I want to limit internet connectivity at certain time for vlan. I added rule to drop traffic at traffic rules page in LUCI. However, already established connections continued to work.
In order to bypass forward rule for established connections I added following custom rule.
chain user_pre_forward {
type filter hook forward priority filter - 1; policy accept;
iifname "br-lan.2" meta hour != "09:00"-"22:00" drop
}
Now, if flow offloading is disabled everything works intended. However, if flow offloading is active established connections still flow.
It looks like offload tables should be purged at time boundaries. How do I do so?