Netifd supports IP rule declarations which are required to implement policy routing.
IPv4 rules can be defined by declaring one or more sections of type
rule, IPv6 rules are denoted by sections of type
rule6. Both types share the same set of defined options.
A simple IPv4 rule may look like:
config rule option mark '0xFF' option in 'lan' option dest '172.16.0.0/16' option lookup '100'
0xFFis a fwmark to be matched
lanis the incoming logical interface name
172.16.0.0/16is the destination subnet to match
100is the routing table ID to use for the matched traffic
Similary, an IPv6 rule looks like:
config rule6 option in 'vpn' option dest 'fdca:1234::/64' option action 'prohibit'
vpnis the incoming logical interface name
fdca:1234::/64is the destination subnet to match
prohibitis a routing action to take
| ||string||no||(none)||Specifies the incoming logical interface name|
| ||string||no||(none)||Specifies the outgoing logical interface name|
| ||ip subnet||no||(none)||Specifies the source subnet to match (CIDR notation)|
| ||ip subnet||no||(none)||Specifies the destination subnet to match (CIDR notation)|
| ||integer||no||(none)||Specifies the TOS value to match in IP headers|
| ||mark/mask||no||(none)|| Specifies the fwmark and optionally its mask to match, e.g.
| ||integer||no||(none)||Reject routing decisions that have a prefix length less than or equal to the specified value|
| ||boolean||no|| || If set to
| ||integer||no||(incrementing)||Controls the order of the IP rules, by default the priority is auto-assigned so that they are processed in the same order they're declared in the config file|
| ||routing table||at least one of||(none)|| The rule target is a table lookup, the ID can be either a numeric table index ranging from
| ||rule index|| The rule target is a jump to another rule specified by its
| ||string||The rule target is one of the routing actions outlined in the table below|
| ||When reaching the rule, respond with ICMP prohibited messages and abort route lookup|
| ||When reaching the rule, respond with ICMP unreachable messages and abort route lookup|
| ||When reaching the rule, drop packet and abort route lookup|
| ||Stop lookup in the current routing table even if a default route exists|