{Complete} Timebased Rules
-
Hello,
1.) What is with time overlaps in the configured ranges?
2.) I have created a passing rule "icmp allowed to WAN" from the schedule 15:30- 15:45. The Rule is created on 15:20 Uhr. At this time no schedule is set on the rule. The Ping is OK. Now, i disabled the Rule (green arrow), nothing happens… Then I kill the states and all works fine.
At 15:25 i change the rule, enabled and a schedule with one configured range from 15:30 to 15:45. Save and all runs fine. At 15:30 +-/ one minute, the schedule runs active, but whe the time is over, nothings happens.
I edit and save the rule without changes, so now time is really over and the ping is dead.....
Greetings
heikoWe reload the rules every 15 minutes from bootup. So it will process the rules at different times depending on when the firewall booted up.
-
OK, so i have a maximum difference time-delay between reality and configured ranges by 15 minutes?
Greetings
heiko -
Currently it is about +5 / -5 depending on bootup. I can look at moving this to cron for finer control if you would like me to.
-
OK, so you can do…. No postings from me for the next 5 minutes... ;D
-
OK, so you can do…. No postings from me for the next 5 minutes... ;D
Alright. I'll work on it in a bit. Beyond this and the bugs that sdale is working on, are there any others? It seems to work rather well.
-
Hello Scott,
very special thanks for this good work!!
I attempt to test this night a few more things. Then i will post back..
Greetings
heiko -
Hello,
sdale: i think in the gui the description field i a duty field, because in the summary you have only three fields, but a description is also important here, look at the screenshot. No Description is strange….
greetings
heiko
-
Hello,
sdale: i think in the gui the description field i a duty field, because in the summary you have only three fields, but a description is also important here, look at the screenshot. No Description is strange….
greetings
heikocurrently the description for each time range will not show on this page. I can change this if you want.
-
Hello Scott,
i think otherwise it is a liite bit confusing without the description. Thanks a lot for the great work.
I am tranquilized, when i stay in russia with my firewalls…...
Greetings
heiko -
- Problem: a couple days brings "grimbelfixe" to the description, when you edit and save a second time
- Problem: when you stay in the schedule maks and have more than one configured range, and you want to edit one, click this and click a second also without saving the first one, uups, then the logic is a little bit confused the a first range disappeared.
I can't duplicate this. Try updating to the latest snapshot in two hours and re test. If you can get the error again, please list what steps you went through to achieve this. Thanks.
I've duplicated it. Will fix shortly. -
I commited changes to reload the rules on 0,15,30,45. Please test the next snapshot in about 1-2 hours.
-
i will test it, give me a day..
-
Monday is also first now. Previous bugs should be fixed now.
-
All known issues should be resolved. Please test and outline any remaining issues.
-
All known issues should be resolved. Please test and outline any remaining issues.
There are a few more logic checks I will implement tomorrow, but the functionality is working.
-
2 More bugs:
Cron was not reloading rules. Now solved.
Using the 'Not' operator in a rule causes it to not load the schedule. For now do not use 'Not' operators in your firewall rules along with a schedule. Now solved.Update to the latest snapshot in an hour and test it out please.
Also please note that due to reworking the gui to display Monday first, you need to recreate all schedules and save them out.
-
Looks like you guys fixed something before I noticed it was going on with the 2 builds I loaded yesterday. Snort was being restarted every 15 minutes whenever the rules were being reloaded. I loaded up the "Thu Mar 29 04:14:59 EDT" build this morning and it looks like you got that sorted. Thanx!
Notice the processor spiking every 15 min has ceased in the attached pic.
Heiko: Thank you for sponsoring this addition to pfSense!
-
BuddhaChu: Don't mention it!
-
Hello Guys,
a few things:
1.) how it works when schedules with time overlaps exists?
2.) a line break also in the configured range would be helpful –> Screenshot
3.) The Description of the "schedule name" is not right, "-;_" kicks me out when i fill this in..
4.) I think the description could be a duty field - Screenshot
5.) "Grimbelfix" when edit/save/edit is OK - it runs
6.) Upps, when i edit a saved schedule and change the name for example from "test123" to "test12345", all rules with the schedule "test123" are not switching to "test12345" but to "none" -- intended ???
7.) it would be fine, when the console menü receives a number with, for example, "deleting all schedules on rule", maybe,maybe
8.) how is the actual condition of cron, timedelay between reloading?
9.) The "schedule name" field is very long, so look at the screenshot, maybe a little bit shorter, a field definition would be good.
10.) Screenshot ; edit a saved range without saving the changes, edit then the next range, so the first one is down the drain, it would be better, i think, when only one range at a time can be modified.
11.) Another problem i think --> see Screenshot ssh.jpg- I have to created a blocking rule like ssh at the top. Without a rule schedule it works fine. Now i create a time range - today 16:45 - to 17:00 -. The time is 16:20 when i put the schedule to the rule. Saved, but nothing happens... On 16:40 i cannot established a ssh session. The Blocking rule i think is only active betwen the timerange, so the default lan rule is active, but i can´t access. The webgui anti-lockout checkbox is active. The "not" operator are not used in this rule.
Can you duplicated this behaviour.
Great work, "Scott´s".
I not known, which timebased-rule-system is better than pfsense´s....., no one, i think
Greetings
heiko
-
1.) how it works when schedules with time overlaps exists?
Every 15 minutes all schedules are re-evaluated. If two schedules overlap it should work continuously and not disturb each other.
2.) a line break also in the configured range would be helpful –> Screenshot
I'm working on this
3.) The Description of the "schedule name" is not right, "-;_" kicks me out when i fill this in..
This has been corrected. Valid names are a-z, A-Z and 0-9
4.) I think the description could be a duty field - Screenshot
Duty field? Can you describe this in more detail? How is this different than what is already there?
5.) "Grimbelfix" when edit/save/edit is OK - it runs
Good to hear :)
6.) Upps, when i edit a saved schedule and change the name for example from "test123" to "test12345", all rules with the schedule "test123" are not switching to "test12345" but to "none" – intended ???
Oops. Fixed.
7.) it would be fine, when the console menü receives a number with, for example, "deleting all schedules on rule", maybe,maybe
Can you elaborate some more on this?
8.) how is the actual condition of cron, timedelay between reloading?
Time delay should be around 30 secs at most, depending on the speed and load of your pfsense box.
9.) The "schedule name" field is very long, so look at the screenshot, maybe a little bit shorter, a field definition would be good.
Fixed.
10.) Screenshot ; edit a saved range without saving the changes, edit then the next range, so the first one is down the drain, it would be better, i think, when only one range at a time can be modified.
Oops, thought I did this already. Done
11.) Another problem i think –> see Screenshot ssh.jpg- I have to created a blocking rule like ssh at the top. Without a rule schedule it works fine. Now i create a time range - today 16:45 - to 17:00 -. The time is 16:20 when i put the schedule to the rule. Saved, but nothing happens... On 16:40 i cannot established a ssh session. The Blocking rule i think is only active betwen the timerange, so the default lan rule is active, but i can´t access. The webgui anti-lockout checkbox is active. The "not" operator are not used in this rule.
Update to the latest snapshot in 2 hours. This should be fixed. Retest and let us know.
I not known, which timebased-rule-system is better than pfsense´s….., no one, i think
I think its fair to say We have the best schedule system now :)