MissUnderstanding Floating rules

Harvy66

I have these floating rules that are having strange interactions with my port forwarding

Floating Order: Before
RuleName: LowUDP
Interfaces: WAN/LAN
Proto: UDP
Direction: Any
Ports/IPs: Any/Any
Queue: qLowUDP

Floating Order: After
RuleName: BitTorrent
Interfaces: WAN/LAN
Proto: TCP/UDP
Direction: Any
IPs: Any
Ports: Any/52100
Queue: qACK/qP2P

WAN Firewall rule
RuleName: BitTorrent
Interfaces: WAN
Proto: TCP/UDP
IPs: Any/192.168.1.2
Ports: Any/52100
Queue: qACK/qP2P
This one is port forwarded from the NAT.

–-------------------------------------------------

Here's some PFTop queue information that seems a bit off

WAN:
qP2P          2976K hfsc    404K  412M      0      0    0 <-- notice lots of P2P traffic
qLowUDP        5952K hfsc    20177  12M      0      0    0 <-- notice almost no LowUDP traffic

LAN:
qP2P          2976K hfsc    258K  75M      0      0    0 <-- Notice some P2P
qLowUDP      5952K hfsc    69308  41M      0      0    0  <-- Notice nearly the same amount of LowUDP

What I am not understanding is when I look at wireshark, all of the UDP traffic is coming at me on port 52100. To me this means that some of my 52100 traffic is being sent to qP2P and some is being sent to qLowUDP.

The only reason I can think of this happening is some of the connection are initiated by me(LAN) and some are initiated by someone else(WAN). What I was expecting is LowUDP to have 0 traffic.

I have a similar setup with HTTP traffic, and it seems to work as expected. The main difference is I don't get connections coming in, it's always going out.

P.S. I did simplify this a hair bit as I have two P2P applications using two different ports setup the same way and having the same issue.

Harvy66

I wonder if I should have asked this in the firewall forum. Bump?