Scheduled rules and existing connections

  • I have a query regarding shceduled rules and existing connections.  I have a rule configured to allow connections to a number of services during a specified time period, for example over a lunch period.

    The schedule works correctly, but I have noticed that any connections established during this allowed period remain active (unless closed by the client application).  This has the effect of any large client updates running during the allowed period will overrun and continue updating into the period where new connections would be dissallowed.

    Has anyone else experienced this and is there a way to prevent this happening, short of manually resetting the states table.

  • Afaik there is a cronjob which runs every 15 minutes to kill still existing states which are no longer valid.
    You could probably decrease the time of this cronjob to kill invalidated states faster.

  • Although the connections in question have now ended, I would imagine their  state would be ESTABLISHED and as such would probably not be cleared by the cronjob.

  • Even if they are established, they should be killed.
    This is the original thread where the functionality of schedules was added:,3969.0.html

    Here a short description of how and when states are killed:,3969.msg25867.html#msg25867

  • Just trying to see if my rules are being refreshed by cron, but they don't seem to be refreshed.

    I've just upgraded to v1.2.3 release and the rules still don't seem to be refreshed.  My crontab reads:

    0      *      *      *      *      root    /usr/bin/nice -n20 newsyslog
    1,31    0-5    *      *      *      root    /usr/bin/nice -n20 adjkerntz -a
    1      3      1      *      *      root    /usr/bin/nice -n20 /etc/
    */60    *      *      *      *      root    /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout
    1      1      *      *      *      root    /usr/bin/nice -n20 /etc/rc.dyndns.update
    */60    *      *      *      *      root    /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot
    */60    *      *      *      *      root    /usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c
    */5    *      *      *      *      root    /usr/local/bin/
    */5    *      *      *      *      root    /etc/
    */140  *      *      *      *      root    /usr/local/sbin/
    0,15,30,45      *      *      *      *      root    /etc/rc.filter_configure_sync
    0      0      *      *      *      root    /usr/local/sbin/squid -k rotate
    */60    *      *      *      *      root    /usr/bin/perl /usr/local/www/lightsquid/ today

    Any thoughts?

Log in to reply