3 files changed, 41 insertions, 41 deletions
diff --git a/hosts/vidhar/network/default.nix b/hosts/vidhar/network/default.nix
index e961c17e..cbfbb65a 100644
--- a/hosts/vidhar/network/default.nix
+++ b/hosts/vidhar/network/default.nix
@@ -3,7 +3,7 @@
 with lib;
 {
-  imports = [ ./dsl.nix ./bifrost ./dhcp ];
+  imports = [ ./gpon.nix ./bifrost ./dhcp ];
  config = {
    networking = {
diff --git a/hosts/vidhar/network/dsl.nix b/hosts/vidhar/network/gpon.nix
index 1e8e9c73..c15a6e8d 100644
--- a/hosts/vidhar/network/dsl.nix
+++ b/hosts/vidhar/network/gpon.nix
@@ -8,7 +8,7 @@ in {
  options = {
    networking.pppInterface = mkOption {
      type = types.str;
-      default = "dsl";
+      default = "gpon";
    };
  };
@@ -34,7 +34,7 @@ in {
        plugin pppoe.so
        name telekom
        user 002576900250551137425220#0001@t-online.de
-        telekom
+        nic-telekom
        debug
        +ipv6
      '';
@@ -70,8 +70,8 @@ in {
            tc qdisc add dev "${pppInterface}" handle ffff: ingress
            tc filter add dev "${pppInterface}" parent ffff: basic action ctinfo dscp 0x0000003f 0x00000040 action mirred egress redirect dev "ifb4${pppInterface}"
-            tc qdisc replace dev "ifb4${pppInterface}" root cake memlimit 64Mb pppoe-ptm diffserv4 bandwidth 93mbit
+            tc qdisc replace dev "ifb4${pppInterface}" root cake memlimit 128Mb pppoe-ptm diffserv4 bandwidth 238mbit
-            tc qdisc replace dev "${pppInterface}" root cake memlimit 64Mb pppoe-ptm nat diffserv4 wash bandwidth 35mbit
+            tc qdisc replace dev "${pppInterface}" root cake memlimit 128Mb pppoe-ptm nat diffserv4 wash bandwidth 48mbit
          '';
        };
      in "${app}/bin/${app.meta.mainProgram}";
diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft
index 6eb97f85..9843b71a 100644
--- a/hosts/vidhar/network/ruleset.nft
+++ b/hosts/vidhar/network/ruleset.nft
@@ -4,15 +4,15 @@ table arp filter {
  limit lim_arp_local {
    rate over 50 mbytes/second burst 50 mbytes
  }
-  limit lim_arp_dsl {
+  limit lim_arp_gpon {
-    rate over 1400 kbytes/second burst 1400 kbytes
+    rate over 1750 kbytes/second burst 1750 kbytes
  }
  counter arp-rx {}
  counter arp-tx {}
-  counter arp-ratelimit-dsl-rx {}
+  counter arp-ratelimit-gpon-rx {}
-  counter arp-ratelimit-dsl-tx {}
+  counter arp-ratelimit-gpon-tx {}
  counter arp-ratelimit-local-rx {}
  counter arp-ratelimit-local-tx {}
@@ -21,8 +21,8 @@ table arp filter {
    type filter hook input priority filter
    policy accept
-    iifname != dsl limit name lim_arp_local counter name arp-ratelimit-local-rx drop
+    iifname != gpon limit name lim_arp_local counter name arp-ratelimit-local-rx drop
-    iifname dsl limit name lim_arp_dsl counter name arp-ratelimit-dsl-rx drop
+    iifname gpon limit name lim_arp_gpon counter name arp-ratelimit-gpon-rx drop
    counter name arp-rx
  }
@@ -31,8 +31,8 @@ table arp filter {
    type filter hook output priority filter
    policy accept
-    oifname != dsl limit name lim_arp_local counter name arp-ratelimit-local-tx drop
+    oifname != gpon limit name lim_arp_local counter name arp-ratelimit-local-tx drop
