So far, Apple has not released a fix and there appear to be thousands of people affected by the problem.
The Macs are sucking up the bandwidth on our LAN, so I need a way to traffic limiting by destination IP address. I cannot limit by port or protocol, because it is HTTP traffic on port 80.
If I had direct access to iptables, I could probably figure out some rules to do this. However, it does not seem to be possible from the web interface.
Limit bandwidth by destination IP address is not supported. Since you know the Macs consume your bandwidth, why not apply Qos to those Mac devices? You may set the Qos via Network > Qos.
I tried that, but it does not solve the problem. When I do that, the Mac users complain about slow service. If I DON’T do it, they still complain about slow service (because the download is consuming all their bandwidth). I really need a way to limit a specific destination IP, not the bandwidth for the entire device.
If I can block by destination IP (which is effectively bandwidth = zero), it makes logical sense that I should also be able to bandwidth limit by destination IP.
I cannot simply block all HTTP traffic. If I did that, they would be unable to use their web browser.
Also, they still need to use the service to sync various files with the cloud. I don’t want to block it, I just want to slow it down and limit the bandwidth. It’s a background service, so it does not need top priority.
All kinds of services now operate on port 80/443, so simple port blocking/QOS will not work. Something more sophisticated is needed.
Your configuration for adding a custom QOS application allows you to specify a port, but unlike the configuration options for firewall rules, you cannot specify IP address ranges. If custom QOS had the same options as the firewall rules configuration (source/destination IP, etc), then that would solve the problem I have.
For the past five years, I’ve been able to do this kind of IP-based QOS on a cheap Tomato router I run at home, so I know it cannot be that difficult. I’m somewhat surprised you do not have this feature yet.