On 5 Dec 2017 12:25 pm, "Jim Pingle" <[email protected]> wrote:
On 12/5/2017 5:34 AM, Shamim Shahriar wrote: > Now, if I select multiple interfaces, since there is no reply-to on the > rule, I am unable to communicate with the pfsense box from outside. Which > makes me wonder, am I misunderstanding the purpose/functionality of > floating rules entirely? I know one good thing about them is to be able to > add "quick" so the rules are checked before other interface bound ones, but > is this also not a feature (i.e., put same rule for multiple interfaces in > one go)? What you are seeing is expected behavior. If you have multiple interfaces selected, it cannot possibly use reply-to because it can't specify reply-to on rules for multiple interfaces. Interface groups have the same limitation. If you need reply-to, the rules must only apply to a single interface. For that reason, multiple interface rules (groups or floating) are primarily useful only for internal interfaces. Jim P. Thanks Jim, that clears the confusion and misunderstanding on my part. But if that could be made to work, I think that will be a great feature. I'm not sure what you mean by it cannot specify reply-to for multiple interfaces -- I'm not too familiar with the rule generating script/process, but seeing that the rules are generated per interface per service per line, (maybe mistakenly) assumed that it is trivial to do so. Anyway, still a great system, and very happy with it. Great admiration and appreciation for all the hard work put into it. Best regards _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