-    oifname dsl limit name lim_arp_dsl counter name arp-ratelimit-dsl-tx drop
+    oifname gpon limit name lim_arp_gpon counter name arp-ratelimit-gpon-tx drop
    counter name arp-tx
  }
@@ -46,11 +46,11 @@ table inet filter {
  limit lim_icmp_local {
    rate over 50 mbytes/second burst 50 mbytes
  }
-  limit lim_icmp_dsl {
+  limit lim_icmp_gpon {
-    rate over 1400 kbytes/second burst 1400 kbytes
+    rate over 1750 kbytes/second burst 1750 kbytes
  }
-  counter icmp-ratelimit-dsl-fw {}
+  counter icmp-ratelimit-gpon-fw {}
  counter icmp-ratelimit-local-fw {}
  counter icmp-fw {}
@@ -58,7 +58,7 @@ table inet filter {
  counter invalid-fw {}
  counter fw-lo {}
  counter fw-lan {}
-  counter fw-dsl {}
+  counter fw-gpon {}
  counter fw-cups {}
@@ -73,7 +73,7 @@ table inet filter {
  counter invalid-local4-rx {}
  counter invalid-local6-rx {}
-  counter icmp-ratelimit-dsl-rx {}
+  counter icmp-ratelimit-gpon-rx {}
  counter icmp-ratelimit-local-rx {}
  counter icmp-rx {}
@@ -101,7 +101,7 @@ table inet filter {
  counter tx-lo {}
-  counter icmp-ratelimit-dsl-tx {}
+  counter icmp-ratelimit-gpon-tx {}
  counter icmp-ratelimit-local-tx {}
  counter icmp-tx {}
@@ -123,10 +123,10 @@ table inet filter {
  chain forward_icmp_accept {
-    oifname { dsl, bifrost } limit name lim_icmp_dsl counter name icmp-ratelimit-dsl-fw drop
+    oifname { gpon, bifrost } limit name lim_icmp_gpon counter name icmp-ratelimit-gpon-fw drop
-    iifname { dsl, bifrost } limit name lim_icmp_dsl counter name icmp-ratelimit-dsl-fw drop
+    iifname { gpon, bifrost } limit name lim_icmp_gpon counter name icmp-ratelimit-gpon-fw drop
-    oifname != { dsl, bifrost } limit name lim_icmp_local counter name icmp-ratelimit-local-fw drop
+    oifname != { gpon, bifrost } limit name lim_icmp_local counter name icmp-ratelimit-local-fw drop
-    iifname != { dsl, bifrost } limit name lim_icmp_local counter name icmp-ratelimit-local-fw drop
+    iifname != { gpon, bifrost } limit name lim_icmp_local counter name icmp-ratelimit-local-fw drop
    counter name icmp-fw accept
  }
  chain forward {
@@ -139,10 +139,10 @@ table inet filter {
    iifname lo counter name fw-lo accept
-    oifname { lan, dsl, bifrost } meta l4proto $icmp_protos jump forward_icmp_accept
+    oifname { lan, gpon, bifrost } meta l4proto $icmp_protos jump forward_icmp_accept
-    iifname lan oifname { dsl, bifrost } counter name fw-lan accept
+    iifname lan oifname { gpon, bifrost } counter name fw-lan accept
-    iifname dsl oifname lan ct state { established, related } counter name fw-dsl accept
+    iifname gpon oifname lan ct state { established, related } counter name fw-gpon accept
    limit name lim_reject log level debug prefix "drop forward: " counter name reject-ratelimit-fw drop
@@ -163,22 +163,22 @@ table inet filter {
    iif != lo ip daddr 127.0.0.1/8 counter name invalid-local4-rx reject
    iif != lo ip6 daddr ::1/128 counter name invalid-local6-rx reject
-    iifname { bifrost, dsl } meta l4proto $icmp_protos limit name lim_icmp_dsl counter name icmp-ratelimit-dsl-rx drop
+    iifname { bifrost, gpon } meta l4proto $icmp_protos limit name lim_icmp_gpon counter name icmp-ratelimit-gpon-rx drop
