I`m sorry for HTML mail.
A./Also there is strange, that in traffic shaper isn`t any RULE which is
generrally valid for all non specified users.
There are only rules which manage various services,protocols and ports.
B./If I have configure Pfsense in dual WAN mode, and use PRTG paessler
traffic grapher, grapher shows me only traffic goes thorught WAN1 and no
traffic on LAN. Another grapher, very very nice and usefull - STG from
Leonid Mikhalov shows me all traffic on LAN, that's correct.
?????
# System Aliases
lan = "{ fxp0 }"
wan = "{ rl0 }"
pptp = "{ ng1 ng2 ng3 ng4 ng5 ng6 ng7 ng8 ng9 ng10 ng11 ng12 ng13 ng14 }"
pppoe = "{ ng1 ng2 ng3 ng4 ng5 ng6 ng7 ng8 ng9 ng10 ng11 ng12 ng13 ng14 }"
WAN2 = "{ rl1 }"
# User Aliases
set loginterface rl0
set loginterface fxp0
set loginterface rl1
set optimization normal
scrub on rl0 all
scrub on rl1 all
altq on rl0 bandwidth 100Mb queue { qWANRoot }
altq on fxp0 bandwidth 100Mb queue { qLANRoot }
queue qWANRoot bandwidth 600Kb priority 6 { qWANdef, qWANacks, qP2PUp,
qGamesUp, qOthersUpH, qOthersUpL }
queue qWANdef bandwidth 1% priority 3 ( default upperlimit(100% 100 90%)
linkshare(0% 1000 10%) realtime(10% 1 10%) )
queue qLANRoot bandwidth 2400Kb priority 6 { qLANdef, qLANacks, qP2PDown,
qGamesDown, qOthersDownH, qOthersDownL }
queue qLANdef bandwidth 1% priority 3 ( default upperlimit(100% 100 90%)
linkshare(0% 1000 10%) realtime(10% 1 10%) )
queue qLANacks bandwidth 1% priority 6 ( upperlimit(80% 1 80%)
linkshare(0% 1000 10%) realtime(10% 1 10%) )
queue qWANacks bandwidth 1% priority 6 ( upperlimit(80% 1 80%)
linkshare(0% 1000 10%) realtime(10% 1 10%) )
queue qP2PUp bandwidth 1% priority 0 ( red ecn upperlimit(100% 100 90%)
linkshare(0% 1000 10%) realtime(1Kb 10 1Kb) )
queue qP2PDown bandwidth 1% priority 0 ( red ecn upperlimit(100% 100 90%)
linkshare(0% 1000 10%) realtime(1Kb 1 1Kb) )
queue qGamesUp bandwidth 1% priority 5 ( red ecn upperlimit(100% 100 90%)
linkshare(0% 1000 10%) realtime(1Kb 1 1Kb) )
queue qGamesDown bandwidth 1% priority 5 ( red ecn upperlimit(100% 100
90%) linkshare(0% 1000 10%) realtime(1Kb 1 1Kb) )
queue qOthersUpH bandwidth 1% priority 4 ( red ecn upperlimit(100% 100
90%) linkshare(0% 1000 10%) realtime(1Kb 1 1Kb) )
queue qOthersDownH bandwidth 1% priority 4 ( red ecn upperlimit(100% 100
90%) linkshare(0% 1000 10%) realtime(1Kb 1 1Kb) )
queue qOthersUpL bandwidth 1% priority 2 ( red ecn upperlimit(100% 100
90%) linkshare(0% 1000 10%) realtime(1Kb 1 1Kb) )
queue qOthersDownL bandwidth 1% priority 2 ( red ecn upperlimit(100% 100
90%) linkshare(0% 1000 10%) realtime(1Kb 1 1Kb) )
nat-anchor "pftpx/*"
nat-anchor "natearly/*"
nat-anchor "natrules/*"
nat on rl0 from 192.168.201.0/24 to any -> (rl0)
nat on rl1 from 192.168.201.0/24 to any -> (rl1)
nat on rl0 from 192.168.192.0/24 to any -> (rl0)
nat on rl1 from 192.168.192.0/24 to any -> (rl1)
nat on rl0 from 192.168.189.0/24 to any -> (rl0)
nat on rl1 from 192.168.189.0/24 to any -> (rl1)
nat on rl0 from 192.168.190.0/24 to any -> (rl0)
nat on rl1 from 192.168.190.0/24 to any -> (rl1)
#SSH Lockout Table
table <sshlockout> persist
# spam table
table <spamd> persist
# Load balancing anchor - slbd updates
rdr-anchor "slb"
# FTP proxy
rdr-anchor "pftpx/*"
rdr on rl1 proto tcp from any to any port 21 -> 127.0.0.1 port 8022
pass in on fxp0 proto tcp from 192.168.192.0/24 to any port 7668 keep
state tag qP2PDown
pass out on rl0 proto tcp from any to any port 7668 keep state tag qP2PUp
pass in on rl0 proto tcp from any to 192.168.192.0/24 port 7668 keep state
tag qP2PUp
pass out on fxp0 proto tcp from any to 192.168.192.0/24 port 7668 keep
state tag qP2PDown
pass in on fxp0 proto tcp from 192.168.192.0/24 to any port 6881:6999 keep
state tag qP2PDown
pass out on rl0 proto tcp from any to any port 6881:6999 keep state tag
qP2PUp
pass in on rl0 proto tcp from any to 192.168.192.0/24 port 6881:6999 keep
state tag qP2PUp
pass out on fxp0 proto tcp from any to 192.168.192.0/24 port 6881:6999
keep state tag qP2PDown
pass in on fxp0 proto tcp from 192.168.192.0/24 to any port 7788 keep
state tag qP2PDown
pass out on rl0 proto tcp from any to any port 7788 keep state tag qP2PUp
pass in on rl0 proto tcp from any to 192.168.192.0/24 port 7788 keep state
tag qP2PUp
pass out on fxp0 proto tcp from any to 192.168.192.0/24 port 7788 keep
state tag qP2PDown
pass in on fxp0 proto tcp from 192.168.192.0/24 to any port 2340 keep
state tag qP2PDown
pass out on rl0 proto tcp from any to any port 2340 keep state tag qP2PUp
pass in on rl0 proto tcp from any to 192.168.192.0/24 port 2340 keep state
tag qP2PUp
