Traffic Shaping on Floating Rules

  • Hi guys

    I'm trying to do traffic shaping for some floating rules. I created new limiters for up and download bandwith and add this to a rule. (have a look at the pictures)

    The problem is that if I do a speedtest (doesn't matter ipv4 or ipv6) the maximum bandwith is used.



  • Rebel Alliance Developer Netgate

    When using limiters on pass rules, make sure you check "quick" or it will fall through to other rules and not use that one.

    Or use the Match action, not pass. I believe that should work with limiters on current 2.1 snapshots.

  • Thanks for your answer

    I enabled the quick option in the firewall rules but it still doesn't work. I do not understand exatcly how many and what I have to configure.

    Did I need 4 rules ?

    –> ipv4 direction IN and limiter IN and OUT
          --> ipv4 direction OUT and limiter IN and OUT
          --> ipv6 direction IN and limiter IN and OUT
          --> ipv6 direction OUT and limiter IN and OUT



  • Hi there

    Can somebody please explain me how I have to configure the traffic shaping on floating rule. I have some knowledge problems to get this working.

    The goal is that 3 interfaces can share a defined amount of bandwith for up and download.



    UPDATE: When I set the floating rule direction to IN I can ping from the OPT1 to the Internet. After I set the limiter parameters IN/OUT the connection doesn't work anymore :(

  • Forgive my lack of knowledge about pf, but setting a "pass action" on a floating rule, direction -> in, could be a risk for internal LAN protection? (or should we use "match" instead, as suggested).

Log in to reply