Only first f rule work why pls , i need a help pls
-
Dears
Kindly I need a professional help
I have one lan interface and one wan interface, I have created 2 rules for lan interface ,both to block website when layer7 content matchThe problem is that always the first rule work the second rule don’t work , and to prove that both rules are configured right I have reordered rules , only one rule work which is the one in the top , how can I crate and apply and execute many rules.
I have tried the rules on the lan and floating rulespls i need your help
-
1/ Layer-7 is completely broken CPU burn-in test in any 2.2.x version
2/ You should have posted screenshots of what you have configured, instead of trying to describe what you have configured in very incomplete way. The first matching rule wins, so - do did it wrong. -
Dear
Thank you very much for your reply I really appreciate your helpCurrently I am using version 2.1.5
What I did first I have created two new protocols
/usr/local/share/protocols
First dailymail.pat which contains
dailymail
^.+(dailymail.co.uk).*$Second new pat file
cnn
^.+(www.cnn.com).*$Then I went to traffic shaper
And I crate tow l7 one to block dailymail and the other to block cnn as followingAnd last not least I have created to floating rules with pass<lan<ipv4-ipv6<in<tcp-udp<layer7=dailymail<br>And the second rule pass <lan<ipv4-ipv6<in<tcp-udp<layer7=cnn<br>kindly note that websites i chosed are just for testing i need to block some other websites
</lan<ipv4-ipv6<in<tcp-udp<layer7=cnn<br></lan<ipv4-ipv6<in<tcp-udp<layer7=dailymail<br> -
You are making things too complex. Check out pfBlockerNG.
-
Yeah, indeed… Never seen a usage of L7 like this.
@OP: If you really insist on similar whacky ways, I guess you should add both rules to one container. However, this doesn't scale at all and has horrible overhead. See hint above regarding pfBNG.
-
Dear cmellons and doktornotor
Both of you Thank you very much for your reply.What if I want to limit specific website instead blocking. And I don’t want to use same container is there a solution.
I need to limit the speed for some specific sites , as I have a limited monthly quota and some sites are consuming a lot, that why I am trying to block or limit some sites