Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2.2: Traffic faster than Limiter rule silently discarded

    Problems Installing or Upgrading pfSense Software
    3
    4
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Q
      qBaz
      last edited by

      Has anyone seen any problems with filter rules with In/Out limiters set, under 2.2?

      I have a rule with limiters that was working just fine under 2.1.5 until I upgraded to 2.2 last night, and now I'm seeing some really weird behavior: if traffic on the rule hits the bandwidth specified in the limiter, no more traffic in that connection passes that direction at all. Traffic the other way passes without issue, until it hits the limit, at which point it the firewall quenches that, too.

      the example:

      Host A, behind the firewall, talking with host B, outside the firewall.  A NAT rule and associated WAN filter rule for host A: one 2Mbps limiter applied to the In side, and a different 2Mbps limiter to the Out side.

      I make a TCP connection through the NAT/filter rule from B -> A, using netcat.  Connection works fine, bidirectionally. I can type at either side and see the data on the other side.

      I copy a big blob of text and paste it into the connection from B -> A. A sees only the first line of it … and nothing else from B. Sending text from A -> B, though, still works. B can see the traffic, but can't respond.  (I have not snooped to see if any ACKs are coming through from B->A, though)

      I can send traffic from A->B until I hit the 2Mbps limit, and then that direction stops working as well. (no TCP reset, btw -- traffic just vanishes.)

      I can restart the connection and have it work until I hit the bandwidth limit again, at which point it stops again.

      And I note that this exact configuration was working just fine until the upgrade, at which point this behavior began.  I'm not seeing anything in the logs to suggest a problem, but can certainly provide any that seem relevant...

      1 Reply Last reply Reply Quote 0
      • A
        Accounts
        last edited by

        Traffic Shaper: Limiter…I had both an In and Out set under this. I had them both set via a Firewall rule. I had no traffic going via that rule after the upgrade to 2.2. I removed the In limiter and just set the Out and it started passing traffic and limiting correct.

        1 Reply Last reply Reply Quote 0
        • L
          lowprofile
          last edited by

          I also had some serious issues, which caused the box to crash whenever traffic hit the limiter rule.
          Little more info here: https://forum.pfsense.org/index.php?topic=87457.0 - though not same issue as yours, but it starts from the limiter….

          1 Reply Last reply Reply Quote 0
          • Q
            qBaz
            last edited by

            @Accounts:

            Traffic Shaper: Limiter…I had both an In and Out set under this. I had them both set via a Firewall rule. I had no traffic going via that rule after the upgrade to 2.2. I removed the In limiter and just set the Out and it started passing traffic and limiting correct.

            Hmm.  The UI doesn't seem to allow an Out limiter without an In limiter set …

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.