On Wed, Jan 8, 2014 at 12:46 AM, Jan <[email protected]> wrote: > Hi Ermal, > > On 01/08/2014 12:04 AM Ermal Luçi wrote: > > Well short answer. > > Try with only the second rule stating !from your alias. > > > > That should give you a working config. > > but how about multiple departments then? Each of them with a separate set > of limiters as well. I'm just trying to understand why the match action > doesn't seem to work with limiters like it does with any other optional > parameters like queues for example. > > Assigning limiters to all interface based rules would be a real pain > depending on the size of the rule set and the complexity of the > configuration. E.g. lets say you've got 14 interfaces on a box each one > supposed to have its own set of limiters. > > I'd expect multiple floating rules, each one defining a separate set of > limiters per department to work while pushing unmatched traffic into a > default set of limiters using a "catch-all" rule at the very end of the > chain. I mean, this is the intended use of the floating tab, right? > > So if there's anything wrong with my assumption someone be so kind and > kickstart my brain. It would be nice to have a clear explanation to this > but also for anyone else who might come up with the same question bumping > into this thread. > > You can express that easily. But the problem with match rules is that the quick option is useless, probably should be removed from the GUI or complain with an error when used. Match rules are for this purpose to avoid duplicating policies all over the place instead of one place. You will see this trend more in the GUI for next coming version(s) that will simplify the process of configuring some of this staff.
You just have to understand that you have to write such kind of rules with the last one matches approach. So the catch all is on the beginning and the specific rules are after. > Thanks a lot :) > > > > > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list > >
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
