PFsense Rule order



  • pass * * * LAN adadress 443/80/22 ANTI LOCKOUT RULE
    block TCPV !ManagmentDevices * facebook *
    block icpv4tcp/udp !LANNOPROXY * * 443
    block icpv4tcp/udp !LANNOPROXY * * 80

    pass tcpv4+6* * * * * LIMITER TO equally share bandwidth & Max Spd 9Mbps
    pass tcpv4+6* * * * * LIMITER TO equally share bandwidth & Max Spd 1Mbps
    block tcpv4+6 tcp/udp * * WANBLOCK * WAN IP BLOCKED

    pass two default allow lan to any rule
    pass ipv6 default allow lan ipv6 to any rule

    when there is a limiter  Rule Pass rule and squid proxy block 80/443 rule , in which order to setup


  • LAYER 8 Global Moderator

    Rules are evaluated top down, first rule to trigger wins.

    Might be easier if actual screenshot vs some ascii art, what exactly is  icpv4tcp/udp

    As to your block ! (not) that would pretty much block anything not going to what is that alias, guessing that is your proxy..  So if traffic not going there then rules stop evaluating..  And would never see any of the other rules.

    Lets say they are going to that, so those rules don't trigger.  Then looks like everything would hit that first limiter rule.  When would it ever see the 2nd limiter rule?

    Remember top down, first rule to fire wins - rest of the rules after that are meaningless.  The only time you get to the bottom is if none of the rules fire.  If no rules fire, then you hit the default block.

    But the default any any would let everything not blocked above that through.



  • As to your block ! (not) that would pretty much block anything not going to what is that alias, guessing that is your proxy..  So if traffic not going there then rules stop evaluating..  And would never see any of the other rules.
    
    

    Yes i want to block all traffic not going through proxy ,

    Lets say they are going to that, so those rules don't trigger.  Then looks like everything would hit that first limiter rule.  When would it ever see the 2nd limiter rule?

    Currently not using
    Previously it was like source IP in range  192.168.1-10-150  = First limiter  .
    Source IP in range  192.168.1.151-192.168.1.200 =Second Limiter for Mobile devices

    thank you so i am guessing everything is okay as i expected



Log in to reply