Multiple rules for the same ip address on lan



  • Hello Everyone!

    so I'm having a strange issue and I'm sure its just me being dumb. I have a schedule setup in pfsense to kick the kids off the internet on school night's and it works great. I also have a rule to put them on PIA using an alias.

    I can't seem to use both rules, I followed guides to set each thing up and but I'm not sure if its a firewall rule order thing or I should use floating rules...

    Either way I can have them on pia and the schedule wont happen..(internet till they go to bed on their own (3am), or remove them from the alias and internet kicks out at 10:30pm but not on PIA.

    ![alt text](<img src="https://ibb.co/cQqCd53")

    One more question...
    the schedule blocks all traffic except whats allowed past in the alias....is there a way to do the reverse where it only blocks a few computers based on alias but lets everything else past?


  • LAYER 8 Moderator

    Sorry, your pic doesn't show so no chance to see your rules. Could you upload or attach it to that post again?



  • alt text


  • LAYER 8 Global Moderator

    Not sure why attaching images is so difficult..

    I edit his post to show the image, he tried to insert an image but just linked to the page not the actual image.



  • Sorry I gotta figure that image thing out lol. First time trying it


  • LAYER 8 Global Moderator

    Its either to just attach them vs linking to some remote image.

    If your going insert an img link, then it has to be to an actual image - not the page hosting the image..
    You had img src going here

    https://ibb.co/WWYBNkd
    

    Vs the actual image which is here

    https://i.ibb.co/PZf1scb/pfsenselan.jpg
    

    Not getting your actual question here - with those rules that block rule for source NAT would prevent any of the below rules being evaluated..

    Rules are evaluated top down, first rule to trigger wins, no other rules are evaluated. When you run scheduled stuff, you need to make sure states are killed or any existing traffic would still be allowed per the states.



  • Thanks for replying, I was trying to set up 2 rules where an IP is on schedule... If the schedule rule says the IP has internet then the next rule says it connects to a vpn us
    ing an alias.

    I cant seem to get it working but I didn't know about the states needing to be reset. Maybe that was my issue.

    I'll know today when I try it after work.



  • Ok I'm trying something new and maybe it will work.
    I only want to schedule 3 computers out of about 30 ip addresses.
    I created a rule just for those IP addresses and set the schedule to on. Then the gateway was my pia gateway.
    Reset all the states and firewall table.

    If this works then it's the easiest way and I'll just stick to this.. One rule with everything combined.

    Sorry for this basic stuff.. I'm pretty new to firewall rules.


Log in to reply