Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Floating Rules Direction confusion

    Scheduled Pinned Locked Moved Traffic Shaping
    3 Posts 2 Posters 8.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      netsysadmin
      last edited by

      Hello,

      On the "Floating Rules" page, when we edit a floating rule, we can choose the interface and the direction.
      Now, under the list of interfaces available to choose from, there is the description "Choose on which interface packets must come in to match this rule."

      1. Is this correct, ie, the floating rules only apply to incoming packets?
      2. If this is true, then what's the function of the "Direction" (in, out, any)?
      3. For the sake of understanding, what happens if I choose an interface, for example, the WAN interface (this means packets incoming on this interface according to the description above) and then specify the "Out" direction?

      Can someone please clarify?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        The description isn't quite right there. The text is shared with the other firewall tabs so some things are generalized.

        The direction option controls which direction the rule matches, as expected.

        For #3, the packet is matched when leaving WAN, just like it implies. Note that NAT has happened before the rules apply so you can't match on a private IP source that has gone through NAT, you have to match on the destination or the translated source.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • N
          netsysadmin
          last edited by

          Thanks for the clarification.

          Given that I don't do NAT on my pfSense, so the rule should match on a private source IP.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.