pass out on fxp0 proto tcp from any to 192.168.192.0/24 port 2340 keep
state tag qP2PDown
pass in on fxp0 proto tcp from 192.168.192.0/24 to any port 6666:6668 keep
state tag qP2PDown
pass out on rl0 proto tcp from any to any port 6666:6668 keep state tag
qP2PUp
pass in on rl0 proto tcp from any to 192.168.192.0/24 port 6666:6668 keep
state tag qP2PUp
pass out on fxp0 proto tcp from any to 192.168.192.0/24 port 6666:6668
keep state tag qP2PDown
pass in on fxp0 proto tcp from 192.168.192.0/24 to any port 412 keep state
tag qP2PDown
pass out on rl0 proto tcp from any to any port 412 keep state tag qP2PUp
pass in on rl0 proto tcp from any to 192.168.192.0/24 port 412 keep state
tag qP2PUp
pass out on fxp0 proto tcp from any to 192.168.192.0/24 port 412 keep
state tag qP2PDown
pass in on fxp0 proto tcp from 192.168.192.0/24 to any port 1044:1045 keep
state tag qP2PDown
pass out on rl0 proto tcp from any to any port 1044:1045 keep state tag
qP2PUp
pass in on rl0 proto tcp from any to 192.168.192.0/24 port 1044:1045 keep
state tag qP2PUp
pass out on fxp0 proto tcp from any to 192.168.192.0/24 port 1044:1045
keep state tag qP2PDown
pass in on fxp0 proto tcp from 192.168.192.0/24 to any port 4661:4665 keep
state tag qP2PDown
pass out on rl0 proto tcp from any to any port 4661:4665 keep state tag
qP2PUp
pass in on rl0 proto tcp from any to 192.168.192.0/24 port 4661:4665 keep
state tag qP2PUp
pass out on fxp0 proto tcp from any to 192.168.192.0/24 port 4661:4665
keep state tag qP2PDown
pass in on fxp0 proto tcp from 192.168.192.0/24 to any port 6346 keep
state tag qP2PDown
pass out on rl0 proto tcp from any to any port 6346 keep state tag qP2PUp
pass in on rl0 proto tcp from any to 192.168.192.0/24 port 6346 keep state
tag qP2PUp
pass out on fxp0 proto tcp from any to 192.168.192.0/24 port 6346 keep
state tag qP2PDown
pass in on fxp0 proto udp from 192.168.192.0/24 to any port 6346 keep
state tag qP2PDown
pass out on rl0 proto udp from any to any port 6346 keep state tag qP2PUp
pass in on rl0 proto udp from any to 192.168.192.0/24 port 6346 keep state
tag qP2PUp
pass out on fxp0 proto udp from any to 192.168.192.0/24 port 6346 keep
state tag qP2PDown
pass in on fxp0 proto tcp from 192.168.192.0/24 to any port 8038:8039 keep
state tag qP2PDown
pass out on rl0 proto tcp from any to any port 8038:8039 keep state tag
qP2PUp
pass in on rl0 proto tcp from any to 192.168.192.0/24 port 8038:8039 keep
state tag qP2PUp
pass out on fxp0 proto tcp from any to 192.168.192.0/24 port 8038:8039
keep state tag qP2PDown
pass in on fxp0 proto tcp from 192.168.192.0/24 to any port 28864:28865
keep state tag qP2PDown
pass out on rl0 proto tcp from any to any port 28864:28865 keep state tag
qP2PUp
pass in on rl0 proto tcp from any to 192.168.192.0/24 port 28864:28865
keep state tag qP2PUp
pass out on fxp0 proto tcp from any to 192.168.192.0/24 port 28864:28865
keep state tag qP2PDown
pass in on fxp0 proto tcp from 192.168.192.0/24 to any port 5500:5503 keep
state tag qP2PDown
pass out on rl0 proto tcp from any to any port 5500:5503 keep state tag
qP2PUp
pass in on rl0 proto tcp from any to 192.168.192.0/24 port 5500:5503 keep
state tag qP2PUp
pass out on fxp0 proto tcp from any to 192.168.192.0/24 port 5500:5503
keep state tag qP2PDown
pass in on fxp0 proto tcp from 192.168.192.0/24 to any port 4329 keep
state tag qP2PDown
pass out on rl0 proto tcp from any to any port 4329 keep state tag qP2PUp
pass in on rl0 proto tcp from any to 192.168.192.0/24 port 4329 keep state
tag qP2PUp
pass out on fxp0 proto tcp from any to 192.168.192.0/24 port 4329 keep
state tag qP2PDown
pass in on fxp0 proto tcp from 192.168.192.0/24 to any port 6699:6701 keep
state tag qP2PDown
pass out on rl0 proto tcp from any to any port 6699:6701 keep state tag
qP2PUp
pass in on rl0 proto tcp from any to 192.168.192.0/24 port 6699:6701 keep
state tag qP2PUp
pass out on fxp0 proto tcp from any to 192.168.192.0/24 port 6699:6701
keep state tag qP2PDown
pass in on fxp0 proto tcp from 192.168.192.0/24 to any port 8888:8889 keep
state tag qP2PDown
pass out on rl0 proto tcp from any to any port 8888:8889 keep state tag
qP2PUp
pass in on rl0 proto tcp from any to 192.168.192.0/24 port 8888:8889 keep
state tag qP2PUp
pass out on fxp0 proto tcp from any to 192.168.192.0/24 port 8888:8889
keep state tag qP2PDown
pass in on fxp0 proto tcp from 192.168.192.0/24 to any port 8311 keep
state tag qP2PDown
pass out on rl0 proto tcp from any to any port 8311 keep state tag qP2PUp
pass in on rl0 proto tcp from any to 192.168.192.0/24 port 8311 keep state
tag qP2PUp
