Policy-Based-Routing (pbr) package discussion

Hi, can you add support for ipt/nft transparent proxy support?
There's some proxy software supports transparent proxy, for exmple shadowsocks-libev and Tor.
However, there's not a generic package for setting up transparent proxy. shadowsocks-libev has ss-rules for doing this. But it can not be used with other proxy software.
I searched package repo and found pbr has support for Tor transparent proxy: https://github.com/openwrt/packages/blob/71741d1a251cd2d3bf7b17891dbe3d59d3d63c76/net/pbr/files/etc/init.d/pbr.init#L1608
But I can't find any documents for that. Is this feature still working in progress?
Thanks for your great work!

Ping @yousong as he is maintainer of shadowsocks-libev.

Tor support has been fully implemented.

Proxy for what?

Last version is dnsmasq-full_2.88-1 and works fine.
If you are not using a snapshot firmeware, then you have to find this files on snapshots repository of your router and install them:

• libubox20220927_2022-09-27-ea560134-1
• libubox-lua_2022-09-27-ea560134-1
• dnsmasq-full_2.88-1

image1069×788 128 KB

The "transparent proxy" I said means iptables/nftables REDIRECT or TPROXY.
https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TransparentProxy https://www.kernel.org/doc/html/latest/networking/tproxy.html

I hope you can make the "Tor transparent proxy" function become a generic one. Allowing user specify target port. And it is better to allow policies target set to this transparent proxy.

Thanks I managed to install latest dnsmasq following your steps:-

wget https://downloads.openwrt.org/snapshots/packages/mips_24kc/base/dnsmasq-full_2.88-1_mips_24kc.ipk
wget https://downloads.openwrt.org/snapshots/packages/mips_24kc/base/libubox-lua_2022-09-27-ea560134-1_mips_24kc.ipk
wget https://downloads.openwrt.org/snapshots/packages/mips_24kc/base/libubox20220927_2022-09-27-ea560134-1_mips_24kc.ipk

opkg install libubox20220927_2022-09-27-ea560134-1_mips_24kc.ipk
opkg install libubox-lua_2022-09-27-ea560134-1_mips_24kc.ipk
opkg install dnsmasq-full_2.88-1_mips_24kc.ipk

image685×612 30 KB

image950×409 16.4 KB

I'm open to accepting the PR to support this.

Thanks! I don't know much about firewall, I will have a try.

@stangri

make menuconfig
tmp/.config-package.in:56630:error: recursive dependency detected!
tmp/.config-package.in:56630:	symbol PACKAGE_luci-app-pbr depends on PACKAGE_luci-app-pbr

When I try to install those packages it gives me below error with 22.03.2. How did you force install them and did you have any issues with using newer versions?

root@OpenWrt:~# opkg install libubox20220927_2022-09-27-ea560134-1_mips_24kc.ipk
Unknown package 'libubox20220927'.
Collected errors:
 * pkg_hash_fetch_best_installation_candidate: Packages for libubox20220927 found, but incompatible with the architectures configured
 * opkg_install_cmd: Cannot install package libubox20220927.

Any details?

Do you have mips_24kc?
"...you have to find this files on snapshots repository of your router"

Yes, compile openwrt from source, when I type make menuconfig I get that message if PBR selected

I am having problems with Primevideo. My setup is such that my router that does PBR is cascaded to my ISPs router LAN side.
When I connect my laptop to my ISPs router I am able to access PrimeVideo content that is allowed for my country.
On my PBR router, this would be the equivalent of enabling the " Custom User File Includes" for AWS:

AMZN-PBR1302×407 19 KB

However, with that enabled, I am not able to access Primevideo. I get the message that my "device is connected to the Internet using a VPN or proxy service".

2023-01-08 (1)1915×968 229 KB

I find this strange since anything to do with AMZN should be routed via the WAN (equivalent to connecting directly to my ISPs router).
Does anyone have clues as to what could be the issue??

