Suppose I wanted to use ipfw to throttle uploads to youtube. The uploads are made to upload.youtube.com but this domain resolves into multiple different IPs (which also appear to change over time).
Trying to create a rule for the domain results (viewed through ipfw list) in an entry connected just to the first IP to which the domain resolved to.
How could I get my rule to automatically apply to the domain, with all of its IPs as well as future IPs to which it will resolve to?
Given that ipfw works at Layer 3, it is virtually impossible to do this (outside of manually hunting down each IP upload.youtube.com uses).
pf on the other hand appears like it would do the job splendidly, as it allows for domain-based matching on either source or destination, and makes use of queues to rate-limit traffic either by setting specific rates (class based queues) or by priority (priority based queues).
Your syntax will vary based on which particular version of pf you have installed (which apparently varies heavily from BSD to BSD and from version to version on top of everything). Here you can find an out of date article that should at least help with the concept side of what you're doing, but ultimately, man pf is what you'll need to figure out exact syntax. A couple of example config files are found here. Best of luck.