Openvpn client and server policy routing not working

Installing and Using OpenWrt Network and Wireless Configuration
7

Thanks for your reply,

I've used vpn-policy routing, VPN Policy-Based Routing + Web UI -- Discussion

config vpn-policy-routing 'config'
	option verbosity '2'
	option ipv6_enabled '0'
	option strict_enforcement '1'
	option boot_timeout '30'
	option output_chain_enabled '1'
	option enabled '1'
	option dnsmasq_enabled '1'
	list ignored_interface 'vpn_server'

config policy
	option interface 'wan'
	option name 'vpn server'
	option local_port '1194'
	option chain 'PREROUTING'
	option proto 'udp'

config policy
	option chain 'PREROUTING'
	option interface 'wan'
	option name 'netflix'
	option remote_address 'netflix.com nflxext.com nflxvideo.net nflximg.com'
	option proto 'tcp udp'

more ip magick:

default via 163.158.128.1 dev eth0.2 table 201
default via 10.34.10.5 dev tun0 table 202
default via 192.168.8.1 dev tun1 table 203
0.0.0.0/1 via 10.34.10.5 dev tun0
default via 163.158.128.1 dev eth0.2 proto static src 163.158.129.181
10.34.10.1 via 10.34.10.5 dev tun0
10.34.10.5 dev tun0 proto kernel scope link src 10.34.10.6
46.166.188.215 via 163.158.128.1 dev eth0.2
128.0.0.0/1 via 10.34.10.5 dev tun0
163.158.128.0/20 dev eth0.2 proto kernel scope link src 163.158.129.181
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.1
192.168.8.0/24 dev tun1 proto kernel scope link src 192.168.8.1
local 10.34.10.6 dev tun0 table local proto kernel scope host src 10.34.10.6
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 163.158.128.0 dev eth0.2 table local proto kernel scope link src 163.158.129.181
local 163.158.129.181 dev eth0.2 table local proto kernel scope host src 163.158.129.181
broadcast 163.158.143.255 dev eth0.2 table local proto kernel scope link src 163.158.129.181
broadcast 192.168.0.0 dev eth0 table local proto kernel scope link src 192.168.0.1
local 192.168.0.1 dev eth0 table local proto kernel scope host src 192.168.0.1
broadcast 192.168.0.255 dev eth0 table local proto kernel scope link src 192.168.0.1
broadcast 192.168.8.0 dev tun1 table local proto kernel scope link src 192.168.8.1
local 192.168.8.1 dev tun1 table local proto kernel scope host src 192.168.8.1
broadcast 192.168.8.255 dev tun1 table local proto kernel scope link src 192.168.8.1
# Generated by iptables-save v1.6.2 on Wed Jul  3 11:16:16 2019
*nat
:PREROUTING ACCEPT [1134:329128]
:INPUT ACCEPT [176:14713]
:OUTPUT ACCEPT [217:15506]
:POSTROUTING ACCEPT [38:2346]
:postrouting_lan_rule - [0:0]
:postrouting_newzone_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_vpnserver_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_newzone_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_vpnserver_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i tun1 -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i eth0 -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i tun0 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i eth0.2 -m comment --comment "!fw3" -j zone_wan_prerouting
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o tun1 -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o eth0 -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o tun0 -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o eth0.2 -m comment --comment "!fw3" -j zone_wan_postrouting
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.141/32 -p tcp -m tcp --dport 51413 -m comment --comment "!fw3: transmission (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.141/32 -p udp -m udp --dport 51413 -m comment --comment "!fw3: transmission (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_lan_prerouting -s 192.168.0.0/24 -d 163.158.129.181/32 -p tcp -m tcp --dport 51413 -m comment --comment "!fw3: transmission (reflection)" -j DNAT --to-destination 192.168.0.141:51413
-A zone_lan_prerouting -s 192.168.0.0/24 -d 163.158.129.181/32 -p udp -m udp --dport 51413 -m comment --comment "!fw3: transmission (reflection)" -j DNAT --to-destination 192.168.0.141:51413
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -p tcp -m tcp --dport 51413 -m comment --comment "!fw3: transmission" -j DNAT --to-destination 192.168.0.141:51413
-A zone_wan_prerouting -p udp -m udp --dport 51413 -m comment --comment "!fw3: transmission" -j DNAT --to-destination 192.168.0.141:51413
COMMIT
# Completed on Wed Jul  3 11:16:16 2019
# Generated by iptables-save v1.6.2 on Wed Jul  3 11:16:16 2019
*mangle
:PREROUTING ACCEPT [390566:448580654]
:INPUT ACCEPT [181193:252837603]
:FORWARD ACCEPT [209371:195742987]
:OUTPUT ACCEPT [81479:11537430]
:POSTROUTING ACCEPT [290850:207280417]
:VPR_FORWARD - [0:0]
:VPR_INPUT - [0:0]
:VPR_OUTPUT - [0:0]
:VPR_PREROUTING - [0:0]
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
-A FORWARD -o tun0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
-A VPR_PREROUTING -d 207.45.72.215/32 -m comment --comment netflix_nflximg_com -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 207.45.72.215/32 -m comment --comment netflix_nflximg_com -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 52.32.78.165/32 -m comment --comment netflix_nflxvideo_net -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 52.32.78.165/32 -m comment --comment netflix_nflxvideo_net -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 184.73.192.76/32 -m comment --comment netflix_nflxvideo_net -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 184.73.192.76/32 -m comment --comment netflix_nflxvideo_net -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 52.32.240.186/32 -m comment --comment netflix_nflxvideo_net -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 52.32.240.186/32 -m comment --comment netflix_nflxvideo_net -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 52.32.140.41/32 -m comment --comment netflix_nflxvideo_net -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 52.32.140.41/32 -m comment --comment netflix_nflxvideo_net -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 