From 6bb2c006fc128be928d65b1caa4067bbbe6826da Mon Sep 17 00:00:00 2001
From: Nolan Darilek <nolan@thewordnerd.info>
Date: Mon, 21 Jul 2025 17:09:08 -0400
Subject: [PATCH] Remove ipset.

---
 hosts/router/default.nix | 46 +++-------------------------------------
 1 file changed, 3 insertions(+), 43 deletions(-)

diff --git a/hosts/router/default.nix b/hosts/router/default.nix
index 2cebbaf..b7c73ad 100644
--- a/hosts/router/default.nix
+++ b/hosts/router/default.nix
@@ -53,7 +53,7 @@
       };
       
       # Install packages required for QoS management
-      extraPackages = [ pkgs.ipset pkgs.iproute2 ];
+      extraPackages = [ pkgs.iproute2 ];
       
       # QoS configuration for prioritizing gaming, streaming, and real-time traffic
       extraCommands = ''
@@ -65,15 +65,11 @@
         #   - CS6 (Class Selector 6)        : Real-time gaming packets
         #   - CS5 (Class Selector 5)        : Console gaming traffic
         #   - AF41 (Assured Forwarding 4.1) : Video streaming
-        #   - CS3 (Class Selector 3)        : Gaming/streaming CDNs, service discovery
+        #   - CS3 (Class Selector 3)        : Service discovery (mDNS)
         #   - CS1 (Class Selector 1)        : Bulk downloads (lowest priority)
         #   - Default                        : Everything else
         ##############################################################################
         
-        # Create IP sets for different traffic classification with larger hash sizes
-        ipset create video_streaming hash:net family inet hashsize 4096 maxelem 65536 -exist
-        ipset create video_meet hash:net family inet hashsize 1024 maxelem 65536 -exist
-        ipset create gaming_services hash:net family inet hashsize 1024 maxelem 65536 -exist
         
         # Apply CAKE (Common Applications Kept Enhanced) queue discipline
         # This provides modern Active Queue Management with built-in traffic prioritization
@@ -184,7 +180,7 @@
           -m comment --comment "HTTPS video streams (1-50MB)"
         
         ##############################################################################
-        # TIER 4 - SERVICE DISCOVERY AND CDNS: Medium Priority (CS3)
+        # TIER 4 - SERVICE DISCOVERY: Medium Priority (CS3)
         ##############################################################################
         
         # mDNS for device discovery (important for casting, AirPlay)
@@ -192,14 +188,6 @@
           -j DSCP --set-dscp-class cs3 \
           -m comment --comment "mDNS service discovery"
         
-        # Example gaming CDN ranges (uncomment and customize as needed)
-        # ipset add gaming_services 52.84.0.0/15 -exist    # Amazon CloudFront
-        # ipset add gaming_services 23.32.0.0/11 -exist    # Akamai
-        
-        # Mark traffic to gaming CDNs (if you add IPs to the set above)
-        iptables -t mangle -A FORWARD -i lan -m set --match-set gaming_services dst \
-          -j DSCP --set-dscp-class cs3 \
-          -m comment --comment "Gaming service CDNs"
         
         ##############################################################################
         # TIER 5 - BULK DOWNLOADS: Lowest Priority (CS1)
@@ -211,29 +199,6 @@
           -j DSCP --set-dscp-class cs1 \
           -m comment --comment "Bulk HTTPS downloads (>50MB)"
         
-        ##############################################################################
-        # DOMAIN-BASED CLASSIFICATION (Examples - expand as needed)
-        ##############################################################################
-        
-        # Note: These would be populated dynamically by DNS queries in a full implementation
-        # Example IP ranges (uncomment and customize as needed):
-        # Google Meet servers
-        # ipset add video_meet 74.125.0.0/16 -exist
-        # ipset add video_meet 142.250.0.0/15 -exist
-        
-        # Netflix CDN ranges
-        # ipset add video_streaming 23.246.0.0/18 -exist
-        # ipset add video_streaming 37.77.184.0/21 -exist
-        # ipset add video_streaming 45.57.0.0/17 -exist
-        
-        # Apply classifications to known service IPs (if you add IPs to the sets above)
-        iptables -t mangle -A FORWARD -i lan -m set --match-set video_meet dst \
-          -j DSCP --set-dscp-class ef \
-          -m comment --comment "Video conferencing services"
-        
-        iptables -t mangle -A FORWARD -i lan -m set --match-set video_streaming dst \
-          -j DSCP --set-dscp-class af41 \
-          -m comment --comment "Video streaming services"
       '';
       
       # Clean up QoS rules when firewall stops
@@ -243,11 +208,6 @@
         
         # Clear mangle table rules
         iptables -t mangle -F FORWARD 2>/dev/null || true
-        
-        # Destroy IP sets
-        ipset destroy video_streaming 2>/dev/null || true
-        ipset destroy video_meet 2>/dev/null || true
-        ipset destroy gaming_services 2>/dev/null || true
       '';
     };
     useNetworkd = true;