{Complete} Timebased Rules
-
Fine! Let´s go….
-
Okay, we just put the finishing touches on the time based rule system and my initial tests are positive.
The client gets cutoff correctly at the correct time.
Please test the holy beep outta this and report back.
Snapshots are building. Should be ready about 1-2 hours after this post.
Thanks!
-
Everyone please take a sledge hammer to these timed based rules. If you find a bug please report as much detail as possible.
We are still determining how we will display the schedules under the firewall_rules.php page. More to come on that soon. But for now, the rules are active when the current time of the firewall matches the specified ranges in the applied schedule(s).
-
Ok, you asked for it! /me pulls out sledgehammer
Issue #1 (text only)
Time minute input error dialog doesn't match the text below the time text boxes in the Time section (Dialog mentions "59" is allowed, webpage text doesn't)Fix: Synchronize text between both places to what is actually correct.
Issue #2 (text only)
Error text (in red at top of page) returned when a Schedule Name has a space in it states:"The schedule name may only consist of the characters a-z, A-Z, 0-9, -, _"
The text below the text input box states: "The name of the alias may only consist of the characters a-z, A-Z and 0-9"
Fix: Synchronize text between both place to what is actually correct. Adding a name with a dash or underscore triggers the error text so I assume those aren't allowed and what is under the text input box is actually the most correct.
Issue #3: Receive errors in log when after associating time schedule to a rule then applying that change. Errors confirmed after trying to add a new time schedule to a rule.
php: : There were error(s) loading the rules: /tmp/qwanRoot.rules:10: syntax error pfctl: Syntax error in config file: pf rules not loaded pfctl: load anchors - The line in question reads [10]: set loginterface xl2 php: : New alert found: There were error(s) loading the rules: /tmp/qwanRoot.rules:10: syntax error pfctl: Syntax error in config file: pf rules not loaded pfctl: load anchors The line in question reads [10]: set loginterface xl2Suggestion: Please add a "no spaces" hint to the "Schedule name" section. Even though a space isn't in the range "a-z, A-Z and 0-9", I'm a little more dense that most techies, so I need some help.
Workflow/Webpage ergonomics: I keep trying to add my info then hit the Save button at the bottom. After puzzling about that I noticed the "Add Time" button to add different time slices to the schedule. My suggestion would be to consider adding a little more text to the error text "The schedule must have at least one time range configured"…possibly "did you Add your time range to the schedule with the "Add Time" button" or something to that effect. Too wordy, I know...but I hope you can see what I'm suggesting..a small hint.
Longtime ClarkConnect alpha/beta tester, now pfSense newbie (6 weeks and counting) :D
-
Since I can't get the rules to load with a schedule associated with it, I can't test this so I'll ask it here…
If a client on the LAN is using Squid in either normal or transparent mode, will they be able to surf the internet even if I have a rule in place to block them? (This was an issue in ClarkConnect at one time when using the Squid proxy bypassed firewall block rules)
Now that I re-read this, it isn't really a time-based rule question. But, I'll leave it anyways and you can call me "stupid". :\
-
#3 fixed now. Thanks!
#1 and #2 are being fixed as I type this.
-
Since I can't get the rules to load with a schedule associated with it, I can't test this so I'll ask it here…
If a client on the LAN is using Squid in either normal or transparent mode, will they be able to surf the internet even if I have a rule in place to block them? (This was an issue in ClarkConnect at one time when using the Squid proxy bypassed firewall block rules)
Good question. You'll have to test and let us know :)
-
Suggestion: If the rules are limited to only 5 minute ranges allowed (00, 15, 30, 45, & 59), wouldn't a drop box be better then a text input box? This would eliminate input errors. Same for the hour section.
I don't know if that fits into the pfSense "style" or not.
-
Suggestion: If the rules are limited to only 5 minute ranges allowed (00, 15, 30, 45, & 59), wouldn't a drop box be better then a text input box? This would eliminate input errors. Same for the hour section.
I don't know if that fits into the pfSense "style" or not.
Yes, very good idea. We'll look into it.
-
After looking at the code in firewall_schedule_edit.php there looks to be a typo on line 581 ("td.innerHTML=" twice @ beginning of the line)
td.innerHTML=td.innerHTML="
-
I'm full of suggestions tonight…
If you get rid of both the hour and minute text boxes and replaced them with one drop down box you could eliminate both the checkKeyEntry() and checkTimeLimits() Javascript functions. Yes, the drop box would have 97 entries, but I think it would be worth it.
The way that's done in ClarkConnect is to build the < option value ="00:15" >00:15< /option > entries with two loops.
Pseudo code (I haven't coded in PHP since early 2003)
Hour loop - loop from 0 to 23
Minute loop - loop from 0 to 45
If hour= 0 then
Add a zero to the hour in the < option > entry (i.e. "00") $hour . "0:" . $minute
Elseif minute = 0
Add a zero to the minute in the < option > entry (i.e. "00") $hour . ":0" . $minute
Else
Output hour:minute to < option > entry
End if
Return minute loop
Return hour loop
Add < option > for 23:59I hope I'm helping, not hindering when making these suggestions.
-
Reloaded with the 3-27 snapshot (built after issue #3 above was fixed). Something happened and now the Schedule column is missing for the two rules that are added with a checkbox (Block private & bogon networks).
-
Reloaded with the 3-27 snapshot (built after issue #3 above was fixed). Something happened and now the Schedule column is missing for the two rules that are added with a checkbox (Block private & bogon networks).
That should be fixed. Please try most recent snapshot.
-
Reloaded with the 3-27 snap with a timestamp of 2007-Mar-27 23:23:10 and the issue is still there.
The whole < td >< /td > section is missing for the Schedule column. See attached pic for the HTML code relating to that page.
-
Not sure if the snapshot server is broken, but the latest sources show me:
-
Reloaded with the 3-27 snapshot (built after issue #3 above was fixed). Something happened and now the Schedule column is missing for the two rules that are added with a checkbox (Block private & bogon networks).
I've duplicated this. Will fix shortly.
-
Good Morning,
i will test it in a few hours. Thanks
Greetings from Germany
heiko -
Reloaded with the 3-27 snap with a timestamp of 2007-Mar-27 23:23:10 and the issue is still there.
The whole < td >< /td > section is missing for the Schedule column. See attached pic for the HTML code relating to that page.
Fixed now.
-
Hi,
this looks like a really niceaddition, thanks to all involved (the programmers as well as the person paying the bill).
I'm not sure how to test this, but do you have any ideas what will happen if a rule is scheduled for a time that doesn't exist?
I'm refering to daylight saving time.
What happens if something should be disabled at 2:30am every Sunday night, but there is no 2:30 on one Sunday a year?
Also the other way, if a rule is only active between 2am and 2:30am on Sundays, will it be active twice when the extra hour is added?As I'm not paying for it, so I'm not asking for a special way to handle this, all I would like to know is what is the intendet way daylight saving will be handled?
Thanks for a cool addition to a cool firewall product,
Christian
-
Confirmed the missing schedule column is fixed.
sdale: Nice fix for not hitting the "Add Time" button on the schedule page. Even though I'm familiar with the interface now, I forgot to hit the Add Time button and the msgbox dialog helped me out.