{Complete} Timebased Rules
-
Hello Scott,
what is normal? We can finished it, but in my opinion a test is an extreme test.
Change it or leave it! Your decision!!!Please test blocking rules without schedules. I´am confused of this.
Heiko
Sorry!!
-
I don't understand the problem so it is going to be hard to test. Can you please explain #1 again.
-
Scott,
it is a very simple test.My first test: I create a rule with icmp path to the wan!
2.) i ping- all is OK
3.) i disable the rule, and the ping replys
4.) i delete the rule, and the ping replys
5.) after the delete of the "one" rule, new ping replys and replysSo, before i test a rule with a schedule, at first a i test the normal behaviour….
Please duplicate!
-
I cannot duplicate this. The firewall works as it should without schedules, in fact, we didn't modify the PF rules at all so if an item does not have a schedule then nothing has changed on the backend.
If you are speaking of a rule having an issue with a schedule please run ipfw show from the shell and show what the rules look like.
-
I will test it, i´am disappointed
-
Why are you disappointed?
-
no comment, i will test it
-
I think our language barriers are getting in the way. Is there someone out there that can help translate?
-
Scott,
i think we are finished the project.
Thank you for the the great coding.
heiko -
I am confused, so everything works okay?
-
No, i think it is not working, but you work very well, but i want not a conflict..
-
Nobody is creating a conflict. I just cannot duplicate the problem..
When I permit or deny ICMP traffic on the WAN interface it stops as it should.
-
OK, then it is vmware problem, i think
-
Do you speak german? Please join #pfsenseDE on FreeNODE.
-
I have a feeling that I know what you are testing.
Is this what you did?
ping the wan ip from a client continually (-t on windows)
add icmp allow rule on wan tab
client can now ping the wan
remove the wan icmp rule and apply
client can still ping firewall (pf state exists, you must ctrl-c and ping again or clear states)Where I think the confusion is that I had to do some ipfw mastery to override the pf rules for schedules. And that is the reason why ICMP will be blocked correctly on a schedule. PF rules themselves have not changed so if a state already exists and you remove the rule that session will remain active until it closes or you clear the states on the firewall.
-
Scott,
that´s it. COMPLETELY
-
Good deal. Do you understand now why it works that way? It has always worked that way due to it being a stateful firewall.
In terms of the cosmetic GUI issues, we will look into them.
But at this point is the system working for you? I really need to get 1.2 tagged in CVS and begin the 1.2 beta engineering process.
-
Boh Scott,
yes i do, but we can i test this completley out with schedules on a rule? -
Yes, please test and let me know when you are happy with it.
-
a new snapshot?