QoS in Ipfire, greek much?

Many months ago, I was aware of having to setup QoS in Ipfire but had like two peeks at the interface and documentation and ran away from it, scared shitless.

The QoS rule I had in my olde Asus Router was that 10Mbit of B/W should be reserved to all clients. 10% of my total. It worked very well. In particular when my wife wanted to check e-mails from work it was a very bad idea to have Outlook time out. VERY BAD.

Somehow I did not have the need to deep dive in to QoS in Ipfire until just about now, cause my daughter is downloading a DLC from Steam at the same time I need to check some BW demanding things and … well everything just stalled. Don’t get me wrong, Steam downloads are fine, DLC downloads are also fine. We just had a bit of bad luck with B/W allocation for once.

So I went back to QoS interface in IPFire… sigh… almost running away from it again.

First off, I never seen this things about network classes before. Only in IPFire, not in Asus Routers, not in Zyxel Firewalls (yes I had one of those). I think I can discern Class 204 as somehow relevant. Web traffic in general (?).

Right now my QoS looks like this and I do not know if that is ok, I do not remember fiddling with it.

Perhaps I should somehow reset it to default, but there is nothing about that in the docs. www.ipfire.org - Quality of Service

So what I am after is pretty much the same I had before IPFire. 10% B/W reserved per device, all traffic.

Should be simple enough, but I can’t figure it out.

Some would say a that speed to not use it at all.
I now have gig speed and still use QoS.
The problem I encounter is everything is HTTPS.
So I lower the Guaranteed band with and max bandwidth for that class.
I also lowered my max bandwidth.
You could make a new class just for your wife’s PC.
I did that for my server. Anything it is doing is not time critical.
Per device band with control would be a great option.
If it was a option.
You could do it your self . A new class for every user.
Not sure about performance in the end.
As Jon would say not an Expert.

Na, don’t need anything for a particular device… just something that guarantees a minimum of B/W for every device.

I don’t think that a per user is a default option.
It is by traffic type.
This is probably great for people with lower speed internet.
A per user option would be nice.

But I am not asking about a per user setting?

You asked for a guarantee per device which in most home situations is per user.

Bear in mind that I have never actually set up and used QOS. I have just periodically read and reviewed the doc and blog pages.

QOS works on classes of traffic such as VOIP or Video Streaming or Web Browsing or VPN Traffic.

Having defined the classes of traffic that are important to you and where you want them to have priority of bandwidth, ie no dropped packets, you then have to specify the rule for that class that identifies it.

With some some classes it can simply be the protocol/port.

With others that use random ports then instead of port rules you have to define level 7 rules which will consume much more cpu power.

At the end of the day you will end up with traffic classes that get preference for available bandwidth and the rest of the traffic will get lower priority which can end up in dropped traffic for those less important classes.

I have never used it as I am the only user of the network where I am and my bandwidth never gets anywhere close to being consumed.

In the future I might even drop to a lower bandwidth connection for cost and probably still have more than enough left for my needs.

If you want something that says when this Android phone is being used allow it to do what it wants in terms of bandwidth then I am not sure if QOS is the tool to do that for you if the same type of traffic could occur on another device such as a laptop where you want to have that limited.

You need to have input from other forum users who are using QOS in a home situation with multiple family members.

1 Like

I do use QoS.
Your best bet is to create a user for your Wife’s PC, it will not need that much band with.
There are 5 peaple in my home.
And Steam downloads from multiple users is a problem without QoS.

Ok, starting over.

  1. Bandwidth.

I have Fiber.
What do I select?
There are no examples or clarifications of this in the Docs.
Using what I know about my connection I can deduce it is not PPOE.
I do not know what DOCSIS is.
I do not think Bridged may be relevant.

Suggestions? Who should know this? My ISP?

The RESET selects Conservative, but is this relevant for my connection?

Or maybe I just have to change this rule

and give it a higher priority?

Webtraffic has both 104 and 204… ah, its one for each interface…

In the context of firewall classification, classes 104 and 204 refer to different categories or types of network traffic. The specific meanings of these classes may vary depending on the firewall vendor or the classification system being used. However, I’ll provide a general explanation based on common practices.