-    iifname != { bifrost, dsl } meta l4proto $icmp_protos limit name lim_icmp_local counter name icmp-ratelimit-local-rx drop
+    iifname != { bifrost, gpon } meta l4proto $icmp_protos limit name lim_icmp_local counter name icmp-ratelimit-local-rx drop
    meta l4proto $icmp_protos counter name icmp-rx accept
-    iifname { lan, mgmt, dsl, yggdrasil, bifrost } tcp dport 22 counter name ssh-rx accept
+    iifname { lan, mgmt, gpon, yggdrasil, bifrost } tcp dport 22 counter name ssh-rx accept
-    iifname { lan, mgmt, dsl, yggdrasil, bifrost } udp dport 60000-61000 counter name mosh-rx accept
+    iifname { lan, mgmt, gpon, yggdrasil, bifrost } udp dport 60000-61000 counter name mosh-rx accept
    iifname { lan, mgmt, wifibh, yggdrasil } meta l4proto { tcp, udp } th dport 53 counter name dns-rx accept
    iifname { lan, yggdrasil } tcp dport 2049 counter name nfs-rx accept
-    iifname { lan, mgmt, dsl } meta protocol ip udp dport 51820 counter name wg-rx accept
+    iifname { lan, mgmt, gpon } meta protocol ip udp dport 51820 counter name wg-rx accept
-    iifname { lan, mgmt, dsl } meta protocol ip6 udp dport 51821 counter name wg-rx accept
+    iifname { lan, mgmt, gpon } meta protocol ip6 udp dport 51821 counter name wg-rx accept
    iifname "yggdrasil-wg-*" meta l4proto gre counter name yggdrasil-gre-rx accept
-    iifname dsl meta protocol ip6 udp dport 546 udp sport 547 counter name ipv6-pd-rx accept
+    iifname gpon meta protocol ip6 udp dport 546 udp sport 547 counter name ipv6-pd-rx accept
    iifname mgmt udp dport 123 counter name ntp-rx accept
@@ -209,8 +209,8 @@ table inet filter {
    oifname lo counter name tx-lo accept
-    oifname { bifrost, dsl } meta l4proto $icmp_protos limit name lim_icmp_dsl counter name icmp-ratelimit-dsl-tx drop
+    oifname { bifrost, gpon } meta l4proto $icmp_protos limit name lim_icmp_gpon counter name icmp-ratelimit-gpon-tx drop
-    oifname != { bifrost, dsl } meta l4proto $icmp_protos limit name lim_icmp_local counter name icmp-ratelimit-local-tx drop
+    oifname != { bifrost, gpon } meta l4proto $icmp_protos limit name lim_icmp_local counter name icmp-ratelimit-local-tx drop
    meta l4proto $icmp_protos counter name icmp-tx accept
@@ -246,7 +246,7 @@ table inet filter {
 }
 table inet nat {
-  counter dsl-nat {}
+  counter gpon-nat {}
  # counter container-nat {}
  chain postrouting {
@@ -254,20 +254,20 @@ table inet nat {
    policy accept
-    meta nfproto ipv4 oifname dsl counter name dsl-nat masquerade
+    meta nfproto ipv4 oifname gpon counter name gpon-nat masquerade
-    # iifname ve-* oifname dsl counter name container-nat masquerade
+    # iifname ve-* oifname gpon counter name container-nat masquerade
  }
 }
 table inet mss_clamp {
-  counter dsl-mss-clamp {}
+  counter gpon-mss-clamp {}
  chain postrouting {
    type filter hook postrouting priority mangle
    policy accept
-    oifname dsl tcp flags & (syn|rst) == syn counter name dsl-mss-clamp tcp option maxseg size set rt mtu
+    oifname gpon tcp flags & (syn|rst) == syn counter name gpon-mss-clamp tcp option maxseg size set rt mtu
  }
 }
@@ -402,7 +402,7 @@ table inet dscpclassify {
    chain postrouting {
