Firewall rule schedule problem
-
Every time I look at this, it works for me.
I just set up a scheduled rule to pass from my workstation to an ssh host ending at 01:59.
Established two ssh sessions to that host and started a top in each.
Went about my business…
Session 1:
top - 01:59:58 up 53 days, 5:10, 5 users, load average: 0.03, 0.06, 0.07
Tasks: 151 total, 1 running, 150 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.2%us, 0.2%sy, 0.0%ni, 99.7%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 3875144k total, 3191288k used, 683856k free, 247136k buffers
Swap: 4194300k total, 4k used, 4194296k free, 2473136k cached
packet_write_wait: Connection to 172.22.81.8: Broken pipeNote the time, and the state cleared, connection closed.
Session 2:
top - 01:59:58 up 53 days, 5:10, 5 users, load average: 0.03, 0.06, 0.07
Tasks: 151 total, 1 running, 150 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.3%us, 0.2%sy, 0.0%ni, 99.5%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 3875144k total, 3191288k used, 683856k free, 247136k buffers
Swap: 4194300k total, 4k used, 4194296k free, 2473136k cached
packet_write_wait: Connection to 172.22.81.8: Broken pipeNote the time, and the state cleared. Connection closed.
Every time someone says it doesn't work and I try it, it works. More details needed.
-
Hmmm I would like to apologize for having a hard time interpreting that output.
I'm a newbie and I don't really understand what part I'm supposed to notice.
But anyway, I think I've mentioned that IP blocking and pass rules work perfectly for Facebook, but not port blocking for the game/s.If it's not too much to ask, could anyone at least try the same config and test it on their device/s to see if it would work flawlessly? That would be a big help.
-
Hmmm I would like to apologize for having a hard time interpreting that output.
I'm a newbie and I don't really understand what part I'm supposed to notice.
But anyway, I think I've mentioned that IP blocking and pass rules work perfectly for Facebook, but not port blocking for the game/s.If it's not too much to ask, could anyone at least try the same config and test it on their device/s to see if it would work flawlessly? That would be a big help.
Derelict did a similar config, simply to another port (ssh). What you need to notice in his output is the timestamps. He says his pass rule end time is 01:59, the timestamp is 01:59:58 and the Broken Pipe message. He had the pass rule running then ssh'd into a remote machine (equivalent of you starting a game session), then ran top (equivalent of you playing the game). When the pass rule timed out at 01:59, his ssh connections were dropped, there is typically a little bit of a lag between the socket closing and the Broken Pipe message (the broken pipe is showing up as an error on the write to the socket).
So he did exactly what you did, just used a different "game" (ssh) and different dest port.
It would be difficult for anyone to try the same config since a proper test would require use of the same game; google around for something like "ports used by CoC…" may give more information about what needs to be blocked. I keep going back to your statement about "existing connections are not dropped but new connections are not allowed". To me that starts to feel like different ports getting used. It's possible that the game traffic may actually be on a different stream, say a multicast stream instead of unicast.
Raw packet captures on the LAN side of the pfSense box (tcpdump or through the pfSense Web interface) tells you what is actually going through the interface, pull them off pfSense and look at them with wireshark on a different box. It may be a little tedious, but you'll be guaranteed to "know" what traffic is there.
