pfSense, limiters and Rule processing

I implemented limiters for a guest network. They work great, and throttle exactly as I want them to.


All of the documentation points to making the “pass” rule as the first rule in the pfSense set. I’ve got other rules on that network. If pfSense sees this rule for the limiter, since the traffic matches it (it’s a any,any rule), won’t it ignore the remaining rules?

I’ve got other rules that would need to go in front of it, but they won’t be limited. Is the solution to include the advanced section on every single rule I implement for that interface so that the traffic that passes goes through the limiters? I think that’s the case, but it’s never mentioned in the docs.

That doesn’t sound logical.

Perhaps you need to review your rules, I have a suite of rules, the last of which exits traffic out of the WAN, that’s where I place my traffic shaping rules.

Though it depends on what you are trying to achieve, sounds like you want traffic on the Guest network to reduce bandwidth when the private network is in use.

My goal is just to limit the guest network up/down speeds to reserve bandwidth for the LAN.

I guess what I should really be doing is just assigning this to the rule for traffic going to the WAN instead of using an any/any rule.

That’s easy enough, in the Firewall > Traffic Shaper > By Interface you can apply a hard limit on your Guest.

It’s not very elegant. There is a way to basically allow any network to use the maximum bandwidth then throttle the bandwidth when another network needs it, I think it uses the HSFC.

Tom has a vid on limiters where he references a Canadian guy who gives this solution. It’s pretty involving so you need to role up your sleeves !!

this guy.

1 Like