Hello there,
So I was just checking some scripts and configurations to see if I can learn something about fw marks and such.
But then I noticed that the vanilla vpn policies from gl-inet save their rules inside the network configuration rather than inside firewall config?
As of now the policies just work fine, but isn’t this just a typo inside the policy script?, the node layout looks identical as from the firewall config when I add a firewall rule via luci.
script in question:
root@GL-AXT1800:/etc/init.d# cat vpnpolicy
#!/bin/sh /etc/rc.common
START=18
start() {
enable=$(uci get "vpnpolicy.global.kill_switch")
[ "$enable" = 2 ] && {
mkdir -p /tmp/dnsmasq.d/
echo conntrack >/tmp/dnsmasq.d/safe_mode_conntrack
}
uci set network.policy_bypass_vpn="rule"
uci set network.policy_bypass_vpn.mark="0x60000/0x60000"
uci set network.policy_bypass_vpn.lookup="53"
uci set network.policy_bypass_vpn.priority="53"
uci set network.policy_via_vpn="rule"
uci set network.policy_via_vpn.mark="0x80000/0x80000"
uci set network.policy_via_vpn.lookup="52"
uci set network.policy_via_vpn.priority="52"
uci set network.policy_dns="rule"
uci set network.policy_dns.mark="0x100000/0x100000"
uci set network.policy_dns.lookup="51"
uci set network.policy_dns.priority="51"
uci commit network
ipset create via_vpn_domain hash:net
ipset create bypass_vpn_domain hash:net
ipset create via_vpn_mac hash:mac
ipset create bypass_vpn_mac hash:mac
}