I am using 22.03.2 with pbr-1.0.1-3 using nft.

root@Belkin-RT3200:~# /etc/init.d/pbr reload
Activating traffic killswitch [✓]
Setting up routing for 'wan/192.168.1.1' [✓]
Setting up routing for 'vpnclient0/0.0.0.0' [✓]
Setting up routing for 'vpnclient1/0.0.0.0' [✓]
Setting up routing for 'vpnclient2/0.0.0.0' [✓]
Setting up routing for 'wgc0/10.5.0.2' [✓]
Routing 'KE' via wan [✓]
Routing 'HASS-PiHole' via wan [✓]
Running /usr/share/pbr/pbr.user.aws [✓]
Running /usr/share/pbr/pbr.user.ke.lst [✓]
Deactivating traffic killswitch [✓]
pbr 1.0.1-3 monitoring interfaces: wan vpnclient0 vpnclient1 vpnclient2 wgc0
pbr 1.0.1-3 (nft) started with gateways:
wan/192.168.1.1
vpnclient0/0.0.0.0
vpnclient1/0.0.0.0
vpnclient2/0.0.0.0
wgc0/10.5.0.2 [✓]
root@Belkin-RT3200:~#

config pbr 'config'
        option verbosity '2'
        option strict_enforcement '1'
        option resolver_set 'none'
        option ipv6_enabled '0'
        list supported_interface 'vpnclient0 vpnclient1 vpnclient2'
        list ignored_interface 'vpnserver'
        list ignored_interface 'wgserver'
        option boot_timeout '30'
        option rule_create_option 'add'
        option procd_reload_delay '1'
        option webui_show_ignore_target '0'
        list webui_supported_protocol 'all'
        list webui_supported_protocol 'tcp'
        list webui_supported_protocol 'udp'
        list webui_supported_protocol 'tcp udp'
        list webui_supported_protocol 'icmp'
        option enabled '1'

config include
        option path '/usr/share/pbr/pbr.user.aws'
        option enabled '1'

config include
        option path '/usr/share/pbr/pbr.user.ke.lst'
        option enabled '1'

config include
        option path '/usr/share/pbr/pbr.user.netflix'

config policy
        option name 'Plex/Emby Local Server'
        option interface 'wan'
        option src_port '8096 8920 32400'
        option enabled '0'

config policy
        option name 'Plex/Emby Remote Servers'
        option interface 'wan'
        option dest_addr 'plex.tv my.plexapp.com emby.media app.emby.media tv.emby.media'
        option enabled '0'

config policy
        option name 'WireGuard Server'
        option interface 'wan'
        option src_port '51820'
        option chain 'output'
        option proto 'udp'
        option enabled '0'

config policy
        option name 'amzn'
        option dest_addr 'amazon.com amazon.co.uk amazonvideo.com primevideo.com'
        option interface 'wan'
        option enabled '0'

config policy
        option name 'KE'
        option interface 'wan'
        option dest_addr '197.232.105.66 41.212.32.14 gw.titan.co.ke earnapp.com mail.panafcon.net jumia.co.ke facebook.com'

config policy
        option name 'HASS-PiHole'
        option interface 'wan'
        option src_addr '172.16.17.106'

config policy
        option name 'FireTVCube'
        option src_addr '172.16.18.99'
        option interface 'wan'
        option enabled '0'