pass out on fxp0 proto tcp from any to 192.168.192.0/24 port 8311 keep
state tag qP2PDown
pass in on fxp0 proto tcp from 192.168.192.0/24 to any port 5190 keep
state tag qP2PDown
pass out on rl0 proto tcp from any to any port 5190 keep state tag qP2PUp
pass in on rl0 proto tcp from any to 192.168.192.0/24 port 5190 keep state
tag qP2PUp
pass out on fxp0 proto tcp from any to 192.168.192.0/24 port 5190 keep
state tag qP2PDown
pass in on fxp0 proto tcp from 192.168.192.0/24 to any port 6699 keep
state tag qP2PDown
pass out on rl0 proto tcp from any to any port 6699 keep state tag qP2PUp
pass in on rl0 proto tcp from any to 192.168.192.0/24 port 6699 keep state
tag qP2PUp
pass out on fxp0 proto tcp from any to 192.168.192.0/24 port 6699 keep
state tag qP2PDown
pass in on fxp0 proto udp from 192.168.192.0/24 to any port 27910:27919
keep state tag qGamesDown
pass out on rl0 proto udp from any to any port 27910:27919 keep state tag
qGamesUp
pass in on rl0 proto udp from any to 192.168.192.0/24 port 27910:27919
keep state tag qGamesUp
pass out on fxp0 proto udp from any to 192.168.192.0/24 port 27910:27919
keep state tag qGamesDown
pass in on fxp0 proto udp from 192.168.192.0/24 to any port 7777:7787 keep
state tag qGamesDown
pass out on rl0 proto udp from any to any port 7777:7787 keep state tag
qGamesUp
pass in on rl0 proto udp from any to 192.168.192.0/24 port 7777:7787 keep
state tag qGamesUp
pass out on fxp0 proto udp from any to 192.168.192.0/24 port 7777:7787
keep state tag qGamesDown
pass in on fxp0 proto tcp from 192.168.192.0/24 to any port 7777:7787 keep
state tag qGamesDown
pass out on rl0 proto tcp from any to any port 7777:7787 keep state tag
qGamesUp
pass in on rl0 proto tcp from any to 192.168.192.0/24 port 7777:7787 keep
state tag qGamesUp
pass out on fxp0 proto tcp from any to 192.168.192.0/24 port 7777:7787
keep state tag qGamesDown
pass in on fxp0 proto udp from 192.168.192.0/24 to any port 27650 keep
state tag qGamesDown
pass out on rl0 proto udp from any to any port 27650 keep state tag
qGamesUp
pass in on rl0 proto udp from any to 192.168.192.0/24 port 27650 keep
state tag qGamesUp
pass out on fxp0 proto udp from any to 192.168.192.0/24 port 27650 keep
state tag qGamesDown
pass in on fxp0 proto udp from 192.168.192.0/24 to any port 27666 keep
state tag qGamesDown
pass out on rl0 proto udp from any to any port 27666 keep state tag
qGamesUp
pass in on rl0 proto udp from any to 192.168.192.0/24 port 27666 keep
state tag qGamesUp
pass out on fxp0 proto udp from any to 192.168.192.0/24 port 27666 keep
state tag qGamesDown
pass in on fxp0 proto tcp from 192.168.192.0/24 to any port 27020:27050
keep state tag qGamesDown
pass out on rl0 proto tcp from any to any port 27020:27050 keep state tag
qGamesUp
pass in on rl0 proto tcp from any to 192.168.192.0/24 port 27020:27050
keep state tag qGamesUp
pass out on fxp0 proto tcp from any to 192.168.192.0/24 port 27020:27050
keep state tag qGamesDown
pass in on fxp0 proto udp from 192.168.192.0/24 to any port 1200 keep
state tag qGamesDown
pass out on rl0 proto udp from any to any port 1200 keep state tag
qGamesUp
pass in on rl0 proto udp from any to 192.168.192.0/24 port 1200 keep state
tag qGamesUp
pass out on fxp0 proto udp from any to 192.168.192.0/24 port 1200 keep
state tag qGamesDown
pass in on fxp0 proto udp from 192.168.192.0/24 to any port 27000:27015
keep state tag qGamesDown
pass out on rl0 proto udp from any to any port 27000:27015 keep state tag
qGamesUp
pass in on rl0 proto udp from any to 192.168.192.0/24 port 27000:27015
keep state tag qGamesUp
pass out on fxp0 proto udp from any to 192.168.192.0/24 port 27000:27015
keep state tag qGamesDown
pass in on fxp0 proto tcp from 192.168.192.0/24 to any port 27015 keep
state tag qGamesDown
pass out on rl0 proto tcp from any to any port 27015 keep state tag
qGamesUp
pass in on rl0 proto tcp from any to 192.168.192.0/24 port 27015 keep
state tag qGamesUp
pass out on fxp0 proto tcp from any to 192.168.192.0/24 port 27015 keep
state tag qGamesDown
pass in on fxp0 proto udp from 192.168.192.0/24 to any port 27650 keep
state tag qGamesDown
pass out on rl0 proto udp from any to any port 27650 keep state tag
qGamesUp
pass in on rl0 proto udp from any to 192.168.192.0/24 port 27650 keep
state tag qGamesUp
pass out on fxp0 proto udp from any to 192.168.192.0/24 port 27650 keep
state tag qGamesDown
pass in on fxp0 proto udp from 192.168.192.0/24 to any port 27666 keep
state tag qGamesDown
pass out on rl0 proto udp from any to any port 27666 keep state tag
qGamesUp
pass in on rl0 proto udp from any to 192.168.192.0/24 port 27666 keep
