Keeping some UDP states after rule expires
-
I am having an issue with a scheduled PASS Rule on the LAN tab for one alias, it seems to not flush some UDP states and keeps the connection open.. TCP works as expected. The UDP packets seem to be related to TeamSpeak from the logs (and the fact TS is still working after the scheduled pass expires).
I have been chasing this issue for a while and can't seem to fix it.
I have disabled upnp as well.
Any help greatly appreciated.
-
You might want to monitor your rule in real-time using pfTop (in the Diagnostics menu) set to View "label". Assuming the schedule is active, look for a line in the display that has the label "USER_RULE: xxxx" where xxxx is the label you assigned the rule that runs per that schedule. When the schedule expires, the packet filter process (xinetd) changes the rules so that only the active rules are processed, and the rule will disappear from the pfTop label display.
Assuming you see this, then the remaining rules are letting Teamspeak UDP traffic through…
Plus, you can check the system log. It should show the xinetd process starting a reconfiguration at the time of change. Won't show the rules that are active, but you should have no error messages.
-
Thanks, that's what I have been looking for :)
I will monitor and see what is still passing udp after the next schedule change.