        type filter hook postrouting priority filter + 1; policy accept
-        oifname != dsl return
+        oifname != gpon return
        ip dscp cs0 goto ct_set_cs0
        ip dscp lephb goto ct_set_lephb

diff --git a/hosts/vidhar/network/default.nix b/hosts/vidhar/network/default.nix index e961c17e..cbfbb65a 100644 --- a/hosts/vidhar/network/default.nix +++ b/hosts/vidhar/network/default.nix
@@ -3,7 +3,7 @@
3	with lib;	3	with lib;
4		4
5	{	5	{
6	imports = [ ./dsl.nix ./bifrost ./dhcp ];	6	imports = [ ./gpon.nix ./bifrost ./dhcp ];
7		7
8	config = {	8	config = {
9	networking = {	9	networking = {


diff --git a/hosts/vidhar/network/dsl.nix b/hosts/vidhar/network/gpon.nix index 1e8e9c73..c15a6e8d 100644 --- a/hosts/vidhar/network/dsl.nix +++ b/hosts/vidhar/network/gpon.nix
@@ -8,7 +8,7 @@ in {
8	options = {	8	options = {
9	networking.pppInterface = mkOption {	9	networking.pppInterface = mkOption {
10	type = types.str;	10	type = types.str;
11	default = "dsl";	11	default = "gpon";
12	};	12	};
13	};	13	};
14		14
@@ -34,7 +34,7 @@ in {
34	plugin pppoe.so	34	plugin pppoe.so
35	name telekom	35	name telekom
36	user 002576900250551137425220#0001@t-online.de	36	user 002576900250551137425220#0001@t-online.de
37	telekom	37	nic-telekom
38	debug	38	debug
39	+ipv6	39	+ipv6
40	'';	40	'';
@@ -70,8 +70,8 @@ in {
70		70
71	tc qdisc add dev "${pppInterface}" handle ffff: ingress	71	tc qdisc add dev "${pppInterface}" handle ffff: ingress
72	tc filter add dev "${pppInterface}" parent ffff: basic action ctinfo dscp 0x0000003f 0x00000040 action mirred egress redirect dev "ifb4${pppInterface}"	72	tc filter add dev "${pppInterface}" parent ffff: basic action ctinfo dscp 0x0000003f 0x00000040 action mirred egress redirect dev "ifb4${pppInterface}"
73	tc qdisc replace dev "ifb4${pppInterface}" root cake memlimit 64Mb pppoe-ptm diffserv4 bandwidth 93mbit	73	tc qdisc replace dev "ifb4${pppInterface}" root cake memlimit 128Mb pppoe-ptm diffserv4 bandwidth 238mbit
74	tc qdisc replace dev "${pppInterface}" root cake memlimit 64Mb pppoe-ptm nat diffserv4 wash bandwidth 35mbit	74	tc qdisc replace dev "${pppInterface}" root cake memlimit 128Mb pppoe-ptm nat diffserv4 wash bandwidth 48mbit
75	'';	75	'';
76	};	76	};
77	in "${app}/bin/${app.meta.mainProgram}";	77	in "${app}/bin/${app.meta.mainProgram}";


diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft index 6eb97f85..9843b71a 100644 --- a/hosts/vidhar/network/ruleset.nft +++ b/hosts/vidhar/network/ruleset.nft
@@ -4,15 +4,15 @@ table arp filter {
4	limit lim_arp_local {	4	limit lim_arp_local {
5	rate over 50 mbytes/second burst 50 mbytes	5	rate over 50 mbytes/second burst 50 mbytes
6	}	6	}
7	limit lim_arp_dsl {	7	limit lim_arp_gpon {
8	rate over 1400 kbytes/second burst 1400 kbytes	8	rate over 1750 kbytes/second burst 1750 kbytes
9	}	9	}
10		10
11	counter arp-rx {}	11	counter arp-rx {}
12	counter arp-tx {}	12	counter arp-tx {}
13		13
14	counter arp-ratelimit-dsl-rx {}	14	counter arp-ratelimit-gpon-rx {}
15	counter arp-ratelimit-dsl-tx {}	15	counter arp-ratelimit-gpon-tx {}
16		16
17	counter arp-ratelimit-local-rx {}	17	counter arp-ratelimit-local-rx {}
18	counter arp-ratelimit-local-tx {}	18	counter arp-ratelimit-local-tx {}
