Limit bandwidth for a host behind NAT in pfsense

I have a ssh VM which bandwidth to the internet I want to limit to 10 Mbit/s outgoing, 50 Mbit/s incoming.


  • pfsense 2.3.X

Setup the limiters

  • Go to Firewall → Traffic Shaper → Limiters and create a new limiter with the following settings:
    • Name: sshout
    • Bandwidth: 10 Mbit/s
    • Schedule: none
    • Mask: none
  • With Mask set to none, we limit the bandwidth globally, if you want it per host, select Source addresses
  • Create a second limiter named sshin with a bandwidth of 50 Mbit/s

Setup the firewall rule

  • Go to Firewall → Rules
  • Create a new Floating rule with the following settings:
    • Action: Match
    • Interface: LAN or whatever interface your host is connected to
    • Direction: out
    • Address Family: IPv4
      • I was not able to create a combined IPv4+v6 rule
    • Protocol: any
    • Source: any
    • Destination: Single host or alias with IP <your host IP>
  • Open the advanced options and modify:
    • Gateway: WAN
      • I had to manually select the gateway but I have multi-WAN so that might be the reason.
    • In / Out pipe: sshin and sshout
  • tutorial/pfsense/limiter.txt
  • Last modified: 2018-06-03 14:10
  • (external edit)