Firewall rules and schedule question



  • what i plan to achieve is to limit a certain group of clients such that during day time they have a fixed upload and downlaod speed so if they start p2p downlaods also they dont saturate the line and other can check their mails, surf etc smoothly and then during the nights when others r not doing business, remove the bandwidth restrictions from that group so they can utilized the line completely to finish their downlaods etc.

    i have my firewall rules set such that a group of clients set under alias have their traffic limited and shaped and always placed into the p2p queue during the day, now what i plan to do is set schedule such that these rules which limit and shape their traffic get removed during nights but according to the docs, when a schedule is in effect, the paas or block action specified by the rule is applied but when not in effect, the anti is done, now i cant figure out a way to use schedules such as to skip a rule during ineffective period coz rules r evaluated on first match so if the first rule is pass with limiting traffic during day then during nights it automatically turns to block so if i were to add a next rule that applied pass but without speed limit it wouldnt work coz in order, the day time rule would turn block during nights.

    could any1 suggest something.

    wouldnt it be good if schedules had an option to specify the anti action to do when not in effect?



  • On 2.0 that has changed actually. When a schedule is not active it will not do the anti-action it will be just as the rule does not exist at all.
    What you want to do is you have to create 2 rules.
    The order is:
    One that is valid during the day with its shaping properties.
    After it a rule that will get valid after the previous one is not anymore in effect with its own shaping.



  • thanks a lot, thats some good info so i guess u need to change the docs on this link

    http://doc.pfsense.org/index.php/Firewall_Rule_Schedules


  • Rebel Alliance Developer Netgate

    I added a note to the doc wiki page about that behavior change.



  • when rules r out of the schedule period, the icon turns red and on mouse over says traffic matching this is being denied so i guess that needs to be changed now.




  • @xbipin:

    when rules r out of the schedule period, the icon turns red and on mouse over says traffic matching this is being denied so i guess that needs to be changed now.

    Opened a ticket on that, thanks.


Log in to reply