How does a guy perform per element bandwidth limiting or per interface bandwidth limiting? How does it work together with Adam?
Hi @nckrwlmn
Bandwidth shaping and limiting is a function of the firewall appliance and not specific to adam:ONE.
You can do it per gateway logical interface as well as you describe. The elements would be port, IP, protocol.
Okay I was just wondering because I thought those limiters are added in the firewall rule set, and Adam has control over those rule sets. (Everything is “allowed” through to Adam one.)
Yes you’re right, if you want to do policy based traffic shaping it’s not compatible with DTTS.
What would be an example of policy based shaping? Isn’t a per ip bandwidth limit also not compatible?
Applying a QOS or Routing rule based on IP src or dst would be policy based versus system wide.
With DTTS it’s only possible to do system wide because of how it dynamically creates allow rules.
If you want to throttle connections to an online backup service that’s not a big deal, because you’re allowing connections there anyway, so a policy based rule would be just fine.
Okay so to clarify, can I rate limit every device to a certain speed regardless of protocol or port?
Yes, it’s called Dynamic queue creation as talked about here https://docs.netgate.com/pfsense/en/latest/trafficshaper/limiters.html#dynamic-queue-creation
Essentially it creates a pipe limiter per mask, in this case we’d set the mask to the source address.
So if i create this rule, and i make a lan rule, source any to destination WAN, wont that bypass dtts? Essentially create an enabler for all traffic?
What I’d do is creating a floating rule, and set the action to Match instead of pass. Match can be used to apply certain policies to the traffic besides simple block and allow.