Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Uploadspeed

    Deutsch
    2
    8
    3.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Stefan
      last edited by

      Hallo

      Ich versuche gerade mittels Trafficshaper ''alias bzw ip bezogene bandbreitenregeln''' zu erstellen.

      Als Basis dazu habe ich einen regel mit dem Wizard erstellt(voip) und nachfolgend einfach die queues
      geändert /auf maxbandwith/, diese queues hab ich dann für die jeweilige bandbreite je 1x up +1x down
      ertsellt . Die regeln haben dann jeweils mit den aliasen die entsprechenden Queues bekommen.

      Vom prinzip her sollte das so sein wie schon teilweise im Forum besprochen. Die download speed
      begrenzen  z.b. auch 1,2,4,6Mbit/sec funktioniert tadelos upload speed begrenzen get leider garnix  :-
      hab mich erst wenig mit dem shaper beschäftigt ,entweder hab ich was falschverstanden oder falsch
      eingerichtet.

      Setup: beta4 embedded auf wrap sis0= wan sis1 =lan, das wrap hängt hinter einer /pfsense die loabalncer spielt / und soll das captiv portal und das shaping wie oben beschrieben übernemen.

      Stefan

      1 Reply Last reply Reply Quote 0
      • S
        Stefan
        last edited by

        öhhmm

        gaarniemand einen Idee ???

        wie gesagt ich gehe davon aus das es grundsätzlich funktionieren sollte 'donwn get ja auch '
        da eben nur up sich nicht einbremsen lässt vermute ich mal das ich was falsch mache

        Stefan

        1 Reply Last reply Reply Quote 0
        • H
          hoba
          last edited by

          Poste bitte mal den Trafficshaper-Teil Deiner config.xml.

