diff --git a/ansible/environments/laptop/host_vars/odofreebsd b/ansible/environments/laptop/host_vars/odofreebsd
index bb9cbe9..6be197c 100644
--- a/ansible/environments/laptop/host_vars/odofreebsd
+++ b/ansible/environments/laptop/host_vars/odofreebsd
@@ -9,7 +9,7 @@ pf_config: "odofreebsd_pf.conf"
 pflog_conf:
  - name: 0
    dev: pflog0
-# dummynet_config: "dnctl.conf"
+dummynet_config: "dnctl.conf"
 network_rc: "odofreebsd_network.conf"
 rc_conf: "odofreebsd_rc.conf"
 loader_conf: "odofreebsd_loader.conf"
diff --git a/ansible/roles/dummynet/files/dnctl.conf b/ansible/roles/dummynet/files/dnctl.conf
index 4367bab..27a20c8 100644
--- a/ansible/roles/dummynet/files/dnctl.conf
+++ b/ansible/roles/dummynet/files/dnctl.conf
@@ -1 +1,2 @@
-dnctl pipe 1 config bw 300KByte/s
+dnctl pipe 1 config bw 100KByte/s
+dnctl pipe 2 config
diff --git a/ansible/roles/firewall/files/odofreebsd_pf.conf b/ansible/roles/firewall/files/odofreebsd_pf.conf
index a61f3b2..b52aa1c 100644
--- a/ansible/roles/firewall/files/odofreebsd_pf.conf
+++ b/ansible/roles/firewall/files/odofreebsd_pf.conf
@@ -2,9 +2,10 @@ ext_if = "{ wlan0 }"
 not_ext_if = "{ !wlan0 }"
 jail_nat_v4 = "{ 10.215.1.0/24 }"
 not_jail_nat_v4 = "{ any, !10.215.1.0/24 }"
+rfc1918 = "{ 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 }"
 
 dhcp = "{ bootpc, bootps }"
-#allow = "{ wgf wgh drmario colo }"
+allow = "{ wgf wgh drmario colo }"
 
 tcp_pass_in = "{ 22 }"
 udp_pass_in = "{ 53 51820 }"
@@ -14,12 +15,6 @@ udp_pass_in = "{ 53 51820 }"
 # options
 set skip on lo
 
-# queueing
-# altq on wlan0 cbq queue { def, stuff }
-# queue def cbq(default borrow)
-# queue stuff bandwidth	8Mb cbq { dagger }
-# queue dagger cbq(borrow)
-
 # redirections
 nat pass on $ext_if inet from $jail_nat_v4 to $not_jail_nat_v4 -> (wlan0)
 rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 172.16.0.1 port 53
@@ -33,6 +28,8 @@ block log all
 pass out on $ext_if
 
 pass in on jail_nat
+match in on jail_nat from any to any dnpipe 1
+match in on jail_nat from any to $rfc1918 dnpipe 2
 # Allow traffic from my machine to the jails/virtual machines
 pass out on jail_nat from $jail_nat_v4
 
@@ -41,7 +38,7 @@ pass out on jail_nat from $jail_nat_v4
 # `service pf reload` but interfaces that we `skip` will not update (I
 # forget if its from adding, removing, or both. TODO: test to figure
 # it out). Also skipped interfaces are not subject to nat/rdr rules.
-#pass quick on $allow
+pass quick on $allow
 
 pass on $ext_if proto icmp all
 pass on $ext_if proto icmp6 all