Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multi-WAN state clearing

    Routing and Multi WAN
    1
    1
    595
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jdp0418
      last edited by

      I know this is a topic that's been covered a number of times around here, but I am wondering if this could be done better.

      There are already a number of posts about enforcing state clearing when a gateway goes down.  Notably, these 2:
      https://forum.pfsense.org/index.php/topic,65004.msg353454/topicseen.html#msg353454
      https://forum.pfsense.org/index.php/topic,7808.msg46725.html#msg46725

      I am using the "kill all states" script as laid out in those posts; I even posted my own results in one of the discussions.  While it tested well, after using it for several months I have found one shortfall that I am trying to overcome.

      My dual WAN setup is such that WAN1 is favored and WAN2 used only if WAN1 is down (pretty standard).  However, when WAN1 comes back to service, I need to force traffic back to WAN1.  I found that open states over WAN2 would still carry traffic, despite the routing changing back.  While this would eventually clear, the lack of immediate fail back was a problem.  Following in the direction of those posts above, using a script to reset the states, triggered by <afterfilterchangeshellcmd>in config.xml, solved that issue and cleared my states every time the gateway state changed, whether up or down.

      The issue I am having is that since the script "reset_states.sh" triggers off of <afterfilterchangeshellcmd>, it triggers (obviously) every time a change is made in the firewall.  I've tried using the <apingershellcmd>, pointed out in this feature discussion from years ago (https://redmine.pfsense.org/issues/8) but it doesn't do anything to the states when service on a WAN port is restored, only when it goes down.

      Is there a better way to trigger this script?  Rather than on any filter reload, is there a way to tell it to trigger specifically when gateway states change?

      Thanks!</apingershellcmd></afterfilterchangeshellcmd></afterfilterchangeshellcmd>

      1 Reply Last reply Reply Quote 0
      • First post
        Last post