New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Order rules in traffic shaping not honored #6203
Comments
Current implementation has been designed in PR 28. The order of the rules shown in the UI reflects the user expectation: first match wins (like normal rules). I agree that current info tip inside the UI could be misleading, so I propose to remove it, just like in the old Server Manager. You are suggesting to not reverse the rule order before writing the template, but this will highly change the firewall behavior. Scenario:
This is how it's now implemented: And iptables output is:
So the windows machine will correctly get low bandwidth. I see no bug here, except the label on the UI which can be improved or removed. |
Remove reverse order for QoS Rules NethServer/dev#6203
Test Case
|
Before update
After update:
I still do not agree on such change but the new behavior is applied correctly. |
When you create multiple rules in traffic shaping they are inserted in the tcpost chain (mangle) in reverse order.
It doesn't affect rules if they are non overlapping, but if they overlap (e.g. same source, destination, protocol) the first rule is the one that will be applied instead of the last one as it should be (same behaviour of policy routing).
Steps to reproduce
Create 2 or more rules in traffic shaping section
Expected behavior
In the tcpost chain we can see same rules in same order
Actual behavior
Rules are written in the tcpost chain inverted respect to what is in the cockpit gui
Components
NethServer release 7.8.2003 (final)
nethserver-firewall-base-3.9.3-1.ns7.noarch
nethserver-firewall-base-ui-3.9.3-1.ns7.noarch
The text was updated successfully, but these errors were encountered: