• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How to limit upload bandwidth only to certain destinations on the internet?

Scheduled Pinned Locked Moved Traffic Shaping
3 Posts 2 Posters 302 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • L
    lburns
    last edited by Jul 18, 2024, 5:08 PM

    I have an older firewall that I cannot upgrade until later this year, but I need to manage the upload bandwidth used when sending data to certain cloud backup vendors.

    I have tried to follow the documentation, but I cannot disrupt connectivity - so I am going to ask for advice.

    How do I limit the bandwidth used when sending data to certain cloud backup providers?
    I will start with Backblaze.

    Their upload targets are:

    • 206.190.208.0/21
    • 104.153.232.0/21
    • 149.137.128.0/20
    • 45.11.36.0/22
    • 2605:72c0::/32

    All Backblaze servers use the *.backblaze.com or *backblazeb2.com domains.

    Would someone explain to me how to limit the outgoing bandwidth to these addresses?

    I assume I would create an alias for the destinations, but how would I build the limiter and use that?

    S 1 Reply Last reply Jul 18, 2024, 6:44 PM Reply Quote 0
    • S
      SteveITS Galactic Empire @lburns
      last edited by Jul 18, 2024, 6:44 PM

      @lburns You can use a LAN firewall rule to assign a queue:
      https://docs.netgate.com/pfsense/en/latest/trafficshaper/limiters.html#assigning-and-using-limiters

      So something like, LAN rule, allow from device IP (or any) to BackBlaze_Alias, set an IN pipe to your 10Mbps limiter.

      Remember it will take effect for new connections.

      Often times, the device can do that also, for example Datto and rsync have speed limits I know. I don't know about Backblaze.

      DNS probably won't work for your alias. If their list of subnets is incomplete, pfBlocker has a way to create aliases by ASN (company/registered IP blocks).

      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
      Upvote 👍 helpful posts!

      L 1 Reply Last reply Jul 18, 2024, 6:59 PM Reply Quote 1
      • L
        lburns @SteveITS
        last edited by Jul 18, 2024, 6:59 PM

        @SteveITS

        Thanks man.

        While you typed this, I set up a virtual server and tested in a sandbox..got it!

        fda705f3-a69e-4b65-9d88-296fdf82f207-image.png

        1 Reply Last reply Reply Quote 1
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received