The limiters option in pfSense allows you to set up a series of dummynet pipes. Dummynet is a command-line, FreeBSD traffic shaping utility that was designed to simulate different connections. You can do such things as set bandwidth limits and impose scheduling and queue management policies.
You can begin setting up a limiter by navigating to Firewall | Traffic Shaper and clicking on the Limiters tab. On the left-hand side of the page, there will be a button enabling you to set up a new limiter; you can also edit existing limiters on this page. Keep in mind that it is a good idea to set up both in and out queues, and that any newly created limiters will have no effect until traffic is assigned to it.
There are two sections on the configuration page for limiters: limiters and advanced options. The first option, the Enable checkbox, allows you to enable the limiter and all its children. There is a Name edit box where you must edit a name for the limiter.
The next section of the page, Bandwidth, is where you enter the upper limit for the bandwidth. The Schedule drop-down box allows you to select a time frame in which the bandwidth limit will be imposed, provided that you defined a schedule entry using pfSense's Schedule option. You can have multiple schedule entries by clicking on the Add Schedule button, or avoid using schedules entirely by selecting none in the Schedule drop-down box.
In the Mask drop-down box, you can set up the limiter so that it only applies to either source or destination addresses. Selecting either Source address or Destination address will cause a dynamic pipe to be created for each IP address encountered, thus making it easy to specify bandwidth limits per host. If you choose a source or destination address as your mask, you must also specify either IPv4 or IPv6 in the appropriate drop-down box. You may also enter a description in the Description field.
The next section, Advanced Options, isĀ mainly useful if you want to simulate certain network connections. I don't foresee them being used that often in real-world scenarios, since they involve deliberately creating a suboptimal data pipe. For example, Delay (ms) allows you to specify a delay, and Packet loss rate allows you to specify a rate of packet loss expressed as a fraction of 1 (0.1 will drop 1 in 10 packets; 0.01 will drop 1 in 100, and so on). Queue size (slots) allows you to specify a number; pfSense will then create a fixed-sized queue accommodating the number of packets specified. Bucket size (slots) is the parameter where you can specify the number of slots in the bucket array used for source or destination hashing. When you are done, click on the Save button.
The question remains as to what these limitersĀ are good for, anyway. One possibility is that you could use them to set up guaranteed minimum bandwidth queues. You can do this by creating a total of four queues, or two pairs of queues (each pair will have an upload queue and a download queue). The first pair will be for guaranteed minimum bandwidth. For these queues, set the upper bandwidth limit as the amount you want as the guaranteed minimum bandwidth. The pair should have the upper bandwidth limit set to whatever bandwidth is left after you have allocated bandwidth to the first pair. Then, when you configure your traffic shaping rules, make sure that you direct guaranteed service traffic into the first pair of queues, and everything else into the second pair of queues.