Why we need a server restart with any change
-
friends i am very new to this.. yesterday only started my day with PFsense.. question is .. if i am creating any policy .. or blocking or allowing an IP, do you guys think it is realistic to start/ restart the server. in production this is not possible .. and i know i am not discussing something which has not been discussed.. but i want to know if there a better way… as no one would like to loose their downloads or any other important transactions.
or we have a better opensource proxy then PFsence. i want to control my internet usage .. and i am fed up with ISA. plz guide.
-
There is no such need in the first place.
-
you do not need to restart pfsense for such things.. Only thing that requires a restart is the update of the pfsense firmware from say 2.2.x to 2.2.y
packages don't even require reboot.. The only thing that should ever require a reboot is update of pfsense itself. I make firewall changes all the time, even new interfaces and vlans never requires a reboot.
Now if your creating a rule to block, and there as a state already you would have to kill those old states.. Which can be done on per state - just look in the state table for the specific states and kill them.
-
thanks mate..
i was watching a video on you tube and the person did some policies for FB and it didnt worked so he restarted the server itself and it started working. so i just wanted to confirm how pfsense detects new policies and applies it. -
Resetting the states in the state table gives you added piece of mind new rules are in effect.
-
Unfortunately, resetting the states is the same thing as rebooting from a user point of view. Their active sessions will be reset.
-
not if they only reset the connections that would be effected by new rules.
-
…or if the users happened to all be taking a bath...