Hello! Are there good alternatives to PBR, but with kill-switch? Because when pbr reloads or router starts, its just leaking so much traffic to default gateway. Yes, i have enabled enforce policies, i have secure reload 1.
I've noticed that it leaks with nftables, not issues in 21.02.5, can you confirm the same experience?
I've since resorted to split-tunneling manually via LuCI and creating tables in rt_tables.
This behavior was also on 21.02
Anyway, how did you do split-tunneling and creating tables? Can you please explain in details? I'll be very grateful!
You can use PBR with netifd, it operates with minimum overhead.
Here are some examples and a couple of kill-switch implementations:
https://openwrt.org/docs/guide-user/network/routing/examples/pbr_netifd