Multiple floating rules, no "quick". Which rule is applied?
-
The more I read about floating rules the more they confuse me. This is what I know:
- Floating rules are applied before interface rules.
- can be used to apply to more than one interface.
- With quick enabled, the first match is applied.
What I'm not sure of:
- Why use floating instead of groups?
- When quick is disabled on a rule, does this rule match if nothing else matches or only if it's the last match?
- When quick is disabled, is this then looking for other matches across ALL the tabs or only in the floating tab?
- I read on here that floating rules can be used to match more than one rule to a packet. Is this what a disabled quick setting actually does?
- say for example I have 5 rules in the floating tab. Quick setting is disabled on all of them. All the rules match except the 3rd one. Which one gets applied?
Sorry for all the questions but I've seen so many posts on here that don't fully explain and just leave me with more questions than answers…
-
"Non-floating" rules are just specialized "floating" rules in which the interface is pre-set and "quick" is used for all of the rules (this is done by pfSense for quick and easy every day per-interface rule creation). When pfSense is applying the rules, the rules from the floating table will be put before the non-floating rules.