-
i want setup dscp 63 (0x3f) in pfsense. But there is no such value option in firewall rule, I hope to increase the value entered by the user..
-
pf can only match DSCP. There is no way to set it or change it.
Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
pf can only match DSCP. There is no way to set it or change it.
DSCP has 63. I have successfully set 63 value DSCP in ubuntu.
-A FORWARD -j DSCP --set-dscp 0x3fhttps://ipset.netfilter.org/iptables-extensions.man.html
dscp
This module matches the 6 bit DSCP field within the TOS field in the IP header. DSCP has superseded TOS within the IETF.
[!] --dscp value
Match against a numeric (decimal or hex) value [0-63]. -
Ah, all of the wording in your original message implied changing/setting the value, not matching it.
That DSCP value is uncommon and unlikley to be respected by anything, why would anyone need/want it?
We can add more values to the drop-down but the ones we have are there because they are listed in various RFCs for DSCP/TOS (See https://docs.netgate.com/pfsense/en/latest/trafficshaper/dscp.html )
While the packet field may support values from 0-63 that doesn't mean they will all work properly in real-world networks.
pf seems to accept 0x3f though so we could consider adding that, it's not a large change.
diff --git a/src/usr/local/www/guiconfig.inc b/src/usr/local/www/guiconfig.inc index 8ca98fced2..7a36190abd 100644 --- a/src/usr/local/www/guiconfig.inc +++ b/src/usr/local/www/guiconfig.inc @@ -114,7 +114,8 @@ $firewall_rules_dscp_types = array( "cs7", "0x01", "0x02", - "0x04"); + "0x04", + "0x3f"); $auth_server_types = array( 'ldap' => "LDAP",You could also keep that as a local custom patch in the system patches package.
Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
@yon-0 I am using AF33 (30/0x1e) with success from Windows to pfSense.
-
但这并不意味着它们都可以在现实世界的网络中正常
I've tested it and it gives a noticeable improvement in speed. Some big carrier networks in the world don't use default values, but give high priority to some less commonly used values. So I think leave technically allowed values to Users make decisions to set up based on their carrier network conditions.
-
但这并不意味着它们都可以在现实世界的网络中正常
I've tested it and it gives a noticeable improvement in speed. Some big carrier networks in the world don't use default values, but give high priority to some less commonly used values. So I think leave technically allowed values to Users make decisions to set up based on their carrier network conditions.
My internet speed is 5-10 times faster
-
@yon-0 I am using AF33 (30/0x1e) with success from Windows to pfSense.
Does your value increase your internet speed?
-
@yon-0 I am using AF33 (30/0x1e) with success from Windows to pfSense.
Does your value increase your internet speed?
No sry, it is only about LAN.
-
@yon-0 I am using AF33 (30/0x1e) with success from Windows to pfSense.
Does your value increase your internet speed?
No sry, it is only about LAN.
I use DSCP for the speed improvement of the world interstate long distance network. I use it for my own BGP network.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.