diff --git a/net/ndp-proxy-go/Makefile b/net/ndp-proxy-go/Makefile
index 76068232f..8c95b55dd 100644
--- a/net/ndp-proxy-go/Makefile
+++ b/net/ndp-proxy-go/Makefile
@@ -1,5 +1,5 @@
 PLUGIN_NAME=		ndp-proxy-go
-PLUGIN_VERSION=		1.2
+PLUGIN_VERSION=		1.3
 PLUGIN_COMMENT=		IPv6 Neighbor Discovery Protocol (NDP) Proxy
 PLUGIN_MAINTAINER=	cedrik@pischem.com
 PLUGIN_DEPENDS=		ndp-proxy-go
diff --git a/net/ndp-proxy-go/pkg-descr b/net/ndp-proxy-go/pkg-descr
index 68c72ebad..73d314b14 100644
--- a/net/ndp-proxy-go/pkg-descr
+++ b/net/ndp-proxy-go/pkg-descr
@@ -6,6 +6,10 @@ DOC: https://docs.opnsense.org/manual/ndp-proxy-go.html
 Plugin Changelog
 ================
 
+1.3
+
+* Add ratelimit for pfctl operations
+
 1.2
 
 * Add firewall alias support
diff --git a/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml b/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
index d496342cd..5d6c3372d 100644
--- a/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
+++ b/net/ndp-proxy-go/src/opnsense/mvc/app/controllers/OPNsense/NdpProxy/forms/general.xml
@@ -50,7 +50,7 @@
     </field>
     <field>
         <id>ndpproxy.general.cache_max</id>
-        <label>Maximum learned neighbors</label>
+        <label>Max learned neighbors</label>
         <type>text</type>
         <hint>4096</hint>
         <help>Maximum learned neighbors, increase for large networks.</help>
@@ -66,7 +66,14 @@
         <label>Max route operations</label>
         <type>text</type>
         <hint>50</hint>
-        <help>Max route operations per second, increase for large networks.</help>
+        <help>Maximum route operations per second. Limits how fast routes are applied; excess operations are queued, not dropped.</help>
+    </field>
+    <field>
+        <id>ndpproxy.general.pf_qps</id>
+        <label>Max alias operations</label>
+        <type>text</type>
+        <hint>50</hint>
+        <help>Maximum firewall alias operations per second. Limits how fast aliases are populated; excess operations are queued, not dropped.</help>
     </field>
     <field>
         <id>ndpproxy.general.pcap_timeout</id>
diff --git a/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.xml b/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.xml
index a88c26c5f..b71d38512 100644
--- a/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.xml
+++ b/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.xml
@@ -33,6 +33,9 @@
             <route_qps type="IntegerField">
                 <MinimumValue>1</MinimumValue>
             </route_qps>
+            <pf_qps type="IntegerField">
+                <MinimumValue>1</MinimumValue>
+            </pf_qps>
             <pcap_timeout type="IntegerField">
                 <MinimumValue>1</MinimumValue>
             </pcap_timeout>
diff --git a/net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/NdpProxy/ndp_proxy_go b/net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/NdpProxy/ndp_proxy_go
index 71acffe93..f5131e9af 100644
--- a/net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/NdpProxy/ndp_proxy_go
+++ b/net/ndp-proxy-go/src/opnsense/service/templates/OPNsense/NdpProxy/ndp_proxy_go
@@ -30,6 +30,9 @@ ndp_proxy_go_cache_file="/var/db/ndpproxy/cache.json"
 {%     if general.route_qps %}
 {%         do flags.append('--route-qps ' ~ general.route_qps) %}
 {%     endif %}
+{%     if general.pf_qps %}
+{%         do flags.append('--pf-qps ' ~ general.pf_qps) %}
+{%     endif %}
 {%     if general.pcap_timeout %}
 {%         do flags.append('--pcap-timeout ' ~ general.pcap_timeout ~ 'ms') %}
 {%     endif %}