{Complete} Timebased Rules

heiko · Apr 1, 2007, 11:39 AM

Hello,
sorry for the misunderstandings about the fw states. I have tested it with two schedules, because (scotts posting) the first schedules becomes up only after a reboot.

1.) I created two schedules
2.) I created one rule to permit icmp to WAN with one schedule (activ 12:45 to 13:00)
3.) At 12:45, sorry nothing happens, no ping replys, at 12:51 i edited and saved manually the schedule for a second time, and it rock´s , hm
4.) The same behaviour if i edited and saved the icmp rule a second time.
5.) At 13:00 nothing happens, at 13:10 i edited and saved the schedule a second time manually, the ping is killed directly

This is not a April Fool's joke!

I think it will work, but only when i edit and save a schedule or the special schedule-rule for a second time! I suppose so.

Can you duplicate this? I´m blessed if i know.

In german:

Hallo,
entschuldigung für die Missverständnisse bzgl. der firewall states. Ich habe es mit 2 schedules getestet (scotts posting), weil der erste Zeitplan nur nach einem Neustart aktiv wird.

1.) Ich habe zwei Zeitpläne erstellt
2.) Ich habe eine Regel mit einem Zeitplan (aktiv 12:45 bis 13:00) erstellt, die ICMP Traffic zum WAN Interface erlaubt.
3.) Um 12:45, entschuldigung, nichts passiert. Keine Ping Antwort, um 12:51 habe ich manuell den zeitplan ein zweites mal gespeichert, und es läuft..
4.) Das gleiche Verhalten war beim zweitenmal abspeichern der ICMP Regel
5.) Um 13:00, nichts passiert, um 13:10 habe ich den Zeitplan ein zweites Mal manuell abgespeichert. Der Ping ist sofort gekillt.

Das ist kein Aprilscherz

Ich denke es wird funktionieren, aber nur wenn ich ein zweites Mal den Zeitplan oder die entsprechende Zeitplan-Regel editiere und speichere. Ich vermute es!

Könnt Ihr das nachstellen?Ich weiß es wirklich nicht.

sullrich · Apr 1, 2007, 5:26 PM

Please try creating schedules at least 30 minutes apart. If these work then I have a hunch of what is going on.

heiko · Apr 1, 2007, 5:59 PM

i will test it

heiko · Apr 1, 2007, 7:04 PM

It is not working.

The Test:

first i created 2 schedules with 30 min. apart –> Screenshot
i created a blocking rule to block icmp traffic to www.heise.de without a schedule. I saved it and it works, no ping replys, i disabled the rule and reset the states, the ping reply and all was good....!
Then i edited this blocking rule and choose a schedule - the activate time were not reached -, so the ping should be answered, but nothing happens. Here i waited for 20 minutes, but alsio nothing happens.
I edited and saved the schedule and rule a second time, but also nothing happens...
The Test Box is a real box not a virtual machine

I capitulate, in my opinion, anywhere is a "bug".
Please duplicate.
Greetings
Heiko

heiko · Apr 1, 2007, 10:19 PM

Morning i am in irc with hoba again.
greetings heiko

Then i post it back or hoba

heiko · Apr 2, 2007, 9:03 PM

Sdale: thanks for the really pretty gui. It looks now fine

sullrich · Apr 3, 2007, 12:08 AM

Please test a new snapshot about 2 hours from now.

Thanks to Hoba for translating.

heiko · Apr 3, 2007, 9:20 AM

i´m tired ;D

i will test it in a few hours, i´m taking with hoba tonight in irc…..

heiko · Apr 3, 2007, 11:29 AM

Hello sdale,
look at the screenshot. I think a "missing text" is in the notification…

I don´t know. Can you duplicate this behaiour?

1.) I have a schedule on the rule.
2.) If i edit and save the rule and change the schedule to "none"
3.) I´m going immediate to the schedules, delete the schedule.
4.) The schedule is away. OK, but the notifaction above comes up...

Thanks

heiko · Apr 3, 2007, 12:28 PM

Hello Scott,
sorry, sorry, sorry, it runs not for me. I think, we need tonnight another IRC-session and a dry wine. ;) The behaviour is same as yesterday. Before the test, i updated to the newest snapshot.

yoda715 · Apr 3, 2007, 6:19 PM

@heiko:

Hello sdale,
look at the screenshot. I think a "missing text" is in the notification…

I don´t know. Can you duplicate this behaiour?

1.) I have a schedule on the rule.
2.) If i edit and save the rule and change the schedule to "none"
3.) I´m going immediate to the schedules, delete the schedule.
4.) The schedule is away. OK, but the notifaction above comes up...

Thanks

Put a description in the firewall rule and it should show.

heiko · Apr 3, 2007, 6:28 PM

Ah yes, superb

heiko · Apr 3, 2007, 6:32 PM

OK, that runs, the rule description says (not parsed). Would it be better with "parsed for schedules" ?

sullrich · Apr 3, 2007, 6:33 PM

The description is for the firewall operator only. Nowhere do we use that data besides displaying it for the firewall operator.

heiko · Apr 3, 2007, 6:36 PM

Thanks scott

heiko · Apr 4, 2007, 9:42 AM

Hello guys,
a cracking good story :D. At first, thanks for all. I made a "short" test at the morning, and the blocking rule roooooooccccccksssss…. :D :D :D :D :D :D :D :D :D

Today-Tonight, i will a make a complete test. I think, i meets HOBA tonight in irc and we can discuss the outcomes.

Thanks, Thanks all of the pfsense Coding and Testingteam!!!

Heiko

heiko · Apr 4, 2007, 7:07 PM

Hello Scott,
now i am testing, we have a few problems with multiple rules in the rulebase, i think. When i meets HOBA in IRC we discuss the problem….
Greetings
heiko

heiko · Apr 5, 2007, 9:19 AM

Hello Scott´s, Hello hoba (have fun with the goodie!)
Yesterday the test with multiple rules in the rulebase was successful. I´m very happy about this, but to be on the safe side, i needed a final test tonight, so if this succeeds, we can knock it out…..:D
Greetings
heiko

heiko · Apr 5, 2007, 7:55 PM

Hello,
many many thanks.

Now, it it finished. My final test was successful, we can knock it out….

Great Job, Scott, Scott and Hoba and all the other people from the pfsense team

I think, it is a killer feature for the business. In a few days a write a tutorial with wink,

Thanks a lot
Heiko

-->Scott, now we can arrange the portknocking feature :).

sullrich · Apr 5, 2007, 8:02 PM

Yay! Sounds good.