How can I limit the speed for certain IPs in my network using OpenWrt 25.12.0?

S1ERGE1Y · March 7, 2026, 6:33pm

I need to limit the speed for some IPs in the network in OpenWrt 25.12.0. For example, I want to limit the speed for 192.168.137.247 and 192.168.137.230 to 512 kbytes. Or, if possible, I want to apply a limit based on the MAC address. Please give me work instruction what I can to do

anon63541380 · March 7, 2026, 6:40pm

What operational problem you are trying to solve?

S1ERGE1Y · March 7, 2026, 7:00pm

Bad ping on online games, then some devices watch youtube on 4k

anon63541380 · March 7, 2026, 7:04pm

SQM is tailored for your purpose.

S1ERGE1Y · March 7, 2026, 7:16pm

I don't see on SQM config this option, you have link to manual how to do that?

pavelgl · March 7, 2026, 7:57pm

Check if this works on 25.12

uci add firewall include
uci set firewall.@include[-1].type='nftables'
uci set firewall.@include[-1].path='/etc/rate_limit.nft'
uci set firewall.@include[-1].position='chain-pre'
uci set firewall.@include[-1].chain='forward'

cat << "EOF" > /etc/rate_limit.nft
ip saddr { 192.168.137.230, 192.168.137.247 } limit rate over 512 kbytes/second counter drop
ip daddr { 192.168.137.230, 192.168.137.247 } limit rate over 512 kbytes/second counter drop
EOF
uci commit firewall
fw4 restart

S1ERGE1Y · March 7, 2026, 8:20pm

I was add this on startup, and its work. Thanks for answer)

#!/bin/sh

# creating table
nft add table inet limit_wan

# chain forward
nft 'add chain inet limit_wan forward { type filter hook forward priority 0; policy accept; }'

# ---- UPLOAD (LAN -> WAN) ----

nft add rule inet limit_wan forward ip saddr 192.168.137.247 oifname "wan" limit rate 384 kbytes/second accept
nft add rule inet limit_wan forward ip saddr 192.168.137.247 oifname "wan" drop

nft add rule inet limit_wan forward ip saddr 192.168.137.230 oifname "wan" limit rate 384 kbytes/second accept
nft add rule inet limit_wan forward ip saddr 192.168.137.230 oifname "wan" drop

# ---- DOWNLOAD (WAN -> LAN) ----

nft add rule inet limit_wan forward ip daddr 192.168.137.247 iifname "wan" limit rate 384 kbytes/second accept
nft add rule inet limit_wan forward ip daddr 192.168.137.247 iifname "wan" drop

nft add rule inet limit_wan forward ip daddr 192.168.137.230 iifname "wan" limit rate 384 kbytes/second accept
nft add rule inet limit_wan forward ip daddr 192.168.137.230 iifname "wan" drop

system · March 17, 2026, 8:21pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.