Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    set reply-to on rules for an interface group

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      skullnobrains
      last edited by

      hello

      i'm considering incoming traffic on a dual wan setup.
      each interface has it's own gateway set.
      some of the traffic is nated using regular nat, some of it uses the builtin load balancer ( no haproxy or other software ).

      if i setup a rule per interface to allow traffic, pfsense properly replies on each of the corresponding link.

      if i setup the same rule on an interface group or in floating rules, pfsense replies on the default gateway or gateway group.

      any way to make pfense answer on the incoming interface without setting each rule on each interface ( which in my case would produce hundreds of rules )

      thanks

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        It's not possible, because with a group, how is it supposed to know which gateway to send it back to?

        If we add a manual reply-to setting on the rule, then you'd still need to duplicate the rule, one per interface, with an appropriate reply-to gateway set, so it doesn't save you anything.

        Groups aren't macros to make multiple rules for each member interface, they are single rules that apply to multiple interfaces.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • S
          skullnobrains
          last edited by

          thanks for your help.

          actually, in my case, the easier way is to let pfsense create automagic associated rules. i was hoping to separate and delegate the nat rules to other people while managing the firewall rules which is why i wanted this feature. that's a no-go until/unless i create a rules generator.

          let's turn it into a nice feature request ;) there is no reason why pf would not be able to store the router's mac and incoming interface and reply-to accordingly ^^ ( i used this setup on some hacked config some years ago with a single interface but multiple gateways which was very convenient. i recollect on an ipfw+ipf based setup on bsd 7 and i actually though it would be builtin pf )

          see you around

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.