          1 Reply Last reply Reply Quote 0
          • S
            Stefan
            last edited by

            Hmm.. ich hoffe mal ich hab jetzt das was du meintesd

            Danke im Voraus :Stefan

            - <shaper><schedulertype>hfsc</schedulertype> 
- <queue><schedulertype><bandwidth>1024</bandwidth> 
  <bandwidthtype>Kb</bandwidthtype> 
  <priority>0</priority> 
  <name>qwanRoot</name> 
  <borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime><realtime3><realtime2><realtime1><upperlimit><upperlimit3><upperlimit2><upperlimit1><parentqueue>on</parentqueue> 
  <attachtoqueue><associatedrule><rio><red><ecn><defaultqueue></defaultqueue></ecn></red></rio></associatedrule></attachtoqueue></upperlimit1></upperlimit2></upperlimit3></upperlimit></realtime1></realtime2></realtime3></realtime></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue> 
- <queue><schedulertype><bandwidth>16000</bandwidth> 
  <bandwidthtype>Kb</bandwidthtype> 
  <priority>0</priority> 
  <name>qlanRoot</name> 
  <borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime><realtime3><realtime2><realtime1><upperlimit><upperlimit3><upperlimit2><upperlimit1><parentqueue>on</parentqueue> 
  <attachtoqueue><associatedrule><rio><red><ecn><defaultqueue></defaultqueue></ecn></red></rio></associatedrule></attachtoqueue></upperlimit1></upperlimit2></upperlimit3></upperlimit></realtime1></realtime2></realtime3></realtime></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue> 
- <queue><name>qwandef</name> 
  <attachtoqueue>qwanRoot</attachtoqueue> 
  <associatedrule>0</associatedrule> 
  <defaultqueue>true</defaultqueue> 
  <priority>3</priority> 
  <realtime>on</realtime> 
  <realtime3>1%</realtime3> 
  <bandwidth>1</bandwidth> 
  <bandwidthtype>%</bandwidthtype> 
  <qlimit>500</qlimit></queue> 
- <queue><name>qlandef</name> 
  <priority>3</priority> 
  <attachtoqueue>qlanRoot</attachtoqueue> 
  <associatedrule>0</associatedrule> 
  <defaultqueue>true</defaultqueue> 
  <realtime>on</realtime> 
  <realtime3>1%</realtime3> 
  <bandwidth>1</bandwidth> 
  <bandwidthtype>%</bandwidthtype> 
  <qlimit>500</qlimit></queue> 
- <queue><name>qwanacks</name> 
  <ack><attachtoqueue>qwanRoot</attachtoqueue> 
  <associatedrule>0</associatedrule> 
  <priority>7</priority> 
  <realtime>on</realtime> 
  <realtime3>10%</realtime3> 
  <bandwidth>1</bandwidth> 
  <bandwidthtype>%</bandwidthtype></ack></queue> 
- <queue><name>qlanacks</name> 
  <ack><attachtoqueue>qlanRoot</attachtoqueue> 
  <associatedrule>0</associatedrule> 
  <priority>7</priority> 
  <realtime>on</realtime> 
  <realtime3>10%</realtime3> 
  <bandwidth>1</bandwidth> 
  <bandwidthtype>%</bandwidthtype></ack></queue> 
- <queue><schedulertype><bandwidth>1</bandwidth> 
  <bandwidthtype>%</bandwidthtype> 
  <priority>7</priority> 
  <name>qVOIPUp</name> 
  <borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime><realtime3><realtime2><realtime1><upperlimit>on</upperlimit> 
  <upperlimit3>127Kb</upperlimit3> 
  <upperlimit2><upperlimit1><parentqueue><attachtoqueue>qwanRoot</attachtoqueue> 
  <associatedrule><rio><red><ecn><defaultqueue></defaultqueue></ecn></red></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></realtime1></realtime2></realtime3></realtime></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue> 
- <queue><schedulertype><bandwidth>1</bandwidth> 
  <bandwidthtype>%</bandwidthtype> 
  <priority>7</priority> 
  <name>qVOIPDown</name> 
  <borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime><realtime3><realtime2><realtime1><upperlimit>on</upperlimit> 
  <upperlimit3>512Kb</upperlimit3> 
  <upperlimit2><upperlimit1><parentqueue><attachtoqueue>qlanRoot</attachtoqueue> 
  <associatedrule><rio><red><ecn><defaultqueue></defaultqueue></ecn></red></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></realtime1></realtime2></realtime3></realtime></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue> 
- <queue><schedulertype><bandwidth>1</bandwidth> 
  <bandwidthtype>%</bandwidthtype> 
  <priority>7</priority> 
  <name>basicup</name> 
  <borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime><realtime3><realtime2><realtime1><upperlimit>on</upperlimit> 
  <upperlimit3>128Kb</upperlimit3> 
  <upperlimit2><upperlimit1><parentqueue><attachtoqueue>qwanRoot</attachtoqueue> 
  <associatedrule><rio><red><ecn><defaultqueue></defaultqueue></ecn></red></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></realtime1></realtime2></realtime3></realtime></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue> 
- <queue><schedulertype><bandwidth>1</bandwidth> 
  <bandwidthtype>%</bandwidthtype> 
