Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Limiter on floating rule not working for incoming traffic

    Scheduled Pinned Locked Moved Traffic Shaping
    8 Posts 4 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      ded_oa
      last edited by

      I'm testing limiters on floating rules and am simply trying to throttle both incoming traffic and outgoing traffic to 5 Mbit/s each. I have two limiters and two floating rules on the WAN for each direction. According to various internet speed tests, only the upload is being limited to 5 Mbit/s

      Limiters:

      • TestDown - 5 Mbit/s, no mask, enabled

      • TestUp - 5 Mbit/s, no mask, enabled

      Floating rules

      • Match, WAN, out, TCP/UDP, IPv4, Source:any, Dest: any:any, Pipe:TestUp

      • Match, WAN, in, TCP/UDP, IPv4, Source:any, Dest: any:any, Pipe:TestDown

      I figured this would be the most basic of tests to do. I've also tried similar floating rules attached to LAN, but nothing changed. I want to stick with floating rules if possible for the 'Match' capability and to keep this out of a security context. Thanks!

      1 Reply Last reply Reply Quote 0
      • H
        Harvy66
        last edited by

        Your limiter has a subnet mask as part of the configuration. Both for source and destination. When you download, you're probably creating multiple limiters with whatever mask you're using.

        1 Reply Last reply Reply Quote 0
        • D
          ded_oa
          last edited by

          @Harvy66:

          Your limiter has a subnet mask as part of the configuration. Both for source and destination. When you download, you're probably creating multiple limiters with whatever mask you're using.

          The limiters are set up with mask set to 'none', so it shouldn't be creating them dynamically for each connection, correct?

          1 Reply Last reply Reply Quote 0
          • N
            Nullity
            last edited by

            Have you confirmed that the rules are working?

            I'd confirm that first.

            Please correct any obvious misinformation in my posts.
            -Not a professional; an arrogant ignoramous.

            1 Reply Last reply Reply Quote 0
            • D
              ded_oa
              last edited by

              @Nullity:

              Have you confirmed that the rules are working?

              I'd confirm that first.

              I switched the action of both to 'block' (alternating), and the results align with the bandwidth-limiting test - WAN out traffic is blocked, WAN in traffic is still passed. I tried applying a floating rule to the LAN, blocking all 'out' traffic to a specific IP address but that didn't work either. I've disabled all other firewall rules and turned off auto-lockout just in case…not sure what this could be.

              1 Reply Last reply Reply Quote 0
              • H
                Harvy66
                last edited by

                Set your floating rules to "match"?

                1 Reply Last reply Reply Quote 0
                • D
                  ded_oa
                  last edited by

                  @Harvy66:

                  Set your floating rules to "match"?

                  "Match" was my original configuration, but the bandwidth limiter applied to that rule wasn't working. I changed it to "block" to just test the rule itself (not working). Not sure what I'm missing, as the rule is set to block all incoming traffic, regardless of source, destination, port, or protocol.

                  1 Reply Last reply Reply Quote 0
                  • F
                    fsr
                    last edited by

                    This post is a litte bit old, but i had success configuring a limiter in a floating rule. The options used in my case were:

                    Action: Match
                    Direction: in
                    Protocol: any
                    Source: any
                    Target: NOT internal_networks
                    Schedule: working_hours
                    In/Out: UploadLimiter/DownloadLimiter

                    The idea was to limit every PC to a maximum BW usage (which requires the limiters to be configured in a certain way). I tested it with speedtest.net, and it limited upload and download ok.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.