@@ -21,8 +21,8 @@ table arp filter {
21	type filter hook input priority filter	21	type filter hook input priority filter
22	policy accept	22	policy accept
23		23
24	iifname != dsl limit name lim_arp_local counter name arp-ratelimit-local-rx drop	24	iifname != gpon limit name lim_arp_local counter name arp-ratelimit-local-rx drop
25	iifname dsl limit name lim_arp_dsl counter name arp-ratelimit-dsl-rx drop	25	iifname gpon limit name lim_arp_gpon counter name arp-ratelimit-gpon-rx drop
26		26
27	counter name arp-rx	27	counter name arp-rx
28	}	28	}
@@ -31,8 +31,8 @@ table arp filter {
31	type filter hook output priority filter	31	type filter hook output priority filter
32	policy accept	32	policy accept
33		33
34	oifname != dsl limit name lim_arp_local counter name arp-ratelimit-local-tx drop	34	oifname != gpon limit name lim_arp_local counter name arp-ratelimit-local-tx drop
35	oifname dsl limit name lim_arp_dsl counter name arp-ratelimit-dsl-tx drop	35	oifname gpon limit name lim_arp_gpon counter name arp-ratelimit-gpon-tx drop
36		36
37	counter name arp-tx	37	counter name arp-tx
38	}	38	}
@@ -46,11 +46,11 @@ table inet filter {
46	limit lim_icmp_local {	46	limit lim_icmp_local {
47	rate over 50 mbytes/second burst 50 mbytes	47	rate over 50 mbytes/second burst 50 mbytes
48	}	48	}
49	limit lim_icmp_dsl {	49	limit lim_icmp_gpon {
50	rate over 1400 kbytes/second burst 1400 kbytes	50	rate over 1750 kbytes/second burst 1750 kbytes
51	}	51	}
52		52
53	counter icmp-ratelimit-dsl-fw {}	53	counter icmp-ratelimit-gpon-fw {}
54	counter icmp-ratelimit-local-fw {}	54	counter icmp-ratelimit-local-fw {}
55		55
56	counter icmp-fw {}	56	counter icmp-fw {}
@@ -58,7 +58,7 @@ table inet filter {
58	counter invalid-fw {}	58	counter invalid-fw {}
59	counter fw-lo {}	59	counter fw-lo {}
60	counter fw-lan {}	60	counter fw-lan {}
61	counter fw-dsl {}	61	counter fw-gpon {}
62		62
63	counter fw-cups {}	63	counter fw-cups {}
64		64
@@ -73,7 +73,7 @@ table inet filter {
73	counter invalid-local4-rx {}	73	counter invalid-local4-rx {}
74	counter invalid-local6-rx {}	74	counter invalid-local6-rx {}
75		75
76	counter icmp-ratelimit-dsl-rx {}	76	counter icmp-ratelimit-gpon-rx {}
77	counter icmp-ratelimit-local-rx {}	77	counter icmp-ratelimit-local-rx {}
78	counter icmp-rx {}	78	counter icmp-rx {}
79		79
@@ -101,7 +101,7 @@ table inet filter {
101		101
102	counter tx-lo {}	102	counter tx-lo {}
103		103
104	counter icmp-ratelimit-dsl-tx {}	104	counter icmp-ratelimit-gpon-tx {}
105	counter icmp-ratelimit-local-tx {}	105	counter icmp-ratelimit-local-tx {}
106	counter icmp-tx {}	106	counter icmp-tx {}
107		107
@@ -123,10 +123,10 @@ table inet filter {
123		123
124		124
125	chain forward_icmp_accept {	125	chain forward_icmp_accept {
126	oifname { dsl, bifrost } limit name lim_icmp_dsl counter name icmp-ratelimit-dsl-fw drop	126	oifname { gpon, bifrost } limit name lim_icmp_gpon counter name icmp-ratelimit-gpon-fw drop
127	iifname { dsl, bifrost } limit name lim_icmp_dsl counter name icmp-ratelimit-dsl-fw drop	127	iifname { gpon, bifrost } limit name lim_icmp_gpon counter name icmp-ratelimit-gpon-fw drop