  <priority>7</priority> 
  <name>basicdown</name> 
  <borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime><realtime3><realtime2><realtime1><upperlimit>on</upperlimit> 
  <upperlimit3>1100Kb</upperlimit3> 
  <upperlimit2><upperlimit1><parentqueue><attachtoqueue>qlanRoot</attachtoqueue> 
  <associatedrule><rio><red><ecn><defaultqueue></defaultqueue></ecn></red></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></realtime1></realtime2></realtime3></realtime></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue> 
- <queue><schedulertype><bandwidth>1</bandwidth> 
  <bandwidthtype>%</bandwidthtype> 
  <priority>6</priority> 
  <name>Homeup</name> 
  <borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime><realtime3><realtime2><realtime1><upperlimit>on</upperlimit> 
  <upperlimit3>256Kb</upperlimit3> 
  <upperlimit2><upperlimit1><parentqueue><attachtoqueue>qwanRoot</attachtoqueue> 
  <associatedrule><rio><red><ecn><defaultqueue></defaultqueue></ecn></red></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></realtime1></realtime2></realtime3></realtime></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue> 
- <queue><schedulertype><bandwidth>1</bandwidth> 
  <bandwidthtype>%</bandwidthtype> 
  <priority>6</priority> 
  <name>Homedown</name> 
  <borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime><realtime3><realtime2><realtime1><upperlimit>on</upperlimit> 
  <upperlimit3>2200Kb</upperlimit3> 
  <upperlimit2><upperlimit1><parentqueue><attachtoqueue>qlanRoot</attachtoqueue> 
  <associatedrule><rio><red><ecn><defaultqueue></defaultqueue></ecn></red></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></realtime1></realtime2></realtime3></realtime></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue> 
- <queue><schedulertype><bandwidth>1</bandwidth> 
  <bandwidthtype>%</bandwidthtype> 
  <priority>5</priority> 
  <name>Proup</name> 
  <borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime><realtime3><realtime2><realtime1><upperlimit>on</upperlimit> 
  <upperlimit3>396Kb</upperlimit3> 
  <upperlimit2><upperlimit1><parentqueue><attachtoqueue>qwanRoot</attachtoqueue> 
  <associatedrule><rio><red><ecn><defaultqueue></defaultqueue></ecn></red></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></realtime1></realtime2></realtime3></realtime></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue> 
- <queue><schedulertype><bandwidth>1</bandwidth> 
  <bandwidthtype>%</bandwidthtype> 
  <priority>5</priority> 
  <name>Prodown</name> 
  <borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime><realtime3><realtime2><realtime1><upperlimit>on</upperlimit> 
  <upperlimit3>4300Kb</upperlimit3> 
  <upperlimit2><upperlimit1><parentqueue><attachtoqueue>qlanRoot</attachtoqueue> 
  <associatedrule><rio><red><ecn><defaultqueue></defaultqueue></ecn></red></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></realtime1></realtime2></realtime3></realtime></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue> 
- <queue><schedulertype><bandwidth>1</bandwidth> 
  <bandwidthtype>%</bandwidthtype> 
  <priority>5</priority> 
  <name>Premiumup</name> 
  <borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime><realtime3><realtime2><realtime1><upperlimit>on</upperlimit> 
  <upperlimit3>512Kb</upperlimit3> 
  <upperlimit2><upperlimit1><parentqueue><attachtoqueue>qwanRoot</attachtoqueue> 
  <associatedrule><rio><red><ecn><defaultqueue></defaultqueue></ecn></red></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></realtime1></realtime2></realtime3></realtime></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue> 
- <queue><schedulertype><bandwidth>1</bandwidth> 
  <bandwidthtype>%</bandwidthtype> 
  <priority>4</priority> 
  <name>Premiumdown</name> 
  <borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime><realtime3><realtime2><realtime1><upperlimit>on</upperlimit> 
  <upperlimit3>6100Kb</upperlimit3> 
  <upperlimit2><upperlimit1><parentqueue><attachtoqueue>qlanRoot</attachtoqueue> 
  <associatedrule><rio><red><ecn><defaultqueue></defaultqueue></ecn></red></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></realtime1></realtime2></realtime3></realtime></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue> 
- <rule><in-interface>wan</in-interface> 
  <out-interface>lan</out-interface> 
- <source>
  <any>- <destination><address>10.10.1.3</address></destination> 
  <direction>in</direction> 
  <iptos><tcpflags><descr>VOIP Adapter</descr> 
  <inqueue>qVOIPUp</inqueue> 
  <outqueue>qVOIPDown</outqueue></tcpflags></iptos></any></rule> 
- <rule><in-interface>lan</in-interface> 
  <out-interface>wan</out-interface> 
- <source>

