You should apply queue on interface attached to network you want to limit
banwidth from. For example if your home network attached to 1GB em1 and you
want to limit web for certain ip addresses, perhaps something like this will
work
...
table <slowip> { ip addrs list }
queue lanq on em1 bandwidth 950M
queue landefq parent lanq bandwidth 950M qlimit 1024 default
queue slowweb parent lanq bandwidth 32K max 64K
match in on em1 proto tcp from <slowip> to port { www https } set queue slowweb
match out on egress inet from !(egress:network) to any nat-to (egress:0)
...
Some examples on Solene`s page:
https://dataswamp.org/~solene/2021-02-07-limit.html
And also there is a Book of PF written by Peter N. M. Hansteen
On Mon, Jun 14, 2021 at 11:59:59AM -0600, Ashlen wrote:
> Hello. I have an APU4D4 running OpenBSD and acting as a router for my
> home network. It connects to the Internet via pppoe(4), which uses em(4)
> as the physical interface.
>
> The router has a /etc/hostname.wg0 file that connects it as a client to
> my VPN provider on boot. Then, /etc/pf.conf has a nat-to rule for
> WireGuard, for IP masquerading. Here's said rule:
>
> match out on wg inet from !(wg:network) to any nat-to (wg:0)
>
> In pf.conf(5), there's mention of this simple configuration
> for bandwidth control:
>
> queue outq on em0 bandwidth 9M max 9M flows 1024 qlimit 1024 \
> default
>
> I want to employ this rule. My question is, which interface is
> appropriate to choose for queueing? pppoe0, em0, or wg0? I'd think wg0,
> as I'm unsure how pf(4) would classify traffic otherwise. However, I'm
> not confident in that conclusion, so I decided to ask.
>
> If additional details are needed, I'm happy to provide them.
>
> --
> https://amissing.link
>
