Very strange lockout when activating pf remotely

Murus
Post Reply
jporten
Posts: 9
Joined: Fri Nov 03, 2017 3:46 pm

Very strange lockout when activating pf remotely

Post by jporten » Mon Nov 27, 2017 1:30 am

Just saw and replicated very bizarre lockout behavior. I stopped pf in order to resolve the logging issue I posted about in <viewtopic.php?f=2&t=1411>, on the theory that stopping and starting it would reactivate the logging.

Again, this is with a Murus configuration that it supposed to do *no* firewalling. Saw the dialog to indicate I was logged in remotely, clicked yes, and started pf. Screen Sharing before it even had a chance to turn off the blue fill for the button, but after 10-15 seconds, it reactivated and gave me the login screen. Re-entered the password, and got back to the screen to see the remainder of the countdown—so the pf safety valve didn't activate, it just kicked me out and let me back in again.

I'm now a bit gunshy about playing with this more, in case I *do* lock myself out, since this is undocumented behavior.

Help, again?

hany
Posts: 445
Joined: Wed Dec 10, 2014 5:20 pm

Re: Very strange lockout when activating pf remotely

Post by hany » Tue Nov 28, 2017 8:55 pm

Just saw and replicated very bizarre lockout behavior. I stopped pf in order to resolve the logging issue I posted about in <viewtopic.php?f=2&t=1411>, on the theory that stopping and starting it would reactivate the logging.
no, if logging has a problem then you must reboot. Starting/stopping the firewall has no effect on the logging system
Again, this is with a Murus configuration that it supposed to do *no* firewalling. Saw the dialog to indicate I was logged in remotely, clicked yes, and started pf. Screen Sharing before it even had a chance to turn off the blue fill for the button, but after 10-15 seconds, it reactivated and gave me the login screen. Re-entered the password, and got back to the screen to see the remainder of the countdown—so the pf safety valve didn't activate, it just kicked me out and let me back in again.

I'm now a bit gunshy about playing with this more, in case I *do* lock myself out, since this is undocumented behavior.
Yes it is documented :) This is a normal behaviour with stateful firewalling. Please have a look at Murus documentation about PF States.
Whether you will be knocked out or not it depends on when and how you activated the remote pf. And it depends on your local pf configuration too.

jporten
Posts: 9
Joined: Fri Nov 03, 2017 3:46 pm

Re: Very strange lockout when activating pf remotely

Post by jporten » Thu Nov 30, 2017 8:57 pm

I'm usually logged in remotely, and *really* prefer to avoid rebooting unless it's absolutely necessary. Is it possible to kill and restart pfloggerd instead?

jporten
Posts: 9
Joined: Fri Nov 03, 2017 3:46 pm

Re: Very strange lockout when activating pf remotely

Post by jporten » Thu Nov 30, 2017 9:52 pm

Hey, man—a favor to ask. If you get this bug discovered and fixed, please comment here so I get a notice.

If there's any testing we can do to replicate the bug, let me know. I have no idea what's causing it, I can't find a trigger. All I can tell you is that it happens every two or three days at most, sometimes in less than 24 hours.

hany
Posts: 445
Joined: Wed Dec 10, 2014 5:20 pm

Re: Very strange lockout when activating pf remotely

Post by hany » Thu Dec 07, 2017 1:20 am

the trigger may be log rotation.
Try commenting the /etc/newsyslog.conf line regarding pffirewall.log and let it run for some time.
About rebooting: you may try restarting the daemon but it may not be enough.
Please let me know :)

Post Reply