<address>10.10.1.3</address>

- <destination><any></any></destination> 
  <direction>out</direction> 
  <iptos><tcpflags><descr>VOIP Adapter</descr> 
  <inqueue>qVOIPDown</inqueue> 
  <outqueue>qVOIPUp</outqueue></tcpflags></iptos></rule> 
- <rule><in-interface>wan</in-interface> 
  <out-interface>lan</out-interface> 
- <source>
  <any>- <destination><address>Premium</address></destination> 
  <direction>in</direction> 
  <iptos><tcpflags><descr>VOIP Adapter</descr> 
  <inqueue>Premiumup</inqueue> 
  <outqueue>Premiumdown</outqueue></tcpflags></iptos></any></rule> 
- <rule><in-interface>lan</in-interface> 
  <out-interface>wan</out-interface> 
- <source>

<address>Premium</address>

- <destination><any></any></destination> 
  <direction>out</direction> 
  <iptos><tcpflags><descr>VOIP Adapter</descr> 
  <inqueue>Premiumdown</inqueue> 
  <outqueue>Premiumup</outqueue></tcpflags></iptos></rule> 
- <rule><in-interface>wan</in-interface> 
  <out-interface>lan</out-interface> 
- <source>
  <any>- <destination><address>Pro</address></destination> 
  <direction>in</direction> 
  <iptos><tcpflags><descr>VOIP Adapter</descr> 
  <inqueue>Proup</inqueue> 
  <outqueue>Prodown</outqueue></tcpflags></iptos></any></rule> 
- <rule><in-interface>lan</in-interface> 
  <out-interface>wan</out-interface> 
- <source>

<address>Pro</address>

- <destination><any></any></destination> 
  <direction>out</direction> 
  <iptos><tcpflags><descr>VOIP Adapter</descr> 
  <inqueue>Prodown</inqueue> 
  <outqueue>Proup</outqueue></tcpflags></iptos></rule> 
- <rule><in-interface>wan</in-interface> 
  <out-interface>lan</out-interface> 
- <source>
  <any>- <destination><address>Home</address></destination> 
  <direction>in</direction> 
  <iptos><tcpflags><descr>VOIP Adapter</descr> 
  <inqueue>Homeup</inqueue> 
  <outqueue>Homedown</outqueue></tcpflags></iptos></any></rule> 
- <rule><in-interface>lan</in-interface> 
  <out-interface>wan</out-interface> 
- <source>

<address>Home</address>

- <destination><any></any></destination> 
  <direction>out</direction> 
  <iptos><tcpflags><descr>VOIP Adapter</descr> 
  <inqueue>Homedown</inqueue> 
  <outqueue>Homeup</outqueue></tcpflags></iptos></rule> 
- <rule><in-interface>wan</in-interface> 
  <out-interface>lan</out-interface> 
- <source>
  <any>- <destination><address>basic</address></destination> 
  <direction>in</direction> 
  <iptos><tcpflags><descr>VOIP Adapter</descr> 
  <inqueue>basicup</inqueue> 
  <outqueue>basicdown</outqueue></tcpflags></iptos></any></rule> 
- <rule><in-interface>lan</in-interface> 
  <out-interface>wan</out-interface> 
- <source>

<address>basic</address>

- <destination><any></any></destination> 
  <direction>out</direction> 
  <iptos><tcpflags><descr>VOIP Adapter</descr> 
  <inqueue>basicdown</inqueue> 
  <outqueue>basicup</outqueue></tcpflags></iptos></rule> 
  <enable></enable></shaper>
            1 Reply Last reply Reply Quote 0
            • H
              hoba
              last edited by

              Ok, wir bräuchten nochmal die Datei /tmp/rules.debug (kannst Du über das webgui unter diagnostics>edit file öffnen und copy/pasten).

              1 Reply Last reply Reply Quote 0
              • S
                Stefan
                last edited by

                Müsste das hier sein …..

