killing existing (specific) fw states when rule change from disabled to enable
-
Would it be hard to automate a function that would monitor when a fw rule becomes enable, check the associated ip, and automatically kill the associated fw states (pfctl -k) ? Or is it something that already exist but I don't know how to do it ?
I know I can get a cron job do something close to that but if that was built-in to the rule creation process (ie a check box to enable this function or not) that would be great...
I do have some temporarily rules for blocking / unblocking specific traffic during the day that I trigger using PfSense-API (https://github.com/jaredhendrickson13/pfsense-api but if the client already has an established session that wont work unless I reload states (killing other clients established links).
-
What if one could have a time controlled rule that would kill states independently for that rule alone? No human intervention....
Wouldnt it be awesome if that could be done.
-
@cool_corona Well this can be done with cron and pfctl -k isn't it ?
But that's not my case since my rule is not enabled at specific time of the day or any schedule at all, it's really on demand. If I could launch a cron job from pfsense-api that would work but that's not the case yet..
-
And the dropdown in "schedule" is empty (always none).
-
@cool_corona said in killing existing (specific) fw states when rule change from disabled to enable:
d the dropdown in "schedule" is empty (always none).
So, what I'm looking for is that exactly not what I'm looking for :)
As mentioned, what I'm looking for is the ability to run a specific task when a rule is enabled or disabled. Not a schedule !
I you want a schedule, go under firewall-> schedule, create your schedule and then go back where you took your screenshot from and assign that schedule :)
-
This post is deleted! -
This post is deleted!