Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:network:wan:multiwan:mwan3 [2023/10/21 07:34] – [OpenWrt version] jamesmacwhite | docs:guide-user:network:wan:multiwan:mwan3 [2024/05/17 08:30] – [nft2ipset init script] jamesmacwhite | ||
|---|---|---|---|
| Line 62: | Line 62: | ||
| === 23.05 === | === 23.05 === | ||
| - | mwan3 is mostly unchanged between 22.03 and 23.05, with some additional fixes but otherwise mostly the same. | + | The mwan3 package |
| + | |||
| + | **Known issues:** | ||
| + | |||
| + | * [[https:// | ||
| === 22.03 === | === 22.03 === | ||
| - | 22.03 switched to nftables for firewall management, mwan3 has not been updated to natively support nftables yet and therefore needs the '' | + | 22.03 switched to firewall4/nftables for firewall management, mwan3 has not been updated to natively support nftables yet and therefore needs the '' |
| **Known issues:** | **Known issues:** | ||
| Line 617: | Line 621: | ||
| === ipset support === | === ipset support === | ||
| + | |||
| + | <WRAP center important 100%> | ||
| + | ipset functionality is broken in 23.05 due to the '' | ||
| + | </ | ||
| ipset is designed to store multiple IP addresses in a single collection, while being performant and easier to maintain. Common usages of ipset include storing large amounts of IP addresses or ranges in a single set as well as conditional routing by domain. As routing ultimately works at the IP layer, being able to use ipset with domain based policies is useful for many websites or services which use multiple IP addresses or large Content Delivery Networks which means the IP address of that domain is constantly changing, individually adding these IP addresses would become unmanageable very quickly, ipset can help maintain this for you. | ipset is designed to store multiple IP addresses in a single collection, while being performant and easier to maintain. Common usages of ipset include storing large amounts of IP addresses or ranges in a single set as well as conditional routing by domain. As routing ultimately works at the IP layer, being able to use ipset with domain based policies is useful for many websites or services which use multiple IP addresses or large Content Delivery Networks which means the IP address of that domain is constantly changing, individually adding these IP addresses would become unmanageable very quickly, ipset can help maintain this for you. | ||
| Line 1344: | Line 1352: | ||
| option family ' | option family ' | ||
| option use_policy ' | option use_policy ' | ||
| + | </ | ||
| + | |||
| + | ==== nft2ipset init script ==== | ||
| + | |||
| + | Due to the default firewall (fw4) now being based on nftables (rather than iptables), the ipset functionality commonly used in conjunction with dnsmasq and mwan3 no longer works in 23.05 releases. This is due to mwan3 not being fully compatible with nftables and requiring iptables compatibility/ | ||
| + | |||
| + | You will need to use nfset with dnsmasq for ipset polices to be created, which mwan3 only supports at this time. mwan3 currently does not support nfset in rules directly, hence the need to create ipset policies. | ||
| + | |||
| + | For help with this init script, please message @Kishi on the forum thread and also thank them if you found this useful! | ||
| + | |||
| + | The script is [[https:// | ||
| + | |||
| + | Installation instructions: | ||
| + | |||
| + | < | ||
| + | wget -O / | ||
| + | chmod +x / | ||
| + | service nft2ipset enable | ||
| + | service nft2ipset start | ||
| </ | </ | ||