state tag qGamesUp
pass out on fxp0 proto udp from any to 192.168.192.0/24 port 27666 keep
state tag qGamesDown
pass in on fxp0 proto tcp from 192.168.192.0/24 to any port 6667:6670 keep
state tag qOthersDownH
pass out on rl0 proto tcp from any to any port 6667:6670 keep state tag
qOthersUpH
pass in on rl0 proto tcp from any to 192.168.192.0/24 port 6667:6670 keep
state tag qOthersUpH
pass out on fxp0 proto tcp from any to 192.168.192.0/24 port 6667:6670
keep state tag qOthersDownH
pass in on fxp0 proto tcp from 192.168.192.0/24 to any port 53 keep state
tag qOthersDownH
pass out on rl0 proto tcp from any to any port 53 keep state tag
qOthersUpH
pass in on rl0 proto tcp from any to 192.168.192.0/24 port 53 keep state
tag qOthersUpH
pass out on fxp0 proto tcp from any to 192.168.192.0/24 port 53 keep state
tag qOthersDownH
pass in on fxp0 proto udp from 192.168.192.0/24 to any port 53 keep state
tag qOthersDownH
pass out on rl0 proto udp from any to any port 53 keep state tag
qOthersUpH
pass in on rl0 proto udp from any to 192.168.192.0/24 port 53 keep state
tag qOthersUpH
pass out on fxp0 proto udp from any to 192.168.192.0/24 port 53 keep state
tag qOthersDownH
pass in on fxp0 proto tcp from 192.168.192.0/24 to any port 25 keep state
tag qOthersDownH
pass out on rl0 proto tcp from any to any port 25 keep state tag
qOthersUpH
pass in on rl0 proto tcp from any to 192.168.192.0/24 port 25 keep state
tag qOthersUpH
pass out on fxp0 proto tcp from any to 192.168.192.0/24 port 25 keep state
tag qOthersDownH
pass in on fxp0 proto tcp from 192.168.192.0/24 to any port 110 keep state
tag qOthersDownH
pass out on rl0 proto tcp from any to any port 110 keep state tag
qOthersUpH
pass in on rl0 proto tcp from any to 192.168.192.0/24 port 110 keep state
tag qOthersUpH
pass out on fxp0 proto tcp from any to 192.168.192.0/24 port 110 keep
state tag qOthersDownH
pass in on fxp0 proto icmp from 192.168.192.0/24 to any keep state tag
qOthersDownH
pass out on rl0 proto icmp from any to any keep state tag qOthersUpH
pass in on rl0 proto icmp from any to 192.168.192.0/24 keep state tag
qOthersUpH
pass out on fxp0 proto icmp from any to 192.168.192.0/24 keep state tag
qOthersDownH
pass in on fxp0 proto tcp from 192.168.192.0/24 to any port 161 keep state
tag qOthersDownH
pass out on rl0 proto tcp from any to any port 161 keep state tag
qOthersUpH
pass in on rl0 proto tcp from any to 192.168.192.0/24 port 161 keep state
tag qOthersUpH
pass out on fxp0 proto tcp from any to 192.168.192.0/24 port 161 keep
state tag qOthersDownH
pass in on fxp0 proto udp from 192.168.192.0/24 to any port 161 keep state
tag qOthersDownH
pass out on rl0 proto udp from any to any port 161 keep state tag
qOthersUpH
pass in on rl0 proto udp from any to 192.168.192.0/24 port 161 keep state
tag qOthersUpH
pass out on fxp0 proto udp from any to 192.168.192.0/24 port 161 keep
state tag qOthersDownH
pass in on fxp0 proto tcp from 192.168.192.0/24 to any port 5190 keep
state tag qOthersDownH
pass out on rl0 proto tcp from any to any port 5190 keep state tag
qOthersUpH
pass in on rl0 proto tcp from any to 192.168.192.0/24 port 5190 keep state
tag qOthersUpH
pass out on fxp0 proto tcp from any to 192.168.192.0/24 port 5190 keep
state tag qOthersDownH
pass in on fxp0 proto udp from 192.168.192.0/24 to any port 5190 keep
state tag qOthersDownH
pass out on rl0 proto udp from any to any port 5190 keep state tag
qOthersUpH
pass in on rl0 proto udp from any to 192.168.192.0/24 port 5190 keep state
tag qOthersUpH
pass out on fxp0 proto udp from any to 192.168.192.0/24 port 5190 keep
state tag qOthersDownH
anchor "firewallrules"
# loopback
anchor "loopback"
pass in quick on lo0 all label "pass loopback"
pass out quick on lo0 all label "pass loopback"
# package manager early specific hook
anchor "packageearly"
# carp
anchor "carp"
# enable ftp-proxy
anchor "ftpproxy"
anchor "pftpx/*"
pass in quick on rl0 inet proto tcp from port 20 to (rl0) port > 49000 user
proxy flags S/SA keep state label "FTP PROXY: PASV mode data connection"
# allow access to DHCP server on LAN
anchor "dhcpserverlan"
pass in quick on fxp0 proto udp from any port = 68 to 255.255.255.255 port =
67 label "allow access to DHCP server on LAN"
pass in quick on fxp0 proto udp from any port = 68 to 192.168.192.1 port =
67 label "allow access to DHCP server on LAN"
pass out quick on fxp0 proto udp from 192.168.192.1 port = 67 to any port =
68 label "allow access to DHCP server on LAN"
anchor "staticrouted"
pass in quick on fxp0 from 192.168.192.0/24 to 192.168.189.0/24 label "pass
traffic between statically routed subnets"
