Floating traffic limiter rules .. ???
-
I am trying to set up interface-based traffic limiting using floating rules. We have 1 WAN and 3 LANs. I want to limit two of the LANs into a shared limiter and leave the 3rd LAN connection unlimited.
But the options for setting up floating traffic rules are bizarre.
Why is there a requirement to select an interface, AND a source address? The source address can be "Any" but not the interface cannot be "Any", so that selection is forced, it's not an either/or choice between source interface and source address? Why does the interface have to be specified at all?
- What happens if I set the interface to WAN and the source to ANY?
- Is that the same thing as selecting "interface WAN" and source as "WAN net"?
- I can choose "Interface WAN" and source as "LAN net" … but is this an invalid choice that will never match?
Next up is the direction box and what effect it has on everything else.
I just want symmetric limiting with two limiter queues:
* WAN -> InFromWAN limiter queue -> LAN
* WAN <- OutToWAN limiter queue <- LANIf I create the two floating rules as:
- Interface WAN, Source WAN net, Destination LAN net
... In limiter: InFromWAN Out limiter: OutToWAN
... Direction: In - Interface WAN, Source WAN net, Destination LAN net
... In limiter: InFromWAN Out limiter: OutToWAN
... Direction: Out
This does nothing as far as I can tell. Setting immediate match also does nothing. It seems like choosing Out may require completely flipping around the selections for everything else?
Also if I HAVE to specify a direction, then setting both the In limiter and the Out limiter is probably unnecessary because only one limiter queue will be used for the direction specified?
,
The limiter does work if I ignore the floating rules tab, and instead apply the limiter queues to the pass rules in the LAN tab, but it's a hassle applying the same two In/Out limiter queues to 30+ pass rules in there.