I’m trying to strictly limit system resources, running on my NixOS machine. I was able to limit memory and CPU usage, using systemd configuration, but systemd is unable to limit certain services from using all of the network capabilities. Furthermore, I need to limit network speeds for ports, but not for services. Is there’s any way to limit network speed for income and outcome(separatedly), declaratively and using standart NixOS firewall?
1 Like
there doesn’t seem to be any limiting options in the the nixos networking modules, apart from
Option name
networking.firewall.pingLimit
Name
networking.firewall.pingLimit
Description
If pings are allowed, this allows setting rate limits on them. If non-null, this option should be in the form of flags like "--limit 1/minute --limit-burst 5"
Default value
Not given
Type
null or strings concatenated with " "
Example value
"--limit 1/minute --limit-burst 5"
Declared in
nixos/modules/services/networking/firewall.nix
Which only will limit internet control message protocol packets .
You can hot wire the firewall with your own iptables limit rules… I need to look into this myself.
however, I did see
which seems to be made for this purpose… I’ve not used it but it may be give you some clues.
What exactly is your use case, sometimes limiting things can not give you quite the results you would expect… qos seems to ‘work’ best on your gateway (if you have control of this), as this is usually where wider area network bandwidth is lower than local area network bandwidth.
I also missed
Which is the alternative, but may break some things? Apparently it doesn’t work with NAT currently, but this may have been fixed…
You’ve got some options to play with, report back your ‘limiting’.
1 Like