[prev in list] [next in list] [prev in thread] [next in thread]
List: pfsense-dev
Subject: [pfS-Dev] pfsense rule schedule
From: Hooman Fazaeli <hoomanfazaeli () gmail ! com>
Date: 2015-06-25 19:50:01
Message-ID: 558C5899.1050706 () gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi
I wanted to know howpfsense rule schedules work. Having a
look at the code (2.1-release), I found out that:
1- UI assigns a unique ID (SID) string to each scheduleobject.
2- The schedule is assigned to a rule by 'schedule SID' clause.
3- The SID is saved as part of connection states.
4-Using 'pfctl -y SID' one can kill all the states having SIDas schedule ID.
(please correct me if any of the above assertions are wrong)
Two questions:
1. How/when/by who the schedules are checked and applied? I could
only find one place in function filter_generate_user_rule (@ etc/filter.inc) where
schedules are evaluated and "pfctl -y" is invoked.
2. Does schedules support day of week specification independent of month/year?
(e.g, a schedule that fires every monday of everyweek/month/year).
Thanks inadvance.
--
Best regards
Hooman Fazaeli
[Attachment #5 (text/html)]
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<font size="+1"><font face="Courier New">H<font size="+1">i<br>
<br>
<font size="+1"><font size="+1">I w</font>anted to know h<font
size="+1">ow<font size="+1"> pfsense rule schedules wo</font></font>rk.
Having a <br>
<font size="+1">look at the code (<font size="+1">2.1<font
size="+1">-<font size="+1">rel<font size="+1">ea<font
size="+1">se)</font></font></font></font></font>,
I <font size="+1">found out that:<br>
<br>
<font size="+1">1- UI as<font size="+1">signs a unique \
</font></font>ID (<font size="+1">SID) </font>string to each schedule<font
size="+1"> object<font size="+1">.</font></font><br>
<font size="+1">2- Th<font size="+1">e <font size="+1"><font
size="+1">schedule</font> is </font></font></font>assig<font
size="+1">ned to a rule by 's<font size="+1">chedule
SID' c<font size="+1">lause.<br>
<font size="+1">3- The SID is saved as part <font
size="+1">of connection states.<br>
<font size="+1">4-<font size="+1"> <font
size="+1">Using 'pfctl</font></font></font>
-y SID<font size="+1">' o<font size="+1">ne
can kill all the states hav<font size="+1">ing
SID<font size="+1"><font size="+1"> as <font
size="+1"><font size="+1">schedule</font>
ID.</font></font><br>
<br>
\
</font></font></font></font></font></font></font></font></font></font></font></font></font></font></font><font
size="+1"><font face="Courier New"><font size="+1"><font size="+1"><font
size="+1"><font size="+1"><font size="+1"><font size="+1"><font
size="+1"><font size="+1"><font size="+1"><font
size="+1"><font size="+1"><font size="+1"><font
size="+1"><font size="+1"><font
face="Courier New"><font size="+1"><font
size="+1"><font size="+1"><font
size="+1"><font size="+1"><font
size="+1"><font
size="+1"><font
size="+1"><font
size="+1"><font
size="+1"><font
size="+1"><font
size="+1"><font
size="+1"><font
size="+1">(<font
size="+1">please
correct <font
size="+1">me i<font
size="+1">f
any of <font
size="+1">the
ab<font
size="+1">ove
as<font
size="+1">sertions</font>
are wrong<font
\
size="+1">)</font></font></font></font></font></font></font></font></font></font></fon \
t></font></font></font></font></font></font></font></font></font></font></font><br> \
<br>
Two question<font size="+1">s:</font><br>
<br>
<font size="+1">1. <font \
size="+1">H</font></font><font size="+1">ow/<font size="+1">when<font
size="+1">/<font size="+1">by
who</font> </font></font>the
schedule</font>s are chec<font
size="+1">ked and applied?</font> I
could<br>
<font size="+1">onl<font size="+1">y
find one place <font size="+1">in
f<font size="+1">unc<font
size="+1">tion
filter_generate_user_rule \
(</font></font>@
etc/filter.<font size="+1">inc<font
size="+1">) where<br>
<font size="+1"><font
size="+1">schedules <font
size="+1">are</font>
evaluated and <font
size="+1">"pfctl -y"
is <font size="+1">invo<font
\
size="+1">ked.</font></font></font></font></font><br>
</font></font></font></font></font><font
size="+1"><br>
2. <font size="+1">Does schedules
support <font size="+1">day of
week specification inde<font
size="+1">pendent of
month/year?<br>
<font size="+1"> (e.g, a
schedule t<font size="+1">hat
fires every monday of
every<font size="+1">
week/<font \
size="+1">month/year).</font></font></font></font><br> </font></font></font><br>
</font><br>
<font size="+1">T<font size="+1">hanks
in<font size="+1"> \
advance.</font></font></font><br>
\
</font></font></font></font></font></font></font></font></font></font></font><br> \
</font><br> </font></font></font>
<pre class="moz-signature" cols="200">--
Best regards
Hooman Fazaeli</pre>
</body>
</html>
_______________________________________________
Dev mailing list
Dev@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic