1
General Discussion / [SOLVED] Firewall Rules and setting DSCP on packets
« on: September 15, 2021, 02:18:37 am »
Ok, I have another question to stump everyone. I was playing around with firewall rules and trying to set DSCP values on packets. For just a simple test, I set all ICMP packets going OUT of my WAN (on the WAN interface rules) set to pass and priority set to "Voice (5)". Now, when I run "tcpdump -i vtnet1 -v icmp" (on the opnsense box, vtnet1 is my WAN interface), all of my TOS fields on the packets are "0x0" (I've also tried this with TCP/UDP). I also set the rule to log to the firewall logs. In the logs, I can indeed see that the traffic was matched. I know that the rules need new states for it to take effect, and rather than killing the states everytime, I merely would ping different IP addresses on the internet. I even tried this on LAN OUT thinking maybe NAT had something to do with it.
Also, a side effect, is that pings would eventually stop passing the wan, and when I tried TCP/UDP, all traffic stopped until I disabled the rule.
So, does the "set priority" option actually mark the packets after it leaves the firewall, or is it merely for internal use? And no, this has nothing to do with the traffic shaper, pure firewall rules only.
Also, a side effect, is that pings would eventually stop passing the wan, and when I tried TCP/UDP, all traffic stopped until I disabled the rule.
So, does the "set priority" option actually mark the packets after it leaves the firewall, or is it merely for internal use? And no, this has nothing to do with the traffic shaper, pure firewall rules only.