Adding rate limit for zora, and other config tweaks

2026-01-22 16:25:35 +01:00 · 2026-01-22 16:25:35 +01:00 · 9a4ff80762
commit 9a4ff80762
parent 9b595c7f13
8 changed files with 90 additions and 40 deletions
--- a/hosts/zora/networking.nix
+++ b/hosts/zora/networking.nix
@ -101,20 +101,36 @@
  };

  # Imposing a bandwidth limit to avoid Aurore/Crans disruptions
-  # networking.nftables = {
-  #   tables.rate_limit = {
-  #     name = "rate_limit";
-  #     family = "inet";
-  #     enable = true;
-  #     content = ''
-  #       limit lim  { rate over 20 mbytes/second burst 40 mbytes ; comment "use to limit taffic" ; }
+  networking.nftables = {
+    tables.rate_limit = {
+      name = "rate_limit";
+      family = "inet";
+      enable = true;
+      content = ''
+        limit ratelimit { rate 1250 kbytes/second burst 2500 kbytes ; comment "used to limit taffic" ; }

-  #       chain IN {
-  #         type filter hook input priority filter; policy drop;
-  #         tcp dport 80 limit name "lim" accept
-  #         tcp dport 443 limit name "lim" accept
-  #       }
-  #     '';
-  #   };
-  # };
+        chain input {
+          type filter hook input priority 0; policy drop;
+
+          iifname lo accept
+
+          tcp dport 22 accept
+
+          iifname ens2f0 limit name "ratelimit" accept
+
+          iifname veth-mogma limit name "ratelimit" accept
+        }
+      '';
+
+        # chain output {
+        #   type filter hook output priority 0; policy drop;
+
+        #   iifname lo accept
+
+        #   tcp dport 22 accept
+
+        #   iifname ens2f0 limit name "ratelimit" accept
+        # }
+    };
+  };
 }