MWan3 IPSET Rules for specific domains failing - With Hack Fix

chrisphotonic · September 20, 2017, 6:26pm

Anyone else having a problem with IPSet and mwan3? After configuring everything. There is an issue where none of my ipsets work. If I check them with 'ipset -L' they are still not listed after rebooting.

I did find a workaround by creating the ipset manually via the command line and then dnsmasq is updating them correctly. Is this a registered known bug or am I doing something wrong? I had this working in openwrt 15.01, without the hack.

For example, creating the IPs manually allows dnsmasq to use it
ipset -N whatsmyip iphash

/etc/dnsmasq.conf
ipset=/www.whatsmyip.org/whatsmyip

mwan config rule
config rule 'whatsmyip'
** option proto 'all'**
** option sticky '0'**
** option ipset 'whatsmyip'**
** option use_policy 'wan_only'**

stangri · September 21, 2017, 4:12am

AFAIK the actual config file location for dnsmasq (not the uci-ed settings) has changed in 17.x over 15.x and that could be the reason.

The neater solution would be to add the ipset to the /etc/config/dhcp file.

chrisphotonic · September 21, 2017, 1:41pm

I did add the following during testing:

list ipset '/hulu.com/hulu' in my /etc/config/dhcp but it didn't have an effect. When I did a ipset -L - it never showed up.

schadow1 · March 22, 2018, 5:08pm

same issue here on archer c7 v4 on lede snapshot. had to do your hack so it would work. any known automatic workarounds or fix at this point in time?

lleachii · March 22, 2018, 6:07pm

Ipsets should be added to firewall, not dhcp.

leeandy · April 28, 2019, 8:12am

Same issue on lastest snapshot. You need add this at local startup, correct command is:
ipset -N whatsmyip hash:ip