Class 104 (Streaming Video):

  • In some firewall classification systems, class 104 is used to categorize streaming video traffic.
  • This class typically includes video streaming protocols and applications such as RTSP (Real-Time Streaming Protocol), RTMP (Real-Time Messaging Protocol), and HTTP-based video streaming.
  • Firewall rules associated with class 104 are often used to prioritize or manage bandwidth for video streaming traffic to ensure a smooth user experience.

Class 204 (Peer-to-Peer):

  • Class 204 is commonly used to classify peer-to-peer (P2P) network traffic.
  • P2P networks involve direct communication and file sharing between individual client devices without relying on a central server.
  • Examples of P2P applications include BitTorrent, Gnutella, and various file-sharing protocols.
  • Firewall rules associated with class 204 are often used to control or restrict P2P traffic, as it can consume significant bandwidth and may be associated with copyright infringement or security risks.

Can one use “any” in regards to port?

How do you export these rules? Where are they saved?


I dont have a solution for you but i am testing the same thing pretty much.
I got IPTV at home and whenever any of the kids download something from steam my IPTV laggs alot untill they are done. I want to reserve traffic
for a specific device so that this lagging does not happen.

Since documentation is a bit thin on this matter and googling doesnt
help a noob much either i’ve just configured it going to trial and error.
I’ve activated QoS and choose “Conservative” as link-layer encapsulation.
I also let ipfire make all the classes automagicly and then i made own parentclass and set priority 1.

Then i added rules to this class, I choose Level7-protocol
and added source ip from my iptv box and destination ip from where
the stream comes from.
Now i have to test if this works properly.

I think for your surfing ect… i dont think you need to tinkle with it much
if you let ipfire create all the classes you can basicly edit priority for the webtraffic and set it to 1 and see how it goes.

Since documentation is thin we are left to trial and error ourselves.
I’ll update here on whatever findings i come up with in my test.

1 Like

About classes see wiki

About Link Layer Encapsulation see, for example,


To reset, go to the Modify button next to your bandwidth settings (the same screen you took a screenshot of in post 7 above), make sure your bandwidth up and down speeds are accurate, then click the RESET button. Link-Layer Encapsulation is not as critical. You can pick Conservative for now, and if someone comes along with a better choice for your Fiber connection, you can change it then.

Now, just turn it on and leave the settings default. Don’t mess with classes, etc. The default settings should give you a good idea whether it will help you or not. Try to replicate the situation that caused you to look into QoS again. See if you notice a difference. Report back. :slight_smile:

1 Like

If you have not setup QoS
I would run some speed tests
Perhaps at different times of day.
Then I would take that number and knock
5-10% off your max speed.
And put those numbers in your QoS settings as a starting point.

Yeah, did and keeping that for now.

With the other change I posted…

I did add IMAP to 104 and 204 since we handle most of our mail with IMAP.

Will try some tests later… or find some way to test repeatedly… QoS Test - Network QoS Management & Monitoring | SolarWinds might want to find something simpler and cheaper… :stuck_out_tongue:

As for Bandwidth settings and that selectable dropdown for link-layer encapsulation: found this

Extensive framing compensation (for DSL/ATM/PPPoe)

The initial cake-overhead patch included only “raw” and “conservative” shortcut keywords, alongside the numeric “overhead” parameter for experts. I’ve now worked out an extended set of keywords which, I think, takes care of all the normal cases.

There are eight new keywords which deal with the basic ADSL configurations. These switch on ATM cell-framing compensation, and set the overhead based on the raw IP packet as a baseline.

ipoa-vcmux (8)
ipoa-llcsnap (16)
bridged-vcmux (24)
bridged-llcsnap (32)
pppoa-vcmux (10)
pppoa-llc (14)
pppoe-vcmux (32)
pppoe-llcsnap (40)

Note that “pppoa-llc” is not a typo - it really doesn’t involve SNAP, and is thus a little more compact than if it did.

Two more new keywords deal with the basic VDSL2 configurations. Again, the overheads use IP as a baseline, but this time ATM cell-framing is turned off.

pppoe-ptm (27)
bridged-ptm (19)

So I am assuming none of the above is relevant.

