4

Is it possible with PFSense and Traffic shaping to make watching movies really not worth it. We had a problem a while back (our inbound pipe was full) and it got people off youtube and back on to doing what they should be doing while at work.

I'd like to just degrade youtube, dailyshow, break, etc... so that it isn't worth watching at work without having to threaten anyone.

We have a dual homed PFSense v2 firewall.

I'm not trying to single out people, those that aren't using youtube won't notice this a bit.

boatcoder
  • 548
  • 2
  • 4
  • 19

1 Answers1

4

At L3 this is rather difficult to achieve - you would want to filter on HTTP request (or even response) headers rather than on IP addresses.

While some packet filters offer "deep packet inspection" and PFSense offers some support for it as well, configuration is not as smooth as it could be. Consider forcing HTTP requests through Squid instead. It has some handy controls for bandwidth management where a "burst" and a "steady" bandwidth can be defined with delay pools for a variety of source and destination combinations.

Squid is available as a PFSense package, too, although delay pool configuration options via the GUI do not have a "throttle flash videos" switch, so you likely would want to edit the config files yourself:

pfsense Squid configuration screenshot

(Screenshot from http://dd-wrt-setup.blogspot.de/2011/12/pfsense-proxy-server-setup.html)

the-wabbit
  • 40,319
  • 13
  • 105
  • 169
  • Part of the problem we have is that we are multi-homed, and we haven't gotten squid working well in that environment (with auto-failover). We can look into it some more though, if you have details on making it do auto-failover in a multi-home scenario, that info would be appreciated. – boatcoder Apr 17 '13 at 19:49
  • @Mark0978 what was the trouble? Ideally, a failover should only affect your routing tables which should not be a problem with Squid. – the-wabbit Apr 17 '13 at 20:57