That's the one I tried to follow. So the guide just has a note at the top about different names for packages now, but the rest of the guide still uses old names, and the gui experience doesn't seem to match up with the guide. A lot of the thread that I read was comments discussing bugs, nothing useful to a first timer.
An example of a point of confusing as a newbie is that dnsmasq or something is said to not be supported in the GUI, with the only value it can be set to is "Disabled" but in one of the first comments in the thread you liked it is "added".
"If you're using pbr on an x86_64 system, you can install the dnsmasq 2.87 from this post 37 and test the pbr in the nft mode."
So is nft good? Should I be forcing everything through iptables? What is the upside or downside? What stops DNS leaks?
Besides that post, it escapes me why the gui (nor commandline) isn't intuitive. If I designed a gui for policy based routing, what I would do is pick a style of rule (device, domain, etc.), ask what the default route should be, and then ask for devices or domains that should go through the other route (or even same as default for redundancy). That isn't something I'm seeing. And I have managed to set up, pripr to nuking, a vpn instance where PBR should have been capturing anything connected to funnel through VPN and the iptrst/dnslesktest sites would basically be a coinflip if it was "real" IP or VPN IP shown.. I'll read that thrrad again, but definitely didn't catch my eye the first time anything of immediate use for a newbie.
Edit: Policy-Based-Routing (pbr) package discussion - #140 by AlexK
An example of elusiveness. AlexK missed something, segrin says read the readme (which readme? A newbie may never know, there were only 4 linked at the top of discussion; and what part of the readme? A newbie may never know, there is only a dozen sections with many subsections in some readmes.) Then AlexK just follows up to say he figured it out, to no aid for a newbie.
I might have stumbled upon the readme and section that is useful, but it sure is confusing.
"Each package of the service has its own dependencies, so only pbr-iptables can be installed on OpenWrt 21.02 and earlier, but either pbr or pbr-iptables can be installed on OpenWrt 22.03. It is recommended to install pbr on OpenWrt 22.03 and if you want to use use dnsmasq ipset support, install dnsmasq-full, also install legacy iptables/ipset packages and then change resolver_set option to dnsmasq.ipset to force iptables/ipset mode."
That's my guess to where AlexK got their answer, but I do not recall seeing anything about resolver_set. Is that command line only? Is there a place in the GUI to flip that? And if we are trying to revert back to iptables, what then is the benefit of nftables?