Bug #1575
closedLimiters are bypassed by local applications injecting rules
100%
Description
Taking a look at http://forum.pfsense.org/index.php/topic,37399.0.html
it would be good to teach the match action about limiters as well to avoid such kind of issues.
Updated by Nikolay Stoyanov almost 13 years ago
I have same problem in latest 2.0.1-RELEASE.
http://forum.pfsense.org/index.php/topic,46469.0.html
Updated by Bipin Chandra over 12 years ago
will this be fixed or is it fixed in 2.1?
Updated by Ermal Luçi about 12 years ago
Normally this can be overcommed with match rules on floating tab.
It is present there on 2.1 and i am pushing the fix to allow the rule for limiters as well.
Just create a Match rule under floating rules with limiters you want and it would be applied to these rules.
Updated by Ermal Luçi about 12 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 84464c9ab0b94b9602c6ec62502dc4ad3e7a8c0a.
Updated by Bipin Chandra almost 12 years ago
does seem to work still, upnp devices bypass limiter
Updated by Ermal Luçi almost 12 years ago
Can you provide any analysis of how you do your checking?
Also provide a
ipfw pipe show ipfw queue show pfctl -vvsr pfctl -vvsn pfctl -a miniupnpd -vvsn pfctl -a miniupnpd -vvsr
Updated by Bipin Chandra almost 12 years ago
this was discussed here
http://forum.pfsense.org/index.php/topic,56092.0.html
the easy way to test this is, enable upnp, create limiters, create match rules under floating tab with limiters applied then u first do a speed test and it will be limited fine, now that same speed limit should apply but start a torrent download using utorrent or any such software and make it open a random port using upnp and then notice the download and upload speed exceed the limiter value and this way u know it never works once any application tries to open a port using upnp, the limiter almost becomes dead, it does work fine for other ports not opened by upnp
Updated by Ermal Luçi almost 12 years ago
In that forum post i do not see any limiters configured on the ruleset posted.
So please provide the information if you want this to be pursued.
Updated by Bipin Chandra almost 12 years ago
plz remove post after u have read it
Updated by Ermal Luçi almost 12 years ago
Can you try by removing the quick option on the match rules, if you have selected it?
Updated by Bipin Chandra almost 12 years ago
yes its ticked, trying without that now but if we untick then i guess in the past there was a problem of traffic for those clients not going to proper queues and i guess u only mentioned in the forum a very long time back that it needs to be ticked but for now i didnt assign any queues to those rules so no issues
Updated by Bipin Chandra almost 12 years ago
tried it still same, clients upload speed exceeds limiter values
Updated by Chris Buechler about 10 years ago
- Category set to Traffic Shaper (Limiters)
- Affected Version changed from 2.0 to All
Updated by Anonymous almost 6 years ago
Is this issue still present in the latest development build?
Updated by Jim Pingle over 5 years ago
- Status changed from Feedback to Resolved