pass in quick on fxp0 from 192.168.189.0/24 to 192.168.192.0/24 label "pass
traffic between statically routed subnets"
pass out quick on fxp0 from 192.168.192.0/24 to 192.168.189.0/24 label "pass
traffic between statically routed subnets"
pass out quick on fxp0 from 192.168.189.0/24 to 192.168.192.0/24 label "pass
traffic between statically routed subnets"
anchor "staticrouted"
pass in quick on fxp0 from 192.168.192.0/24 to 192.168.190.0/24 label "pass
traffic between statically routed subnets"
pass in quick on fxp0 from 192.168.190.0/24 to 192.168.192.0/24 label "pass
traffic between statically routed subnets"
pass out quick on fxp0 from 192.168.192.0/24 to 192.168.190.0/24 label "pass
traffic between statically routed subnets"
pass out quick on fxp0 from 192.168.190.0/24 to 192.168.192.0/24 label "pass
traffic between statically routed subnets"
anchor "staticrouted"
pass in quick on fxp0 from 192.168.192.0/24 to 192.168.201.0/24 label "pass
traffic between statically routed subnets"
pass in quick on fxp0 from 192.168.201.0/24 to 192.168.192.0/24 label "pass
traffic between statically routed subnets"
pass out quick on fxp0 from 192.168.192.0/24 to 192.168.201.0/24 label "pass
traffic between statically routed subnets"
pass out quick on fxp0 from 192.168.201.0/24 to 192.168.192.0/24 label "pass
traffic between statically routed subnets"
block in log quick on rl0 from 192.168.14.0/24 to any label "interface spoof
check"
# allow our DHCP client out to the WAN
# XXX - should be more restrictive
# (not possible at the moment - need 'me' like in ipfw)
anchor "wandhcp"
pass out quick on rl0 proto udp from any port = 68 to any port = 67 label
"allow dhcp client out wan"
block in log quick on rl0 proto udp from any port = 67 to 192.168.192.0/24
port = 68 label "allow dhcp client out wan"
pass in quick on rl0 proto udp from any port = 67 to any port = 68 label
"allow dhcp client out wan"
# LAN/OPT spoof check (needs to be after DHCP because of broadcast
addresses)
antispoof for fxp0
antispoof for rl1
# Support for allow limiting of TCP connections by establishment rate
anchor "limitingesr"
table <virusprot>
# let out anything from the firewall host itself and decrypted IPsec traffic
# pass out quick on rl0 all keep state label "let out anything from firewall
host itself"
# pass traffic from firewall -> out
anchor "firewallout"
pass out quick on rl0 all keep state tagged qWANRoot queue qWANRoot label
"let out anything from firewall host itself"
pass out quick on rl0 all keep state tagged qWANdef queue qWANdef label "let
out anything from firewall host itself"
pass out quick on rl0 all keep state tagged qLANRoot queue qLANRoot label
"let out anything from firewall host itself"
pass out quick on rl0 all keep state tagged qLANdef queue qLANdef label "let
out anything from firewall host itself"
pass out quick on rl0 all keep state tagged qLANacks queue qLANacks label
"let out anything from firewall host itself"
pass out quick on rl0 all keep state tagged qWANacks queue qWANacks label
"let out anything from firewall host itself"
pass out quick on rl0 all keep state tagged qP2PUp queue qP2PUp label "let
out anything from firewall host itself"
pass out quick on rl0 all keep state tagged qP2PDown queue qP2PDown label
"let out anything from firewall host itself"
pass out quick on rl0 all keep state tagged qGamesUp queue qGamesUp label
"let out anything from firewall host itself"
pass out quick on rl0 all keep state tagged qGamesDown queue qGamesDown
label "let out anything from firewall host itself"
pass out quick on rl0 all keep state tagged qOthersUpH queue qOthersUpH
label "let out anything from firewall host itself"
pass out quick on rl0 all keep state tagged qOthersDownH queue qOthersDownH
label "let out anything from firewall host itself"
pass out quick on rl0 all keep state tagged qOthersUpL queue qOthersUpL
label "let out anything from firewall host itself"
pass out quick on rl0 all keep state tagged qOthersDownL queue qOthersDownL
label "let out anything from firewall host itself"
pass out quick on rl0 all keep state label "let out anything from firewall
host itself"
pass out quick on fxp0 all keep state tagged qWANRoot queue qWANRoot label
"let out anything from firewall host itself"
pass out quick on fxp0 all keep state tagged qWANdef queue qWANdef label
"let out anything from firewall host itself"
pass out quick on fxp0 all keep state tagged qLANRoot queue qLANRoot label
"let out anything from firewall host itself"
pass out quick on fxp0 all keep state tagged qLANdef queue qLANdef label