                Gruss Stefan

                # System Aliases 
loopback = "{ lo0 }"
lan = "{ sis0  }"
wan = "{ sis1  ng0 }"
# User Aliases 
Home = "{ 10.10.1.70 10.10.1.71 10.10.1.72 10.10.1.73 10.10.1.74 10.10.1.75 10.10.1.76 10.10.1.77 10.10.1.78 10.10.1.79 10.10.1.80 }"
Premium = "{ 10.10.1.100 10.10.1.101 10.10.1.102 10.10.1.103 10.10.1.104 10.10.1.105 10.10.1.106 10.10.1.107 10.10.1.108 10.10.1.109 }"
Pro = "{ 10.10.1.90 10.10.1.91 10.10.1.92 10.10.1.93 10.10.1.94 10.10.1.95 10.10.1.96 10.10.1.97 10.10.1.98 10.10.1.99 }"
basic = "{ 10.10.1.50 10.10.1.51 10.10.1.52 10.10.1.53 10.10.1.54 10.10.1.55 10.10.1.56 10.10.1.57 10.10.1.59 10.10.1.58 192.168.100.100 }"

set loginterface sis1
set loginterface sis0
set optimization normal

scrub on sis1 all random-id 
altq on sis1 hfsc bandwidth 1024Kb queue { qwanRoot }
altq on sis0 hfsc bandwidth 16000Kb queue { qlanRoot }

queue qwanRoot bandwidth 1024Kb priority 0 hfsc { qwandef, qwanacks, qVOIPUp, basicup, Homeup, Proup, Premiumup }
queue qlanRoot bandwidth 16000Kb priority 0 hfsc { qlandef, qlanacks, qVOIPDown, basicdown, Homedown, Prodown, Premiumdown }
queue qwandef bandwidth 1% priority 3 qlimit 500 hfsc (  default realtime 1% )
queue qlandef bandwidth 1% priority 3 qlimit 500 hfsc (  default realtime 1% )
queue qwanacks bandwidth 1% priority 7 hfsc (  realtime 10% )
queue qlanacks bandwidth 1% priority 7 hfsc (  realtime 10% )
queue qVOIPUp bandwidth 1% priority 7 hfsc (  upperlimit 127Kb )
queue qVOIPDown bandwidth 1% priority 7 hfsc (  upperlimit 512Kb )
queue basicup bandwidth 1% priority 7 hfsc (  upperlimit 128Kb )
queue basicdown bandwidth 1% priority 7 hfsc (  upperlimit 1100Kb )
queue Homeup bandwidth 1% priority 6 hfsc (  upperlimit 256Kb )
queue Homedown bandwidth 1% priority 6 hfsc (  upperlimit 2200Kb )
queue Proup bandwidth 1% priority 5 hfsc (  upperlimit 396Kb )
queue Prodown bandwidth 1% priority 5 hfsc (  upperlimit 4300Kb )
queue Premiumup bandwidth 1% priority 5 hfsc (  upperlimit 512Kb )
queue Premiumdown bandwidth 1% priority 4 hfsc (  upperlimit 6100Kb )

# UPnPd rdr anchor
rdr-anchor "upnpd/*"
nat-anchor "pftpx/*"
nat-anchor "natearly/*"
nat-anchor "natrules/*"
# FTP proxy
rdr-anchor "pftpx/*"
nat on $wan from 10.10.1.0/24 port 500 to any port 500 -> (sis1) port 500
nat on $wan from 10.10.1.0/24 to any -> (sis1)
#SSH Lockout Table
table <sshlockout>persist

