Gargoyle Forum

No worries.
What it does is for every static lease it creates a pair of rules.

Block any packet whose MAC is X and IP isn't Y
Block any packet whose MAC isn't X and IP is Y

Together all of those rules make sure that all devices use the IPs you assigned. If your devices are all under your control and not hopping IPs, it's not needed.

I'll try and look into why these rules slow down the firewall so much. I don't know if it's just the number of rules or the order they're looked at but that's a BIG impact.

Oke interesting, its like a double check and to prefent that static ip or macs are changed at the device itself i guess? well, i learn every day!

Thanks!

It won't help against mac spoofing, just against violating the DHCP rules. This is to ensure quota work as intended, as those are based on the assigned IP and changing the IP of the client would grant more data volume, defying the purpose.

It gets even better,

I set a custom MTU in gargoyle, i set it at 1472.

Now i get the full 204 mbit up and 204 mbit down!

I did the ping mtu test, and ofcourse 1472 was the right ammount, but i thougt the 1500 settings in most devices already counted those 20 and 8 bits in.