Another functionality is logging firewall rules to external MySQL database I would like to add this via option in Shaper Wizard with option fields like: database server database name database user database pass as far I know this can be done with Remote syslog server like this: http://doc.pfsense.org/index.php/Copying_Logs_to_a_Remote_Host_with_Syslog This would be configured on syslog-ng host - question is: is it compatible with pfSense syslog? http://www.gho.no/2008/10/setting-up-remote-syslog-to-mysql-with-cisco-ios-and-syslog-ng-in-linux/ I'm currently running on 2.0.3 i386.

I am also confused with something as well. pfSense firewall rule theory is still a bit new to me and requires me to really think about rules before creating them. I know that rules are executed when packets are received on the rules respective interfaces. I believe that floating rules are executed when "any" packets are received from "any" interfaces? Also, once a rule matches a packet, do other rules get executed as well? For example, lets say I wanted to create a few different layer 7 containers and apply numerous filters to an interface? Are the containers involved in determining whether or not a packet matches a rule? That is what's confusing me.

I don't think you can do that from the webinterface, sorry. Found the color thing though, does that help: http://forum.pfsense.org/index.php?topic=16463.0

I have try different scheduler, but i can't find right floting rules to match connection originated from openvpn server running on top of pfsense itself.

i used both the wizard and a manual configuration and both result to sluggish interface (although apparently one faster than the other - thinking about it now the difference in speed reflects the speed differences between the default queues at each example). and yes, wizard creates floating rules reflecting my selections but i dont see any rule regarding the LAN traffic. just noticed there's just "qInternet" in the LAN portion of the shaper, and no "qLink". this example defaults to qP2P but i've had examples to default other queues reflecting my choices in the wizard… lets just say that neither the wizard nor the (previous) manual configuration creates a "qLink", but i can add it afterwards. what is the floating rule gonna be like to throw LAN traffic in the "qLink" queue?

i am currently using 2.0.3. IP limit is working when I limit them to IP addresses. Only when I use limit on L7 youtube and flash, it cause that problem. Any idea how I can check what is the exact problem? Should I post my configs here? BTW, I am using LIMITER in the L7 config not QUEUE.

thanks for the reply, Do you have steps how to do that? @myke: Hi, You can add a queue on your two lans interfaces with your bandwith. Lan 1 –->QParent = 2MO Lan 2 --->QParent = 2MO you add also floating rules to use the queue that's all. Best regards. Myke.

IT just blocks the whole connection if a packet that matches is received. Not whole packets.

You may want to consider use of limiters to reserve bandwidth for your VoIP traffic.  2/2 doesn't leave a lot of room to let the shaper work it out.

Yes, you are right. Maybe jimp could change the wording of the statement to avoid any confusion (at least for me). Thanks

This is in 2.1 snapshots.

Just don't match them in the rule. Either: pass from !(those users in an alias) to * with a limit pass from (that subnet) to * without a limit or pass from (those users) without a limit pass from (the whole subnet) with a limit

@markluhde thanks for the reply ,,, btw can you give an example on how to use it, it is my first time to use limiters with schedule. thanks again.  ;)

@abdurrahman: For example, I created a limiter as below Name : download_limit Mask : Source Bandwitdh: 512K I created a schedule as below after-work: 17:30-23:59 I want this limiter to be scheduled at after-work.. this limiter will be active only between 17:30-23:59…is it possible? if it is possible, I will apply it to a firewall rule... Just as noted by @mark, downlink limiter will go with DESTINATION MASK while uplink limiter will go with SOURCE MASK. Then on schedule, apply the schedule on the firewall rule you will create to push traffic to the limiters. I'v done this and is working perfectly.