Penalty rules nor working?



  • hi all,

    I've just set up a pfsense box with default traffic shaping rules loaded (wizard),  I've also set up a few "rogue" hosts with the penalty rules (also using the wizard) , though the rules don't seem to be working, i am still able to download files at 500kb+ (supposed to be below 100kb up/ 100kb down per setup) with these rules.

    Any ideas?



  • I had the same problems, so I played a little bit with the rules. I noticed that if I put the penalty rule as default it works, else all the traffic is considereld qlandef. I have to read some more about the traffic shaping system of pfSense. Anyone that can help us further is welcomed  ::) ;) .



  • (This is from my knowledge of working with pfsense and traffic shaping rules and might not necessarily be accurate, so take it with a grain of salt.)

    Remember how general firewall/shaping rules work, from specific to less specific.

    So if the first shaper rules (the ones at the top) are PORT or SERVICE specific, net traffic will be caught in those first and never pass through the other rules.

    Be careful how you setup your shaping rules, as you will impose limitations if not thought out correctly.
    ie:
    If you choose to Shape just a Node (Host) or Network (and put the rule at the top), no other shaping rules will be matched for that connection with other rules your try to specify - It will be caught in the first rule it matches.

    With all that being said, try putting the Penalty IP shaping rule(s) above everything else, reset your states and test.


Log in to reply