Show pagesourceOld revisionsBacklinksBack to top × Table of Contents IP rules (policy routing) Options for IP rule (rule and rule6) sections Routing Actions Examples Policy-based routing IP rules (policy routing) See also: mwan3, VPN Policy-Based Routing Netifd supports IP rule declarations which are required to implement policy routing. IPv4 rules can be defined by declaring one or more sections of type rule, IPv6 rules are denoted by sections of type rule6. Both types share the same set of defined options. A simple IPv4 rule may look like: config rule option mark '0xFF' option in 'lan' option dest '172.16.0.0/16' option lookup '100' 0xFF is a fwmark to be matched lan is the incoming logical interface name 172.16.0.0/16 is the destination subnet to match 100 is the routing table ID to use for the matched traffic Similary, an IPv6 rule looks like: config rule6 option in 'vpn' option dest 'fdca:1234::/64' option action 'prohibit' vpn is the incoming logical interface name fdca:1234::/64 is the destination subnet to match prohibit is a routing action to take Options for IP rule (rule and rule6) sections Name Type Required Default Description in string no (none) Specifies the incoming logical interface name out string no (none) Specifies the outgoing logical interface name src ip subnet no (none) Specifies the source subnet to match (CIDR notation) dest ip subnet no (none) Specifies the destination subnet to match (CIDR notation) tos integer no (none) Specifies the TOS value to match in IP headers mark mark/mask no (none) Specifies the fwmark and optionally its mask to match, e.g. 0xFF to match mark 255 or 0x0/0x1 to match any even mark value suppress_prefixlength integer no (none) Reject routing decisions that have a prefix length less than or equal to the specified value invert boolean no 0 If set to 1, the meaning of the match options is inverted priority integer no (incrementing) Controls the order of the IP rules, by default the priority is auto-assigned so that they are processed in the same order they're declared in the config file lookup routing table at least one of (none) The rule target is a table lookup, the ID can be either a numeric table index ranging from 0 to 65535 or a symbolic alias declared in /etc/iproute2/rt_tables. The special aliases local (255), main (254) and default (253) are recognized as well goto rule index The rule target is a jump to another rule specified by its priority value action string The rule target is one of the routing actions outlined in the table below Routing Actions Action Description prohibit When reaching the rule, respond with ICMP prohibited messages and abort route lookup unreachable When reaching the rule, respond with ICMP unreachable messages and abort route lookup blackhole When reaching the rule, drop packet and abort route lookup throw Stop lookup in the current routing table even if a default route exists Examples Policy-based routing Route specific LAN to specific WAN. # Use custom routing table for LAN uci set network.lanx.ip4table="100" uci set network.lanx.ip6table="100" # Use custom routing table for WAN uci set network.wanx.ip4table="100" uci set network.wanx.ip6table="100" # LAN to WAN rule uci -q delete network.lanx_wanx uci set network.lanx_wanx="rule" uci set network.lanx_wanx.in="lanx" uci set network.lanx_wanx.lookup="100" # WAN to LAN rule uci -q delete network.wanx_lanx uci set network.wanx_lanx="rule" uci set network.wanx_lanx.in="wanx" uci set network.wanx_lanx.lookup="100" # Save and apply uci commit network /etc/init.d/network restart This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.OKMore information about cookies Last modified: 2020/12/07 19:48by vgaetera