Firewall don't deactivates roles

Hello, today I was fighting with the firewall because I want to “help” my son to focus more on real life (and especially on sleeping at night) during homeschooling instead of only being on the internet. Believe me, it was the last escalation stage, because pedagogical methods did not work.

Procedure to reproduce:

  1. Create a Host Group “blocked devices”
  2. add devices
  3. create a time condition: evening
  4. create a rule:
    Source: Host group “blocked devices”
    Destination: RED
    Service: any
    Acton: Drop
    Time condition: evening
  5. The role works correctly but don’t stop blocking at the defined end
  6. deactivation of the role don’t stop blocking
  7. deleting the rule, the host group and the time condition don’t stop blocking

Only restore the hole server to a backup configuration unblocks the affected hosts.

I can’t explain this firewall misbehavior any other way than with a bug.
Sincerely, Marko

Maybe the end time needs to be after the start time and in your case it may be like from 22:00 to 8:00.

I’ve defined from 20:30 to 23:59

But the big problem was that the clients were still blocked after disabling + deleting all rules

Did you try to restart services or reboot the server?

of course

Time-based rules have been thoroughly tested, but you may have found a bug.
Please look for the rule in /etc/shorewall/rules to see its definition.
And provide the output of shorewall dump.

1 Like

I rather doubt that I of all people should have found a bug in such an often used module. but I had no other explanation.

Unfortunately I had to provide quite ad-hoc again a functioning system, So that the distance teaching is not hindered. With the import of the backup, however, all traces are unfortunately obliterated.