Only first f rule work why pls , i need a help pls
Kindly I need a professional help
I have one lan interface and one wan interface, I have created 2 rules for lan interface ,both to block website when layer7 content match
The problem is that always the first rule work the second rule don’t work , and to prove that both rules are configured right I have reordered rules , only one rule work which is the one in the top , how can I crate and apply and execute many rules.
I have tried the rules on the lan and floating rules
pls i need your help
1/ Layer-7 is completely broken CPU burn-in test in any 2.2.x version
2/ You should have posted screenshots of what you have configured, instead of trying to describe what you have configured in very incomplete way. The first matching rule wins, so - do did it wrong.
Thank you very much for your reply I really appreciate your help
Currently I am using version 2.1.5
What I did first I have created two new protocols
First dailymail.pat which contains
Second new pat file
Then I went to traffic shaper
And I crate tow l7 one to block dailymail and the other to block cnn as following
And last not least I have created to floating rules with pass<lan<ipv4-ipv6<in<tcp-udp<layer7=dailymail<br>And the second rule pass <lan<ipv4-ipv6<in<tcp-udp<layer7=cnn<br>kindly note that websites i chosed are just for testing i need to block some other websites
You are making things too complex. Check out pfBlockerNG.
Yeah, indeed… Never seen a usage of L7 like this.
@OP: If you really insist on similar whacky ways, I guess you should add both rules to one container. However, this doesn't scale at all and has horrible overhead. See hint above regarding pfBNG.
Dear cmellons and doktornotor
Both of you Thank you very much for your reply.
What if I want to limit specific website instead blocking. And I don’t want to use same container is there a solution.
I need to limit the speed for some specific sites , as I have a limited monthly quota and some sites are consuming a lot, that why I am trying to block or limit some sites