Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Before I disable the anti-lockout rule…..

    Scheduled Pinned Locked Moved Traffic Shaping
    8 Posts 3 Posters 3.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      esseebee
      last edited by

      Hello,

      First, I want to thank everybody for you fantastic help as I've been implementing our Multi-WAN setup with traffic shaping.  All is going well, but I noted something that was stated by Ermal here - https://forum.pfsense.org/index.php?topic=11986.msg65489#msg65489

      He said it is necessary to remove the anti-lockout rule in order for traffic shaping rules to be applied correctly.  I think I understand this, but I also acknowledge that I might be one of the very people he had in mind when he created the anti-lockout rule.  Are there any steps that I should take to prevent myself from getting locked out somehow, prior to removing this rule?

      Cheers

      1 Reply Last reply Reply Quote 0
      • N
        Nullity
        last edited by

        Create a Pass Rule to pfsense, preferrably from specified "administrative" IPs.

        Please correct any obvious misinformation in my posts.
        -Not a professional; an arrogant ignoramous.

        1 Reply Last reply Reply Quote 0
        • E
          esseebee
          last edited by

          I attached a screenshot of what I think you might be telling me.  The source is .100 is an administrator computer, where .1 is the mgmt IP of pfsense.  Does something like this appear correct? Would I put it at the very top of the LAN FW rule list?

          ![Screen Shot 2015-05-29 at 2.24.59 pm.png](/public/imported_attachments/1/Screen Shot 2015-05-29 at 2.24.59 pm.png)
          ![Screen Shot 2015-05-29 at 2.24.59 pm.png_thumb](/public/imported_attachments/1/Screen Shot 2015-05-29 at 2.24.59 pm.png_thumb)

          1 Reply Last reply Reply Quote 0
          • N
            Nullity
            last edited by

            Destination: "LAN Address" instead of actual IP?

            Please correct any obvious misinformation in my posts.
            -Not a professional; an arrogant ignoramous.

            1 Reply Last reply Reply Quote 0
            • E
              esseebee
              last edited by

              Okay.  I actually already have a similar rule in place at the top of the list.  The alias is for all internal IPs.  Would this suffice?

              ![Screen Shot 2015-05-29 at 2.51.49 pm.png](/public/imported_attachments/1/Screen Shot 2015-05-29 at 2.51.49 pm.png)
              ![Screen Shot 2015-05-29 at 2.51.49 pm.png_thumb](/public/imported_attachments/1/Screen Shot 2015-05-29 at 2.51.49 pm.png_thumb)

              1 Reply Last reply Reply Quote 0
              • N
                Nullity
                last edited by

                Lol, I just gritted my teeth and hoped… it worked the 2nd or 3rd time. :)

                I think your setup is proper.

                Please correct any obvious misinformation in my posts.
                -Not a professional; an arrogant ignoramous.

                1 Reply Last reply Reply Quote 0
                • E
                  esseebee
                  last edited by

                  Perfect :)  Thanks for your help.  After disabling the rule, I can still get into Pfsense, which is good news.

                  1 Reply Last reply Reply Quote 0
                  • H
                    Harvy66
                    last edited by

                    All of my LAN shaping works fine. While the first interface rule gets processed first, floating rules get processed before even those.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.