============================================================
pbr - environment
pbr 1.0.1-3 running on OpenWrt 22.03.3. WAN (IPv4): wan/wan/192.168.1.1.
============================================================
Dnsmasq version 2.86  Copyright (c) 2000-2021 Simon Kelley
Compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC no-ID loop-detect inotify dumpfile
============================================================
pbr chains - policies
	chain pbr_forward {
	}
	chain pbr_input {
	}
	chain pbr_output {
	}
	chain pbr_prerouting {
		ip daddr @pbr_wan_4_dst_ip_cfg096ff5 goto pbr_mark_0x010000 comment "KE"
		ip saddr @pbr_wan_4_src_ip_cfg0a6ff5 goto pbr_mark_0x010000 comment "HASS-PiHole"
		ip daddr @pbr_wan_4_dst_ip_user goto pbr_mark_0x010000
		ip saddr @pbr_wan_4_src_ip_user goto pbr_mark_0x010000
		ether saddr @pbr_wan_4_src_mac_user goto pbr_mark_0x010000
		ip daddr @pbr_vpnclient0_4_dst_ip_user goto pbr_mark_0x020000
		ip saddr @pbr_vpnclient0_4_src_ip_user goto pbr_mark_0x020000
		ether saddr @pbr_vpnclient0_4_src_mac_user goto pbr_mark_0x020000
		ip daddr @pbr_vpnclient1_4_dst_ip_user goto pbr_mark_0x030000
		ip saddr @pbr_vpnclient1_4_src_ip_user goto pbr_mark_0x030000
		ether saddr @pbr_vpnclient1_4_src_mac_user goto pbr_mark_0x030000
		ip daddr @pbr_vpnclient2_4_dst_ip_user goto pbr_mark_0x040000
		ip saddr @pbr_vpnclient2_4_src_ip_user goto pbr_mark_0x040000
		ether saddr @pbr_vpnclient2_4_src_mac_user goto pbr_mark_0x040000
		ip daddr @pbr_wgc0_4_dst_ip_user goto pbr_mark_0x050000
		ip saddr @pbr_wgc0_4_src_ip_user goto pbr_mark_0x050000
		ether saddr @pbr_wgc0_4_src_mac_user goto pbr_mark_0x050000
	}
	chain pbr_postrouting {
	}
============================================================
pbr chains - marking
	chain pbr_mark_0x010000 {
		counter packets 222 bytes 122302 meta mark set meta mark & 0xff01ffff | 0x00010000
		return
	}
	chain pbr_mark_0x020000 {
		counter packets 0 bytes 0 meta mark set meta mark & 0xff02ffff | 0x00020000
		return
	}
	chain pbr_mark_0x030000 {
		counter packets 0 bytes 0 meta mark set meta mark & 0xff03ffff | 0x00030000
		return
	}
	chain pbr_mark_0x040000 {
		counter packets 0 bytes 0 meta mark set meta mark & 0xff04ffff | 0x00040000
		return
	}
	chain pbr_mark_0x050000 {
		counter packets 0 bytes 0 meta mark set meta mark & 0xff05ffff | 0x00050000
		return
	}
============================================================
pbr nft sets
	set pbr_wan_4_dst_ip_cfg096ff5 {
		type ipv4_addr
		flags interval
		auto-merge
		comment "KE"
		elements = { 41.212.32.14, 41.222.14.206,
			     102.132.96.35, 104.16.109.55,
			     104.16.110.55, 104.22.74.214,
			     104.22.75.214, 172.67.25.47,
			     197.232.25.162, 197.232.105.66 }
	}
	set pbr_wan_4_src_ip_cfg0a6ff5 {
		type ipv4_addr
		flags interval
		auto-merge
		comment "HASS-PiHole"
		elements = { 172.16.17.106 }
	}
	set pbr_wan_4_dst_ip_user {
		type ipv4_addr
		policy memory
		flags interval
		auto-merge
		comment ""
		elements = { 3.0.0.0-3.2.0.255, 3.2.2.0/23,
			     3.2.8.0/21, 3.2.32.0/24,
			     3.2.33.64-3.2.34.63, 3.2.34.128-3.2.36.127,
			     3.2.37.0/26, 3.2.37.128/26,
			     3.2.38.0/26, 3.2.38.128-3.2.39.191,
			     3.2.40.0/25, 3.2.41.0-3.2.42.127,
			     3.2.42.192-3.2.43.127, 3.2.47.0/25,
			     3.2.47.192-3.2.50.255, 3.3.0.0-3.3.2.255,
			     3.3.5.0-3.3.31.255, 3.4.0.0-3.4.4.255,
			     3.4.6.0-3.4.8.255, 3.4.16.0/20,
