Update to 2.2 - killing states not working…
-
Hi friends!
Came back to share an odd experience after updating to 2.2. I have a cron job, killing states for selected IPs after the timed block rule becomes effective. One minute after the the block, cron executes
/sbin/pfctl -k IP
which worked fine until the update (I get an eMail with states every day before and after end of internet time).
The structure of the states table has changed in 2.2 from
source - router - destination (as still indicated in the header of the states table)
to
source - destination
OR
router(source) - destination
and therefore most of the states survive the cron kill job, i.e. all the states noted as
router(source) - destination.
How can I successfully remove these states not killed by my current cron command?
Many thanks in advance.
chemlud
-
If you are talking about Firewall - Schedules? No such cron hacks needed in 2.2
-
But as I see from the states table the "block" firewall rule does not kill the states for the respective IPs. Sorry. I have no scheduled "allow" rule, as I have allowed only a few ports for different IPs and in this setup a scheduled "block" on top of the rules is easier to handle.
Any suggestion how to get rid of these states? pfctl -F state is not really elegant
Kindest regards
chemlud…depressed...
-
Schedule the allow rules, works for me. (I originally reported this bug.)
-
…deeeply depressed, in the meantime...
-
Solved! :-D