nolan/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove ipset.

Browse source
This commit is contained in:
Nolan Darilek 2025-07-21 17:09:08 -04:00
parent f733c8ddba
commit 6bb2c006fc
1 changed files with 3 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

46
hosts/router/default.nix
View file

@ -53,7 +53,7 @@
}; };
# Install packages required for QoS management # Install packages required for QoS management
extraPackages = [ pkgs.ipset pkgs.iproute2 ]; extraPackages = [ pkgs.iproute2 ];
# QoS configuration for prioritizing gaming, streaming, and real-time traffic # QoS configuration for prioritizing gaming, streaming, and real-time traffic
extraCommands = '' extraCommands = ''
@ -65,15 +65,11 @@
# - CS6 (Class Selector 6) : Real-time gaming packets # - CS6 (Class Selector 6) : Real-time gaming packets
# - CS5 (Class Selector 5) : Console gaming traffic # - CS5 (Class Selector 5) : Console gaming traffic
# - AF41 (Assured Forwarding 4.1) : Video streaming # - AF41 (Assured Forwarding 4.1) : Video streaming
# - CS3 (Class Selector 3) : Gaming/streaming CDNs, service discovery # - CS3 (Class Selector 3) : Service discovery (mDNS)
# - CS1 (Class Selector 1) : Bulk downloads (lowest priority) # - CS1 (Class Selector 1) : Bulk downloads (lowest priority)
# - Default : Everything else # - Default : Everything else
############################################################################## ##############################################################################
# Create IP sets for different traffic classification with larger hash sizes
ipset create video_streaming hash:net family inet hashsize 4096 maxelem 65536 -exist
ipset create video_meet hash:net family inet hashsize 1024 maxelem 65536 -exist
ipset create gaming_services hash:net family inet hashsize 1024 maxelem 65536 -exist
# Apply CAKE (Common Applications Kept Enhanced) queue discipline # Apply CAKE (Common Applications Kept Enhanced) queue discipline
# This provides modern Active Queue Management with built-in traffic prioritization # This provides modern Active Queue Management with built-in traffic prioritization
@ -184,7 +180,7 @@
-m comment --comment "HTTPS video streams (1-50MB)" -m comment --comment "HTTPS video streams (1-50MB)"
############################################################################## ##############################################################################
# TIER 4 - SERVICE DISCOVERY AND CDNS: Medium Priority (CS3) # TIER 4 - SERVICE DISCOVERY: Medium Priority (CS3)
############################################################################## ##############################################################################
# mDNS for device discovery (important for casting, AirPlay) # mDNS for device discovery (important for casting, AirPlay)
@ -192,14 +188,6 @@
-j DSCP --set-dscp-class cs3 \ -j DSCP --set-dscp-class cs3 \
-m comment --comment "mDNS service discovery" -m comment --comment "mDNS service discovery"
# Example gaming CDN ranges (uncomment and customize as needed)
# ipset add gaming_services 52.84.0.0/15 -exist # Amazon CloudFront
# ipset add gaming_services 23.32.0.0/11 -exist # Akamai
# Mark traffic to gaming CDNs (if you add IPs to the set above)
iptables -t mangle -A FORWARD -i lan -m set --match-set gaming_services dst \
-j DSCP --set-dscp-class cs3 \
-m comment --comment "Gaming service CDNs"
############################################################################## ##############################################################################
# TIER 5 - BULK DOWNLOADS: Lowest Priority (CS1) # TIER 5 - BULK DOWNLOADS: Lowest Priority (CS1)
@ -211,29 +199,6 @@
-j DSCP --set-dscp-class cs1 \ -j DSCP --set-dscp-class cs1 \
-m comment --comment "Bulk HTTPS downloads (>50MB)" -m comment --comment "Bulk HTTPS downloads (>50MB)"
##############################################################################
# DOMAIN-BASED CLASSIFICATION (Examples - expand as needed)
##############################################################################
# Note: These would be populated dynamically by DNS queries in a full implementation
# Example IP ranges (uncomment and customize as needed):
# Google Meet servers
# ipset add video_meet 74.125.0.0/16 -exist
# ipset add video_meet 142.250.0.0/15 -exist
# Netflix CDN ranges
# ipset add video_streaming 23.246.0.0/18 -exist
# ipset add video_streaming 37.77.184.0/21 -exist
# ipset add video_streaming 45.57.0.0/17 -exist
# Apply classifications to known service IPs (if you add IPs to the sets above)
iptables -t mangle -A FORWARD -i lan -m set --match-set video_meet dst \
-j DSCP --set-dscp-class ef \
-m comment --comment "Video conferencing services"
iptables -t mangle -A FORWARD -i lan -m set --match-set video_streaming dst \
-j DSCP --set-dscp-class af41 \
-m comment --comment "Video streaming services"
''; '';
# Clean up QoS rules when firewall stops # Clean up QoS rules when firewall stops
@ -243,11 +208,6 @@
# Clear mangle table rules # Clear mangle table rules
iptables -t mangle -F FORWARD 2>/dev/null || true iptables -t mangle -F FORWARD 2>/dev/null || true
# Destroy IP sets
ipset destroy video_streaming 2>/dev/null || true
ipset destroy video_meet 2>/dev/null || true
ipset destroy gaming_services 2>/dev/null || true
''; '';
}; };
useNetworkd = true; useNetworkd = true;