Firewall blocking rule + schedule + existing states
-
Hi There
I am struggle to find proper solution,
1. I have created scheduler 7am - 7pm everyday
2. Created Rule blocking all traffic from local interface
3. In advanced options set my schedulerand now - how can i reset existing states? i.e. if I start pinging local inteface IP address before 7pm it still goes through after 7pm, if I turn PC of and start on and start pinging - ping is blocked - good. but how can I start blocking all interface exactly after 7pm?
Doc's says:
_If a new rule was made to block some traffic, but packets still get through, there may be an existing state that is allowing the traffic to pass.To eliminate this as the cause, clear the states (Diagnostics > States, Reset States tab) after altering the rules. If there is an existing state, it will always take precedence over any rules. All of the states may be cleared, or look/filter through the list and find states that apply to the host that will be originating the traffic._
the problem is - if someone starts downloading something it will go after 7pm until download will get finished. I cant go to firewall everynight at 7pm to manually reset the states - how can I programically set it up?
Any ideas are welcome
Thanks!
-
I haven't played with this in awhile but I remember that you have to reverse your thinking and set everything up to block by default, and allow during the schedule time instead of doing it the other way around.
-
Sounds sensible, but once someone start state during positive period state will not be removed until manually close it from router site or PC itself disconnect or reconnect to the router…am I right?
-
I tried - didn't work :/
Looking for another solution…
-
Show what you have done with screencaps of your firewall rule and schedule. I am pretty sure it works. You must have a firewall rule that blocks everything and is linked to your schedule to allow access.
-
Here You are, if You need anything else let me know. It was showing when scheduler was active, the arrow did change the color, but before it start be active I couldnt ping 8.8.8.8 then after 15:00 I could and after 15:15 arrow changed the color again into inactive but my ping was still going on.
-
All solved using scheduler like KOM suggested, Thanks!
I will explain what was wrong in case someone may have simillar issues.
The problem was on hardware site, pfSense was installed on HP server with windows 10 in Hyper-V environment. System was installed on hardware LSI PCI-e Raid controller - 2xHDD mirrored.
When I was playing with firewall and scheduler I was working remotely. Finally after so long time, this morning I realized that webGUI is responding much slower than it should. Every time I clicked "Apply Changes" it was taking sometimes even up to 1 minute. I thought - what is wrong?! So powerful machine (is not only for hyper-v, its also doing few other things) and is lagging like P4 with 512mb ram… :o
So... I connected remotely to the server and I found out in LSI management software that my raid was in degraded state/mode and it was rebuilding itself... ok, fine - that's explain a lot, but not everything... after couple of hours I checked again (it should be done by then) and it starts rebuild itself again... :o :oOK - that was a time to take the things in the hands! - I cloned OS on to SSD drive and I start testing both hdd's on another machine. Test shows that one hdd contain bad-sectors and the only one place for it was... rubbish bin.
OK, what about FW and sheduler ?! - It works stratight away - imediately once I turned it in soonest period, I start ping on another PC and it works after first setup! no ping, then ping for 2 minutes and no ping again without any interaction by me!
I thing because raid was rebuilding; HDDs were not saving data immediately - the info about changes could be buffered somewhere in the memory and didn't take the place until something... and because I was trying for very short and close period it didn't catch the changes - not sure what exactly it was, but on SSD it works like a charm!
I will get another hdd's to get back raid configuration, I will move OS again and in case again something will goes wrong and I will let to know in case it might be some bigger issue
Edit: Spelling correction and other small bits….
-
Nice troubleshooting. I would never have guessed such an issue was the cause of your problems. Thanks for replying with the details of what went wrong for you and how you fixed it.
