firewall access restrictions failing

[kyles]

To my surprise (and horror) I found that the firewall access restrictions seem to 'turn off' for some reason.

When I first set up an access restriction rule, it seemed to be working in that the visited page did not show within the web browser; it was simply blank.

A few days later I tried it again and the restricted pages were able to be seen. The rule is a 24/7 rule and there should have been no exceptions.

When I tried to enter the same web page filters again, it started working again.

Is this feature unreliable?

Thanks
Kyle

[Eric]

That's odd... I haven't experienced this (or heard of this from anyone else) but I'll see if I can figure out what's going on right away. Are all the rules failing or just one or two?

Also, you say you had to re-enter the rules. Did the old rules not show up at all, or were they just not working? If it happens again, could you check if a reboot of the router fixes the problem? (In which case it's still a problem,of course, but this info will be helpful in diagnosing it.)

Thanks for reporting this. If there is a serious bug in there, I'd really like to find it as soon as possible. Any and all information you can provide about the problem is greatly appreciated.

[FRiC]

Is this feature unreliable?

Could it be that your router ran out of memory and the access restrictions got killed? I used to have this problem in older versions of the firmware, but it's fine with the current releases, plus I use a router with more memory. (Which router did you end up getting?)

[kyles]

I purchased the ASUS WL-500gp V2 router based on your collective help in recommending a good choice previously. I chose this router in part because it had more available memory to work with.

About the failure: The rules were still visible on the configuration page; nothing seemed wrong in this regard. But the black listed web site was not being filtered out.

Damn, I just tried visiting the black listed site again just now and it is passing through again! yesterday it was being blocked, today it is not!

Looking at the Access Restrictions page I see that the two rules I have are still there. When I 'Edit' my "allgone" rule it correctly shows what I have previously entered. It applies to 'All Hosts', 'All Day', 'Every day' only restricted by a Block Only (Blacklist) which contains four entries; each entry uses the 'contains' match type (which are four sites closely related to the spelling of youtube but are porno sites).

The only thing I can say is that last night i edited the other rule I have and adjusted it's time period (that rule is inforce only late a night).

Could the bug be: adjusting one rule discards the other?

Thanks
Kyle

[kyles]

As a followup.

I attempted to edit both of my rules without really changing anything just so they could both be saved once again.

After doing this, the restriction rules still failed to function.

I then powered down the router and turned it back on. After the router was ready, the rules now functioned!

It might be that editing and saving a rule actually disables the previous rules and only a power cycle put things back in order?

I'll try and not touch my router and verify that the rules still function tomorrow (and later today).

Is a power cycle required for this?

Thanks
Kyle

[Eric]

Ok, if I understand you correctly only one or two of the rules (not all of them) are failing, is that right?

My best guess right now is that there is a bug in the routine that's determining the index of the rule being scheduled. So it's possible that instead of the rule that's only supposed to be active late at night, the wrong rule is being inserted/removed. A problem such as this matches the symptoms you describe.

A temporary (less-than-ideal) workaround may be to remove all rules that are not always active. If I'm right about what's causing this, and nothing is scheduled to be de-activated this should prevent any unexpected de-activation.

I'm currently working on a replacement to the current access restriction/quota system. This is now my top priority. I'm not sure whether debugging this is going to take less time than finishing the new system, which should be significantly more robust and consume less memory (and uses a completely different scheduling mechanism than what is currently being used).

I will glance at the scheduling part of the current code to see if there are any obvious problems there, but the best strategy may be for me to really push myself hard to finish this new system, which should be done within two weeks.

Thanks for your patience and for reporting this. I will be sure to include this information as a "known issue" in the Beta5 release tomorrow. I plan to go ahead with the release anyway, as even with this issue it's exponentially more stable than the old Beta4 a lot of people are using. The fix will, of course, be released in bleeding edge firmware as soon as it's done.

[kyles]

I cannot say for sure if both of my rules are failing. This is because the other rule is specific to a particular set of IPs (two actually covering both of my daughters computers) and I have not taken the time to verify that her access to facebook is turned off by 11:00 PM or not. So it is unknown if this rule specific to a certain set of IPs and restricted by time and using a Blacklist is working and if it is, if it keeps working. I'll try and verify it tonight.

Also like I said I will verify the functionality of the 24/7 blacklist tomorrow also; so far it is still working.

Thanks for your attention.
Kyle

[kyles]

Here is more information on the issue.

I found that adding a new entry for "Static IPs" and saving changes will remove the firewall restrictions. A subsequent power cycle will put the firewall restrictions back in place.

Kyle

[Eric]

I just tested this (running Beta5). I can't replicate this symptom. I can add a static IP just fine, and my access restrictions still seem to work.

[kyles]

Ok. I will check also when I upgrade to Beta5 and will report my findings.

Kyle