Results 1 to 3 of 3
  1. #1
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,774

    Default Always audit your rules...

    So here we are on this fine Wednesday morning and my wife comes to me with a concern. You see, my four year old son was on YouTube. And thanks to the wonders of Untangle, the kids aren't supposed to have YouTube access outside of a two hour window in the afternoon.

    My two older sons were complaining of unfair treatment... I'm sure most can imagine the faces and whines.

    So I go look and sure enough he's on YouTube!

    So now I'm in a state of disbelief because I've tagged his device:

    chris-device.png

    But wait, his sessions are going into my daughter's dedicated rack?!? (14 year old requires her own limits, that's a whole other conversation!)

    chris-sessions.png

    So I double check the rule that uses the Emily Control rack, this can't be it there's nothing here that matches on a computer marked "chris".

    emilycontrol.png

    So after documenting this and getting everything together to submit a bug report, because obviously something is very wrong, I see it... a second policy that references Emily Control.

    Overmatch-wins.png

    I forgot to limit this rule to user name: emily... So it was happily routing all otherwise unmatched traffic to my daughter's rack, Wednesday mornings between 8am and 10am. I discovered all this at about 10:02am this morning, to the collective groans of my three sons who found YouTube was once again, inaccessible.

    So moral of the story, always audit your rules. Because your four year old will find the hole you left in the system that thinks like a two year old. Don't you hate it when computers do exactly what you tell them to?

    This rule has been in place for two years... and I've been wondering why I have "intermittent" access to Reddit... because my daughter isn't allowed that site... again Emily control! The problem would "go away" while I was testing it. Turns out, it just got to be after 10am.
    Last edited by sky-knight; 07-17-2019 at 10:38 AM.
    Sam Graf and Kyawa like this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  2. #2
    Master Untangler Sam Graf's Avatar
    Join Date
    Feb 2016
    Location
    Michigan
    Posts
    679

    Default

    So true.

    Then there were the times (yes, I was an idiot not once, but twice) I brilliantly and efficiently used the DHCP option to set the network's NTP source to the local NTP server—thus setting the server to reference itself. Gah!

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,774

    Default

    Networks and time...

    How about the Microsoft catch 22 time default?

    Configure Windows Server with HyperV roles on the host, create guest and install Windows Server on guest and configure with Active Directory roles, DHCP, DNS, and File Services roles.

    Join host to domain running on its own guest, as per MS's "best practices".

    Deploy network of workstations all children of domain controller.

    Then wonder why the network clock is out of its mind after six months.

    Why? Because the host is a domain member, therefore getting time from the domain controller, but wait the domain controller is a VM running on the host, and the guest services by default provide the host's time to the guests!

    So by default... time services reset themselves into oblivion.. woo!
    Last edited by sky-knight; 07-17-2019 at 02:00 PM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2