# Load balancing anchor - slbd updates
rdr-anchor "slb"

# FTP Proxy/helper
rdr on $lan proto tcp from any to any port 21 -> 127.0.0.1 port 8021

block in all tag unshaped label "SHAPER: first match rule"
pass in on  $wan from any to 10.10.1.3  keep state tagged unshaped tag qVOIPUp 
pass out on $lan from any to 10.10.1.3 keep state tagged qVOIPUp tag qVOIPDown
pass in on  $lan from 10.10.1.3 to any  keep state tagged unshaped tag qVOIPDown 
pass out on $wan from any to any keep state tagged qVOIPDown tag qVOIPUp
pass in on  $wan from any to $Premium  keep state tagged unshaped tag Premiumup 
pass out on $lan from any to $Premium keep state tagged Premiumup tag Premiumdown
pass in on  $lan from $Premium to any  keep state tagged unshaped tag Premiumdown 
pass out on $wan from any to any keep state tagged Premiumdown tag Premiumup
pass in on  $wan from any to $Pro  keep state tagged unshaped tag Proup 
pass out on $lan from any to $Pro keep state tagged Proup tag Prodown
pass in on  $lan from $Pro to any  keep state tagged unshaped tag Prodown 
pass out on $wan from any to any keep state tagged Prodown tag Proup
pass in on  $wan from any to $Home  keep state tagged unshaped tag Homeup 
pass out on $lan from any to $Home keep state tagged Homeup tag Homedown
pass in on  $lan from $Home to any  keep state tagged unshaped tag Homedown 
pass out on $wan from any to any keep state tagged Homedown tag Homeup
pass in on  $wan from any to $basic  keep state tagged unshaped tag basicup 
pass out on $lan from any to $basic keep state tagged basicup tag basicdown
pass in on  $lan from $basic to any  keep state tagged unshaped tag basicdown 
pass out on $wan from any to any keep state tagged basicdown tag basicup

anchor "ftpsesame/*" 
anchor "firewallrules"

# loopback
anchor "loopback"
pass in quick on $loopback all label "pass loopback"
pass out quick on $loopback all label "pass loopback"

# package manager early specific hook
anchor "packageearly"

# carp
anchor "carp"
# enable ftp-proxy

anchor "ftpproxy"
anchor "pftpx/*"
pass in quick on sis0 inet proto tcp from any to $loopback port 8021 keep state label "FTP PROXY: Allow traffic to localhost"
pass in quick on sis0 inet proto tcp from any to $loopback port 21 keep state label "FTP PROXY: Allow traffic to localhost"
pass in quick on sis1 inet proto tcp from port 20 to (sis1) port > 49000 user proxy flags S/SA keep state label "FTP PROXY: PASV mode data connection"

# allow access to DHCP server on LAN
anchor "dhcpserverlan"
pass in quick on $lan proto udp from any port = 68 to 255.255.255.255 port = 67 label "allow access to DHCP server on LAN"
pass in quick on $lan proto udp from any port = 68 to 10.10.1.1 port = 67 label "allow access to DHCP server on LAN"
pass out quick on $lan proto udp from 10.10.1.1 port = 67 to any port = 68 label "allow access to DHCP server on LAN"

# allow our DHCP client out to the WAN
anchor "wandhcp"
pass out quick on $wan proto udp from any port = 68 to any port = 67 label "allow dhcp client out wan"
block in log quick on $wan proto udp from any port = 67 to 10.10.1.0/24 port = 68 label "allow dhcp client out wan"

pass in quick on $wan proto udp from any port = 67 to any port = 68 label "allow dhcp client out wan"

# LAN/OPT spoof check (needs to be after DHCP because of broadcast addresses)
antispoof for sis0
# Support for allow limiting of TCP connections by establishment rate
anchor "limitingesr"
table <virusprot>block in quick from <virusprot>to any label "virusprot overload table"

