Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    killing existing (specific) fw states when rule change from disabled to enable

    Scheduled Pinned Locked Moved Firewalling
    statesresetrules
    7 Posts 3 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tlex
      last edited by

      Would it be hard to automate a function that would monitor when a fw rule becomes enable, check the associated ip, and automatically kill the associated fw states (pfctl -k) ? Or is it something that already exist but I don't know how to do it ?

      I know I can get a cron job do something close to that but if that was built-in to the rule creation process (ie a check box to enable this function or not) that would be great...

      I do have some temporarily rules for blocking / unblocking specific traffic during the day that I trigger using PfSense-API (https://github.com/jaredhendrickson13/pfsense-api but if the client already has an established session that wont work unless I reload states (killing other clients established links).

      1 Reply Last reply Reply Quote 0
      • Cool_CoronaC
        Cool_Corona
        last edited by

        What if one could have a time controlled rule that would kill states independently for that rule alone? No human intervention....

        Wouldnt it be awesome if that could be done.

        T 1 Reply Last reply Reply Quote 0
        • T
          tlex @Cool_Corona
          last edited by

          @cool_corona Well this can be done with cron and pfctl -k isn't it ?

          But that's not my case since my rule is not enabled at specific time of the day or any schedule at all, it's really on demand. If I could launch a cron job from pfsense-api that would work but that's not the case yet..

          1 Reply Last reply Reply Quote 0
          • Cool_CoronaC
            Cool_Corona
            last edited by

            f5f8c3a7-6ca6-4280-bd00-9813bbb48e88-billede.png

            And the dropdown in "schedule" is empty (always none).

            T 1 Reply Last reply Reply Quote 0
            • T
              tlex @Cool_Corona
              last edited by

              @cool_corona said in killing existing (specific) fw states when rule change from disabled to enable:

              d the dropdown in "schedule" is empty (always none).

              So, what I'm looking for is that exactly not what I'm looking for :)

              As mentioned, what I'm looking for is the ability to run a specific task when a rule is enabled or disabled. Not a schedule !

              I you want a schedule, go under firewall-> schedule, create your schedule and then go back where you took your screenshot from and assign that schedule :)

              1 Reply Last reply Reply Quote 0
              • S
                Suwithwat
                last edited by

                This post is deleted!
                1 Reply Last reply Reply Quote 0
                • S
                  Suwithwat
                  last edited by

                  This post is deleted!
                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.