Set Qos with destination address

I really need a way to limit bandwidth by destination IP address.

We have several Macs on our network that are in continuous download mode because of the brain-dead behavior of the nsurlsessiond process:

So far, Apple has not released a fix and there appear to be thousands of people affected by the problem.

The Macs are sucking up the bandwidth on our LAN, so I need a way to traffic limiting by destination IP address. I cannot limit by port or protocol, because it is HTTP traffic on port 80.

If I had direct access to iptables, I could probably figure out some rules to do this. However, it does not seem to be possible from the web interface.

Any suggestions?


Limit bandwidth by destination IP address is not supported. Since you know the Macs consume your bandwidth, why not apply Qos to those Mac devices? You may set the Qos via Network > Qos.

I tried that, but it does not solve the problem. When I do that, the Mac users complain about slow service. If I DON’T do it, they still complain about slow service (because the download is consuming all their bandwidth). I really need a way to limit a specific destination IP, not the bandwidth for the entire device.

If I can block by destination IP (which is effectively bandwidth = zero), it makes logical sense that I should also be able to bandwidth limit by destination IP.


Blocking destination IP/domain is the available option now. Have you try Web Blocking (Network > Web Blocking) since this is HTTP traffic?

I cannot simply block all HTTP traffic. If I did that, they would be unable to use their web browser.

Also, they still need to use the service to sync various files with the cloud. I don’t want to block it, I just want to slow it down and limit the bandwidth. It’s a background service, so it does not need top priority.

All kinds of services now operate on port 80/443, so simple port blocking/QOS will not work. Something more sophisticated is needed.

Your configuration for adding a custom QOS application allows you to specify a port, but unlike the configuration options for firewall rules, you cannot specify IP address ranges. If custom QOS had the same options as the firewall rules configuration (source/destination IP, etc), then that would solve the problem I have.

For the past five years, I’ve been able to do this kind of IP-based QOS on a cheap Tomato router I run at home, so I know it cannot be that difficult. I’m somewhat surprised you do not have this feature yet.


As mentioned earlier, Qos by destination is not available now. I will move your posts to feature request.

Thank you.