After a disastrous weekend of confusing issues, some of which were self-inflicted, some which were due to an upgrade that didn't seem to properly "take", I've decided to start clean.
I chose Beta1, 06-10-2010, clean fresh nanobsd install to a formatted CF card.
Here's the confusing thing: I have a LAN rule that I created that shuts down outbound from my daughter's IP address to the WAN, and a corresponding WAN rule that does the same. It's set up for "any" protocol.
My daughter is on skype, and she talks right through it. She doesn't get blocked out.
There's a new setting that I noticed on "System: Advanced: Miscellaneous", called "Schedule States". Or at least this is the first I noticed it!
It is unchecked, and the description says "By default schedules clear the states of existing connections when expiry time has come. This option allows to override this setting by not clearing states for existing connections."
But it's plain that only new connections are affected by this rule, Skype continues to blast right through it. If I manually reset the states associated with her IP address, then she's off.
Am I expecting too much from this? She used to not use skype, maybe her old apps (mostly ichat) were just expiring more quickly on their own?
Here is the rule set from /tmp/rules.debug (with the IP address of my gateway obfuscated as 126.96.36.199)
block return in quick on $WAN reply-to ( vr1 188.8.131.52 ) from any to $kids schedule "4c2030d0d3628" label "USER_RULE: inbound block"
block return in quick on $LAN from $kids to any schedule "4c2030d0d3628" label "USER_RULE"