Apple has launched a new Photos App for OS X, along with the ability to upload your entire library to iCloud. And with prices that are so cheap, there's almost no reason not to. $3.99 a month is cheap insurance to know that every photo I've ever taken of my family won't be wiped out in a tornado.
But with this comes a problem - namely, how do you upload a 150 gigabytes of photos over a 5 megabit network connection? Well, you wait a really long time for it to upload. Which is fine, really, because I'm not in any particular hurry to finish. But, once I started the upload, I noticed that surfing the web became pretty much impossible because the upload to iCloud was saturating my upstream bandwidth.
What I needed was a way to throttle the iCloud upload. I really don't care if that adds a couple more hours or days to the upload. I just need to be able to surf from other devices without problems. But at the same time, I'm not using my connection in the middle of the night. There's no reason it could't go full bore overnight.
And this is where pfSense comes in.
Start by creating a schedule:
- Go to Firewall -> Schedules. Add a new schedule.
- Give it a name. I called mine "Nighttime."
- Click the headers of each day of the month in the calendar. This will apply it to every day.
- Set the start time to 8:00 and the end time to 23:59. This means I want the schedule to be active between 8am and about midnight, which mirrors my usage patterns. You can adjust this as needed.
- Click "Add Time".
- Click "Save".
Next, create a limiter:
- Go to Firewall -> Traffic Shaper. Click the Limiter tab. Click "Create a new limiter".
- Click "Create a new limiter".
- Check "Enable limiter and its children".
- Give it a name. I called my first one "3mb-source" (limit outbound to 3 megabit).
- Under bandwidth, set it to whatever you want the limit to be (in my case, 3 and Mbit/s) and select the schedule you just created from the dropdown.
- Under mask, set "Source addresses".
- Click "Save."
Now, apply the rule.
- Go to Firewall -> Rules. Select the LAN tab. Create a new rule. Configure it as follows:
- Interface: LAN
- Source: Single host or alias, and the IP address of your uploading machine.
- Under "Advanced", click "In/Out". In the first dropdown, select the limiter you made above.
- Click "Save."
- Now, you need to order the rules so that this rule is applied first. Check the box next to the rule you just created, then click the little left-pointing arrow next to the top rule, right underneath the anti-lockout rule.
- At the top, click "Apply Changes".
That's it! Your upstream bandwidth from the uploading machine is now limited to whatever you set it to, but only during the hours specified by your schedule.
Now, if you want extra credit, you could try to identify the upstream server's IP address and craft a rule that only applies the limit to outbound packets to iCloud. Another approach would be to use QoS and de-prioritize packets from the machine. But that was overkill for me. This solution was "good enough" for a temporary measure to keep my network working while the uploading occurs.