Traffic Shaping Rules in pfSense 2.1

Creating traffic shaping rules in pfSense 2.x is handled a bit differently than in previous versions of pfSense. In the old pfSense, traffic shaping rules were controlled by navigating to Firewall -> Traffic Shaper, clicking on the “Rules” tab, and then adding or editing rules as needed. Now, all rules, whether they invoke traffic shaping queues or not, are controlled by navigating to Firewall -> Rules.

An Example: Creating Traffic Shaping Rules for BitTorrent

Traffic Shaping Rules

Adding a traffic shaping rule to put BitTorrent traffic into the P2P queue in pfSense 2.1.

The option to place traffic into a queue can be found by scrolling down to “Advanced Features“, and pressing the “Advanced” button next to Ackqueue/Queue. To illustrate the process, let’s create traffic shaping rules to explicitly direct BitTorrent traffic coming in and out of a specific port into the P2P queue. Although we’re doing it here just to illustrate the process, if you are using BitTorrent, there may be a legitimate reason to make a special rule for this traffic. pfSense relies primarily on ports to tell what program the traffic appears to be rather than examining the packets. Since BitTorrent relies on non-standard ports, it is quite possible that such traffic will not automatically go into the P2P queue. There is a way of identifying traffic based on the content of the packets instead of just the source or destination ports known as layer 7 shaping (deep packet inspection). This feature is only found in pfSense version 2.0 and newer. Layer 7 shaping will be the subject of a future article, but for purposes of this exercise, we will assume that this is not an option. Therefore, we endeavor to take the following measures: [1] use the P2P Catchall rule; [2] treat the default queue as low priority, and [3] make rules for each type of traffic you want.

Traffic Shaping Rules

Configuring the queues under Advanced Settings at Firewall -> Rules.

The P2P Catchall rule is added by using the traffic shaper wizard, which was covered in a previous article, and editing queue settings was also covered in a previous article, so I will focus on making rules to cover BitTorrent traffic. To begin, we will go to Firewall -> Rules and click on “plus” to add a firewall rule. We want to leave the “Action” as Pass, and choose WAN as the “Interface“. For “TCP/IP Version“, we will select IPv4+IPv6. We’ll leave the “Protocol” as TCP and leave “Source” unchanged. For “Destination“, we’ll select “Single host or alias” and type in the address of the target computer (in this case, For “Destination port range“, we will put our BitTorrent port (22453). We will not log packets, but we will enter a brief “Description“. Scrolling down to “Advanced Features“, press the “Advanced” button next to “Ackqueue/Queue“. Select “qACK” for the Ackqueue and “qP2P” for the queue. [This assumes we set up a P2P queue earlier.] Then press the “Save” button to save the rule and press “Apply changes” on the next page.

Now we have a rule to handle incoming BitTorrent traffic, but there is also outgoing traffic, and we want to set up a rule to handle that as well. To do so, click on the “plus” button. We will keep most of the settings for the previous rule, but we will change “Interface” to LAN and “Destination” to WAN subnet. We will again specify 22453 for the “Destination port range” and “qACK” and “qP2P” for the queues. Again, press “Save” to save the rule and “Apply changes” on the next page.

Now, we have traffic shaping rules for both incoming and outgoing BitTorrent traffic on port 22453 configured, thus ensuring that traffic on that port will go into the P2P queue. You’ll want to enable the P2P Catchall queue if you didn’t already, and limit the bandwidth used by the default queue, but otherwise, we should be set up to handle BitTorrent on our chosen port.

Other Articles in This Series:

Traffic Shaping in pfSense: What it Does
Traffic Shaping Wizard: Introduction
QoS Management Using the Traffic Shaper Wizard
Queue Configuration in pfSense 2.1
Layer 7 Groups in pfSense 2.1
Bandwidth Limiting with the pfSense Limiter
Deep Packet Inspection Using Layer 7 Traffic Shaping

External Links:

pfSense Bandwidth Management – How to Configure the Traffic Shaper at

Link Ads:

Be Sociable, Share!

Speak Your Mind


© 2013 David Zientara. All rights reserved. Privacy Policy