Limit speed of one PC when others require Internet

  • Basically, I have five machines. One of which is used for downloading. I want that machine to have full use of the ADSL connection normally. But, when any of the other machines request internet access over ANY protocol I want that machine to be throttled totally by its IP address so that it has no throughput and thus gives full bandwidth to any other machine requiring it.

    Is this possible in pfSense?


  • You can use PRIQ as the shaping algorithm

    Assign the downloading PC to the lowest priority queue using its IP address in the firewall rules.

    Assign the rest to a higher priority queue.

    That is about it.  You won't be able to get the download PC to completely halt traffic but you can greatly reduce the amount of bandwidth it gets based on how much the rest need.

  • Thanks for your reply. I have tried to do what you suggest but I am battling a bit. Do you think you could possibly give me a few more of the streps involved to get the desired outcome? I am not terribly good at pfSense just yet. Any help would be greatly appreciated. Have been trying to figure this out for a week now.

    Should I start by running the wizard? I would prefer to not really have any other shaping going on besides limiting the one machine when the network is otherwise active.


  • You can also set priorities on browsing :)

  • You can run the traffic shaper wizard and select Priq as the algorithm, punch in your upload and download speeds (actual; not rated) accordingly.

    Run through everything (no need to check anything).

    You should have a simple priq parent queue for WAN and for LAN.

    Go to Firewall -> Traffic Shaper.
    Click 'LAN'.

    Click 'Add New Queue'
    Set priority to say 7.
    Name it as qAck.

    Add queue again.
    Set Priority as 5.  Set as Default Queue.
    Name it qDefault.

    Add another queue.
    Set Priority as 1.
    Name it qLow.

    Repeat for WAN tab.

    Now go to Firewall -> Rules.
    Click Lan tab.
    Click the 'e' button beside the 'Default allow LAN to any rule'.
    Scroll down till you find 'Ackqueue/Queue'.
    Set to:  qAck/ qDefault
    Click Save.

    Now click the '+' sign beside the rule.
    Go to 'Source'.  Change from 'LAN subnet' to 'Single Host or Alias'.  In the box below, fill in the IP address of the computer to throttle.
    Scroll down to 'Ackqueue/Queue'.
    Set to: none/qLow.
    Rename the Description to 'Throttle Download'.
    Click save.

    In the LAN tab, you will now see both rules.  Check the box to the right of 'Throttle Download' then click the Arrow button beside 'Default allow LAN' rule to move the throttle rule above it.

    Click Save.  This settles the upload throttling.

    Now for download throttling.  This gets slightly trickier.
    Click on 'Floating Rules' Tab.

    Click Add new rule (+ button).
    Check 'Apply the action immediately on match' box.
    Under interface, choose WAN only.
    Set direction to 'In'.
    Set Protocol to Any.
    Set Source to Any.
    Set Destination to Single host with IP of the download machine.
    Go down and set the queues to none/ qLow.
    Set Description to 'Download throttle'.
    Save the rule.

    Under floating rules, duplicate this rule.
    Change Destination to 'Lan subnet'.
    Go down and set the queues to qAck/ qDefault.
    Set Description to 'Default CatchAll'.
    Save the rule.

    No re-ordering is necessary.  Just click the save at the top of the page.

    That should do the trick.

Log in to reply