You can use Traffic Shaper to achive this.

IF you use Squid with Traffic Shaper you can shaping http traffic via Default Queue.Bcause of squid bypass http traffic.

You can achive this by using hsfc traffic shaper.You can use  Service Curve -> Upperlimit  ->m2 field  on proper Queue. Then attach queue to the rule involving  host alias.

Are you using squid with traffic shaper ?

if yes : Squid bypass traffic on port 80 , so traffic shaper can not catch the traffic , then the traffic port 80 and all of other uncategorized traffic flow on DEFAULT QUEUE.So you give 1 priority to Default Queue but there is no traffic matching other queues , therefore Default queue pretend to eating all of the available traffic.

if no : I recommend HFSC

I'm sending mp3, httpvideo, httpaudio, flash, http-itunes, http-rtsp, quicktime, rtp, and rtsp to the qotherlow queue and I'm blocking audiogalaxy.

Follow the Traffic shaper wizard (single wan/multi lan), and it will eventually ask you about VOIP provider/settings. Fill in the details and it will create a rule for voip traffic, found on the 'floating rules' tab.

@slth:

Alas, without any result: bandwidth isn't being limited at all  :(

Hi, try to check the order of the firewall rules, maybe a previous rule is applied to that traffic so the firewall doesn't process the rule with the IN/OUT options…

@Gitsum:

I think the QOS feature in pfsense is broken. I tried for too long trying to get it to work. I gave up and went back to my dlink.

well… it's for sure not easy, the first time I needed support to let it work, and before 2.0 RELEASE I think was not also so stable, but it is working very well on my firewalls now.
I had the same doubt that I am missing or mistaking something...

Thanks again for the info.  I'll see what I can do.

Yes, that's it. Thank you!

I also just found out that if I enable/disable a queue Interface (e.g. WAN), saving in between and apply, the stats (drops, etc.) reset.

yakupm

I have a similar pfsense box with the features you ask. Please see my post.

http://forum.pfsense.org/index.php/topic,42927.0.html

Hope this helps.

The devices are iPads and we dont wish to use a proxy. iPad apps dont all work nicely with proxies, especially if that proxy requires authentication. So we have a seperate web filter that operates as a transparent bridge which does web filter, but not SSL intercepting. Then we have pfSense box on the other end of that as our main WAN router. One single subnet for our whole internal network, so pfSense is just being used for pure firewall and NAT type stuff.

Had hoped the L7 stuff was the answer, as there doesnt appear to be any other way to do it.

Guess we just have to live with iMessage and FaceTime on our net :(

you'll have to tell that it uses vlan's.. pfsense cant look from crystal ball if vlans are needed or not ;)

hi again.

I changed the cron entry a little bit so it suits my setup.

Perhaps for future pfsense relases this could be realized that there aren't so many (unneccessary) filter reloads.
In a scheduler I have to define a start time and an end time. every time needs an "hour" and a "minute". per haps it can be realized that the minutes and the hours could be entered in the cron job.

So lets say:
Start:
[hour1]: 6
[minute1]: 0

End:
[hour2]: 17
[minute2]: 30

out of these times we can create a cron job like that:

[minute1],[minute2] [hour1],[hour2]  *  *  *  root  /etc/rc.filter_configure_sync 

I am no coding expert and I do not know what is behind the scenes but it is an idea :)

You can manually add the queues yourself.

Go to traffic shaper ->  Wizard -> Single-LAN, Multi-WAN.

Key in '1' for number of WAN connections.

Select HFSC for both LAN and WAN.  Choose 10Gbit/s for bandwidth.

Don't select anything in the wizard, just click next all the way.

When you're done, you should have:
WAN:  qACK, qDefault
LAN:  qLink, qInternet, qACK, qDefault

Now select LAN.  Delete all the queues.  Then add qACK and qDefault.

For qACK, set the bandwidth to 10%, Priority 7, Realtime M2 10%.
For qDefault, set Default, ECN, Bandwidth to 1%, Priority 3, Realtime M2 1%.

Go to queues tab, clone both qACK and qDefault onto WAN.

Now go to Firewall Rules,

under LAN tab, you will see a "Default allow LAN to any rule".
Click edit ('e' button), scroll down till you find the section that says Ackqueue/ Queue.  Click the 'Advanced' button.  Then select 'qAck' in the left box and 'qDefault' in the right side box.

Go to the Floating Rules tab now,
Click the '+' button to add a new rule.

For Action, select 'Queue'.
Check the box under 'Quick' section.
Under Interface, highlight 'WAN'.
Direction set to 'In'.
Protocol as 'Any'.
Source as ANY.
Destination as 'Lan Subnet'.
Set Description as:  "CatchAll Inbound".
Set Ackqueue/ Queue as qACK/ qDefault.

That should be all you need to do.