128	oifname != { dsl, bifrost } limit name lim_icmp_local counter name icmp-ratelimit-local-fw drop	128	oifname != { gpon, bifrost } limit name lim_icmp_local counter name icmp-ratelimit-local-fw drop
129	iifname != { dsl, bifrost } limit name lim_icmp_local counter name icmp-ratelimit-local-fw drop	129	iifname != { gpon, bifrost } limit name lim_icmp_local counter name icmp-ratelimit-local-fw drop
130	counter name icmp-fw accept	130	counter name icmp-fw accept
131	}	131	}
132	chain forward {	132	chain forward {
@@ -139,10 +139,10 @@ table inet filter {
139		139
140	iifname lo counter name fw-lo accept	140	iifname lo counter name fw-lo accept
141		141
142	oifname { lan, dsl, bifrost } meta l4proto $icmp_protos jump forward_icmp_accept	142	oifname { lan, gpon, bifrost } meta l4proto $icmp_protos jump forward_icmp_accept
143	iifname lan oifname { dsl, bifrost } counter name fw-lan accept	143	iifname lan oifname { gpon, bifrost } counter name fw-lan accept
144		144
145	iifname dsl oifname lan ct state { established, related } counter name fw-dsl accept	145	iifname gpon oifname lan ct state { established, related } counter name fw-gpon accept
146		146
147		147
148	limit name lim_reject log level debug prefix "drop forward: " counter name reject-ratelimit-fw drop	148	limit name lim_reject log level debug prefix "drop forward: " counter name reject-ratelimit-fw drop
@@ -163,22 +163,22 @@ table inet filter {
163	iif != lo ip daddr 127.0.0.1/8 counter name invalid-local4-rx reject	163	iif != lo ip daddr 127.0.0.1/8 counter name invalid-local4-rx reject
164	iif != lo ip6 daddr ::1/128 counter name invalid-local6-rx reject	164	iif != lo ip6 daddr ::1/128 counter name invalid-local6-rx reject
165		165
166	iifname { bifrost, dsl } meta l4proto $icmp_protos limit name lim_icmp_dsl counter name icmp-ratelimit-dsl-rx drop	166	iifname { bifrost, gpon } meta l4proto $icmp_protos limit name lim_icmp_gpon counter name icmp-ratelimit-gpon-rx drop
167	iifname != { bifrost, dsl } meta l4proto $icmp_protos limit name lim_icmp_local counter name icmp-ratelimit-local-rx drop	167	iifname != { bifrost, gpon } meta l4proto $icmp_protos limit name lim_icmp_local counter name icmp-ratelimit-local-rx drop
168	meta l4proto $icmp_protos counter name icmp-rx accept	168	meta l4proto $icmp_protos counter name icmp-rx accept
169		169
170	iifname { lan, mgmt, dsl, yggdrasil, bifrost } tcp dport 22 counter name ssh-rx accept	170	iifname { lan, mgmt, gpon, yggdrasil, bifrost } tcp dport 22 counter name ssh-rx accept
171	iifname { lan, mgmt, dsl, yggdrasil, bifrost } udp dport 60000-61000 counter name mosh-rx accept	171	iifname { lan, mgmt, gpon, yggdrasil, bifrost } udp dport 60000-61000 counter name mosh-rx accept
172		172
173	iifname { lan, mgmt, wifibh, yggdrasil } meta l4proto { tcp, udp } th dport 53 counter name dns-rx accept	173	iifname { lan, mgmt, wifibh, yggdrasil } meta l4proto { tcp, udp } th dport 53 counter name dns-rx accept
174		174
175	iifname { lan, yggdrasil } tcp dport 2049 counter name nfs-rx accept	175	iifname { lan, yggdrasil } tcp dport 2049 counter name nfs-rx accept
176		176
177	iifname { lan, mgmt, dsl } meta protocol ip udp dport 51820 counter name wg-rx accept	177	iifname { lan, mgmt, gpon } meta protocol ip udp dport 51820 counter name wg-rx accept