"let out anything from firewall host itself"
pass out quick on fxp0 all keep state tagged qLANacks queue qLANacks label
"let out anything from firewall host itself"
pass out quick on fxp0 all keep state tagged qWANacks queue qWANacks label
"let out anything from firewall host itself"
pass out quick on fxp0 all keep state tagged qP2PUp queue qP2PUp label "let
out anything from firewall host itself"
pass out quick on fxp0 all keep state tagged qP2PDown queue qP2PDown label
"let out anything from firewall host itself"
pass out quick on fxp0 all keep state tagged qGamesUp queue qGamesUp label
"let out anything from firewall host itself"
pass out quick on fxp0 all keep state tagged qGamesDown queue qGamesDown
label "let out anything from firewall host itself"
pass out quick on fxp0 all keep state tagged qOthersUpH queue qOthersUpH
label "let out anything from firewall host itself"
pass out quick on fxp0 all keep state tagged qOthersDownH queue qOthersDownH
label "let out anything from firewall host itself"
pass out quick on fxp0 all keep state tagged qOthersUpL queue qOthersUpL
label "let out anything from firewall host itself"
pass out quick on fxp0 all keep state tagged qOthersDownL queue qOthersDownL
label "let out anything from firewall host itself"
pass out quick on fxp0 all keep state label "let out anything from firewall
host itself"
pass out quick on rl1 all keep state tagged qWANRoot queue qWANRoot label
"let out anything from firewall host itself"
pass out quick on rl1 all keep state tagged qWANdef queue qWANdef label "let
out anything from firewall host itself"
pass out quick on rl1 all keep state tagged qLANRoot queue qLANRoot label
"let out anything from firewall host itself"
pass out quick on rl1 all keep state tagged qLANdef queue qLANdef label "let
out anything from firewall host itself"
pass out quick on rl1 all keep state tagged qLANacks queue qLANacks label
"let out anything from firewall host itself"
pass out quick on rl1 all keep state tagged qWANacks queue qWANacks label
"let out anything from firewall host itself"
pass out quick on rl1 all keep state tagged qP2PUp queue qP2PUp label "let
out anything from firewall host itself"
pass out quick on rl1 all keep state tagged qP2PDown queue qP2PDown label
"let out anything from firewall host itself"
pass out quick on rl1 all keep state tagged qGamesUp queue qGamesUp label
"let out anything from firewall host itself"
pass out quick on rl1 all keep state tagged qGamesDown queue qGamesDown
label "let out anything from firewall host itself"
pass out quick on rl1 all keep state tagged qOthersUpH queue qOthersUpH
label "let out anything from firewall host itself"
pass out quick on rl1 all keep state tagged qOthersDownH queue qOthersDownH
label "let out anything from firewall host itself"
pass out quick on rl1 all keep state tagged qOthersUpL queue qOthersUpL
label "let out anything from firewall host itself"
pass out quick on rl1 all keep state tagged qOthersDownL queue qOthersDownL
label "let out anything from firewall host itself"
pass out quick on rl1 all keep state label "let out anything from firewall
host itself"
# let out anything from the firewall host itself and decrypted IPsec traffic
pass out quick on rl1 all keep state label "let out anything from firewall
host itself"
# make sure the user cannot lock himself out of the webGUI or SSH
anchor "anti-lockout"
pass in quick from 192.168.192.0/24 to 192.168.192.1 keep state label
"anti-lockout web rule"
# SSH lockout
block in log proto tcp from <sshlockout> to any port 22 label "sshlockout"
# User-defined rules follow
# Anchors for rules that might be matched by queues
anchor qWANRoot tagged qWANRoot
anchor qWANdef tagged qWANdef
anchor qLANRoot tagged qLANRoot
anchor qLANdef tagged qLANdef
anchor qLANacks tagged qLANacks
anchor qWANacks tagged qWANacks
anchor qP2PUp tagged qP2PUp
anchor qP2PDown tagged qP2PDown
anchor qGamesUp tagged qGamesUp
anchor qGamesDown tagged qGamesDown
anchor qOthersUpH tagged qOthersUpH
anchor qOthersDownH tagged qOthersDownH
anchor qOthersUpL tagged qOthersUpL
anchor qOthersDownL tagged qOthersDownL
pass in quick on $wan from any to any keep state queue (qWANdef, qWANacks)
label "USER_RULE"
pass in quick on $WAN2 reply-to (rl1 192.168.14.1) from any to any keep
state label "USER_RULE"
pass in quick on $lan from { 192.168.192.223 } to any keep state queue
(qLANdef, qLANacks) label "USER_RULE: Robo>NX"
pass in quick on $lan route-to ( rl1 192.168.14.1 ) from { 192.168.201.67
} to any keep state queue (qLANdef, qLANacks) label "USER_RULE: Robo>NX"
