Bug #13992: Custom default state timeouts are not respected in the ruleset - pfSense - pfSense bugtracker

Custom queries

2.4.5-p1 - Resolved/Closed
2.5.0 - Resolved/Closed
2.5.1 - Resolved/Closed
2.5.2 - Resolved/Closed
2.6.0 - Resolved/Closed
2.7.0 - Resolved/Closed
2.7.1 - All Open Issues
2.7.1 - Resolved/Closed
2.7.2 - Resolved/Closed
2.8.0 - All Open Bugs
2.8.0 - All Open Features
2.8.0 - All Open Issues
2.8.0 - All Open Regressions
2.8.0 - Feedback
2.8.0 - Needs Attention
2.8.0 - New/Confirmed
2.8.0 - Pull Requests
2.8.0 - Regressions affecting 2.7.0
2.8.0 - Resolved/Closed
21.02.2/2.5.1 - Resolved/Closed
21.05 Plus - All Closed Issues
21.05.1 Plus Target - All Closed Issues
21.05.1 Target - All Closed Issues
22.01 Plus - All Closed Issues
22.01 Target - All Closed Issues
22.05 Plus - All Closed Issues
22.05 Target - All Closed Issues
23.01 Plus - All Closed Issues
23.01 Target - All Closed Issues
23.05 Plus - All Closed Issues
23.05 Target - All Closed Issues
23.05.1 Plus - All Closed Issues
23.05.1 Target - All Closed Issues
23.09 Plus - All Closed Issues
23.09 Target - All Closed Issues
23.09.1 Plus - All Closed Issues
23.09.1 Target - All Closed Issues
24.03 Plus - All Closed Issues
24.03 Target - All Closed Issues
24.07 Plus - All Closed Issues
24.07 Plus - All Open Issues
24.07 Plus - Feedback Issues
24.07 Plus - Needs Attention/Work
24.07 Plus - New/Confirmed/In Progress Issues
24.07 Plus - Pull Request Review
24.07 Plus - Waiting on Merge
24.07 Target - All Closed Issues
24.07 Target - All Open Issues
All Open Issues assigned to Me
All Open Pull Requests
Any Target - All Open Regressions
Any Target - Feedback Issues
CE-Next - All Closed Issues (Move to specific target)
CE-Next - All Open Issues
CE-Next - Feedback (Likely needs target changed)
New Issues by Category - Future Target
New Issues by Category - No Target
New Issues by Category - No Target+Future
No Target - All Open Issues (Base Only)
No Target - New Issues (Base Only)
No Target - New Issues (Base and Packages)
Release Notes - Plus Target Version (DO NOT EDIT)
Release Notes - Target Version (DO NOT EDIT)

Actions

Copy link

Bug #13992

closed

Custom default state timeouts are not respected in the ruleset

Added by Anonymous about 1 year ago. Updated about 1 year ago.

Status:

Resolved

Priority:

Normal

Assignee:

Jim Pingle

Category:

Rules / NAT

Target version:

2.7.0

Start date:

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

23.05

Release Notes:

Default

Affected Version:

2.7.0

Affected Architecture:

Description

When I change the timeouts:
UDP Single to 60
UDP Multiple to 300

And then check from the command line with pfctl -s timeouts
it still shows them at the defaults.
udp.single 30s
udp.multiple 60s

Even after a reboot they are not applied.

First noticed after upgrading to 23.01 that all my Sip phones starting dropping in and out.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Updated by Steve Wheeler about 1 year ago

The expected values do not get added to the rules.debug file so are not applied to pf.

set timeout {  udp.single 60  udp.multiple 300  }

Actions

Copy link

Updated by Steve Wheeler about 1 year ago

Setting timeouts via the Firewall Optimiazation Options field is still created and applied as expected in 23.01-REL.

set optimization conservative
set timeout { udp.first 300, udp.single 150, udp.multiple 900 }

Actions

Copy link

Updated by Marcos M about 1 year ago

Project changed from pfSense Plus to pfSense
Subject changed from State timeouts in the gui under system/advanced/firewall&nat or not being set in pf. to Custom state timeouts are not saved
Category changed from Web Interface to Web Interface
Target version set to 2.7.0
Affected Plus Version deleted (~~23.01~~)
Plus Target Version set to 23.05
Affected Version set to 2.7.0
Affected Architecture deleted (~~amd64~~)

Actions

Copy link

Updated by Jim Pingle about 1 year ago

Status changed from New to Feedback
% Done changed from 0 to 100

Applied in changeset d015b45a395045a56b9190f284459a6a4cc57568.

Actions

Copy link

Updated by aleksei prokofiev about 1 year ago

Applied provided patch and nothing changes. After reboot all works good and timeouts are saves.
So, reboot required after apply patch.

Actions

Copy link

Updated by Jim Pingle about 1 year ago

aleksei prokofiev wrote in #note-5:

Applied provided patch and nothing changes. After reboot all works good and timeouts are saves.
So, reboot required after apply patch.

You don't need to reboot, you just need to go to Status > Filter Reload and click Reload Filter. Or you can click Save on System > Advanced, Firewall & NAT Tab.

Actions

Copy link

Updated by Jim Pingle about 1 year ago

Assignee set to Jim Pingle

Actions

Copy link

Updated by Jim Pingle about 1 year ago

Subject changed from Custom state timeouts are not saved to Custom default state timeouts are not respected in the ruleset
Category changed from Web Interface to Rules / NAT

Actions

Copy link

Updated by Anonymous about 1 year ago

Applied the patch and it's working fine here even without a reboot.

Actions

Copy link

#10

Updated by Danilo Zrenjanin about 1 year ago

Status changed from Feedback to Resolved

The patch fixes the issue. I've just run the Status > Filter Reload after applying the patch.

I am marking this ticket resolved.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #13992

Custom default state timeouts are not respected in the ruleset

Updated by Steve Wheeler about 1 year ago

Updated by Steve Wheeler about 1 year ago

Updated by Marcos M about 1 year ago

Updated by Jim Pingle about 1 year ago

Updated by aleksei prokofiev about 1 year ago

Updated by Jim Pingle about 1 year ago

Updated by Jim Pingle about 1 year ago

Updated by Jim Pingle about 1 year ago

Updated by Anonymous about 1 year ago

Updated by Danilo Zrenjanin about 1 year ago