Maybe this just clicked with me.... Since it's stateful that's why this works, correct? It's not matching per packet and totaling things up like my brain was thinking.

Self-solved. Wrote two new functions in status_queues.php and added a call to SortStats in the existing processInterfaceQueues call: processInterfaceQueues(SortStats($stats), 0, ""); Code is not so elegant and is not optimised but it works. Sharing for interest. function SortStats_AppendCurrentAndContained(&$sorted_qname, &$raw_real_if_qlist, $qname, &$qdata, &$qcontains) { # Sort the list of child queue names and store back into the original 'contains' array sort($qcontains); $qdata['contains'] = $qcontains; # Add the current qname (which 'contains' other queues) to the sorted_qname array first $sorted_qname[$qname] = $qdata; # Then add the contained queues, in sorted order foreach ($qcontains as $qcontainedname) { # Retrieve the queue entry for the named queue $qcontained = $raw_real_if_qlist[$qcontainedname]; # If it has a 'contains' array, recurse the addition of current & contained queues if (is_array($qcontained['contains'])) { SortStats_AppendCurrentAndContained($sorted_qname, $raw_real_if_qlist, $qcontainedname, $qcontained, $qcontained['contains']); } else { # Add the queue data for the named qcontained into the sorted_qname array $sorted_qname[$qcontainedname] = $qcontained; } } } function SortStats($stats_to_sort) { foreach ($stats_to_sort['interfacestats'] as $raw_real_if_name => $raw_real_if_qlist) { $sorted_qname = array(); foreach ($raw_real_if_qlist as $qname => $qdata) { # If it has a 'contains' array, sort the children and build out the sorted_real_if_qlist if (is_array($qdata['contains'])) { # Append the current and contained queues SortStats_AppendCurrentAndContained($sorted_qname, $raw_real_if_qlist, $qname, $qdata, $qdata['contains']); } } # Assign the sorted array of queue names back to the raw_real_if_qlist $stats_to_sort['interfacestats'][$raw_real_if_name] = $sorted_qname; } return $stats_to_sort; }

Does anyone else have any view on using both altq and limiters. I tried it worked for a while, seemingly, then the routing got blocked. I can’t quite understand why but it now seems like you can’t use both at the same time.

Does someone still have this available or a link to an equivalent approach? @GuHwk97 did you find something ?

@brswattt some further comments. I would suggest you set the "queue management algorithm" to coddle in both the limiter (parent) and the child queue. You've set the scheduler but not the QMA. Also, presumably you initiated the connection to steam. In which case I think you need to apply the rules on the LAN. I suspect that is the problem. If not, I would mark the rule to to be logged and then look at the firewall log and make sure your rule is triggering correctly. If not, work out why. You seem to be aware of the need to sometimes set quick actions on the floating rules to make the fire immediately but it could be something like that (though not from the looks of things). As an aside, I would avoid using the floating rules and the WAN until you have this set-up right on the LAN itself. I say this because it is just easier and, as NAT is applied before the rules apply on the WAN, there can be problems writing rules that hit the packets intended. The workaround is tagging packets on the original interface before they hit the WAN then searching for the tagged packets. But the point is avoid applying stuff on the WAN and via floating rules until it is right on the interface rules.

@steveits Thanks. I'm quite new to pfSense, so I'll continue to monkey with.

I know this is an older thread but for posterity it should be fixed in 22.01/2.6.

@robnitro That sounds really good.

@theskelly Traffic not assigned a queue will go into the default queue. You can go to Status/Queues and watch them to see if yours is getting into the right queue. If it isn't working, look at open states and see if the state matches your rule. For instance to de-prioritize a certain web site, it's not a matter of matching traffic from the web site to *, it's from * to the web site, and the reply/download just matches the open state.

@tschan This sounds like bug #11550, which is marked as closed but doesn't appear to be.

@kerat Why would you not strip the tags or mark how you want as it enters the network from the AP.. At your switch? As to disable wmm on unifi ap I found this. https://omg.dje.li/2020/02/disabling-wmm-on-ubiquiti-unifi-uaps/

@someusername said in Aliases and limiters: Should I enable the rules and kill the states of the IPs affected? The existing state is going to take precedence over the new rule so yes, kill the state and/or end the transfer when testing changes or any firewall rule.

@daddygo Thanks, I appreciate it.