Multi-WAN state clearing
I know this is a topic that's been covered a number of times around here, but I am wondering if this could be done better.
There are already a number of posts about enforcing state clearing when a gateway goes down. Notably, these 2:
I am using the "kill all states" script as laid out in those posts; I even posted my own results in one of the discussions. While it tested well, after using it for several months I have found one shortfall that I am trying to overcome.
My dual WAN setup is such that WAN1 is favored and WAN2 used only if WAN1 is down (pretty standard). However, when WAN1 comes back to service, I need to force traffic back to WAN1. I found that open states over WAN2 would still carry traffic, despite the routing changing back. While this would eventually clear, the lack of immediate fail back was a problem. Following in the direction of those posts above, using a script to reset the states, triggered by <afterfilterchangeshellcmd>in config.xml, solved that issue and cleared my states every time the gateway state changed, whether up or down.
The issue I am having is that since the script "reset_states.sh" triggers off of <afterfilterchangeshellcmd>, it triggers (obviously) every time a change is made in the firewall. I've tried using the <apingershellcmd>, pointed out in this feature discussion from years ago (https://redmine.pfsense.org/issues/8) but it doesn't do anything to the states when service on a WAN port is restored, only when it goes down.
Is there a better way to trigger this script? Rather than on any filter reload, is there a way to tell it to trigger specifically when gateway states change?