Project

General

Profile

Correction #9686

Feedback on Firewall — Floating Rules

Added by David Gyimesi about 1 year ago. Updated 4 days ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
Firewall Rules
Target version:
-
Start date:
08/19/2019
Due date:
% Done:

0%

Estimated time:

Description

Page: https://docs.netgate.com/pfsense/en/latest/book/firewall/floating-rules.html

Feedback:

Nice page however MATCH rule processing order is not described.

Without Quick checked, the rule will only take effect if no other rules match the traffic.

This implies that without QUICK flag a rule is evaulated after Floating, Interface group, Interface rules, basically at the end of the whole ruleset.
1. Floating rules (Quick)
2. Interface group rules
3. Interface rules
4. Floating rules (NON Quick)

It is clear so far however

Match rules do not work with Quick enabled.

Which means a MATCH rule is never quick, and according the statement above says "Without Quick checked, the rule will only take effect if no other rules match the traffic", therefore processed at the end of the whole ruleset.
I don't think this is the reality otherwise there would be cases when MATCH rule would never be evaluated. Could you please explain in the document the processing order of a (non quick) MATCH rule?
Thank you!

History

#1 Updated by David Gyimesi about 1 year ago

To simplify: Please call out that "Without Quick checked, the rule will only take effect if no other rules match the traffic" is not applicable for MATCH rules.

#2 Updated by Jim Pingle 4 days ago

  • Category set to Firewall Rules
  • Status changed from New to Duplicate
  • Assignee deleted (Jim Pingle)

Duplicate of #9685

Also available in: Atom PDF