I've partially discovered a solution more elegant than using Bash & SED to edit config.xml directly.

instead, I created files in /etc/phpshellsessions called 'throttleon' and 'throttleoff'. Contents:

require_once("config.inc"); require_once("filter.inc"); global $config; parse_config(true); $config['filter']['rule']['0']['disabled'] = false; write_config("throttleon");

throttleoff is exactly the same, but 'disabled' = true; instead.

I checked in the shell first to get the index of the rule i wanted to enable ( and it's rule '0', so that is why it's referenced in the code above ).

These can now be called via pfSsh.php playback throttleon ( or off ).

Interestingly, I tried to use the pfsense PHP shell record feature to do this, but it just created 0 byte files for some reason ( even though the commands in the session worked fine ).

It seems I don't need to call rc.filter_configure either, as playing back these files updates the rule enable/disable status ( maybe a feature of the shell? )

@ads76 entirely coincidental but I'm glad it helped you too.

By coincidence, this post resurfaced just 3 hours after I posted this. It appears to be the same issue.

I just had to fudge my bandwidth allocations on the LAN queues to be able to set the interface bandwidth correctly. For me, I set the same value as allocated to the WAN queue (19200 Kbs) to qInternet on each LAN interface, rather than using 2%. I also set all the other LAN interface sub-queue percentages down to like 10% though I'm not sure that was necessary, saved and applied. Then I could set the LAN interfaces to what I wanted (96% of 1Gb = 960000 Kbs).

Annoying to figure out but at least it's possible to workaround. Thanks to @seijirou for either deliberately or coincidentally resurfacing that post which helped me out.

@steveits said in Maximum Bandwidth Value for Limiters:

@tman222 That would be 409610241024 = 2^32 = 4294967296 so max unsigned 32 bit integer. Can't help with how to change it. :) It presumably depends on how it is being handled in the upstream code. But, with all new routers 64 bit and Netgate releasing 10 Gbit connections it seems logical to make it higher. I'd say go ahead and make a redmine entry. It could just be old input validation.

BTW, nice bandwidth.

Thanks @SteveITS - that makes a lot more sense now. Unfortunately no multi-gig internet access here just yet, but there have been rumors that it may be coming this year (fingers crossed).

@daddygo Hey, just seeing this.. thanks for the reply.

interestingly enough, i came across the whole "fq_codel" thing and started messing around with it.

low and behold, it (seemingly, at least to my novice senses) made a very significant difference with my latency.

going through the bufferbloat test from waveform, initially my unloaded ping was about 10-12ms, and once it started the upload and download tests, my latency was up around 60+ms and i was graded as a C.. i followed some instructions and then messed around with it to adapt it to my particular internet speed (120x6) and my upload/download latency dropped to about 5ms for both upload and download. I can definitely tell the difference (no lagging) when someone else is video conferencing while i'm on my workstation, streaming whatever..

anywho, are you saying that disabling the hn(4) ALTQ support will improve it further?

@cnicules ggrrr wife problem :) "the net was working bad so i went directly on the ISP modem wifi", all day sort of wasted.
putting CODEL, make the setup works, i only get a slight 2-3-4ms increase on ping.
ok, logic is good, so far.
HFSC also looks, good, selecting icmp works.
good, now i can move to more complex stuff
thanks,

Maybe this just clicked with me....

Since it's stateful that's why this works, correct? It's not matching per packet and totaling things up like my brain was thinking.

Self-solved. Wrote two new functions in status_queues.php and added a call to SortStats in the existing processInterfaceQueues call:

processInterfaceQueues(SortStats($stats), 0, "");

Code is not so elegant and is not optimised but it works. Sharing for interest.

function SortStats_AppendCurrentAndContained(&$sorted_qname, &$raw_real_if_qlist, $qname, &$qdata, &$qcontains) { # Sort the list of child queue names and store back into the original 'contains' array sort($qcontains); $qdata['contains'] = $qcontains; # Add the current qname (which 'contains' other queues) to the sorted_qname array first $sorted_qname[$qname] = $qdata; # Then add the contained queues, in sorted order foreach ($qcontains as $qcontainedname) { # Retrieve the queue entry for the named queue $qcontained = $raw_real_if_qlist[$qcontainedname]; # If it has a 'contains' array, recurse the addition of current & contained queues if (is_array($qcontained['contains'])) { SortStats_AppendCurrentAndContained($sorted_qname, $raw_real_if_qlist, $qcontainedname, $qcontained, $qcontained['contains']); } else { # Add the queue data for the named qcontained into the sorted_qname array $sorted_qname[$qcontainedname] = $qcontained; } } } function SortStats($stats_to_sort) { foreach ($stats_to_sort['interfacestats'] as $raw_real_if_name => $raw_real_if_qlist) { $sorted_qname = array(); foreach ($raw_real_if_qlist as $qname => $qdata) { # If it has a 'contains' array, sort the children and build out the sorted_real_if_qlist if (is_array($qdata['contains'])) { # Append the current and contained queues SortStats_AppendCurrentAndContained($sorted_qname, $raw_real_if_qlist, $qname, $qdata, $qdata['contains']); } } # Assign the sorted array of queue names back to the raw_real_if_qlist $stats_to_sort['interfacestats'][$raw_real_if_name] = $sorted_qname; } return $stats_to_sort; }

Does anyone else have any view on using both altq and limiters. I tried it worked for a while, seemingly, then the routing got blocked. I can’t quite understand why but it now seems like you can’t use both at the same time.

Does someone still have this available or a link to an equivalent approach?
@GuHwk97 did you find something ?

@brswattt some further comments. I would suggest you set the "queue management algorithm" to coddle in both the limiter (parent) and the child queue. You've set the scheduler but not the QMA.

Also, presumably you initiated the connection to steam. In which case I think you need to apply the rules on the LAN. I suspect that is the problem. If not, I would mark the rule to to be logged and then look at the firewall log and make sure your rule is triggering correctly. If not, work out why. You seem to be aware of the need to sometimes set quick actions on the floating rules to make the fire immediately but it could be something like that (though not from the looks of things).

As an aside, I would avoid using the floating rules and the WAN until you have this set-up right on the LAN itself. I say this because it is just easier and, as NAT is applied before the rules apply on the WAN, there can be problems writing rules that hit the packets intended. The workaround is tagging packets on the original interface before they hit the WAN then searching for the tagged packets. But the point is avoid applying stuff on the WAN and via floating rules until it is right on the interface rules.

@steveits

Thanks. I'm quite new to pfSense, so I'll continue to monkey with.

I know this is an older thread but for posterity it should be fixed in 22.01/2.6.

@robnitro That sounds really good.

@theskelly Traffic not assigned a queue will go into the default queue. You can go to Status/Queues and watch them to see if yours is getting into the right queue.

If it isn't working, look at open states and see if the state matches your rule. For instance to de-prioritize a certain web site, it's not a matter of matching traffic from the web site to *, it's from * to the web site, and the reply/download just matches the open state.

@tschan This sounds like bug #11550, which is marked as closed but doesn't appear to be.

@kerat Why would you not strip the tags or mark how you want as it enters the network from the AP.. At your switch?

As to disable wmm on unifi ap I found this.

https://omg.dje.li/2020/02/disabling-wmm-on-ubiquiti-unifi-uaps/