The pfSense Store

Author Topic: {Complete} Timebased Rules  (Read 68418 times)

0 Members and 1 Guest are viewing this topic.

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
  • Karma: +3/-0
    • View Profile
    • pfSense
Re: Timebased Rules
« Reply #105 on: March 28, 2007, 12:23:50 pm »
Hello,

1.) What is with time overlaps in the configured ranges?

2.) I have created a passing rule "icmp allowed to WAN" from the schedule 15:30- 15:45. The Rule is created on 15:20 Uhr. At this time no schedule is set on the rule. The Ping is OK. Now, i disabled the Rule (green arrow), nothing happens... Then I kill the states and all works fine.

At 15:25 i change the rule, enabled and a schedule with one configured range from 15:30 to 15:45. Save and all runs fine. At 15:30 +-/ one minute, the schedule runs active, but whe the time is over, nothings happens.

I edit and save the rule without changes, so now time is really over and the ping is dead.....

Greetings
heiko

We reload the rules every 15 minutes from bootup.  So it will process the rules at different times depending on when the firewall booted up.

Offline heiko

  • Hero Member
  • *****
  • Posts: 663
  • Karma: +0/-0
  • Get a load of that!
    • View Profile
Re: Timebased Rules
« Reply #106 on: March 28, 2007, 12:34:47 pm »
OK, so i have a maximum difference time-delay between reality and configured ranges by 15 minutes?
Greetings
heiko

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
  • Karma: +3/-0
    • View Profile
    • pfSense
Re: Timebased Rules
« Reply #107 on: March 28, 2007, 12:52:54 pm »
Currently it is about +5 / -5 depending on bootup.    I can look at moving this to cron for finer control if you would like me to.

Offline heiko

  • Hero Member
  • *****
  • Posts: 663
  • Karma: +0/-0
  • Get a load of that!
    • View Profile
Re: Timebased Rules
« Reply #108 on: March 28, 2007, 01:15:23 pm »
OK, so you can do.... No postings from me for the next 5 minutes... ;D

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
  • Karma: +3/-0
    • View Profile
    • pfSense
Re: Timebased Rules
« Reply #109 on: March 28, 2007, 01:49:41 pm »
OK, so you can do.... No postings from me for the next 5 minutes... ;D

Alright.  I'll work on it in a bit.   Beyond this and the bugs that sdale is working on, are there any others?   It seems to work rather well.

Offline heiko

  • Hero Member
  • *****
  • Posts: 663
  • Karma: +0/-0
  • Get a load of that!
    • View Profile
Re: Timebased Rules
« Reply #110 on: March 28, 2007, 01:54:30 pm »
Hello Scott,
very special thanks for this good work!!
I attempt to test this night a few more things. Then i will post back..
Greetings
heiko

Offline heiko

  • Hero Member
  • *****
  • Posts: 663
  • Karma: +0/-0
  • Get a load of that!
    • View Profile
Re: Timebased Rules
« Reply #111 on: March 28, 2007, 02:19:11 pm »
Hello,

sdale: i think in the gui the description field i a duty field, because in the summary you have only three fields, but a description is also important here, look at the screenshot. No Description is strange....
greetings
heiko

Offline sdale

  • Sr. Member
  • ****
  • Posts: 377
  • Karma: +0/-0
    • View Profile
    • pfSense
Re: Timebased Rules
« Reply #112 on: March 28, 2007, 02:34:30 pm »
Hello,

sdale: i think in the gui the description field i a duty field, because in the summary you have only three fields, but a description is also important here, look at the screenshot. No Description is strange....
greetings
heiko
currently the description for each time range will not show on this page. I can change this if you want.

Offline heiko

  • Hero Member
  • *****
  • Posts: 663
  • Karma: +0/-0
  • Get a load of that!
    • View Profile
Re: Timebased Rules
« Reply #113 on: March 28, 2007, 02:47:55 pm »
Hello Scott,
i think otherwise it is a liite bit confusing without the description. Thanks a lot for the great work.
I am tranquilized, when i stay in russia with my firewalls......
Greetings
heiko

Offline sdale

  • Sr. Member
  • ****
  • Posts: 377
  • Karma: +0/-0
    • View Profile
    • pfSense
Re: Timebased Rules
« Reply #114 on: March 28, 2007, 03:15:24 pm »

- Problem: a couple days brings "grimbelfixe" to the description, when you edit and save a second time
- Problem: when you stay in the schedule maks and have more than one configured range, and you want to edit one, click this and click a second also without saving the first one, uups, then the logic is a little bit confused the a first range disappeared.

I can't duplicate this. Try updating to the latest snapshot in two hours and re test. If you can get the error again, please list what steps you went through to achieve this. Thanks.
I've duplicated it. Will fix shortly.
« Last Edit: March 28, 2007, 03:35:33 pm by sdale »

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
  • Karma: +3/-0
    • View Profile
    • pfSense
Re: Timebased Rules
« Reply #115 on: March 28, 2007, 03:58:34 pm »
I commited changes to reload the rules on 0,15,30,45.  Please test the next snapshot in about 1-2 hours.

Offline heiko

  • Hero Member
  • *****
  • Posts: 663
  • Karma: +0/-0
  • Get a load of that!
    • View Profile
Re: Timebased Rules
« Reply #116 on: March 28, 2007, 04:04:11 pm »
i will test it, give me a day..

Offline sdale

  • Sr. Member
  • ****
  • Posts: 377
  • Karma: +0/-0
    • View Profile
    • pfSense
Re: Timebased Rules
« Reply #117 on: March 28, 2007, 04:15:02 pm »
Monday is also first now. Previous bugs should be fixed now.

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
  • Karma: +3/-0
    • View Profile
    • pfSense
Re: Timebased Rules
« Reply #118 on: March 28, 2007, 04:16:32 pm »
All known issues should be resolved.  Please test and outline any remaining issues.

Offline sdale

  • Sr. Member
  • ****
  • Posts: 377
  • Karma: +0/-0
    • View Profile
    • pfSense
Re: Timebased Rules
« Reply #119 on: March 28, 2007, 07:36:04 pm »
All known issues should be resolved.  Please test and outline any remaining issues.
There are a few more logic checks I will implement tomorrow, but the functionality is working.