Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Limiter with alias applies to entire network

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 2 Posters 705 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      slepax
      last edited by

      Hello,

      Using pfsense 2.5.2.

      On a specific vlan I have the following 3 firewall rules:

      • Block, scheduled
      • Pass, source=alias X, in/out pipes using limiters
      • Pass, dest=alias X, in/out pipes using same limiters

      The 'alias X' refers to firewall alias with two IP addresses.

      The limiter works just fine except that it is limiting any IP within the vlan rather than just limiting the specific IP addresses listed in the alias.

      What am I missing?

      Thanks!

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @slepax
        last edited by

        @slepax Is the alias set up as individual IPs? (Hosts type)

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote ๐Ÿ‘ helpful posts!

        1 Reply Last reply Reply Quote 0
        • S
          slepax
          last edited by

          @SteveITS yes, it is setup as individual host types listing 2 IP addresses.

          Further looking into this, I don't think the alias is the issue. I changed the limiter rules to use a single IP address directly (i.e. no alias) and still had an issue with everyone on the VLAN being slowed down.

          I then test added a "pass all" rule (as the last rule) and all of a sudden everything works as it should, meaning the rules with the limiter apply only to the IPs listed in the alias and everyone else is not impacted by the limiter.

          I didn't have the "pass all" rule before because I was relying on the "reply all" automatic rule to apply.

          Could it be that the "reply all" rule is unexplicitly impacted by the limiter?

          S 1 Reply Last reply Reply Quote 0
          • S
            SteveITS Galactic Empire @slepax
            last edited by

            @slepax check the state table for your connections. For instance downloading from a web site is usually governed by the connection to the web server.

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote ๐Ÿ‘ helpful posts!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.