Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Floating Rules Action:MATCH

    Scheduled Pinned Locked Moved Firewalling
    7 Posts 3 Posters 4.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dbennett
      last edited by

      pfSense rocks and glad I'm using!

      I'm looking for clarification as to what good the Match action rule is under Floating Rules.

      Does it work just like a Pass/Block rule that when the pfSense finds a match it stops going through the rest of the rules or does it simply acknowledge that a match for that 'match rule' is true and continues to run through the rest of the rules.

      What is it there for?

      Looking forward to the replies!

      Thanks

      Dino

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        @dbennett:

        Does it work just like a Pass/Block rule that when the pfSense finds a match it stops going through the rest of the rules

        1/ None of the floating rules works like that unless you tick the "quick" checkbox… https://doc.pfsense.org/index.php/What_are_Floating_Rules
        2/ You use match rules for traffic shaping (queues, limiters)

        1 Reply Last reply Reply Quote 0
        • KOMK
          KOM
          last edited by

          Just to elaborate on dok's post, normal firewall rules are processed top-down with first-matching rule handling the traffic.  With floating rules, it's last-matching by default, where the last rule that applies handles the traffic.  As dok said, checking the Quick checkbox makes the floating rules behave as if they were normal rules, with first-match applying.

          1 Reply Last reply Reply Quote 0
          • D
            dbennett
            last edited by

            Want to start by say thanks for posting replies!

            So, if for example, I want to limit the number of connections per time frame for a specific port.  We are experiencing scripting that is establishing XXX number of connections up front before attempting to hack into a system.  Our anti hack software fail count is reached, their IP is added to the list to prevent FUTURE connections but does nothing to the current connections.  Would a simple rule apply using the advanced options or would a FLOATING Match rule with a limiter work best?

            Also, to clarify, do MATCH rules with the QUICK option checked allow for other rules to be used to evaluate the traffic?

            Thanks again for the input that is given

            Dino

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned
              last edited by

              "Quick" is not valid and cannot be used with Match.

              1 Reply Last reply Reply Quote 0
              • D
                dbennett
                last edited by

                Ok.  So with everything said, I understand it that if a Match rule is created, the evaluation of the rules will not stop whether the Match rule settings apply to the traffic or not.  If the Match rule settings apply to the traffic then whatever the rule was created for would apply but the evaluation continues.

                1 Reply Last reply Reply Quote 0
                • D
                  doktornotor Banned
                  last edited by

                  No idea. People generally do not log completely pointless stuff.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.