Working fine!

@RN222 Okay, I know the SANS guide says to make these rules "quick" but as far as I know, they actually do not work when they're quick. I'm not sure if that was considered a bug, and/or if it still applies, but it was definitely true at one point. And My floating rules that assign traffic to limiter queues are just normal floating rules (i.e. not quick). Mine are also match rules, not pass, which I also believed was necessary at least at one point. So I would advise that you first make all four of these rules "normal" (i.e. non-quick) floating rules. And if that still does not work, try making them all match rules as well.

Using just the conservative setting for the firewall and giving the ip phone static ports, has always worked for me. You should not have to change TCP/UDP settings specifcally. Just the firewall optimaztion. see the pic for the detales of the differances. [image: 1736263392748-screenshot-from-2025-01-07-07-22-08.png]

@Mission-Ghost never mind...I just found: https://forum.netgate.com/topic/195386/after-update-4200-to-24-11-queues-status-page-no-longer-works/7 Apparently it's a bug that turned up in beta and has a redmine ticket. From the topic cited, there's a method to check that it's working. I'll do that.

@bipton said in The traffic download limit only applies half of what I give it. why?: rules used default gateway There is this, scheduled for 2.8...? https://redmine.pfsense.org/issues/14854 "...if the gateway is left to default the limiter works as expected but if a specific gateway or a gateway group is specified the limiter [drops by half]."

Same Report... I am sure it would be a bug. The only temporary fix I did is to Increase twice the value and add +2 to be sure...

@jimbrown-dm said in Doc VPN: @jimbrown-dm You can use free xnxubd vpn browser vpn app to browser internet freely. https://www.tomsguide.com/computing/vpns/dont-download-xnxubd-vpn-browser-its-dangerous

Turns out the bufferbloat limiters do not limit ACKs. How can I make it also limit ACKs?

@Gertjan thank you for your help. Of course I will upgrade... But I have to wait for the end of the season as I cannot shutdown the system even for 10 minutes with 2500 customers on it. Have a nice time :)

@vildsvin123 said in Traffic shaping limiters per port, upload limter doesent work: local machine 192.168.1.123 witch runs the cloud and clients connecting from outside throu wan interface Matching can be tricky, I suggest looking at the open state for the connection. For example "downloading a file from a web server in my office" matches the inbound connection to the web server, not an outbound response. The outbound follows back out the inbound state. As noted floating rules are outside NAT. One can match a floating rule to a source only by tagging it on the way in as the packet arrives on LAN, then a rule saying "any packet with tag X" on the way out on WAN. I've used that for prioritizing voice (upload from a phone device IP) but I don't think for a limiter. If you haven't already, for testing, set the limiter to something low enough to be obvious in both directions, and a different number for in and out.

@_ToXIc_ I would revert the change regarding bloat. That doesn’t impact what’s going on here and typically it’s best left alone. There are also debug logs for the agent

@Aus_Karlos You can also try to modify your existing WAN rule: Go to Firewall > Rules > WAN. Edit the rule that currently handles the traffic for port 443 to your server. In the Advanced Options section, set the "In/Out pipe" for outgoing traffic to use the Global_Limit_Out limiter.