Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to cut connection to wan ?

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 3 Posters 404 Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      mururoa
      last edited by

      Hello,
      I have a rule in firewall/LAN for a given host that block traffic @some hours with a Schedule on the rule.
      It seems to be ok except that it dont cut established communication.
      I guess this is the default behaviour.
      How to modify the rule (in advanced ?) so that when it's activated it cut all current connexions ?

      andrewKA 1 Reply Last reply Reply Quote 0
      • andrewKA Offline
        andrewK @mururoa
        last edited by

        @mururoa - Perhaps looking into entering user values for "State Timeouts" in System > Advanced >Firewall and NAT tab.

        1 Reply Last reply Reply Quote 0
        • J Offline
          jlw52761
          last edited by

          I came across this too and believe it's because the rule only stops new sessions from being created, you would have to somehow close existing states or recycle the session table. I tried to find a way to do this but in the end I just had a cron to kill sessions from the perticular host, using this command:

          pfctl -k host1 -k host2

          I wish there was a better way, but that's all I came up with, and I won't say it's the best or most reliable solution, but much better than rebooting the firewall or killing all sessions and having that nice interruption.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.