Limiter with alias applies to entire network
-
Hello,
Using pfsense 2.5.2.
On a specific vlan I have the following 3 firewall rules:
- Block, scheduled
- Pass, source=alias X, in/out pipes using limiters
- Pass, dest=alias X, in/out pipes using same limiters
The 'alias X' refers to firewall alias with two IP addresses.
The limiter works just fine except that it is limiting any IP within the vlan rather than just limiting the specific IP addresses listed in the alias.
What am I missing?
Thanks!
-
@slepax Is the alias set up as individual IPs? (Hosts type)
-
@SteveITS yes, it is setup as individual host types listing 2 IP addresses.
Further looking into this, I don't think the alias is the issue. I changed the limiter rules to use a single IP address directly (i.e. no alias) and still had an issue with everyone on the VLAN being slowed down.
I then test added a "pass all" rule (as the last rule) and all of a sudden everything works as it should, meaning the rules with the limiter apply only to the IPs listed in the alias and everyone else is not impacted by the limiter.
I didn't have the "pass all" rule before because I was relying on the "reply all" automatic rule to apply.
Could it be that the "reply all" rule is unexplicitly impacted by the limiter?
-
@slepax check the state table for your connections. For instance downloading from a web site is usually governed by the connection to the web server.