Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HSFC rule matching - a floating rule for an IP is not behaving as expected

    Scheduled Pinned Locked Moved Traffic Shaping
    3 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      doutsis
      last edited by

      Hi,

      If this has been asked before please direct me to the post.  I can't seem to find it.

      Our queues are quite simple:

      • qAck
      • qHigh
      • qDefault

      About the floating rules - they are all set to quick match, the majority were created by the wizard and rules added/edited as required.  All the floating rules work as expected and for this post will use HTTP/S as the example.

      There are two rules down the list for HTTP/S traffic to be directed to the high priority queue.  The first rule is for an IP on the LAN for all traffic to be placed in the default queue.  This IP creates a significant amount of HTTP/S traffic.  The HTTP/S traffic from this IP is still hitting the high priority queue.

      Have been looking around to understand how the rule matching works but haven't found anything.  Is this normal behavior?  What would be the right way to direct all traffic from an IP to particular queue?

      Thanks for any help!

      Regards

      1 Reply Last reply Reply Quote 0
      • D
        doutsis
        last edited by

        Think I just found the answer (in the most obvious place).

        The last rule applies….  correct?

        1 Reply Last reply Reply Quote 0
        • KOMK
          KOM
          last edited by

          Firewall rules are first-match, except for Floating rules which are last-match, unless you have the Quick option enabled.

          https://doc.pfsense.org/index.php/Firewall_Rule_Basics

          https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.