pass in quick on $lan from { 192.168.201.101 } to any keep state queue
(qLANdef, qLANacks) label "USER_RULE: B-Mednansky-NX"
pass in quick on $lan from { 192.168.201.102 } to any keep state queue
(qLANdef, qLANacks) label "USER_RULE: B-Róbert Chudý-NX"
pass in quick on $lan from { 192.168.201.103 } to any keep state queue
(qLANdef, qLANacks) label "USER_RULE: B-Moráveková Mária-NX"
pass in quick on $lan route-to ( rl1 192.168.14.1 ) from { 192.168.201.104
} to any keep state queue (qLANdef, qLANacks) label "USER_RULE: Grolmus
Dusan-ST"
pass in quick on $lan route-to ( rl1 192.168.14.1 ) from { 192.168.201.105
} to any keep state queue (qLANdef, qLANacks) label "USER_RULE: Orsula
Jozef-ST"
pass in quick on $lan route-to ( rl1 192.168.14.1 ) from { 192.168.201.106
} to any keep state queue (qLANdef, qLANacks) label "USER_RULE: Simon
Peter-ST"
pass in quick on $lan from { 192.168.201.107 } to any keep state queue
(qLANdef, qLANacks) label "USER_RULE: B-Kovac Rastislav-NX "
pass in quick on $lan from { 192.168.201.108 } to any keep state queue
(qLANdef, qLANacks) label "USER_RULE: B-Baranek Ladislav-NX"
pass in quick on $lan route-to ( rl1 192.168.14.1 ) from { 192.168.201.109
} to any keep state queue (qLANdef, qLANacks) label "USER_RULE: Mjartanová
Monika-ST"
pass in quick on $lan route-to ( rl1 192.168.14.1 ) from { 192.168.201.110
} to any keep state queue (qLANdef, qLANacks) label "USER_RULE: Fertál
Pavol-ST"
pass in quick on $lan route-to ( rl1 192.168.14.1 ) from { 192.168.201.111
} to any keep state queue (qLANdef, qLANacks) label "USER_RULE: Richter
Jaroslav-ST"
pass in quick on $lan from { 192.168.201.112 } to any keep state queue
(qLANdef, qLANacks) label "USER_RULE: B-Gatial Jozef-ST"
pass in quick on $lan route-to ( rl1 192.168.14.1 ) from { 192.168.201.113
} to any keep state queue (qLANdef, qLANacks) label "USER_RULE: Ivan
Martin-ST"
pass in quick on $lan from { 192.168.201.114 } to any keep state queue
(qLANdef, qLANacks) label "USER_RULE: B-Svitok Jan-NX"
pass in quick on $lan route-to ( rl1 192.168.14.1 ) from { 192.168.201.115
} to any keep state queue (qLANdef, qLANacks) label "USER_RULE: A-Flóris
Pavel-ST"
pass in quick on $lan from { 192.168.201.116 } to any keep state queue
(qLANdef, qLANacks) label "USER_RULE: B-Spetko Jaroslav-NX"
pass in quick on $lan route-to ( rl1 192.168.14.1 ) from { 192.168.201.117
} to any keep state queue (qLANdef, qLANacks) label "USER_RULE: Cmarko
Peter-ST"
pass in quick on $lan route-to ( rl1 192.168.14.1 ) from { 192.168.201.118
} to any keep state queue (qLANdef, qLANacks) label "USER_RULE: A-Sluka
Eugen-ST"
pass in quick on $lan from { 192.168.201.119 } to any keep state queue
(qLANdef, qLANacks) label "USER_RULE: B-Sormanová Anna-NX"
pass in quick on $lan from { 192.168.201.120 } to any keep state queue
(qLANdef, qLANacks) label "USER_RULE: B-Sykora Ivan-NX"
pass in quick on $lan route-to ( rl1 192.168.14.1 ) from { 192.168.201.121
} to any keep state queue (qLANdef, qLANacks) label "USER_RULE: A-Krausko
Jozef-ST"
pass in quick on $lan from { 192.168.201.122 } to any keep state queue
(qLANdef, qLANacks) label "USER_RULE: B-Reingraber Robert-NX"
pass in quick on $lan route-to ( rl1 192.168.14.1 ) from { 192.168.201.123
} to any keep state queue (qLANdef, qLANacks) label "USER_RULE: A-Juhász
Pavol-ST"
pass in quick on $lan route-to ( rl1 192.168.14.1 ) from { 192.168.201.124
} to any keep state queue (qLANdef, qLANacks) label "USER_RULE: A-Obona
Julián-ST"
pass in quick on $lan route-to ( rl1 192.168.14.1 ) from { 192.168.201.125
} to any keep state queue (qLANdef, qLANacks) label "USER_RULE: A-Orsula
Vladimír-ST"
pass in quick on $lan route-to ( rl1 192.168.14.1 ) from { 192.168.201.126
} to any keep state queue (qLANdef, qLANacks) label "USER_RULE:
A-Mjartanova Terezia-ST"
pass in quick on $lan route-to ( rl1 192.168.14.1 ) from { 192.168.201.127
} to any keep state queue (qLANdef, qLANacks) label "USER_RULE: A-Pernis
Ivan-ST"
pass in quick on $lan from { 192.168.201.128 } to any keep state queue
(qLANdef, qLANacks) label "USER_RULE: B-Certík Jozef-NX"
pass in quick on $lan route-to ( rl1 192.168.14.1 ) from { 192.168.201.129
} to any keep state queue (qLANdef, qLANacks) label "USER_RULE: A-Simkovic
Ján-ST"
pass in quick on $lan route-to ( rl1 192.168.14.1 ) from { 192.168.201.130
} to any keep state queue (qLANdef, qLANacks) label "USER_RULE: A-Orsula
Ján-ST"
pass in quick on $lan route-to ( rl1 192.168.14.1 ) from { 192.168.201.99
} to any keep state queue (qLANdef, qLANacks) label "USER_RULE: A-Orsula
Ján_DREAMBOX-ST"
pass in quick on $lan from { 192.168.201.131 } to any keep state queue
