I'm currently using priq i just want to limit the bandwidth going to a single ip so that it doesn't slow down the entire office when someone is uploading a video to our company server.

Delete your "Floating" rule, and create on LAN

Action: pass

Source: your "particular LAN IP"

Dest: any

and in advanced features –> In/Out  choose your limiters

Put this rule "on top" of any other "pass" rule.

@cmb:

Alternatively if you have a proxy server or can set one up, you can set TOS based on URL and then shape on TOS.

Talking about setting TOS in Squid, there is an interesting feature called ZPH (Zero Penalty Hit) included in recent Squid versions, which can be used to set TOS of already cached content (cache "HIT") so it can be delivered to local users at full speed, i.e. only shape un-cached traffic.

Is anyone using such a setup with pfsense?

I just started to configure it (added zph_local to squid.conf, checked with tcpdump that squid cache HIT entries sent out packets with correct TOS set etc) and will probably complete the setup tomorrow.

Sorry for being a newbie, but can you give me step-by-step examples to your #1 and #2 answers please.

It will be greatly appreciated!

Thanks!

Hi thestealth,

thanx for posting.

You can select PRIQ algorithm by this way Firewall -> Traffic Shaper -> by Interface -> Schedular Type .
Then you must attach  the queue to proper rule.

Nothing like a reboot to sort things out. Now able to block with a L7 container.

Hi sorry for the delayed reply, it means that adding a NIC and connecting the 192.168.1.10  local access point of the bridge to the NIC, I can filter the traffic that came in the LAN passing by the 192.168.1.10?

so I can make a firewall rule that says block interface OPT source 192.168.1.10  destination all -  that block all traffic caming from the ap.
and other rules that make the traffic pass for certain Ip.
is this correct?

about the bridge I haven't disabled the filtering.

Thats a shame.

I can see that when Reauthenticate connected users every minute is ticked that the radreply contains the new "WISPr-Bandwidth-Max-Down" and "WISPr-Bandwidth-Max-Up" values set.

IS there not a way to get the new values to take effect without having to disconnect the user and allow them to reconnect ? -

LoL, you're not the only one! Since 2.0 with the dashboards I hadn't looked there either. I learned something new today as well!

Basically you only need to shape on the WAN. This will shape on the outbound. For inbound, it is going to go as fast as possible. The inbound drops packets and causes re-transmission on the remote system. This is mechanism that slows inbound. I would try only limiting WAN and see if that works for you. If not, then try CBQ or PRIQ and see if that will work better for you.

You can approach what you want using traffic shaping and scheduler field of Firewall Rule.

You can use to achive this.

First create a Queue on Traffic Shaper.
Second attach the queue to traffic which you want to limit or prioritize.