52.16.244.17/32 -m comment --comment netflix_nflxvideo_net -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 52.16.244.17/32 -m comment --comment netflix_nflxvideo_net -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 54.89.245.208/32 -m comment --comment netflix_nflxvideo_net -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 54.89.245.208/32 -m comment --comment netflix_nflxvideo_net -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 50.17.247.31/32 -m comment --comment netflix_nflxvideo_net -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 50.17.247.31/32 -m comment --comment netflix_nflxvideo_net -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 52.18.140.121/32 -m comment --comment netflix_nflxvideo_net -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 52.18.140.121/32 -m comment --comment netflix_nflxvideo_net -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 52.17.14.207/32 -m comment --comment netflix_nflxvideo_net -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 52.17.14.207/32 -m comment --comment netflix_nflxvideo_net -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 207.45.72.215/32 -m comment --comment netflix_nflxext_com -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 207.45.72.215/32 -m comment --comment netflix_nflxext_com -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 54.77.143.196/32 -m comment --comment netflix_netflix_com -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 54.77.143.196/32 -m comment --comment netflix_netflix_com -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 52.31.109.246/32 -m comment --comment netflix_netflix_com -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 52.31.109.246/32 -m comment --comment netflix_netflix_com -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 52.30.103.23/32 -m comment --comment netflix_netflix_com -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 52.30.103.23/32 -m comment --comment netflix_netflix_com -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 34.242.59.189/32 -m comment --comment netflix_netflix_com -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 34.242.59.189/32 -m comment --comment netflix_netflix_com -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 52.18.15.9/32 -m comment --comment netflix_netflix_com -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 52.18.15.9/32 -m comment --comment netflix_netflix_com -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 34.252.179.162/32 -m comment --comment netflix_netflix_com -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 34.252.179.162/32 -m comment --comment netflix_netflix_com -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 52.17.219.77/32 -m comment --comment netflix_netflix_com -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 52.17.219.77/32 -m comment --comment netflix_netflix_com -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 52.208.245.169/32 -m comment --comment netflix_netflix_com -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -d 52.208.245.169/32 -m comment --comment netflix_netflix_com -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -p udp -m multiport --sports 1194 -m comment --comment vpn_server -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -m set --match-set VPN_SERVER dst -j MARK --set-xmark 0x30000/0xff0000
-A VPR_PREROUTING -m set --match-set PIA_VPN dst -j MARK --set-xmark 0x20000/0xff0000
-A VPR_PREROUTING -m set --match-set wan dst -j MARK --set-xmark 0x10000/0xff0000
COMMIT
# Completed on Wed Jul  3 11:16:16 2019
# Generated by iptables-save v1.6.2 on Wed Jul  3 11:16:16 2019
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_newzone_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_vpnserver_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_newzone_rule - [0:0]
:input_rule - [0:0]
:input_vpnserver_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_newzone_rule - [0:0]
:output_rule - [0:0]
:output_vpnserver_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_newzone_forward - [0:0]
:zone_newzone_input - [0:0]
:zone_newzone_output - [0:0]
:zone_vpnserver_forward - [0:0]
:zone_vpnserver_input - [0:0]
:zone_vpnserver_output - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i tun1 -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i eth0 -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i tun0 -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i eth0.2 -m comment --comment "!fw3" -j zone_wan_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i tun1 -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i eth0 -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i tun0 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i eth0.2 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o tun1 -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o eth0 -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o tun0 -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o eth0.2 -m comment --comment "!fw3" -j zone_wan_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o tun1 -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o eth0 -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i tun1 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_src_ACCEPT -i eth0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o tun0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o tun0 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth0.2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o eth0.2 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_REJECT -o tun0 -m comment --comment "!fw3" -j reject
-A zone_wan_dest_REJECT -o eth0.2 -m comment --comment "!fw3" -j reject
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 1194 -m comment --comment "!fw3: Allow-OpenVPN" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i tun0 -m comment --comment "!fw3" -j reject
-A zone_wan_src_REJECT -i eth0.2 -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Wed Jul  3 11:16:16 2019