• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How does tagging works?

Scheduled Pinned Locked Moved Firewalling
4 Posts 3 Posters 1.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • E
    Ender117
    last edited by Nov 13, 2018, 10:12 PM

    Hello

    I am trying to utilize the tagging function in the advanced section to make policy based routing easier. For example, first there are rules that tags certain traffic I would like to pass (such as destine to port 80, 443, etc), a later rule specify all tagged traffic a non default gateway. Of course I can specify gateway at each individual rule, but this would cost me a lot of time should I need to change the gateway.

    Now my question is, since every normal rules have to pick an action from pass/drop/reject, does a tagging rule still follow the principle of "first match wins"? In other words, will packet processing stop at the tagging rule, or will it continue? If it would stop, I guess the only viable place to use tagging is a floating rule without "quick" set?

    1 Reply Last reply Reply Quote 0
    • G
      Grimson Banned
      last edited by Nov 13, 2018, 10:17 PM

      https://www.netgate.com/docs/pfsense/firewall/firewall-rule-processing-order.html
      https://www.netgate.com/docs/pfsense/book/firewall/index.html

      1 Reply Last reply Reply Quote 0
      • J
        jimp Rebel Alliance Developer Netgate
        last edited by Nov 14, 2018, 4:55 PM

        The tag won't ever work with rules on the same interface. What you can do is tag as the traffic enters the LAN and then match that tag on an outbound floating rule and take an action there. Most commonly that would be traffic shaping/limiters. You couldn't use that for policy routing.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        E 1 Reply Last reply Nov 14, 2018, 5:45 PM Reply Quote 0
        • E
          Ender117 @jimp
          last edited by Nov 14, 2018, 5:45 PM

          @jimp
          Yep found that out the hard way.

          Do you know any way to utilize existing egress filtering while also do PBR on certain hosts? I know I can write a new complete set of rules for hosts that needs PBR but that is quite a bit of work to setup and maintain.

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received