Delete your "Floating" rule, and create on LAN Action: pass Source: your "particular LAN IP" Dest: any and in advanced features –> In/Out  choose your limiters Put this rule "on top" of any other "pass" rule.

@cmb: Alternatively if you have a proxy server or can set one up, you can set TOS based on URL and then shape on TOS. Talking about setting TOS in Squid, there is an interesting feature called ZPH (Zero Penalty Hit) included in recent Squid versions, which can be used to set TOS of already cached content (cache "HIT") so it can be delivered to local users at full speed, i.e. only shape un-cached traffic. Is anyone using such a setup with pfsense? I just started to configure it (added zph_local to squid.conf, checked with tcpdump that squid cache HIT entries sent out packets with correct TOS set etc) and will probably complete the setup tomorrow.

Sorry for being a newbie, but can you give me step-by-step examples to your #1 and #2 answers please. It will be greatly appreciated! Thanks!

Hi thestealth, thanx for posting.

You can select PRIQ algorithm by this way Firewall -> Traffic Shaper -> by Interface -> Schedular Type . Then you must attach  the queue to proper rule.

Nothing like a reboot to sort things out. Now able to block with a L7 container.

Hi sorry for the delayed reply, it means that adding a NIC and connecting the 192.168.1.10  local access point of the bridge to the NIC, I can filter the traffic that came in the LAN passing by the 192.168.1.10? so I can make a firewall rule that says block interface OPT source 192.168.1.10  destination all -  that block all traffic caming from the ap. and other rules that make the traffic pass for certain Ip. is this correct? about the bridge I haven't disabled the filtering.

Thats a shame. I can see that when Reauthenticate connected users every minute is ticked that the radreply contains the new "WISPr-Bandwidth-Max-Down" and "WISPr-Bandwidth-Max-Up" values set. IS there not a way to get the new values to take effect without having to disconnect the user and allow them to reconnect ? -

LoL, you're not the only one! Since 2.0 with the dashboards I hadn't looked there either. I learned something new today as well!

Basically you only need to shape on the WAN. This will shape on the outbound. For inbound, it is going to go as fast as possible. The inbound drops packets and causes re-transmission on the remote system. This is mechanism that slows inbound. I would try only limiting WAN and see if that works for you. If not, then try CBQ or PRIQ and see if that will work better for you.

You can approach what you want using traffic shaping and scheduler field of Firewall Rule.

You can use to achive this. First create a Queue on Traffic Shaper. Second attach the queue to traffic which you want to limit or prioritize.

You can use Traffic Shaper to achive this.

IF you use Squid with Traffic Shaper you can shaping http traffic via Default Queue.Bcause of squid bypass http traffic.

You can achive this by using hsfc traffic shaper.You can use  Service Curve -> Upperlimit  ->m2 field  on proper Queue. Then attach queue to the rule involving  host alias.

Are you using squid with traffic shaper ? if yes : Squid bypass traffic on port 80 , so traffic shaper can not catch the traffic , then the traffic port 80 and all of other uncategorized traffic flow on DEFAULT QUEUE.So you give 1 priority to Default Queue but there is no traffic matching other queues , therefore Default queue pretend to eating all of the available traffic. if no : I recommend HFSC