Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Log limiters

    Scheduled Pinned Locked Moved Traffic Shaping
    8 Posts 3 Posters 924 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mdes
      last edited by

      How do I log if someone (IP address) exceeds configured limiters?

      B 1 Reply Last reply Reply Quote 0
      • B
        bobbenheim @mdes
        last edited by

        @mdes is this a problem you are experiencing? If you are i would imagine that your rules isn't applied correctly.

        1 Reply Last reply Reply Quote 0
        • A
          akuma1x
          last edited by

          I don’t think a connected user can technically exceed a limiter.

          Jeff

          1 Reply Last reply Reply Quote 0
          • M
            mdes
            last edited by mdes

            OK, I admit that wording is not accurate - it should be would exceed.
            I also run commercial firewall solution and I have ability to list IP addresses and how much bytes were dropped for a time period because of configured limit.

            B 1 Reply Last reply Reply Quote 0
            • A
              akuma1x
              last edited by

              @mdes But, that's just the thing. If you set a limit on bandwidth (that's what we're talking about, right?) a host, or an entire network for that matter, isn't going to get anything dropped. They are just going to bump up against the limit you set, and not exceed it.

              What other "firewall solution" drops packets like you are describing? That is what you mean, right, they drop packets? There is actually a way, in pfsense thru a traffic shaper limiter function, to drop a percentage of packets, but this is an extreme measure meant to degrade traffic, and not usually recommended.

              https://docs.netgate.com/pfsense/en/latest/book/trafficshaper/limiters.html

              Jeff

              M 1 Reply Last reply Reply Quote 0
              • B
                bobbenheim @mdes
                last edited by

                @mdes pfsense can't predict what hosts are going to do and i think you would be wasting your time looking for alternatives that can :)
                The more important question is what traffic are getting dropped and is it a problem?

                M 1 Reply Last reply Reply Quote 0
                • M
                  mdes @akuma1x
                  last edited by mdes

                  @akuma1x said in Log limiters:

                  What other "firewall solution" drops packets like you are describing? That is what you mean, right, they drop packets?

                  And how would you throttle traffic? What techniques are available?
                  Using buffers? Is it achievable for 500+ clients and gigabit uplink?

                  1 Reply Last reply Reply Quote 0
                  • M
                    mdes @bobbenheim
                    last edited by

                    @bobbenheim said in Log limiters:

                    The more important question is what traffic are getting dropped and is it a problem?

                    Yes, it could be the problem. For example: unauthorized application installed (P2P), misconfigured application, malware... etc.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.