Bug: Problem with schedules that go over to the next day
-
mine is setup as a block on the lan.. then above it i have an allow with the schedule chosen.
-
Thanks much for your quick reply ;)
So like this? (Note that the rule below the "Allow Kids During Schedule" rule is disabled):
-
looks good
-
Thanks. BTW do you use Cron to fire off pfctl -k using these rules?
I've been trying for a few days to use allow rules only:
allow kidsgroup during scheduled time
allow !kidsgroup alwaysAfter setting these rules I killed all states for IP's in the kidsgroup...but no dice. I thought the preferred methodology with pfsense 2.3.x was using allow vs. block rules since block rules don't kill states?
Thanks again
PP -
Try this:
Pass kidsgroup schedule
Reject kidsgroup
Pass anyDon't block traffic with pass ! rules.
-
lets not derail the 1min of neither that cannot be in a pass/block schedule
-
@ppmax Sorry I didn't get back to you, I've been very busy that last few days.
I thought the preferred methodology with pfsense 2.3.x was using allow vs. block rules since block rules don't kill states?**
Didn't know this one, going to change to this to see if it helps with the Kill States.
-
There are no states to kill on a scheduled block rule because no states are created by block rules.
When a block rule schedule fires there is no way to know what states to kill.
When you have a scheduled pass rule that expires, all of the states that have been created by that rule are tagged so there is something to key on to kill the states created by that rule when the schedule expires.
-
That makes sense, thank you
-
I've been searching around for the answer to the one minute outage for rule application between 23:59 and 00:00. In my pfSense 2.4.4 setup, I've disabled the default allow all rule and I'm using allow rules for access (based on other guidance I've seen related to states referred to in this post as well). I have two groups of IPs, restricted and unrestricted. I have the restricted group set for 05:00-23:59, 00:00-01:00. The unrestricted group is set for 00:00-23:59. Everything loses access for the one minute between 23:59 and 00:00. Is the only answer to go back to block rules with some sort of cron to kill states (although I've not seen a definitive answer that this will work either)? That seems a bit overly complicated to achieve something so simple. Sorry if this has been solved somewhere. I just haven't been able to find it.
