Bug #9615

Connections permitted by a schedule are not killed when that schedule expires.

Added by Victor Rodriguez 9 months ago. Updated 8 months ago.

Rules / NAT
Target version:
Start date:
Due date:
% Done:


Estimated time:
Affected Version:
Affected Architecture:


On the /system_advanced_misc.php page, under Schedule States it states that "By default, when a schedule expires, connections permitted by that schedule are killed. This option overrides that behavior by not clearing states for existing connections." This is definitely NOT HAPPENING, and it has not been happening for quite some time judging from the research I've done.

I have an alias for each of my kids. I have all of their respective devices covered by each of their respective aliases. I have a reject everything rule for each of their respective aliases, and I have a pass rule for each of their respective aliases above each of their respective reject rules. Each of their pass rules is associated with a schedule with more than one block of time defined. I can assure you that the aforementioned default behavior, whereby connections permitted by a schedule are killed when a schedule expires IS NOT HAPPENING. Pre-established connections are not interrupted, such as iMessages, Facetime, and other connections that I have yet to determine. The iOS devices are definitely able to continue to reach out to the internet when their are supposed to be blocked.

Screen Shot 2019-07-08 at 08.51.27.png (173 KB) Screen Shot 2019-07-08 at 08.51.27.png Screenshot of Rules Victor Rodriguez, 07/08/2019 09:52 AM


#2 Updated by Victor Rodriguez 9 months ago

UPDATE: The wifi router is behind the pfSense firewall. All devices on the network (including the wifi router) get their IP addresses and DNS from the pfSense firewall and not from the wifi router.

#3 Updated by Jim Pingle 8 months ago

  • Category set to Rules / NAT

Also available in: Atom PDF