Annoying behaviour with 'old' sessions
This is REALLY getting on my nerves as it goes against the whole point of the CP:
'Normal' users, who connect, are redirected to the login page, etc. get the behaviour I expect: Any port access going out, limited bandwidth etc.
'Logged out' users, or users who've timed-out but still have their browser open can carry on surfing (port 80 only) and get UNLIMITED bandwidth.
What am I missing in the config? I have idle time-out at 30 mins, Hard time-out at 0, disabled MAC filtering (in case it was a MAC masquerading issue from the WAPs). It looks like any established:established states will persist regardless!
Got to the bottom of it:
It was a problem with the (cheap) CF card the pfSense was installed on and the Realtek NICs doing the watchdog timeout thing - basically, made a mess of the whole CP behaviour. Have moved to new hardware and all is fine.