Firewall rule order
-
The normal firewall rules (lan and wan) works top to bottom, but the floating rules match bottom to top. It should be that way or is a bug?
-
that depends on whether you have quick selected, if not, then last match wins.
-
I created this rule (any to any) for a test and marked the quick box, but the icmp and dns traffic are still passing thru the qothershigh queue, if i put the rule on the bottom all the traffic goes to the qdefault queue.
-
I created this rule (any to any) for a test and marked the quick box, but the icmp and dns traffic are still passing thru the qothershigh queue, if i put the rule on the bottom all the traffic goes to the qdefault queue.
I noticed the same thing with my setup a couple of months ago when I was setting up traffic shaping to work. I ended up just putting them in order.
-
that depends on whether you have quick selected, if not, then last match wins.
so does it mean that with quick option there is no "order", but when quick is not used, the order is from bottom to top?
-
that depends on whether you have quick selected, if not, then last match wins.
so does it mean that with quick option there is no "order", but when quick is not used, the order is from bottom to top?
When quick is used the rule evaluation from top to bottom stops there…that is also the default behavior for all rules (LAN/WLAN/OPT). Only w/floating rules they are also matched from TOP to BOTTOM and the LAST matching rule is used if you haven't set the quick on a rule before that one.