The next two subsections will demonstrate how we can modify and add traffic shaping needs to meet specific requirements not addressed by the traffic shaper wizard. Since modifying an existing rule is somewhat easier than adding new rules, we will walk through the process of modifying a rule first.
As you might recall, the traffic shaper wizard lets us assign a single IP or alias to the low-priority queue. This queue is the qOthersLow queue. Let's assume we want to make the following modifications to the rule:
- The offending traffic has, as its destination, the IP address 10.1.1.1 (a private address, but acceptable as an example).
- The offending traffic has been traced to one or more macOS nodes; so we only want to penalize traffic coming from macOS systems.
- The only traffic from this range of IP addresses that we want to ban is VoIP traffic. Therefore, we will only penalize UDP traffic.
Although the traffic shaper wizard does not give us this level of granularity, we can do this easily by changing the existing penalty box rule. Thus, we begin navigating to Firewall | Rules, clicking on the Floating Rules tab, and then clicking on the Edit icon for the penalty box rule. The necessary changes are relatively easy to make:
- Protocol is currently set to Any; we want to change that. Select UDP from the drop-down box.
- In the Destination section, select Single host or alias in the drop-down box, and then enter 10.1.1.1 in the adjacent text box.
- The next option is in the Advanced Options section. Thus, click on the Display Advanced button.
- The first option is the Source OS drop-down box. Select MacOS.
- Click on the Save button at the bottom of the page. When the Floating Rules table reloads, click on the Apply Changes button.
Hence, with little difficulty, we are able to alter the penalty box to meet some very specific requirements. In a real-world scenario, you might want to monitor the network for the next few days to make sure that the rule has the intended effect.