Which leaves the two Ethernet options that according to Bufferbloat is:

For those interested in shaping ethernet links the following keywords are defined.

ether-phy (20) - pre-amble, inter-frame gap
ether-all (24) - pre-amble, inter-frame gap & Frame Check Sequence.

but do not correspond to what is available. :interrobang:

I have had QOS enabled for a while now to try and prevent bufferbloat.
In order to determine your speed you will need to test with QOS disabled and no other activity.

You should have an idea of the upload and download speeds that you are supposed to have, but the tested may be higher or lower than advertised.

Using a bufferbloat test such as https://www.waveform.com/tools/bufferbloat will show if you have latency/bufferbloat problem.

Plugging in the max speeds and testing repeatedly adjusting the speeds down until you get the best rating you can.

As far as the allocation, I have never had the need to change the defaults. You will notice that all connections have a guaranteed minimum and range up to the maximum.

See if the default works and adjust minimum from there, if needed.

Usually, once you find the best up and down setting to reduce bufferbloat the connection will be optimized and not need further attention unless the service changes.

1 Like

Have 100/100 contracted with my ISP, which in reality often is more like 105-110/105-110.

Hardly any bufferbloat, tested and verified many times.

Right now my settings seem to work, but I do not really know how to test if a comp really gets 10MBit while another is using (in theory) 90MBit. I never get 100MBit down speeds anyhow from Internet, which is fine, even when testing from sites that have prepped packages you can download, or get a big Linux distro from a geographically close ftp…

First sentence you say your speed exceeds the ISP limits. Last paragraph you say you “never get 100MBit down speeds anyhow from Internet”. I’m confused.

As to how tell how the bandwidth is divided, I can’t say for sure. You could test that with two PCs, though. Just start a download on one, the browser will tell you download speed, then start a download on the other and see how the download speeds both drop. But if you get an A or higher grade on the bufferbloat test linked above, you should be good. Test your connection with QoS enabled and disabled. If you get an A with it disabled, there’s probably no need for QoS. Perhaps the situation that lead you to look at QoS had nothing to do with running out of bandwidth. Maybe there was a network timeout on a remote server. Could’ve been a lot of things besides bufferbloat.


It is a bit off topic but some time ago I had this discussion in a tech forum that for most of the time it really doesn’t matter what speed you are subscribed to with your ISP, you will only ever get as much MBit/s as the server you are connected to can provide.
Say you are downloading movies or linux distros or whatever, for each of those downloads you will never get higher download speeds than the offering server is able to provide, considering it’s bandwidth, the bandwidth available on the connection links (ISP-Backbone-ISP) and circumstances in general.
Essentially even if you have multigigabit conn or “only” double digit MBit conn, the reached download speed depends on so many more factors than just what speed your ISP claims to be able to provide.
Summing up: While having a high-speed internet plan is beneficial, the actual download speed you experience depends on various factors beyond just the speed your ISP provides. Server limitations, network congestion, peering agreements, local network setup, and ISP policies are all affected by this. Thus, even with a gigabit connection, you might not always experience gigabit speeds for every download.
Ultimately, and looking at your own hardware, another bottleneck resides in the I/O speeds of your storage media. Being able to download at 5GBit is moot, if you can only write 100MB/s to your HDD. You need high speed NVME SSD drives for that.

Interesting comments @sec-con

Some months ago I upgraded my Internet Service to 1Gps/40Mb (temp for one month only). I wanted to experience gigabit internet. And do some testing too of course.

Using speedtest I was measuring no where near the 1Gps. Then using iPerf3 I learnt that my bottleneck was inside my own LAN. Once I sorted that out I was seeing consistently as good as 1Gps.

Generally here Downunder we get close to advertised speeds (most of the time). I remember well modem dialup days (1200bps). I now have fiber into the home / office. Living the dream!

Funny thing happens… when resolving one bottleneck another appears and so on and so on.

My sweet spot @ home / office is 75/20Mbs. Any faster (for me) not worth the extra cost.

Loving IPF.

1 Like