openwrt-packages/net/pbr/files/usr/share/pbr/pbr.user.wg_server_and_client

#!/bin/sh
# shellcheck disable=SC1091,SC3043
# This code is based on idea of https://github.com/egc112

WAN_INTERFACE='wan'
_ret='1'

insert_ip_rule() {
	local proto listen_port
	config_get proto "$1" proto
	config_get listen_port "$1" listen_port
	if [ "$proto" = 'wireguard' ] && [ -n "$listen_port" ]; then
		ip rule del sport "$listen_port" table "pbr_${WAN_INTERFACE}" >/dev/null 2>&1
		ip rule add sport "$listen_port" table "pbr_${WAN_INTERFACE}" >/dev/null 2>&1 && _ret=0
	fi
}

. /lib/functions.sh
config_load network
config_foreach insert_ip_rule 'interface'

return $_ret
pbr: update to 1.1.4-5 This update includes the following changes: 1. Makefile * update copyright * attempt to implement the proper variants to avoid luci-app dependency on both variants * quietly stop service on uninstall 2. Config-file * add the list of dnsmasq instances to target in supported dnsmasq modes * for default pbr variant, set the `resolver_set` to `dnsmasq.nftset` * for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset` * add the `nft_file_support` (disabled by default) * introduce `procd_boot_delay` to delay service start on boot * introduce the following nft set creation options: * nft_set_auto_merge * nft_set_counter * nft_set_flags_interval * nft_set_flags_timeout * nft_set_gc_interval * nft_set_policy * nft_set_timeout * add the pbr.user.wg_server_and_client custom user script to allow running wg server and client at the same time * add the "Ignore Local Requests" sample policy 3. Hotplug firewall/interface scripts * better logged messages 4. The pbr and pbr-iptables uci defaults script * use functions from the init script * improve vpn-policy-routing migration 5. The pbr-netifd uci defaults script * use functions from the init script * improve uci operations 6. Introduce the firewall.include file 7. Improve pbr.user.aws custom user script 8. Improve pbr.user.netflix custom user script 9. Introduce pbr.user.wg_server_and_client custom user script 10. Update the init file: * refactor some code to allow the init script file to be sourced by the uci defaults scripts and the luci rpcd script for shared functions * add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include file for faster operations on service reload * improve Tor support (nft mode only) * implement support for nft set options * update validation functions for new options/parameters Signed-off-by: Stan Grishin <stangri@melmac.ca> 2024-03-18 02:43:50 +01:00			`#!/bin/sh`
			`# shellcheck disable=SC1091,SC3043`
			`# This code is based on idea of https://github.com/egc112`

			`WAN_INTERFACE='wan'`
			`_ret='1'`

			`insert_ip_rule() {`
			`local proto listen_port`
			`config_get proto "$1" proto`
			`config_get listen_port "$1" listen_port`
			`if [ "$proto" = 'wireguard' ] && [ -n "$listen_port" ]; then`
			`ip rule del sport "$listen_port" table "pbr_${WAN_INTERFACE}" >/dev/null 2>&1`
			`ip rule add sport "$listen_port" table "pbr_${WAN_INTERFACE}" >/dev/null 2>&1 && _ret=0`
			`fi`
			`}`

			`. /lib/functions.sh`
			`config_load network`
			`config_foreach insert_ip_rule 'interface'`

			`return $_ret`