Firewall scheduling weirdness

valnar · Apr 26, 2010, 11:19 PM

I have setup a block in a LAN firewall rule to block certain IP's during the day and setup a schedule for that time period and applied it to the FW rule. It does not work unless I reboot the firewall. Is there a known bug? This is on an ALIX with the 1.2.3 nanobsd version.

jimp · Apr 27, 2010, 12:32 PM

You need not reboot to make it work, but it won't disconnect any active connections that exist when you add the rule until you clear the states (Diagnostics > States, Reset States tab)

valnar · Apr 27, 2010, 1:33 PM

@jimp:

You need not reboot to make it work, but it won't disconnect any active connections that exist when you add the rule until you clear the states (Diagnostics > States, Reset States tab)

OK thanks. Can it hard disconnect the states when the rule takes affect? (I want it to, otherwise my daughter's FB connection would stay up indefinitely!)

jimp · Apr 27, 2010, 2:24 PM

Yes, it should disconnect active sessions when the rule schedule is in effect (or stops taking effect, depending on if you did a pass/block), but IIRC there is a difference in reloading the rules and the rule going into/out of its scheduled time.