Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Only first f rule work why pls , i need a help pls

    Scheduled Pinned Locked Moved Firewalling
    6 Posts 3 Posters 761 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H Offline
      hz201371
      last edited by

      Dears

      Kindly I need a professional help
      I have one lan interface and one wan interface, I have created 2 rules for lan interface  ,both to block website when  layer7 content match

      The problem is that always the first rule work  the second rule don’t work  , and to prove that both rules are configured right I have  reordered rules ,  only one rule work which is the one in the top ,  how can I crate and apply and execute  many rules.
      I have tried the rules on the lan  and floating rules

      pls i need your help

      1 Reply Last reply Reply Quote 0
      • D Offline
        doktornotor Banned
        last edited by

        1/ Layer-7 is completely broken CPU burn-in test in any 2.2.x version
        2/ You should have posted screenshots of what you have configured, instead of trying to describe what you have configured in very incomplete way. The first matching rule wins, so - do did it wrong.

        1 Reply Last reply Reply Quote 0
        • H Offline
          hz201371
          last edited by

          Dear
          Thank you very much for your reply I really appreciate your help

          Currently I am using version 2.1.5 
          What I did first  I have created  two  new  protocols 
          /usr/local/share/protocols
          First  dailymail.pat  which contains
          dailymail
          ^.+(dailymail.co.uk).*$

          Second new pat file
          cnn
          ^.+(www.cnn.com).*$

          Then I went to traffic shaper
          And I crate tow l7  one to block dailymail and the other to block cnn as following

          And last not least I have created to floating rules  with pass<lan<ipv4-ipv6<in<tcp-udp<layer7=dailymail<br>And the second rule pass <lan<ipv4-ipv6<in<tcp-udp<layer7=cnn<br>kindly note that websites i chosed are just for testing i need to block some other websites

          1.jpg
          1.jpg_thumb
          2.jpg
          2.jpg_thumb
          3.jpg
          3.jpg_thumb</lan<ipv4-ipv6<in<tcp-udp<layer7=cnn<br></lan<ipv4-ipv6<in<tcp-udp<layer7=dailymail<br>

          1 Reply Last reply Reply Quote 0
          • C Offline
            Cmellons
            last edited by

            You are making things too complex. Check out pfBlockerNG.

            1 Reply Last reply Reply Quote 0
            • D Offline
              doktornotor Banned
              last edited by

              Yeah, indeed… Never seen a usage of L7 like this.

              @OP: If you really insist on similar whacky ways, I guess you should add both rules to one container. However, this doesn't scale at all and has horrible overhead. See hint above regarding pfBNG.

              1 Reply Last reply Reply Quote 0
              • H Offline
                hz201371
                last edited by

                Dear cmellons and  doktornotor
                Both of you Thank you very much for your reply.

                What if I want to limit specific website instead blocking.  And I don’t want to use same container is there a solution.
                I need to limit the speed for some specific sites , as I have a limited monthly quota and some sites are consuming a lot,  that why I am trying to block or limit some sites

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.