QoS to throttle traffic by interface?

General questions.
Post Reply
DecreaseBit
Posts: 4
Joined: February 2nd, 2019, 2:10 pm

QoS to throttle traffic by interface?

Post by DecreaseBit » February 2nd, 2019, 2:31 pm

Is there a way to use QoS to limit all traffic, regardless of type or destination, to / from the blue network?

I was planning on using blue to handle all my WiFi IoT traffic. Some of those devices don't get good security updates. Specifically, WyzeCam cameras aren't protected against Krack, and it's only a matter of time until that attack vector becomes weaponized. And who knows what other security vulnerabilities are lurking out there. So I have to assume my blue network will eventually become compromised.

Unfortunately, limiting traffic by port and destination IP is impossible. Wyze uses random ports, and they don't publish their infrastructure IPs.

Each cam uses a max of 1.5 Mb/s and I'm on a 100/100 connection. Limiting each device to 2 Mb, or the entire blue network to 5 Mb, would be more than enough throughput and would make the network less practical for malicious conduct.

Mentalic
Posts: 31
Joined: April 14th, 2018, 2:51 pm

Re: QoS to throttle traffic by interface?

Post by Mentalic » February 2nd, 2019, 3:57 pm

Not aware of a method to use the ipfire qos for what you describe. I too have my iot on blue network and a security cam system (wired). A quick and dirty method would be simply to limit your blue wifi device speeds which is easy to set on box's running ddwrt, possibly not easy on others.
Image
Image

DecreaseBit
Posts: 4
Joined: February 2nd, 2019, 2:10 pm

Re: QoS to throttle traffic by interface?

Post by DecreaseBit » February 2nd, 2019, 4:55 pm

Good idea. I do have a spare AP laying around and that's my backup method, but I was hoping to put my built-in WiFi adapter to use and handle all the throttling in one spot.

User avatar
FischerM
Community Developer
Community Developer
Posts: 992
Joined: November 2nd, 2011, 12:28 pm

Re: QoS to throttle traffic by interface?

Post by FischerM » February 2nd, 2019, 5:10 pm

Hi,

Depending on your configuration, perhaps you can do this - partially - with 'squid':

Image

HTH,
Matthias

Post Reply