Update to 2.2 - killing states not working…


  • Banned

    Hi friends!

    Came back to share an odd experience after updating to 2.2. I have a cron job, killing states for selected IPs after the timed block rule becomes effective. One minute after the the block, cron executes

    /sbin/pfctl -k IP

    which worked fine until the update (I get an eMail with states every day before and after end of internet time).

    The structure of the states table has changed in 2.2 from

    source - router - destination (as still indicated in the header of the states table)

    to

    source - destination

    OR

    router(source) - destination

    and therefore most of the states survive the cron kill job, i.e. all the states noted as

    router(source) - destination.

    How can I successfully remove these states not killed by my current cron command?

    Many thanks in advance.

    chemlud


  • Banned

    If you are talking about Firewall - Schedules? No such cron hacks needed in 2.2


  • Banned

    But as I see from the states table the "block" firewall rule does not kill the states for the respective IPs. Sorry. I have no scheduled "allow" rule, as I have allowed only a few ports for different IPs and in this setup a scheduled "block" on top of the rules is easier to handle.

    Any suggestion how to get rid of these states? pfctl -F state is not really elegant

    Kindest regards

    chemlud…depressed...


  • Banned

    Schedule the allow rules, works for me. (I originally reported this bug.)


  • Banned

    …deeeply depressed, in the meantime...


  • Banned

    Solved! :-D