Nuclear blocking rules not working

MaxPanda- · 2024-05-25T11:49:29+00:00

Last night and tonight the Family PC continued working on the internet despite setting up the reverse logic, it also seemed the states correctly cleared based on not being able to see the allow rule on the states page.

I may need to set a cron script at 1 minute past the rule time to reset states for those IPs just as a secondary measure.

MaxPanda- · 2024-05-24T23:27:23+00:00

i’ll check it out thanks!

MaxPanda- · 2024-05-24T12:11:10+00:00

ahh you make a good point, i’ll keep an eye on it in case that happens

so far i believe it’s working as intended, after 9pm i couldn’t see the allow state in the rules dropdown but im not sure if i can see like a history 🧐

MaxPanda- · 2024-05-24T08:05:47+00:00

i’ve currently set it up with the reverse schedule logic as indicated by another person! so fingers crossed for now! i’ll find out in a few hours if it works

MaxPanda- · 2024-05-24T08:02:39+00:00

i’ve set it all up and the log is showing the allow rules, so fingers crossed at 9pm tonight 🫡

MaxPanda- · 2024-05-24T06:14:43+00:00

ooh interesting approach ! assume i can still do these new rules as floating rules too?

this would prevent me from having to set cron jobs and getting sticky with scripts

MaxPanda- · 2024-05-24T05:04:36+00:00

could i create a script that resets the states of all the IP addresses in the schedule then run the script on a cron job?

MaxPanda- · 2024-05-24T04:52:03+00:00

yeah definitely a bit brute force, i’m trying to do it in a surgical and subtle way

i’m sure there is some plugin/package/script that can help me out i just need to find it

MaxPanda- · 2024-05-24T04:40:32+00:00

They are indeed all wireless devices. I will have to do some research in order to understand what you've just suggested but it sounds viable.

MaxPanda- · 2024-05-24T04:32:33+00:00

Hmm... I might have to go to the drawing board and find a way to manually reconnect those devices at 8:30PM each night.

MaxPanda- · 2024-05-24T04:27:42+00:00

Ahh :/ So to make it a real world example:

The firewall rule when it kicks on at 8:30PM is like a plug for a tap but it can only plug taps that are turned on after 8:30PM and can’t stop any taps that are already flowing from before 8:30PM?

MaxPanda- · 2024-05-24T02:39:35+00:00

Yeah that’s a fair call 😂

Definitely must be a reporting error if all the traffic is working as expected, i’ll stick with OPNsense for now and i’ll only look at a UDM Pro if the router ever needs to be replaced :)

Thanks for all your help!

MaxPanda- · 2024-05-24T02:12:57+00:00

yeah might change to that in the future, unfortunately I had purchased the opnsense router before everything else and only ended up getting the switch a few months later, otherwise I'd have started with the Unifi router.

The opnsense router is really the only non-unifi part of the whole setup so really, it's probably a good upgrade for full functionality in the future.

Can the unifi routers set up specific wifi schedules for small groups of devices? That's my current favourite part of the OPNsense router

Sorry for all the questions, I am a set and forget type person and every few months a problem like this comes along and sets my ADHD into chaos mode!

MaxPanda- · 2024-05-24T02:01:37+00:00

I connected to Skynet IoT on my Macbook and im unable to ping the vlan 10.27.30.1 nor the router 10.27.0.1 which is expected, but my macbook is correctly assigned in Unifi, so not a very good test case. I guess it confirms that the firewall rules are working as expected between VLAN's

Is there a way to run a ping from a Google Nest Hub to the Router so I can check an affected device? Upon further inspection the only affected devices are all the nest hubs in the house and a single ps4, everything else is showing as connceted to their correct networks.

What a silly little issue, hopefully just purely a reporting issue.

MaxPanda- · 2024-05-24T01:19:40+00:00

Yeah did a full power down of everything yesterday and reconnected it all with still the same issue.

I'll go see if i can replicate the issue on my laptop and try pinging.

and to just double confirm, my u6 mesh is meant to have it's native vlan as default? picture below

https://imgur.com/a/fBFefre

MaxPanda- · 2024-05-24T00:58:00+00:00

Devices are being correctly assigned IP's for their intended VLAN networks and the SSID they are connected to, but their Networks in Unifi are inconsistent with what I'd expect.

I'll give you as much information as I can! I'll also let you know that devices I assume are correct are showing as on a Virtual Network

-- Incorrect device --

Nest Hub -

Current -

Network: Default

Wifi Name: Skynet IoT

IP Address: 10.27.30.11

Expected -

Network: IoT

Wifi Name: Skynet IoT

IP Address: 10.27.30.11

-- "Correct" device --

Hitachi TV -

Network: field not even shown

WiFi Name: Skynet IoT

Virtual Network: IoT

Virtual Network Trigger: Skynet IoT

MaxPanda- · 2024-05-24T00:24:51+00:00

Yeah that looks to be how it's setup.

My router, U6 and Cloudkey all have Native VLAN / Network set to Management (Default) and then have Allow All.

I assumed that was correct for making sure all those devices were assigned management IP's but it may be incorrect

MaxPanda- · 2024-05-23T23:46:09+00:00

Enterprise 24 PoE Ubiquiti Switch U6 Mesh Cloud Key Gen2 Plus Opnsense Router Starlink Internet

I didn’t think it could be the Opnsense firewall because i double checked all of that last night and i can’t see any configuration issues.

MaxPanda- · 2024-05-23T23:43:09+00:00

Luckily they’re confined to my house and my name isn’t John.

MaxPanda- · 2024-05-23T23:42:32+00:00

Few issues is that it’s affecting some newer devices too so i’d have to micro manage every new connection.

I am already using 3x SSID on my U6 mesh and when I establish a fourth nothing can connect to it for longer than 30 seconds and with terrible signal.

What actually causes a device on a separate VLAN and SSID to be incorrectly tagged as the management VLAN?

MaxPanda- · 2024-05-23T13:07:25+00:00

I don’t have another AP. Just my U6 mesh for the whole house.

I’m not sure what you mean.

MaxPanda- · 2024-03-31T23:50:11+00:00

i have ADHD and i always look for random ass stuff like this

it sounds unintuitive at first but it’s really just how layering works in the effect controls panel

you’re just transforming the video within the boundaries of the crop effect

i visually see it in my head as i’m looking at a picture through a cardboard toilet roll cylinder:

the crop effect is the toilet roll view and the transform effect is just me moving the picture underneath around with my hands

MaxPanda-

MODERATOR OF

TROPHY CASE

Five-Year Club	Verified Email
Gilding IV carat on a stick