Is this possible? In Luci, or config files, or with custom rules/scripts?
@g.L.77 , welcome to the community!
Yes, it is possible to make a firewall rule to ALLOW/REJECT/DROP from a given list of SRC IPs.
It is...but I'm not sure I'm clear on what do you mean by this (since you mention mwan3)?
Hi [lleachii], yhank you for your response!
I want to do policy based routing with 2 outgoing interfaces, based on source IP address - I need some IP addresses (client PCs) from LAN side to go out from WAN, and other from WAN2.
As there may be hundreds of non-contiguous IP addresses in both group I need to use ipsets in source address in rules.
In addition, for one of the IP group I need failover, so MWAN3 seems to be the tool for my purposes.
There is another request for same, but I saw it later:
Can mwan3.user file be used for iptables commands in Chain "mwan3_rules"?
To answer myself, mwan3.user can be used, just add iptables rule
"iptables -t mangle -I mwan3_rules -m set --match-set s_ipset src -m mark --mark 0x0/0x3f00 -j mwan3_policy_wan2_only", where "s_ipset" is ipset list with source IP addresses.
This make double rules in "mwan3_rules" chain because of double invoking of script on 2 WAN interfaces events, but it is not a problem.
This rule do only source IP based policy routing, not failover, nor balancing.
1 Like