(qLANdef, qLANacks) label "USER_RULE: B-Herelova Iveta-NX"
pass in quick on $lan from { 192.168.189.132 } to any keep state queue
(qLANdef, qLANacks) label "USER_RULE: B-OCU Sebedko-NX"
pass in quick on $lan route-to ( rl1 192.168.14.1 ) from { 192.168.201.133
} to any keep state queue (qLANdef, qLANacks) label "USER_RULE: A-Milatová
Adriána-ST"
pass in quick on $lan from { 192.168.201.134 } to any keep state queue
(qLANdef, qLANacks) label "USER_RULE: B-PICO_Kozak Daniel-NX"
pass in quick on $lan from { 192.168.201.135 } to any keep state queue
(qLANdef, qLANacks) label "USER_RULE: B-Jurícková Drahusa-NX"
pass in quick on $lan from { 192.168.201.136 } to any keep state queue
(qLANdef, qLANacks) label "USER_RULE: B-Svitková Gabriela-NX"
pass in quick on $lan from { 192.168.201.137 } to any keep state queue
(qLANdef, qLANacks) label "USER_RULE: B-Ziatko Pavol-NX"
pass in quick on $lan route-to ( rl1 192.168.14.1 ) from { 192.168.201.138
} to any keep state queue (qLANdef, qLANacks) label "USER_RULE: A-Svitková
Lívia-ST"
pass in quick on $lan from { 192.168.201.139 } to any keep state queue
(qLANdef, qLANacks) label "USER_RULE: B-Pechová Lubica-NX"
pass in quick on $lan from { 192.168.201.140 } to any keep state queue
(qLANdef, qLANacks) label "USER_RULE: B-Soblahovsky Vratislav-NX"
pass in quick on $lan route-to ( rl1 192.168.14.1 ) from { 192.168.201.141
} to any keep state queue (qLANdef, qLANacks) label "USER_RULE: A-Slosár
Vladimír-ST"
pass in quick on $lan route-to ( rl1 192.168.14.1 ) from { 192.168.201.142
} to any keep state queue (qLANdef, qLANacks) label "USER_RULE:
A-Mjartanová Eva-ST"
pass in quick on $lan from { 192.168.201.143 } to any keep state queue
(qLANdef, qLANacks) label "USER_RULE: B-Brindza Ján-NX"
pass in quick on $lan from { 192.168.201.144 } to any keep state queue
(qLANdef, qLANacks) label "USER_RULE: B-Syrovátka Milan-NX"
pass in quick on $lan from { 192.168.201.145 } to any keep state queue
(qLANdef, qLANacks) label "USER_RULE: B-Mokrý Jozef-NX"
pass in quick on $lan from { 192.168.201.146 } to any keep state queue
(qLANdef, qLANacks) label "USER_RULE: B-Hedvigy Pavel-NX"
pass in quick on $lan route-to ( rl1 192.168.14.1 ) from { 192.168.201.147
} to any keep state queue (qLANdef, qLANacks) label "USER_RULE: A-Svitkova
Maria-ST"
pass in quick on $lan from { 192.168.201.148 } to any keep state queue
(qLANdef, qLANacks) label "USER_RULE: B-Certík Igor-NX"
pass in quick on $lan route-to ( rl1 192.168.14.1 ) from { 192.168.201.149
} to any keep state queue (qLANdef, qLANacks) label "USER_RULE: A-Klacko
Daniel-ST"
pass in quick on $lan route-to ( rl1 192.168.14.1 ) from { 192.168.201.215
} to any keep state queue (qLANdef, qLANacks) label "USER_RULE: B-toto
neplati ??OcÚ Sebedražie-NX"
pass in quick on $lan route-to ( rl1 192.168.14.1 ) from any to any keep
state queue (qLANdef, qLANacks) label "USER_RULE"
# VPN Rules
#---------------------------------------------------------------------------
# default rules (just to be sure)
#---------------------------------------------------------------------------
block in log quick all label "Default block all just to be sure."
block out log quick all label "Default block all just to be sure."
________________________________
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 07, 2005 6:26 PM
To: [email protected]
Subject: Re: [pfSense Support] TrafficShaper wizard on Pfsense 0.95.4 -
There were error(s) loading the rules...no scheduler specified!...queue
qWANRoot has no parent
We really need to see /tmp/rules.debug
Also, please don't send html mail to lists.
On 12/7/05, Robo.K. <[EMAIL PROTECTED] > wrote:
After running TrafficShaper wizard on Pfsense 0.95.4 and turn off
Traffic shaper and turn on traffic shaper i get this error message in system
log :
php: : There were error(s) loading the rules:
/tmp/rules.debug:16: no scheduler specified! /tmp/rules.debug:17: no
scheduler specified! /tmp/rules.debug:20: queue qWANRoot has no parent
/tmp/rules.debug:20: errors in queue definition /tmp/rules.debug:21: syntax
error /tmp/rules.debug:22: queue qLANRoot has no parent /tmp/rules.debug:22:
errors in queue definition /tmp/rules.debug:23: syntax error
/tmp/rules.debug:24: syntax error /tmp/rules.debug:25: syntax error
/tmp/rules.debug:26: syntax error /tm
----------
* www.inMail.sk - Vasa emailova adresa na cely zivot ZDARMA
* http://interval.cz - webdesign a e-komerce denne
* Zoner Photo Studio 7 - Spoznajte kuzlo digitalnej fotografie!
http://www.zoner.cz/photo-studio
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
