Netgate SG-1000 microFirewall

Author Topic: different between floating rules and lan rules?  (Read 3188 times)

0 Members and 1 Guest are viewing this topic.

Offline periko

  • Hero Member
  • *****
  • Posts: 1192
  • Karma: +17/-1
  • pheriko
    • View Profile
    • Soporte de Pfsense y Linux
different between floating rules and lan rules?
« on: May 06, 2014, 08:03:01 pm »
 Once we setup TS on pfsense(2.1.3), the wizard create some floating rules.

 Now, we have the option in the firewall->rules->LAN, to create our rule and specify if we want to use Ackqueue/Queue.

 What difference we have if setup here or with floating rules?

 Last thing, in the firewall rules, we have:

Quote
Ackqueue/Queue

 What is the meaning of those fields?

Thanks.
Necesitan Soporte de Pfsense en Mexico?/Need Pfsense Support in Mexico?
https://www.facebook.com/BajaOpenSolutions
Estamos en Tijuana, pero no es obstaculo para brindarte nuestro servicio.
We are in Tijuana, but is not an obstacle to give you support.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21495
  • Karma: +1458/-26
    • View Profile
Re: different between floating rules and lan rules?
« Reply #1 on: May 13, 2014, 01:05:31 pm »
Floating rules have many more options which are hidden from the rules on the individual interface tabs.

One of these is the shaper wizard's default of "match" rules, which do not pass or block traffic, but only classify it for the purposes of traffic shaping. The floating rules can also match traffic in the outbound direction, which is necessary for proper/expected shaping. Interface tab rules only match inbound traffic.

Ackqueue/Queue are there to pick the shaper queues. Queue is for the arriving packets, Ackqueue is for reply/ACK packets
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline DZMM

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Re: different between floating rules and lan rules?
« Reply #2 on: December 15, 2017, 05:27:13 am »
Floating rules have many more options which are hidden from the rules on the individual interface tabs.

One of these is the shaper wizard's default of "match" rules, which do not pass or block traffic, but only classify it for the purposes of traffic shaping. The floating rules can also match traffic in the outbound direction, which is necessary for proper/expected shaping. Interface tab rules only match inbound traffic.

Ackqueue/Queue are there to pick the shaper queues. Queue is for the arriving packets, Ackqueue is for reply/ACK packets

Thank you for a very clear answer that helped me solve some traffic shaping issues
CPU: Intel Xeon E5-2683 V3 | MB: ASUS X-99-A II | Memory: Crucial 8x 8GB DDR4-2133
PSU: Corsair AX760 | Case: Define R5 Blackout Window
unRAID 6.3.2 VMs: pfSense, 3x Windows 10 Pro | Network: AOC-SGP-I2, 2x UniFi AP AC Pro