Project

General

Profile

Actions
Copy link

Bug #13992

closed

Custom default state timeouts are not respected in the ruleset

Added by Anonymous about 1 year ago. Updated about 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
Jim Pingle
Category:
Rules / NAT
Target version:
2.7.0
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.05
Release Notes:
Default
Affected Version:
2.7.0
Affected Architecture:

Description

When I change the timeouts:
UDP Single to 60
UDP Multiple to 300

And then check from the command line with pfctl -s timeouts
it still shows them at the defaults.
udp.single 30s
udp.multiple 60s

Even after a reboot they are not applied.

First noticed after upgrading to 23.01 that all my Sip phones starting dropping in and out.

Actions
Copy link
 #1

Updated by Steve Wheeler about 1 year ago

The expected values do not get added to the rules.debug file so are not applied to pf.

set timeout {  udp.single 60  udp.multiple 300  }

Actions
Copy link
 #2

Updated by Steve Wheeler about 1 year ago

Setting timeouts via the Firewall Optimiazation Options field is still created and applied as expected in 23.01-REL.

set optimization conservative
set timeout { udp.first 300, udp.single 150, udp.multiple 900 }
Actions
Copy link
 #3

Updated by Marcos M about 1 year ago

  • Project changed from pfSense Plus to pfSense
  • Subject changed from State timeouts in the gui under system/advanced/firewall&nat or not being set in pf. to Custom state timeouts are not saved
  • Category changed from Web Interface to Web Interface
  • Target version set to 2.7.0
  • Affected Plus Version deleted (23.01)
  • Plus Target Version set to 23.05
  • Affected Version set to 2.7.0
  • Affected Architecture deleted (amd64)
Actions
Copy link
 #4

Updated by Jim Pingle about 1 year ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions
Copy link
 #5

Updated by aleksei prokofiev about 1 year ago

Applied provided patch and nothing changes. After reboot all works good and timeouts are saves.
So, reboot required after apply patch.

Actions
Copy link
 #6

Updated by Jim Pingle about 1 year ago

aleksei prokofiev wrote in #note-5:

Applied provided patch and nothing changes. After reboot all works good and timeouts are saves.
So, reboot required after apply patch.

You don't need to reboot, you just need to go to Status > Filter Reload and click Reload Filter. Or you can click Save on System > Advanced, Firewall & NAT Tab.

Actions
Copy link
 #7

Updated by Jim Pingle about 1 year ago

  • Assignee set to Jim Pingle
Actions
Copy link
 #8

Updated by Jim Pingle about 1 year ago

  • Subject changed from Custom state timeouts are not saved to Custom default state timeouts are not respected in the ruleset
  • Category changed from Web Interface to Rules / NAT
Actions
Copy link
 #9

Updated by Anonymous about 1 year ago

Applied the patch and it's working fine here even without a reboot.

Actions
Copy link
 #10

Updated by Danilo Zrenjanin about 1 year ago

  • Status changed from Feedback to Resolved

The patch fixes the issue. I've just run the Status > Filter Reload after applying the patch.

I am marking this ticket resolved.

Actions
Copy link

Also available in: Atom PDF