Are limiters global or per firewall rule



  • Hi all,

    I've got a limiter in place for upload and download. I've got two lan rules for two IP ranges and applied the limiters to both rules. The limiter seems to be working.

    I was not sure though if the limiter was a global maximum for the two LAN rules combined or if each lan rule used a separate instance of the limiter.

    So if my limiter is 30mb could each lan rule use 30mb (60mb) or maximum combined of 30mb?

    Thanks in advance.


  • Rebel Alliance Developer Netgate

    It depends on the limiter. If the limiter is not masked, then it's one bucket for all traffic reaching the limiter, no matter what rule sends traffic there.

    If you put a mask on the limiter, for example a /24 mask, then it would work as a "per-subnet" limit so each separate subnet would have a different bucket of the declared size.

    So unmasked 30 Mbit/s limiter = 30 Mbit/s total
    /24 masked 30 Mbit/s limiter with two different subnets = 60 Mbit/s grand total, 30 Mbit/s per subnet.