Network interface GROUP on interface creation?

Questions related to general functionality
Post Reply
h3ll1
Posts: 3
Joined: 23 Mar 2020, 13:10

Network interface GROUP on interface creation?

Post by h3ll1 »

Is it possible to set interface group on PPPOE or any other interface that is created dynamically with accel-ppp?
If not, is it possible to add this feature in future releases?
It is very heplful - allows to greatly reduce the rules in iptables and load on the system.
Regards
dimka88
Posts: 866
Joined: 13 Oct 2014, 05:51
Contact:

Re: Network interface GROUP on interface creation?

Post by dimka88 »

Hi, you can use pppd_compat modules and ip-up/ip-down scripts.
Can you detailed describe what you need exactly with examples?
h3ll1
Posts: 3
Joined: 23 Mar 2020, 13:10

Re: Network interface GROUP on interface creation?

Post by h3ll1 »

I use following scheme for traffic shaping:
/sbin/ip li set $interface-out group 1
/sbin/ip li set $interface-in group 2
here i set interface groups (not default) so first one is for upload traffic and second is for download.
Then in iptables i can redirrect traffic to IMQ device in the following way.
iptables -t mangle -A POSTROUTING -m devgroup --dst-group 0x1 -j IMQ --todev 0
iptables -t mangle -A POSTROUTING -m devgroup --dst-group 0x2 -j IMQ --todev 1
Of course, these groups can be used with every dynamic interface that is created in kernel, without explicit rule creation in iptables. This way i have only 2 rules that match outgoing or incomming traffic.
Post Reply