Help Shape Outbound FTP traffic
I am trying to shape my outgoing FTP traffic by putting it in a lower priority que. My other Floating rules are working fine, but am having issues with the FTP. I created a Layer7 FTP rule (attachment 1). By itself it doesn't seem to do anything. After some research it looks like I needed to apply it to a Pass floating rule. So I created a rule for Active FTP (Destination port 20) from Any. Under advanced features I set the AckQueue/Queue to the qAck and qOthersLow, and the Layer7 field to my FTP rule (attachment 2). It doesn't seem to catch anything.
If I remove the port number, it catches things it shouldn't (like traffic to remote computers over the IPSEC VPN.)
Anyone have any idea's on how I can identify and filter FTP traffic, both passive and active?
Edit: I am using HFSC, but I don't think that matters for this question.
![FTP L7.png](/public/imported_attachments/1/FTP L7.png)
![FTP L7.png_thumb](/public/imported_attachments/1/FTP L7.png_thumb)
KOM last edited by
What do you mean when you say outgoing FTP? Upload from your desktop to the Internet, or outbound from your LAN-based FTP server? Floating rules use the MATCH action, not PASS, from what I remember.
What do you mean when you say outgoing FTP? Upload from your desktop to the Internet, or outbound from your LAN-based FTP server?
Upload from desktop to an FTP server on the internet.
Floating rules use the MATCH action, not PASS, from what I remember.
I tried that, but it said when I did it that Layer7 needed to be a Pass rule, which is why it is set to Pass.
I'm still researching. I found that maybe pfSense has an FTP helper built in and this might be breaking the queue. Does anybody know?
KOM last edited by
You might have better luck elevating important traffic to a high-priority queue and relegating all other traffic, including FTP, to a low queue.