# let out anything from the firewall host itself and decrypted IPsec traffic
pass out quick on sis1 all keep state label "let out anything from firewall host itself"
# pass traffic from firewall -> out
anchor "firewallout"
pass out quick on sis1 all keep state tagged qVOIPUp queue (qVOIPUp, qwanacks) label "let out anything from firewall host itself"
pass out quick on sis1 all keep state tagged basicup queue (basicup, qwanacks) label "let out anything from firewall host itself"
pass out quick on sis1 all keep state tagged Homeup queue (Homeup, qwanacks) label "let out anything from firewall host itself"
pass out quick on sis1 all keep state tagged Proup queue (Proup, qwanacks) label "let out anything from firewall host itself"
pass out quick on sis1 all keep state tagged Premiumup queue (Premiumup, qwanacks) label "let out anything from firewall host itself"
pass out quick on sis1 all keep state queue (qwandef, qwanacks) label "let out anything from firewall host itself"
pass out quick on sis0 all keep state tagged qVOIPDown queue (qVOIPDown, qlanacks) label "let out anything from firewall host itself"
pass out quick on sis0 all keep state tagged basicdown queue (basicdown, qlanacks) label "let out anything from firewall host itself"
pass out quick on sis0 all keep state tagged Homedown queue (Homedown, qlanacks) label "let out anything from firewall host itself"
pass out quick on sis0 all keep state tagged Prodown queue (Prodown, qlanacks) label "let out anything from firewall host itself"
pass out quick on sis0 all keep state tagged Premiumdown queue (Premiumdown, qlanacks) label "let out anything from firewall host itself"
pass out quick on sis0 all keep state queue (qlandef, qlanacks) label "let out anything from firewall host itself"

# make sure the user cannot lock himself out of the webGUI or SSH
anchor "anti-lockout"
pass in quick from 10.10.1.0/24 to 10.10.1.1 keep state label "anti-lockout web rule"

# SSH lockout
block in log proto tcp from <sshlockout>to any port 22 label "sshlockout"

# User-defined rules follow
# Anchors for rules that might be matched by queues
anchor qwanRoot tagged qwanRoot
anchor qlanRoot tagged qlanRoot
anchor qwandef tagged qwandef
anchor qlandef tagged qlandef
anchor qwanacks tagged qwanacks
anchor qlanacks tagged qlanacks
anchor qVOIPUp tagged qVOIPUp
anchor qVOIPDown tagged qVOIPDown
anchor basicup tagged basicup
anchor basicdown tagged basicdown
anchor Homeup tagged Homeup
anchor Homedown tagged Homedown
anchor Proup tagged Proup
anchor Prodown tagged Prodown
anchor Premiumup tagged Premiumup
anchor Premiumdown tagged Premiumdown
pass in quick on $wan from any to any keep state  queue (qwandef, qwanacks)  label "USER_RULE" 
#   opt2 array key does not exist for  label "USER_RULE" 
pass in quick on $lan from 10.10.1.0/24 to any keep state  queue (qlandef, qlanacks)  label "USER_RULE: Default LAN -> any" 

# VPN Rules

#---------------------------------------------------------------------------
# default rules (just to be sure)
#---------------------------------------------------------------------------
block in log quick all label "Default block all just to be sure."
block out log quick all label "Default block all just to be sure."</sshlockout></virusprot></virusprot></sshlockout>
                1 Reply Last reply Reply Quote 0
                • H
                  hoba
                  last edited by

                  Ok, Fehler gefunden. Bill arbeitet an der Behebung. Ich gebe Dir bescheid, wenn es was zu testen gibt. Der Fehler tritt übrigens nur mit PPPoE WAN auf.

                  1 Reply Last reply Reply Quote 0
                  • S
                    Stefan
                    last edited by

                    hallo sorry für die späte Antwort

                    danke erstmal für deine hilfe

                    Der Fehler tritt übrigens nur mit PPPoE WAN auf.

                    hmm… diese sense is wie erwähnt einer anderen sense nachgeschaltet und ist Wanseitig als dhcpclient eingestellt
                    Grund dafür ist das meinen pfsense mit loadbalancer kein Captivportal mehr kann .
                    aber gut mal sehen was dabei rauskommt

                    Mfg: Stefan

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.