A few basic questions about features from a NOOB -
-
Status -> Services shows Cron as up and running
Diagnostics -> Sockets shows only one instance for Cron
Re-installed Cron package, but I still don't see proper functioning, as apparently the states are not killed (pfctl -F state) and the output from eMail reports (performed via Cron jobs) doesn't provide accurate information on the states present.
No idea why…
-
..got an idea why. Question:
In wich directory are the commands executed in the Diagnosics -> Execute Command window of the GUI?
Is it /usr/bin/ ?
That could make my Cron job for killing states work, if I find the right directory to execute the Cron job in…
-
To display the location of your current working directory, enter the command
pwd
The output should look similar to:
/home/user
-
Hey, many thanx!
Apparently it's
/usr/local/www
… I'll try that this evening... :-D
-
Make sure you use the absolute path to all the commands in your cron job. That way it doesn't matter where it's executed from.
Edit: Or, importantly, that the process executing the cron job may not have the same default paths as a shell prompt.Steve
-
Definitely! But at first you have to know the correct absolute path! ;)
-
Stephen is correct always use absolute paths in the scripts.
To find the location of a file, you can run the following command.
find / -name pfctl
-
OK, then it should be /sbin/pfctl … Try this today
What I really don't understand is the problem with the eMail Reports. When I press "Send Now" at the setup page for the respective job everything is fine and the eMail contains the information on the states for the requested IP. But when the Cron runs the respective php script the eMail contains no states at all... tried the /sbin/ path for the eMail Report command, too, let's see if it works... :-D
-
Can you post the commandline?
-
@chemlud:
….
21:00 eMail report for "pfctl -ss | grep 10.XXX.YYY.ZZZ" COMPLETELY EMPTY
...;)
Edit: Crazy, I tried the command (without /sbin/) on another box for a different IP (without a block rule at the firewall tab) and there the Cron-sent eMail Report is correct, including the states info for the requested IP. Dunno what's wrong here…
-
I set that command to run and it emailed thru without issue. I did include " " around the IP address thou.
/sbin/pfctl -ss | grep "10.XXX.YYY.ZZZ"
-
See my edit above, worked for me without the "" for the IP, but not on the box I need the command to work. Unfortunately the eMail Report page of the GUI allows no minutes to be entered, so only every full hour the job can be tested…
To be continued... :-)
Edith:
Cron job with
/sbin/pfctl -k 10.XXX.YYY.ZZZ
1 minute after the block rule WORKED! PAAARTY! 8)
And the eMail Report for
pfctl -ss | grep 10.XXX.YYY.ZZZgave no output, while
/sbin/pfctl -ss | grep 10.XXX.YYY.ZZZ
correctly reported the states!
Problems solved, Block rule works
-
Persistence pays off! ;)
Steve
-
Yeaaaah, but sometimes you simply need the right path, to look for the solution… ;D ;)
-
hello,
Let me thank you for using your "pfctl -k ip & cron" solution to be able to use schedule on pfsense 2.1.5 ( because upgrade to 2.2 failed for me… some packages I use in 2.1.5 did not worked any more on 2.2 ) and now I need help if possible:
question is: how to clear only connections that go ( or come ) to specific destination port, I tried to find on internet some help but no luck.
The problem is that children are playing minecraft all day long if possible and I want to clear only the connection with port 25565 used to go to minecraft servers and not all connection established at the expiration time, in case something important is going on background and of course as you know at scheduling expiration rule is not kill established connection on that port.
Anybody who can help ?
thank you