found an edge case that pf(4) doesn't know how to clear in which case FreeBSD would be affected in general. Either way, not sure if you'll find out without trying it.
There is a live mode in our images so you don't have to fear wiping your install...
Cheers,
Franco
Logged
cableguy187
Newbie
Posts: 18
Karma: 0
Re: Op sense any better at blocking steam on schedule?
«
Reply #6 on:
September 02, 2017, 03:49:06 am »
Thanks, I have a PC Engines APU2. Is this well supported for Opnsense?
Also, is Cron an available plugin?
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Op sense any better at blocking steam on schedule?
«
Reply #7 on:
September 02, 2017, 08:01:58 am »
Quote from: cableguy187 on September 02, 2017, 03:49:06 am
Also, is Cron an available plugin?
No, it's in core.
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Op sense any better at blocking steam on schedule?
«
Reply #8 on:
September 02, 2017, 11:15:08 am »
With the caveat of cron not being fully editable (arbitrary commands from the GUI), you need to add your services to the backend:
https://docs.opnsense.org/development/backend/configd.html
When you have added your own commands to configd, and use the "description:" label, they will show up in the cron GUI.
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
Op sense any better at blocking steam on schedule?