Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Only first f rule work why pls , i need a help pls

    Firewalling
    3
    6
    572
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hz201371 last edited by

      Dears

      Kindly I need a professional help
      I have one lan interface and one wan interface, I have created 2 rules for lan interface  ,both to block website when  layer7 content match

      The problem is that always the first rule work  the second rule don’t work  , and to prove that both rules are configured right I have  reordered rules ,  only one rule work which is the one in the top ,  how can I crate and apply and execute  many rules.
      I have tried the rules on the lan  and floating rules

      pls i need your help

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned last edited by

        1/ Layer-7 is completely broken CPU burn-in test in any 2.2.x version
        2/ You should have posted screenshots of what you have configured, instead of trying to describe what you have configured in very incomplete way. The first matching rule wins, so - do did it wrong.

        1 Reply Last reply Reply Quote 0
        • H
          hz201371 last edited by

          Dear
          Thank you very much for your reply I really appreciate your help

          Currently I am using version 2.1.5 
          What I did first  I have created  two  new  protocols 
          /usr/local/share/protocols
          First  dailymail.pat  which contains
          dailymail
          ^.+(dailymail.co.uk).*$

          Second new pat file
          cnn
          ^.+(www.cnn.com).*$

          Then I went to traffic shaper
          And I crate tow l7  one to block dailymail and the other to block cnn as following

          And last not least I have created to floating rules  with pass<lan<ipv4-ipv6<in<tcp-udp<layer7=dailymail<br>And the second rule pass <lan<ipv4-ipv6<in<tcp-udp<layer7=cnn<br>kindly note that websites i chosed are just for testing i need to block some other websites






          </lan<ipv4-ipv6<in<tcp-udp<layer7=cnn<br></lan<ipv4-ipv6<in<tcp-udp<layer7=dailymail<br>

          1 Reply Last reply Reply Quote 0
          • C
            Cmellons last edited by

            You are making things too complex. Check out pfBlockerNG.

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned last edited by

              Yeah, indeed… Never seen a usage of L7 like this.

              @OP: If you really insist on similar whacky ways, I guess you should add both rules to one container. However, this doesn't scale at all and has horrible overhead. See hint above regarding pfBNG.

              1 Reply Last reply Reply Quote 0
              • H
                hz201371 last edited by

                Dear cmellons and  doktornotor
                Both of you Thank you very much for your reply.

                What if I want to limit specific website instead blocking.  And I don’t want to use same container is there a solution.
                I need to limit the speed for some specific sites , as I have a limited monthly quota and some sites are consuming a lot,  that why I am trying to block or limit some sites

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense Plus
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy