PF PF Outbound Rate Limiting


Running FreeBSD + PF we have a website running [on apache] which makes a lot of outbound requests per second to an external host which is running an API limited to 30 requests per second. It very easy to hit this limit as there is a lot of items which need to be queried regularly.

Anyway, onwards. Not sure if I am doing this the correct way, I figured I should be using PF to try and do this, and here's what I have (similar anyway)....

apiSTO="max  4096, source-track rule, max-src-conn 1000, max-src-nodes 100, max-src-conn-rate 28/1"
tcpState="flags S/SAFR modulate state"
# Outbound rules
pass out log on $extIf inet proto tcp from !($extIf) to $apiHost $tcpState $apiSTO

I have set up a test host and run ApacheBench against it and the offending requests are dropped (not delayed or anything) which causes issues.

Is there anyway I can "throttle" traffic to an external IP to say 28/requests a second. I don't want the requests dropped, by Queued I suppose.