Limit torrent download speed by setting fix # of connections?



  • Hi all,

    I've created this video tutorial on how to Limit Download & Upload bandwidth per IP and worked great for http downloads from file sharing sites until this particular user started using torrents then it does not work and user can download way over what limit was set under Firewall > Traffic Shaper > Limiter
    I'm trying to set connections limit under Firewall > Rules > LAN but I'm not sure what to enter and where.
    ![advance options.JPG](/public/imported_attachments/1/advance options.JPG)
    ![advance options.JPG_thumb](/public/imported_attachments/1/advance options.JPG_thumb)



  • Using firewall rules to limit the maximum # of connections won't work in your scenario, because pfSense currently puts any IPs that exceed those limits (defined with pf's max-src-* directives) into the "virusprot" pf table (using pf's overload feature), thus completely blocking all traffic from them.

    I have submitted a related feature request at redmine some time ago:
    http://redmine.pfsense.org/issues/1935



  • @dhatz:

    Using firewall rules to limit the maximum # of connections won't work in your scenario, because pfSense currently puts any IPs that exceed those limits (defined with pf's max-src-* directives) into the "virusprot" pf table (using pf's overload feature), thus completely blocking all traffic from them.

    I have submitted a related feature request at redmine some time ago:
    http://redmine.pfsense.org/issues/1935

    Thanks for the explanation! Looks like the wait is the only option.



  • You can workaround this by installing cron package and reduce virusprot table cleanup time.

    The -t 3600 arg means one hour.



  • I don't even know where to limit those number of connections?



  • Edit the firewall rule you want to set connection limit.



  • I've also experimented with using ipfw's limit src-addr directive to achieve the same result (limit # of connections of a single IP) by hacking captiveportal.inc

    Note: ipfw is FreeBSD's standard  packet filter, which is also available in pfsense in addition to pf, but it's only used for CP L2 filtering.



  • @dhatz:

    Note: ipfw is FreeBSD's standard  packet filter, which is also available in pfsense in addition to pf, but it's only used for CP L2 filtering.

    I think floating rules are ipfw too.



  • @marcelloc:

    Edit the firewall rule you want to set connection limit.

    setting # in Maximum state entries per host would limit numberr of connections?


Log in to reply