Before I disable the anti-lockout rule…..
-
Hello,
First, I want to thank everybody for you fantastic help as I've been implementing our Multi-WAN setup with traffic shaping. All is going well, but I noted something that was stated by Ermal here - https://forum.pfsense.org/index.php?topic=11986.msg65489#msg65489
He said it is necessary to remove the anti-lockout rule in order for traffic shaping rules to be applied correctly. I think I understand this, but I also acknowledge that I might be one of the very people he had in mind when he created the anti-lockout rule. Are there any steps that I should take to prevent myself from getting locked out somehow, prior to removing this rule?
Cheers
-
Create a Pass Rule to pfsense, preferrably from specified "administrative" IPs.
-
I attached a screenshot of what I think you might be telling me. The source is .100 is an administrator computer, where .1 is the mgmt IP of pfsense. Does something like this appear correct? Would I put it at the very top of the LAN FW rule list?
![Screen Shot 2015-05-29 at 2.24.59 pm.png](/public/imported_attachments/1/Screen Shot 2015-05-29 at 2.24.59 pm.png)
![Screen Shot 2015-05-29 at 2.24.59 pm.png_thumb](/public/imported_attachments/1/Screen Shot 2015-05-29 at 2.24.59 pm.png_thumb) -
Destination: "LAN Address" instead of actual IP?
-
Okay. I actually already have a similar rule in place at the top of the list. The alias is for all internal IPs. Would this suffice?
![Screen Shot 2015-05-29 at 2.51.49 pm.png](/public/imported_attachments/1/Screen Shot 2015-05-29 at 2.51.49 pm.png)
![Screen Shot 2015-05-29 at 2.51.49 pm.png_thumb](/public/imported_attachments/1/Screen Shot 2015-05-29 at 2.51.49 pm.png_thumb) -
Lol, I just gritted my teeth and hoped… it worked the 2nd or 3rd time. :)
I think your setup is proper.
-
Perfect :) Thanks for your help. After disabling the rule, I can still get into Pfsense, which is good news.
-
All of my LAN shaping works fine. While the first interface rule gets processed first, floating rules get processed before even those.