Floating Rules order for pfSenseBlockerNG and Traffic Shaper by Limiter
-
Hello,
I am using pfSense as my firewall and I have setup pfBlockerNG as well.
I also have the traffic shaper enabled with limiters for bufferbloat fix (FQ_CoDel Queues)The thing is that under the IP section of pfBlockerNG -> IP Interface/Rules Configuration -> Firewall ‘Auto’ Rule Order, the order is set to the default -> | pfB_Block/Reject | All other Rules | (original format)
with this being set, every time the cron runs the IP rules are ordered to the top of the list and my bufferbloat rule is re-ordered just below the set of pfBlockerNG rules.
Previously i manually set the bufferbloat rule to be at the top, but now everytime this gets reordered
I have run tests using the http://www.dslreports.com/ and the order of the rules does effect my bufferbloat rating, as when the rule is on top i get an A+ but when the cron resets the rules and i retest, the ratings drop to an A or lower
is it possible to make a custom order like bufferbloat_fix | pfB_Block/Reject | All other Rules | (original format) ?
OR
permanently fix a set of rules to be at the top of the floating rules list?
i can change the order to something like pfSense pass/match | pfB_Block/Reject | All other Rules | (original format)
but this would mean that the non pfBlocker rules will take precedence. Which i do not want for all rules
i just want the bufferbloat rule to have precedence over all other rules -
If you set pfBlocker to "native alias" instead of block, that will just create an alias and you can create your own block/allow rules however you want them.