pfSense 2.0-BETA5: Unable to limit IPs in Penalty Box
-
Currently running 2.0-BETA5 (i386) built on Thu Feb 10 20:50:06 EST 2011. The system has one wan and one lan interface.
I am trying to put a single IP into the penalty box using the traffic shaping wizards (your choice of Single-LAN/multi-WAN or multi LAN/WAN). In short, this does not work.
Looking at the pf config, you can see that queues have been set up:
grep queue /tmp/rules.debug altq on em0 hfsc bandwidth 650Kb queue { qACK, qDefault } queue qACK on em0 bandwidth 14% hfsc ( ecn , linkshare 14% ) queue qDefault on em0 bandwidth 7% hfsc ( ecn , default ) pass out from any to any queue (qOthersLow) label "USER_RULE: Penalty Box"
But the Penalty Box queue qOthersLow is not defined in the altq statement and the particular IP I am trying to penalize does not appear in the pf config at all.
This is a long-running problem (eg. http://forum.pfsense.org/index.php/topic,22344 ) which is probably due to be fixed.
Thanks.
-
It may help to have the shaper section of your config.xml as well as the entire contents of /tmp/rules.debug
-
I've attached the shaper section of config.xml and the entire rules.debug file.
The address I am attempting to block (192.168.56.22) - and other details of the Penalty Box configuration do appear in the ezshaper section of the xml, but does not make it through to rules.debug.
-
I am having the same problem. Were you able to solve this issue?
Is traffic shaping (penalize ip) totally disfunctional in pfSense?
Gurus some input please.
My post related to this:
http://forum.pfsense.org/index.php/topic,36002.msg185862.html#msg185862Regards,
-
Can you please show even the ezshaper section from your config?
-
My other post (referenced above) includes all the snapshots but here is the configs:
<ezshaper><step2><download>2000</download> <upload>700</upload> <inside_int>opt1</inside_int> <outside_int>wan</outside_int></step2> <step3><provider>Asterisk</provider> <address> <bandwidth>384</bandwidth> <step4><address>192.168.2.5</address> <bandwidthup>300</bandwidthup> <bandwidthdown>1500</bandwidthdown> <enable>on</enable></step4> <step5><bandwidthup>10</bandwidthup> <bandwidthdown>10</bandwidthdown> <enable>on</enable> <p2pcatchall>on</p2pcatchall></step5> <step7><msrdp>D</msrdp> <vnc>D</vnc> <appleremotedesktop>D</appleremotedesktop> <pcanywhere>D</pcanywhere> <irc>D</irc> <jabber>D</jabber> <icq>D</icq> <aolinstantmessenger>D</aolinstantmessenger> <msnmessenger>D</msnmessenger> <teamspeak>D</teamspeak> <pptp>D</pptp> <ipsec>D</ipsec> <streamingmp3>D</streamingmp3> <rtsp>D</rtsp> <http>D</http> <smtp>D</smtp> <pop3>D</pop3> <imap>D</imap></step7> I thought penalize would be a no-brainer as this is not even QoS. Thanks,</address></step3></ezshaper>
-
Anything on this?
Regards,