Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Only first f rule work why pls , i need a help pls

    Firewalling
    3
    6
    584
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hz201371 last edited by

      Dears

      Kindly I need a professional help
      I have one lan interface and one wan interface, I have created 2 rules for lan interface  ,both to block website when  layer7 content match

      The problem is that always the first rule work  the second rule don’t work  , and to prove that both rules are configured right I have  reordered rules ,  only one rule work which is the one in the top ,  how can I crate and apply and execute  many rules.
      I have tried the rules on the lan  and floating rules

      pls i need your help

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned last edited by

        1/ Layer-7 is completely broken CPU burn-in test in any 2.2.x version
        2/ You should have posted screenshots of what you have configured, instead of trying to describe what you have configured in very incomplete way. The first matching rule wins, so - do did it wrong.

        1 Reply Last reply Reply Quote 0
        • H
          hz201371 last edited by

          Dear
          Thank you very much for your reply I really appreciate your help

          Currently I am using version 2.1.5 
          What I did first  I have created  two  new  protocols 
          /usr/local/share/protocols
          First  dailymail.pat  which contains
          dailymail
          ^.+(dailymail.co.uk).*$

          Second new pat file
          cnn
          ^.+(www.cnn.com).*$

          Then I went to traffic shaper
          And I crate tow l7  one to block dailymail and the other to block cnn as following

          And last not least I have created to floating rules  with pass<lan<ipv4-ipv6<in<tcp-udp<layer7=dailymail<br>And the second rule pass <lan<ipv4-ipv6<in<tcp-udp<layer7=cnn<br>kindly note that websites i chosed are just for testing i need to block some other websites






          </lan<ipv4-ipv6<in<tcp-udp<layer7=cnn<br></lan<ipv4-ipv6<in<tcp-udp<layer7=dailymail<br>

          1 Reply Last reply Reply Quote 0
          • C
            Cmellons last edited by

            You are making things too complex. Check out pfBlockerNG.

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned last edited by

              Yeah, indeed… Never seen a usage of L7 like this.

              @OP: If you really insist on similar whacky ways, I guess you should add both rules to one container. However, this doesn't scale at all and has horrible overhead. See hint above regarding pfBNG.

              1 Reply Last reply Reply Quote 0
              • H
                hz201371 last edited by

                Dear cmellons and  doktornotor
                Both of you Thank you very much for your reply.

                What if I want to limit specific website instead blocking.  And I don’t want to use same container is there a solution.
                I need to limit the speed for some specific sites , as I have a limited monthly quota and some sites are consuming a lot,  that why I am trying to block or limit some sites

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post