pfSense 2.0-BETA5: Unable to limit IPs in Penalty Box

  • Currently running 2.0-BETA5 (i386) built on Thu Feb 10 20:50:06 EST 2011.  The system has one wan and one lan interface.

    I am trying to put a single IP into the penalty box using the traffic shaping wizards (your choice of Single-LAN/multi-WAN or multi LAN/WAN).  In short, this does not work.

    Looking at the pf config, you can see that queues have been set up:

    grep queue /tmp/rules.debug
     altq on  em0 hfsc bandwidth 650Kb queue {  qACK,  qDefault  } 
     queue qACK on em0 bandwidth 14% hfsc (  ecn  , linkshare 14%  )  
     queue qDefault on em0 bandwidth 7% hfsc (  ecn  , default  )  
    pass   out  from any to any  queue (qOthersLow)  label "USER_RULE: Penalty Box"

    But the Penalty Box queue qOthersLow is not defined in the altq statement and the particular IP I am trying to penalize does not appear in the pf config at all.

    This is a long-running problem (eg.,22344 ) which is probably due to be fixed.


  • Rebel Alliance Developer Netgate

    It may help to have the shaper section of your config.xml as well as the entire contents of /tmp/rules.debug

  • I've attached the shaper section of config.xml and the entire rules.debug file.

    The address I am attempting to block ( - and other details of the Penalty Box configuration do appear in the ezshaper section of the xml, but does not make it through to rules.debug.


  • I am having the same problem. Were you able to solve this issue?

    Is traffic shaping (penalize ip) totally disfunctional in pfSense?

    Gurus some input please.

    My post related to this:,36002.msg185862.html#msg185862


  • Can you please show even the ezshaper section from your config?

  • My other post (referenced above) includes all the snapshots but here is the configs:

    I thought penalize would be a no-brainer as this is not even QoS.

  • Anything on this?


Log in to reply