Create a pass rule on the WAN for the IP address in question. When creating the rule you have the option of limiting connections. Place that rule above any other rule that would allow that IP address through.

Have you looked at this yet? http://doc.pfsense.org/index.php/VoIP_Configuration I'm guessing your fix is there. I can't see traffic shaping breaking your voip unless your voip packets are being classified to too low of a priority.

Gotcha, thanks for the input. I'm happy either way as I'm getting the call quality I wanted. :)

You need both … QoS on the router if you're going to use a VoIP Internet Provider and you'll need internal QoS into your switch to make sure your VLAN is prioritize over other traffic. If you're IP/PBX gets it's PTSN access with a POTS or a T1/PRI the router QoS is not a necessity, but QoS is always a good thing even if you do not use VoIP. Just to prioritize HTTP(S) over FTP is a good thing to provide a good fast experience to your users. At work I'm stuck with a SonicWALL without that much QoS but my IP/PBX does not use Internet for PSTN access, only external softphone here and there, not a big deal and the router can manage... But all my internal Layer2&3 switches have QoS enabled.

could you be more specific?

@jlepthien: There is no way to configure more than two interfaces (usually WAN and LAN) in 1.2.3. You'll have to wait until 2.0 is more stable or you can test if it works for you. Ok, I'll accept that you can't configure more than two interfaces from the webGUI.  But are you saying that you can't do it manually through the configuration files? My situation is that for now, I only need one simple rule, to give VoIP traffic priority.  If I do enable the traffic shaper, with my 3 interfaces, with just the two rules, what will be the consequences?

@jlepthien: Since all traffic is on WAN interface there is no chance for the shaper to do its work. I suggest you set up a file server to which both clients can connect and then share stuff on this way. Ok, thanks for the reply. Unfortunatly, such transferts are mainly done with scp, because VPN are used to connect several LAN's, so a file server is not an option. I will put the openvpn server behind the firewall, by this way all traffic will go from WAN to LAN and from LAN to WAN. Regards, Pierre

http://forum.pfsense.org/index.php/topic,11986.0.html

@TreeTopFlyer: Again, from my understanding, once the lower priority (downstream) traffic hits the pfSense box the packet is dropped (which would be correct), with no ACK back, and the packet is sent again thus flooding the downstream pipe again. If the sender is behaving appropriately, the sender would be naturally throttled just by the fact that it is waiting for the ACK.  Thus each packet that is dropped will delay the sender, and allow the higher priority packets to come through.

EDIT: Traffic should not be limited on the LAN interface as its going in the LAN interface and OUT the LAN interface, correct? It shouldnt match any of my rules as they are all set with WAN in and LAN out or vice versa. ~~Im wondering how to get around this. Would it be possible to have the default rules and then assign a new queue which has 1gbps (possibly make it parent), assign all traffic originating from lan subnet destined to lan subnet to a queue that has 1gbps bandwidth? so: LANTOTAL (1gbps) parent  – qwanRoot 218kbps      -- children WANTOTAL (1gbps) parent  -- qlanRoot 1306kbps      -- children~~

i got something similar. Whatever bandwidth queue you created, is too high and exceeds the sum of all the other queues, bring your queue down or adjust the other queue(s) to compensate for this new one.

I've read the qos sticky and it does mention borrowing. Does anyone know if the default traffic wizard enables borrowing?

Dunno what to tell ya. I spent a good part of the night figuring this out. What I have down on paper looks like it would work, however actually implimenting it in PFSense seems trivial. They made it more complicated than it should be.

Your right! There is no other way unless there is a 3rd party plugin that gives you that option. The only thing you can do from the Status>DHCP screen is set a static DHCP mapping or WOL Mapping. You will have to manually set the rule in the MAC filtering.

@nykollas: And for the LAN how can I make sure that they are not using manual IP addresses ? I am thinking to use static IP address for each user and create an aliass from their range, and have the firewall to pass the traffic with the bandwidth limit rules. And block everything else in case they are changing manualy their IPs. I hate those people also  :D you can use ipguard http://ipguard.deep.perm.ru/ By pkg_add -r ipguard it can bind ip address to mac and prevent (as much as it can) others from changing there ip's by adding mac-ip pair in file like this 00:11:22:33:44:55 192.168.1.2 00:44:55:66:77:88 192.168.1.6 actually idon't know why it hasn't been added to pfsense packages. if users can take any ip they want ,then all firewall configuration and traffic shaping is in vain.