PfSense 2.0-RC1 Scheduling block behavior
-
Hi!
I just installed pfSense 2.0-RC1 (1386 built on Mon Apr 18 23:29:41 EDT 2011) and as a non profit TV broadcast channel (we broadcast for Universities here in Montreal), i have to block our streaming server during a schedule due to restrictions with licence for some broadcasts.
I read the documentation and implemented the schedule and associated with a block rule. As i read on the forum, when the scheduled block kick off, it won't cut any stream that was already there. This is not correct behavior in our case. Somebody said it this forum to use a pass rule instead, as we broadcast 24/7/365, it is not feasible. Another guy said he put a cron job that issues pfctl -F to reset all the states. It would be acceptable in our case.
I'm writing to this forum to suggest an idea that would benefit pfSense: Why don't add a "command" line to schedule items that pfSense would run when the schedule kick in? And, while speaking of that, why don't add a clickable "reset PF"?
If anybody has another solution to our problem, it would save us a lot of work.
Thanks!
-
Replying to myself, i would add that it would be nice to have a choice of schedule behavoir: The way it was implemented in 1.23 or the new way.
-
In 1.2.3 the rule flipped behaviors during the in-schedule and out-schedule times, on 2.0 the rule acts as though it's not there. Just add a rule immediately below it that is always active (no schedule) with the same parameters, and the opposing action (pass/block) and it should do what you want.
The old behavior was confusing and not very flexible, I doubt you'd find many people who would want to bring it back. Especially since it can be replicated as described above.
-
Finally, the new scheduling in pfSense 2.0 worked as expected. I don't know why, it wasn't resetting states when schedule time was starting. I saw an option in setting Settings / Advanced / Miscellaneous: "Schedule States" which was set as the default "clear the states of existing connections when expiry time has come". The setting was right for my application but didn't seem to work when we did our tests. We didn't change settings but installed the latest patch and it works.