Bandwidth Limiting with the pfSense LimiterOctober 17, 2013 by maximumdx 5 Comments

Creating a limiter in pfSense 2.1Although we have covered a number of powerful features that are part of pfSenses traffic shaping capabilities, we havent yet covered one of the most interesting and useful features: the ability to limit users upload and download speed. In this article, I will describe how to use the pfSense bandwidth limiter.Using the Bandwidth LimiterTo invoke the bandwidth limiter, first navigate to Firewall -> Traffic Shaper, and click on the Limiter tab. At this tab, click on plus to add a new limiter. Check the Enable limiter and its children checkbox, and for the Name field, enter a name for the new limiter. At Bandwidth, click on the plus button to add a bandwidth limit. There are four options: Bandwidth, Burst, Bw type and Schedule. Bandwidth is the maximum transfer rate, while Burst is the total amount of data that will be transferred at full speed after an idle period and is apparently a new setting under pfSense 2.1. Bw type allows you to select between Kbit/s, Mbit/s, Gbit/s, and bit/s. Schedule does not seem to have any options.In the next nection, Mask, you can select Source address or Destination address in the drop down box. If either one is chosen, a dynamic pipe with the bandwidth, delay, packet loss and queue size specified in the Bandwidth section will be created for each source or destination IP address encountered respectively. This makes it possible to easily specify bandwidth limits per host. In the next two fields, you can specify the IPv4 and IPv6 mask bits. At Description, you can enter a description, which will not be parsed.Underneath Description is the Show advanced options button. Pressing this button reveals some additional settings. Delay allows you to specify a delay before packets are delivered to their destination (leaving it blank or entering 0 means there is no delay). Packet loss rate allows you to specify the rate at which packets are dropped (e.g. 0.001 means 1 packet per 1000 gets dropped). Again, you can leave this blank. Queue size allows you to specify a number of slots for the queue, and Bucket size allows you to set the hash size. Finally, press the Save button to save the limiter or Delete virtual interface to delete it. Press Apply changes on the next page to apply the changes.

Creating a firewall rule to limit upload bandwidth. Note that we are using the limiter created in the previous step.Now, the limiter that we just created should be available when we go to make or edit firewall rules. As an example, we can use the limiter created in the previous step to limit the upload bandwidth to 1 GB. Navigate to Firewall -> Rules, and click on the LAN tab. Press the plus button to add a new rule. Leave the Action as Pass, the Interface as LAN, and the TCP/IP Version as IPv4. The Source should be set to LAN subnet, and the Destination should be left as Type: any. After entering a Description, scroll down to advanced features and press the Advanced button next to In/Out, and set the In queue to the limiter created in the previous step. Then press Save to save the rule and Apply changes on the next page.Now, the upload bandwidth on the LAN interface should be limited to 1 Gb/sec. When you navigate to Firewall -> Rules and click on the LAN tab, you should see a small purple circle next to the newly-created rule, indicating that the rule invokes the limiter. If you wanted to limited the download bandwidth, this could easily be done; just create another limiter specifying the maximum download bandwidth, and set the Out queue in the rule to the new limiter (or if you just want to make the upload and download bandwidth the same, use the original limiter).