Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Apply Traffic Shaping without change all firewall rules created.

    Scheduled Pinned Locked Moved Traffic Shaping
    8 Posts 2 Posters 989 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      ramses.sevilla
      last edited by

      Hi everybody,

      I have a system with pfSense running correctly.

      It has three WAN Interfaces and each group of users are enrouted to a WAN Interface determined.

      Now, I want apply Traffic Shaping to distribute the bandwlth of each WAN Interface between each group of users without protocol discrimination but I wantn't change all my defined firewall rules.

      Can I do this easily?

      Floating rules?

      Can anybody gives me a helping hand with this?

      Regards

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        You are already matching traffic to effect policy routing. Just assign the shapers or limiters there.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • R
          ramses.sevilla
          last edited by

          @Derelict thaks by your answer,

          You want say me that I create a the shapers or limiter and assign to the firewall rules that I have created on the firewall, isn't?

          But if I have over 200 firewall rules, uuuhhhmmm...

          I have readed that exist the Floating Rules that they are checked before than check the Firewall rules.

          Would this be the solution?

          Create a shaper or limiter and create a Floating Rule with the shaper / limiter created.

          Regards and thank so much.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            You could assign queues/limiters with a match floating rule if that works for you.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • R
              ramses.sevilla
              last edited by

              @Derelict I thought that the rules were ejecuted as follow:

              Floating Rule (Match) --> Firewall Rule (Accept / Block /Reject)

              Is this correct or is executed the Floating Rules or the Firewall Rules?

              Regards,

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                You can match the traffic with a floating rule and set the queues, then the interface rules are processed. You only need to set the queues once.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • R
                  ramses.sevilla
                  last edited by

                  @Derelict thanks so much, I'm going to test it with a single IP to see if work fine.

                  Another thing, do you know if there are a flow traffic scheme that explain where is applied each functionality of pfSense to the traffic that go through the firewall and how it is affected?

                  By example, something similar to this but more complete:

                  Traffic Interface IN --> Floating Rules --> Schedule Rules --> Interface Firewall Rules --> Traffic Interface OUT

                  It's only an example, I do not saying that it's correct.

                  Best regards

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    This is probably the best place to start:

                    https://docs.netgate.com/pfsense/en/latest/book/firewall/rule-methodology.html

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.