use traffic shaper in firewall rule

_shorty · June 24, 2025, 04:10:38 PM

Hi there,

I do have currently a running setup with a traffic shaper to limit uploading traffic from my nas to the offsite location. This traffic shaper is currently manually enabled or disabled depending on my working hours from home office.
I would like to automate it and use this traffic shaper in a firewall rule. Because this offsite location connects via Wireguard I tested rules in the LAN and WG0 Network part of the rules but nothing worked so far.

How can I achive this because only adding the queue or rule won't change (or better limit) anything. Is there a trick that I need to know to get it working?

Regards,
Shorty

Seimus · June 26, 2025, 09:51:34 AM

Its a rule so for it to work it needs to be 1st matched.

If you put it into pf (firewall rules), it needs to be on the TOP, if any other rule before it is being matched the rule with shaper attribute will not be applied.

Regards,
S.

_shorty · July 09, 2025, 08:32:07 AM

Thanks @Seimus , but do I need to assign Pipes or Queues to the rule and how should this rule look like?
I created one on LAN network with destination WG0 but it isn't applying this rule (attachments).

Seimus · July 13, 2025, 06:53:05 PM

Yes you need to put in there either an already configured Pipe or a Queue that is attached to a Pipe.

the Rule direction is IN which I think means Upload reverse should be download.

Did you try to switch it?

Regards,
S.

saleh · November 26, 2025, 09:49:20 AM

@_shorty Have you gotten traffic shaper in the firewall rule working? If yes, please share with us a screenshot of the pipe and firewall rule settings.
Thank you.

Seimus · November 26, 2025, 08:04:43 PM

Pipe & Queue is individual, its configured exactly as is described in Shaper Docs.
The traffic shaping feature in FW (pf) rules doesn't change how the Pipe and Queue is configured, it doesn't change how it operates.

When you use pf Traffic Shaping feature, you set the direction to UP or DOWN depending on the RULE direction depending on the Interface.

For example,
If I have an Queue-any-any-UP and Queue-any-any-DOWN, that are attached to their respective pipes Upload and Download.
I create a rule on WAN with direction of the rule OUT. In the traffic shaping direction I set Queue-any-any-UP and reverse direction Queue-any-any-DOWN.

Regards,
S.

saleh · Reply #6 - Re: use traffic shaper in firewall rule

Thank you so much for your quick reply, Seimus.

For Queue-any-any-UP or Queue-any-any-DOWN, do we need to configure the interface, source, destination, and direction as well, or is it enough to simply create them and attach them to their respective pipes?

Best regards,
Saleh

Seimus · Reply #7 - Re: use traffic shaper in firewall rule

Quote from: saleh on Today at 09:50:22 AMdo we need to configure the interface, source, destination, and direction as well

I am not sure what you mean by this.

PFs Traffic Shaping just replaces the RULEs section under FW > Shaper > Rules. This gives you a possibility to use all the features of PF rules, but as well to reduce the number of needed rules. As you can use just one RULE to classify UPLOAD and DOWNLOAD, instead of two needed rules in the old ipfw rules (FW > Shaper > Rules).

For Pipe and Queue configuration you follow the docs and best practices, e.g at minimum separate PIPEs and QUEUEs for Upload and download.

Regards,
S.

use traffic shaper in firewall rule

_shorty

June 24, 2025, 04:10:38 PM

Seimus

June 26, 2025, 09:51:34 AM #1

_shorty

July 09, 2025, 08:32:07 AM #2 Last Edit: July 10, 2025, 02:10:45 PM by _shorty Reason: adding more information

Seimus

July 13, 2025, 06:53:05 PM #3

saleh

November 26, 2025, 09:49:20 AM #4

Seimus

November 26, 2025, 08:04:43 PM #5

saleh

Today at 09:50:22 AM #6

Seimus

Today at 11:42:58 AM #7