Usually you open it up to allow initial synchronization, and then throttle it back for incrementals.  He needs to determine the size of the dataset he's sending per day and then break it down to see how much bandwidth he has to play with, how much he can dedicate to the backup job, and how long it will take at that rate.  Then he can craft a limiter that gives it just enough bandwidth to complete the daily job in the allotted time.

@vindenesen: @georgeman: … shaping multi-LAN does not work as you expect. For reasons and an explanation on how the shaper works, check this post I have just written. Regards! Sorry if this is considered hijacking a thread, but just one small question: Does this apply to all shaping disciplines? I'm considering using the PRIQ shaper in a LAN party (which will have multiple subnets/VLANs) to prioritize gaming and other important traffic to/from the Internet. The Internet connection speed will be 1Gbps, if that makes any difference. Yes, it is the same for any scheduler since this is originated from the fact that you cannot have the same queue applying to multiple interfaces simoultaneously. Since download is "shaped" (and I put it in between quotes because you cannot really shape download, but do some TCP based tricks) on the LAN side, you are actually having multiple download pipes not communicating with each other

@klou: Thanks for all of your help. klou, did you get this working correctly?  Just wondering . . .

Fun he says.. LOL.  Nah I read you, this QoS/Shaping stuff is damn confusing enough without the GUI lying to me hehe.

I don't think there is anything you can do about it. If you haven't noticed any in-game issues or network gameplay features not working then I really wouldn't be concerned.  It may be as simple as a heartbeat check for game clients that are no longer there.

I haven't played with L7 rules as it seems extremely complicated, and you have to know packet byte-patterns etc.

little update: i have rebooted my pfsense and now all is ok. Ok ping, ok limiter. But i have another problem, i hope that is a little problem. in my case i have: wan - pfsense guest03 - lan1                                   - lan2                                   - lan3 If i try to ping from lan1 to lan2, it run. But this is not right, because each lan is for one customer. I try with this step: i created aliases with: Type: network(s) and 192.168.0.0 CIDR 16, in this mode i have all local lan in an alias. i created 3 rule for each lan, in this mode:                 a) pass from LAN net to LAN net – no limiters                 b) block from alias to alias -- no limiters                 c) pass from LAN net to any --- with limiters Now, i have a good ping, i have my limiters and i cannot ping other lans from my lan. But i want ask: can i do this with Interface Groups? I thins that this is more simple and fast. One rule for all interfaces! Tnx for your reply

Floating rules are used in conjunction with a traffic shaper to allow you to apply rules regardless of interface (the rule "floats" above the interfaces, so to speak.)  Typically, you use it to shunt traffic in to a particular queue but you can also use it to shunt that same traffic into a limiter.

I have the rule setup on the lan side.  With a single host which is his ip and at the bottom theres a choice for a limiter and i added the inbound and outbound limiter. At the top of the list. When i get a chance today ill take some screen shots.

Limiters are assigned using firewall rules via the In/Out section under Advanced features.  Bittorrent can be very hard to trace because the torrent clients these days use encryption and that can't be handled by a layer7 rule.  You might be better off using an opposite approach where you elevate known traffic like web and mail, and all others can be limited or shaped.

The old pfsense shapper was one idea easy for configuration.

From what I understand, a limiter is just a dumb pipe that will limit all traffic routed to it to its maximum capacity, and not per client/server.  IN on the WAN interface means traffic coming from the Internet, OUT means traffic destined to the Internet.  Set your OUT to 10MB/s, set rules to move your server WAN traffic to the limiter, put them under load and see it it holds steady at ~10MB.

Don't be concerned about packet drops.  When you have an active shaper in place, drops are expected when the router is under load.  You want packets from your lower-priority queues to get dumped in favour of packets from higher queues when there is contention or service guarantees to maintain.  That's how the whole thing works.  If you don't have any drops, you likely don't even need traffic shaping at all.

per second

I want to Limit all my servers behind the DMZ . So i have server A server B and server C . what is the best Way to limit the inbound and outbound traffic to a max of 50MB per server.

First step would be to post this in the Packages forum where it belongs. Start here: https://doc.pfsense.org/index.php/Setup_Squid_as_a_Transparent_Proxy Come back if you have questions or problems.