Scheduled rules not working according to schedule

eskild

Hi,
i'm using 1.2RC2. I have been testing scheduled rules with allowing traffic for a host 00:00 - 16:00. If i start some traffic within this time range it works well, but the traffic is still allowed even after 16:00. If the rule set is reloaded at 16:10, the traffic is blocked. It seems like the rule set is not automatically reloaded when we pass a scheduled time range. Or is it me that is missing something?

This behaviour was seen with 1.2RC1 as well.

Thanks,
Eskild

yoda715

Describe in more detail the rule and associated schedule.

heiko

I have tested the schedules completly with the 1.2rc1 and it works as it should, but maybe i have anything to ignore….

heiko

So, i have tested tonight the schedules with my "test plan" and i cannot find a bug…but i am not perfect...

Any further information of your schedules-szenario would be helpful.....

eskild

Hi, thanks for your feedback. I have created one schedule and one rule using the schedule (see attached images). The traffic for the host is not stopped by pfSense after 16:00 as it should. If i however save the ruleset so the rules are reloaded, the traffic stops as it should. But then the traffic wont start again at 00:00 without manualy loading the ruleset again.

I hope clearifies my problem. If this is working with you then it is obviously something wrong with by boxes.

schedule.png_thumb

rule.png_thumb

heiko

Hello,
i have re-tested you configuration. The Schedules works here….

Do you have all cron-items ? Please Check your config.xml for these section...

<cron><minute>0</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 newsyslog
<minute>1,31</minute>
<hour>0-5</hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 adjkerntz -a
<minute>1</minute>
<hour></hour>
<mday>1</mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh
<minute>/60</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout
<minute>1</minute>
<hour>1</hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /etc/rc.dyndns.update
<minute>/60</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot
<minute>/60</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 1800 snort2c
<minute>/5</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/local/bin/checkreload.sh
<minute>0,15,30,45</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/etc/rc.filter_configure_sync
<minute>/5</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/etc/ping_hosts.sh</cron>

eskild

Hi,
it seems like my config is slightly different than yours. This is the last lines of my config where the schedule part is:

<description>Default OVPN server</description>

<cron><schedules><schedule><name>Buddy</name>
<descr>Block schedule</descr>
<timerange><position>1,2,3,4,5,6,7</position>
<hour>1:00-6:00</hour>
<rangedescr></rangedescr></timerange></schedule>
<schedule><name>Test</name>
<descr><timerange><position>1,2,3,4,5,6,7</position>
<hour>12:00-23:45</hour>
<rangedescr></rangedescr></timerange></descr></schedule></schedules>
<rrd><enable></enable></rrd></cron>

heiko

Hello,
you must have the cron items which i posted!

eskild

This is the only cron item that i have:
<cron>I have searched through the entire config.</cron>

heiko

Ok, i think that´s the problem, please make a backup of your config.xml and paste the cron-item section which i posted into your config.xml.
Make a restore and test it again…
Greetings
heiko

eskild

Thanks, those changes did the job, and scheduling is working perfect.

I have no idea why the cron part was missing, but i have used pfSense since it was in alfa stage and have not installed and configured the system from scratch since the first install.

Thanks again.

heiko

That´s fine, have fun…..

Up to now, i cannot find the bug now and then an update killed the crons...., so i cannot duplicate this behaviour.

Greetings
Heiko

DanielSHaischt

I tried to upgrade from 1.2 BETA3 to RC2 and the cron items did not disappear. Tho I did not setup any schedules. Means I don't know whether this behavior only occurs if upgrading and having setup schedules.

Regards
Daniel S. Haischt

mastrboy

my schedules are not working properly either, i am also missing that cron info from my config file, and /etc/crontab is empty:

SHELL=/bin/sh
PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin
HOME=/var/log
#minute hour    mday    month   wday    who      command
#

I am currently running 1.2-RC4 upgraded from a fresh install of 1.2-RC3

Anyone else still got this issue?

sullrich

You have serious other issues then. /etc/crontab has all kinds of stuff setup by pfSense well beyond schedules no matter what.

I would reinstall.

mastrboy

i did a clean install of 1.2-RC4 and restored my config, here is what happened.

The /etc/crontab was emptied because my backed up config did not contain <cron>entries.

So i had to to a reinstall in a vmware extract the cron entries from the xml file and add them to my current config and then restore the configuration again..

Is this correct behavior by PFsense? to empty the /etc/crontab if you do not have cron entries in your config file?</cron>

heiko

No, you need cron items in your config. Please download and test it with rc5, i cannot duplicate this problem