Interrupt connections programatically
-
Does the schedule icon change colour, when you think it should?
-
@NogBadTheBad It's currently yellow. yes. At 2pm it should turn green.
-
@NogBadTheBad The reject and pass rules work as expected, with the exception of pre-existing connections. New connections are blocked, but any connections that were started and maintained during a pass schedule window are allowed to continue.
-
@victropolis said in Interrupt connections programatically:
@NogBadTheBad The reject and pass rules work as expected, with the exception of pre-existing connections. New connections are blocked, but any connections that were started and maintained during a pass schedule window are allowed to continue.
Yep, that's the nature of a stateful firewall, like pfsense. The options of using pass or block to make it behave like you (and me sometimes) want, simply don't work like what we expect. It is what it is...
https://www.cybrary.it/0p3n/stateful-vs-stateless-firewalls/
Jeff
-
Now that I think about this again, how are your "kids" connecting to your network? Are they all wireless, like ipads, phones, etc.?
You mention iOS if one of your earlier posts, does that mean they are all mobile?
If you have the right gear, you could set your wifi to actually turn off at your designated times. That would be easier than banging your head against the wall with firewall rules and schedules that don't work like you're expecting. As an example of this, I've got Ubiquity access points at work. I have programmed them to shut off the "guest" wifi network at night, when no guests are physically in the building. Therefore, no wifi shenanigans going on after hours. You could do something similar, again, if you have gear that supports this.
Jeff
-
@akuma1x said in Interrupt connections programatically:
https://www.cybrary.it/0p3n/stateful-vs-stateless-firewalls/
Then they shouldn't say that "By default, when a schedule expires, connections permitted by that schedule are killed. This option overrides that behavior by not clearing states for existing connections"
-
@akuma1x the wifi router is behind the pfSense firewall and all devices behind the pfSense firewall get their IP addresses and DNS from the pfSense firewall. The issue I'm talking about is specifically pertaining to devices that do not have mobile data connections, such as iPads without 3G or LTE.
-
@victropolis said in Interrupt connections programatically:
@akuma1x the wifi router is behind the pfSense firewall and all devices behind the pfSense firewall get their IP addresses and DNS from the pfSense firewall. The issue I'm talking about is specifically pertaining to devices that do not have mobile data connections, such as iPads without 3G or LTE.
What port is connected on the Wi-Fi router to pfSense ?
-
@NogBadTheBad where can I find that?
-
Old news, check existing bugs before you create a new ticket: https://redmine.pfsense.org/issues/8820
-
-
@victropolis said in Interrupt connections programatically:
@NogBadTheBad where can I find that?
What IP address does your LAN interface have and what IP address are the WiFi clients getting.
If you use a WiFi router and connect the WAN port to pfSense LAN everything will be nated.
-
@NogBadTheBad 192.168.1.1 is the IP of the pfSense. 192.168.1.2 is the IP of the wifi router. Everything else is 192.168.1.*
