NFT-QoS unable to ratelimit using mac address

I'm having an issue with the nft-qos application, namely with the limiting traffic by mac address section (the limiting by IP works well.)

This is the contents of my /etc/config/nft-qos config file:

config default 'default'
        option limit_enable '1'
        option limit_type 'static'
        option static_unit_dl 'kbytes'
        option static_unit_ul 'kbytes'
        option priority_enable '1'
        option priority_netdev 'lan'
        option limit_mac_enable '1'
        option static_rate_dl '6250'
        option static_rate_ul '6250'

config client
        option drate '6250'
        option drunit 'kbytes'
        option urate '6250'
        option urunit 'kbytes'
        option hostname 'ZPC'
        option macaddr '3c:7c:3f:23:5c:50'

Any pointers in the right direction would be great! Thank you.

Rate limiting by MAC address only seems to work for uploads.
There must be something wrong with the creation of the nft-qos-mac download chain.
I doubt that a destination MAC address can be used (successfully) in a chain on the prerouting hook of an inet table, but I could be wrong.

If you think it's worth the trouble, you could create a table of bridge family.

opkg update; opkg install kmod-nft-bridge
nft add table bridge nft-qos-mac
nft add chain bridge nft-qos-mac download '{type filter hook postrouting priority 0; policy accept; }'
nft insert rule bridge nft-qos-mac download ether daddr 3c:7c:3f:23:5c:50 limit rate over 6250 kbytes/second counter drop
1 Like

The extra nft rule works well, thank you!

1 Like