Matches traffic originating in "lan" zone destined for 10.192.0.0/10 or [FC00::]/7
Sends that traffic to a service running on the router listening on 0.0.0.0:9040 and [::]:9040
I'm running OpenWrt 22.03.2. I would prefer to do this via Luci, but I am also fine with just editing /etc/config/firewall.
You may guess that this is for Tor, which is correct. I have visited the wiki pages "Tor Client" and "Tor Extra", but they just led to more confusion. This is because the setup there is more complicated than I want. I've got the DNS redirection working fine, just need help with this rule. This setup is only for occasional visits to a .onion website, and not for strict privacy preservation. When in need of privacy, I use Tor Browser.
While trying various things, I also created an interface called 'Tor', gave it static IP 10.192.0.0/10 and [FC00::]/7, and put it in a firewall zone called 'Tor'. This was probably pointless, but just mentioning it in-case it can be used for the rule I need.
Yes, I saw that before asking the question here and it left me more confused. It is more complicated than want I need/want. Not sure if ipset is still available in nftables (fw4). I also want to, preferably, just stick with the usual lan->wan forwarding and not have to create the "Allow-NonTor-Forward" rule; just want to create a rule only intercept the Tor destined traffic as I asked for.