178	iifname { lan, mgmt, dsl } meta protocol ip6 udp dport 51821 counter name wg-rx accept	178	iifname { lan, mgmt, gpon } meta protocol ip6 udp dport 51821 counter name wg-rx accept
179	iifname "yggdrasil-wg-*" meta l4proto gre counter name yggdrasil-gre-rx accept	179	iifname "yggdrasil-wg-*" meta l4proto gre counter name yggdrasil-gre-rx accept
180		180
181	iifname dsl meta protocol ip6 udp dport 546 udp sport 547 counter name ipv6-pd-rx accept	181	iifname gpon meta protocol ip6 udp dport 546 udp sport 547 counter name ipv6-pd-rx accept
182		182
183	iifname mgmt udp dport 123 counter name ntp-rx accept	183	iifname mgmt udp dport 123 counter name ntp-rx accept
184		184
@@ -209,8 +209,8 @@ table inet filter {
209		209
210	oifname lo counter name tx-lo accept	210	oifname lo counter name tx-lo accept
211		211
212	oifname { bifrost, dsl } meta l4proto $icmp_protos limit name lim_icmp_dsl counter name icmp-ratelimit-dsl-tx drop	212	oifname { bifrost, gpon } meta l4proto $icmp_protos limit name lim_icmp_gpon counter name icmp-ratelimit-gpon-tx drop
213	oifname != { bifrost, dsl } meta l4proto $icmp_protos limit name lim_icmp_local counter name icmp-ratelimit-local-tx drop	213	oifname != { bifrost, gpon } meta l4proto $icmp_protos limit name lim_icmp_local counter name icmp-ratelimit-local-tx drop
214	meta l4proto $icmp_protos counter name icmp-tx accept	214	meta l4proto $icmp_protos counter name icmp-tx accept
215		215
216		216
@@ -246,7 +246,7 @@ table inet filter {
246	}	246	}
247		247
248	table inet nat {	248	table inet nat {
249	counter dsl-nat {}	249	counter gpon-nat {}
250	# counter container-nat {}	250	# counter container-nat {}
251		251
252	chain postrouting {	252	chain postrouting {
@@ -254,20 +254,20 @@ table inet nat {
254	policy accept	254	policy accept
255		255
256		256
257	meta nfproto ipv4 oifname dsl counter name dsl-nat masquerade	257	meta nfproto ipv4 oifname gpon counter name gpon-nat masquerade
258	# iifname ve-* oifname dsl counter name container-nat masquerade	258	# iifname ve-* oifname gpon counter name container-nat masquerade
259	}	259	}
260	}	260	}
261		261
262	table inet mss_clamp {	262	table inet mss_clamp {
263	counter dsl-mss-clamp {}	263	counter gpon-mss-clamp {}
264		264
265	chain postrouting {	265	chain postrouting {
266	type filter hook postrouting priority mangle	266	type filter hook postrouting priority mangle
267	policy accept	267	policy accept
268		268
269		269
270	oifname dsl tcp flags & (syn\|rst) == syn counter name dsl-mss-clamp tcp option maxseg size set rt mtu	270	oifname gpon tcp flags & (syn\|rst) == syn counter name gpon-mss-clamp tcp option maxseg size set rt mtu
271	}	271	}
272	}	272	}
273		273
@@ -402,7 +402,7 @@ table inet dscpclassify {
402	chain postrouting {	402	chain postrouting {
403	type filter hook postrouting priority filter + 1; policy accept	403	type filter hook postrouting priority filter + 1; policy accept
404		404
405	oifname != dsl return	405	oifname != gpon return
406		406
407	ip dscp cs0 goto ct_set_cs0	407	ip dscp cs0 goto ct_set_cs0
408	ip dscp lephb goto ct_set_lephb	408	ip dscp lephb goto ct_set_lephb