Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall rules and schedule question

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    6 Posts 4 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      xbipin
      last edited by

      what i plan to achieve is to limit a certain group of clients such that during day time they have a fixed upload and downlaod speed so if they start p2p downlaods also they dont saturate the line and other can check their mails, surf etc smoothly and then during the nights when others r not doing business, remove the bandwidth restrictions from that group so they can utilized the line completely to finish their downlaods etc.

      i have my firewall rules set such that a group of clients set under alias have their traffic limited and shaped and always placed into the p2p queue during the day, now what i plan to do is set schedule such that these rules which limit and shape their traffic get removed during nights but according to the docs, when a schedule is in effect, the paas or block action specified by the rule is applied but when not in effect, the anti is done, now i cant figure out a way to use schedules such as to skip a rule during ineffective period coz rules r evaluated on first match so if the first rule is pass with limiting traffic during day then during nights it automatically turns to block so if i were to add a next rule that applied pass but without speed limit it wouldnt work coz in order, the day time rule would turn block during nights.

      could any1 suggest something.

      wouldnt it be good if schedules had an option to specify the anti action to do when not in effect?

      1 Reply Last reply Reply Quote 0
      • E
        eri--
        last edited by

        On 2.0 that has changed actually. When a schedule is not active it will not do the anti-action it will be just as the rule does not exist at all.
        What you want to do is you have to create 2 rules.
        The order is:
        One that is valid during the day with its shaping properties.
        After it a rule that will get valid after the previous one is not anymore in effect with its own shaping.

        1 Reply Last reply Reply Quote 0
        • X
          xbipin
          last edited by

          thanks a lot, thats some good info so i guess u need to change the docs on this link

          http://doc.pfsense.org/index.php/Firewall_Rule_Schedules

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            I added a note to the doc wiki page about that behavior change.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • X
              xbipin
              last edited by

              when rules r out of the schedule period, the icon turns red and on mouse over says traffic matching this is being denied so i guess that needs to be changed now.

              CropperCapture[1].jpg
              CropperCapture[1].jpg_thumb

              1 Reply Last reply Reply Quote 0
              • C
                cmb
                last edited by

                @xbipin:

                when rules r out of the schedule period, the icon turns red and on mouse over says traffic matching this is being denied so i guess that needs to be changed now.

                Opened a ticket on that, thanks.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.