Thanks so much for your response
I have applied with ipset
Looking at the policy and member list you defined, wan_wan2 if a user is connected and try to access yahoo won’t the member name allow him since both members applies to both wan;
Am not sure if i make my point clearly, in nutshell if WAN & WAN2 are both active, users should be allowed only on WAN and not permit yahoo.com; from the rule you drafted, if both Links are up i assumed list use_member 'wan2_m2_w2' this will permit yahoo.com otherwise please help me clarify.
yahoo rule will use wan2_wan policy. wan2_wan policy has wan2 with metric 1 and wan with metric 2.
So wan2 is preferred, unless it goes down. Then wan will be used.
Isn't that what you described?
Thanks Trendy,
I will configure with this MWAN3 and see the outcome.
The point is WAN will be primary always except it goes down and saying that if both WAN & WAN2 are up WAN2 should never be used.
The expectation as I described initially remains the same
Wan - only Facebook ipset
Wan2 - only yahoo ipset
Both interface will failover if one of them is unavailable keeping the ipset restriction on the respective wan
So means in the same mwan3 each interface will keep to his ipset definition.
Lastly wan will be the primary if both are up at any time and still only permits it’s ipset.
I see it impossible right from onset but open to any idea if possible.
You are making it really hard to explain what you want.
If I decode properly what you are saying:
Facebook - Only wan
Yahoo - Only wan2
anything else - wan primary , wan2 failover
Is that correct?