Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How does tagging works?

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 3 Posters 1.3k Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E Offline
      Ender117
      last edited by

      Hello

      I am trying to utilize the tagging function in the advanced section to make policy based routing easier. For example, first there are rules that tags certain traffic I would like to pass (such as destine to port 80, 443, etc), a later rule specify all tagged traffic a non default gateway. Of course I can specify gateway at each individual rule, but this would cost me a lot of time should I need to change the gateway.

      Now my question is, since every normal rules have to pick an action from pass/drop/reject, does a tagging rule still follow the principle of "first match wins"? In other words, will packet processing stop at the tagging rule, or will it continue? If it would stop, I guess the only viable place to use tagging is a floating rule without "quick" set?

      1 Reply Last reply Reply Quote 0
      • GrimsonG Offline
        Grimson Banned
        last edited by

        https://www.netgate.com/docs/pfsense/firewall/firewall-rule-processing-order.html
        https://www.netgate.com/docs/pfsense/book/firewall/index.html

        1 Reply Last reply Reply Quote 0
        • jimpJ Offline
          jimp Rebel Alliance Developer Netgate
          last edited by

          The tag won't ever work with rules on the same interface. What you can do is tag as the traffic enters the LAN and then match that tag on an outbound floating rule and take an action there. Most commonly that would be traffic shaping/limiters. You couldn't use that for policy routing.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          E 1 Reply Last reply Reply Quote 0
          • E Offline
            Ender117 @jimp
            last edited by

            @jimp
            Yep found that out the hard way.

            Do you know any way to utilize existing egress filtering while also do PBR on certain hosts? I know I can write a new complete set of rules for hosts that needs PBR but that is quite a bit of work to setup and maintain.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.