Page 1 of 1
Network interface GROUP on interface creation?
Posted: 23 Mar 2020, 13:33
by h3ll1
Is it possible to set interface group on PPPOE or any other interface that is created dynamically with accel-ppp?
If not, is it possible to add this feature in future releases?
It is very heplful - allows to greatly reduce the rules in iptables and load on the system.
Regards
Re: Network interface GROUP on interface creation?
Posted: 24 Mar 2020, 15:38
by dimka88
Hi, you can use pppd_compat modules and ip-up/ip-down scripts.
Can you detailed describe what you need exactly with examples?
Re: Network interface GROUP on interface creation?
Posted: 25 Mar 2020, 06:36
by h3ll1
I use following scheme for traffic shaping:
/sbin/ip li set $interface-out group 1
/sbin/ip li set $interface-in group 2
here i set interface groups (not default) so first one is for upload traffic and second is for download.
Then in iptables i can redirrect traffic to IMQ device in the following way.
iptables -t mangle -A POSTROUTING -m devgroup --dst-group 0x1 -j IMQ --todev 0
iptables -t mangle -A POSTROUTING -m devgroup --dst-group 0x2 -j IMQ --todev 1
Of course, these groups can be used with every dynamic interface that is created in kernel, without explicit rule creation in iptables. This way i have only 2 rules that match outgoing or incomming traffic.