Limiter on floating rule not working for incoming traffic



  • I'm testing limiters on floating rules and am simply trying to throttle both incoming traffic and outgoing traffic to 5 Mbit/s each. I have two limiters and two floating rules on the WAN for each direction. According to various internet speed tests, only the upload is being limited to 5 Mbit/s

    Limiters:

    • TestDown - 5 Mbit/s, no mask, enabled

    • TestUp - 5 Mbit/s, no mask, enabled

    Floating rules

    • Match, WAN, out, TCP/UDP, IPv4, Source:any, Dest: any:any, Pipe:TestUp

    • Match, WAN, in, TCP/UDP, IPv4, Source:any, Dest: any:any, Pipe:TestDown

    I figured this would be the most basic of tests to do. I've also tried similar floating rules attached to LAN, but nothing changed. I want to stick with floating rules if possible for the 'Match' capability and to keep this out of a security context. Thanks!



  • Your limiter has a subnet mask as part of the configuration. Both for source and destination. When you download, you're probably creating multiple limiters with whatever mask you're using.



  • @Harvy66:

    Your limiter has a subnet mask as part of the configuration. Both for source and destination. When you download, you're probably creating multiple limiters with whatever mask you're using.

    The limiters are set up with mask set to 'none', so it shouldn't be creating them dynamically for each connection, correct?



  • Have you confirmed that the rules are working?

    I'd confirm that first.



  • @Nullity:

    Have you confirmed that the rules are working?

    I'd confirm that first.

    I switched the action of both to 'block' (alternating), and the results align with the bandwidth-limiting test - WAN out traffic is blocked, WAN in traffic is still passed. I tried applying a floating rule to the LAN, blocking all 'out' traffic to a specific IP address but that didn't work either. I've disabled all other firewall rules and turned off auto-lockout just in case…not sure what this could be.



  • Set your floating rules to "match"?



  • @Harvy66:

    Set your floating rules to "match"?

    "Match" was my original configuration, but the bandwidth limiter applied to that rule wasn't working. I changed it to "block" to just test the rule itself (not working). Not sure what I'm missing, as the rule is set to block all incoming traffic, regardless of source, destination, port, or protocol.



  • This post is a litte bit old, but i had success configuring a limiter in a floating rule. The options used in my case were:

    Action: Match
    Direction: in
    Protocol: any
    Source: any
    Target: NOT internal_networks
    Schedule: working_hours
    In/Out: UploadLimiter/DownloadLimiter

    The idea was to limit every PC to a maximum BW usage (which requires the limiters to be configured in a certain way). I tested it with speedtest.net, and it limited upload and download ok.


Log in to reply