• Hi all!

    I was wondering if it is possible to configure m1 for time d to lower value than m2?
    If I configure:

    m1: 10Mb
    d: 1000
    m2: 5Mb

    It works as expected, client gets 10Mbit for 1 second then goes to 5Mbit.

    If I configure:
    m1: 5Mb
    d: 1000
    m2: 10Mb
    In this case client gets stuck at m1 speed even after 1 second.

    Goal is to reduce spikes that is why I would like to set m1 to lower value than m2.


  • I can`t configure it, see above.

    Bug in pfsense implementation?

  • Hi.

    I`m bumping this one.

    I still cant do this, is this even supported? Ive read numerous posts about HFSC and it should be possible.

    Anyone with more experience care to answer?


  • Hi,

    I think you're forgetting one thing here: HFSC is all connections in queue. This means if you'd give the first second only 5Mbps you'd end up limiting everything in that queue the first second to 5Mbps while NOTHING, not one or even 100 clients together are able to go over the 10Mbps that is configured for m2. So you will never see a spike above 10Mbps which just renders the whole idea useless.

    IF you see spikes > m2 then the traffic is not in the right queue.


  • No I don`t see spikes, traffic is in the right queue.
    I would just like to delay traffic for first 1 second then allow it to get to full speed.

  • On Linux I'd know a way, netfilter actually has a module that switches chain/rule after a certain amount of time, but on BSD I actually don't because I never had the problem before.

    Btw: Standards are a problem of their own. When stuff like HFSC gets implemented it doesn't necessarily mean it's following the whole standard. Always check the BSD docs on the corresponding version:


    Sadly I don't see a solution at this time, not with pf or even ipfw and limiters as there's no way to do anything based on time (e.g. 5 seconds).

    There are workarounds with tables and PF's match rule, but that's nothing you want in production.