			     3.5.0.0-3.5.59.255, 3.5.64.0-3.5.73.255,
			     3.5.76.0-3.5.87.255, 3.5.128.0-3.5.169.255,
			     3.5.208.0-3.5.213.255, 3.5.216.0-3.32.255.255,
			     3.33.34.0/23, 3.33.44.0/22,
			     3.33.128.0-3.39.255.255, 3.64.0.0-3.99.255.255,
			     3.101.0.0/16, 3.104.0.0-3.115.255.255,
			     3.120.0.0-3.151.255.255, 3.160.0.0/14,
			     3.208.0.0-3.239.255.255, 3.248.0.0/13,
			     13.32.0.0/15, 13.34.0.128/26,
			     13.34.1.0/26, 13.34.2.0/26,
			     13.34.2.128/26, 13.34.3.128/25,
			     13.34.4.64/26, 13.34.5.0/24,
			     13.34.6.192-13.34.7.127, 13.34.7.192/26,
			     13.34.8.64/26, 13.34.9.0/26,
			     13.34.9.76, 13.34.10.128/26,
			     13.34.11.0/26, 13.34.11.128/25,
			     13.34.12.64/26, 13.34.12.192-13.34.13.63,
			     13.34.13.128/26, 13.34.14.128-13.34.15.63,
			     13.34.15.128/26, 13.34.16.64-13.34.17.127,
			     13.34.18.128/25, 13.34.19.64/26,
			     13.34.19.192-13.34.20.127, 13.34.20.192/26,
			     13.34.21.64-13.34.21.223, 13.34.22.88-13.34.23.255,
			     13.34.24.64-13.34.24.223, 13.34.25.64-13.34.25.223,
			     13.34.25.248-13.34.26.223, 13.34.27.0-13.34.27.159,
			     13.34.28.0-13.34.32.191, 13.34.33.0-13.34.38.191,
			     13.34.39.0-13.34.68.191, 13.34.69.0-13.34.86.63,
			     13.34.86.96-13.34.88.191, 13.35.0.0-13.43.255.255,
			     13.48.0.0-13.59.255.255, 13.112.0.0/14,
			     13.124.0.0/14, 13.184.0.0/13,
			     13.200.0.0-13.215.255.255, 13.224.0.0/12,
			     13.244.0.0-13.248.73.255, 13.248.96.0-13.251.255.255,
			     15.152.0.0/16, 15.156.0.0-15.158.255.255,
			     15.160.0.0/15, 15.164.0.0/15,
			     15.168.0.0/16, 15.177.0.0-15.177.94.255,
			     15.177.96.0-15.177.100.255, 15.181.0.0-15.181.254.255,
			     15.184.0.0/15, 15.188.0.0/16,
			     15.190.0.0/22, 15.190.8.0/22,
			     15.190.16.0/20, 15.190.48.0/20,
			     15.193.0.0/19, 15.197.0.0-15.197.39.255,
			     15.197.128.0/17, 15.200.0.0/16,
			     15.205.0.0-15.207.255.255, 15.220.0.0-15.220.207.255,
			     15.220.208.128/26, 15.220.216.0-15.221.53.255,
			     15.221.128.0/22, 15.222.0.0/15,
			     15.228.0.0/15, 15.230.0.4-15.230.0.9,
			     15.230.0.12-15.230.0.14, 15.230.4.19,
			     15.230.4.152-15.230.4.167, 15.230.4.176/28,
			     15.230.5.0-15.230.6.255, 15.230.9.10-15.230.9.15,
			     15.230.9.44/30, 15.230.9.248,
			     15.230.9.252/31, 15.230.14.12,
			     15.230.14.17-15.230.14.23, 15.230.14.248/31,
			     15.230.14.252/31, 15.230.16.0,
			     15.230.16.12, 15.230.16.17-15.230.16.23,
			     15.230.16.196/30, 15.230.16.252/31,
			     15.230.18.0/24, 15.230.19.12,
			     15.230.19.18/31, 15.230.19.248-15.230.19.253,
			     15.230.21.0-15.230.32.255, 15.230.35.0-15.230.43.255,
			     15.230.49.0-15.230.63.6, 15.230.64.0-15.230.79.191,
			     15.230.80.0/20, 15.230.129.0-15.230.133.24,
			     15.230.133.26-15.230.133.31, 15.230.134.0-15.230.138.255,
			     15.230.140.0-15.230.145.255, 15.230.148.0-15.230.149.1,
			     15.230.149.4/31, 15.230.149.8/30,
			     15.230.150.0-15.230.169.7, 15.230.170.0/23,
			     15.230.173.0-15.230.174.255, 15.230.176.0-15.230.177.4,
			     15.230.178.0-15.230.179.23, 15.230.180.0-15.230.186.255,
			     15.230.188.0-15.230.190.255, 15.230.192.0-15.230.199.15,
			     15.230.200.0-15.230.202.3, 15.230.203.0-15.230.204.3,
			     15.230.205.0-15.230.208.255, 15.230.210.0-15.230.215.255,
			     15.230.217.0-15.230.223.5, 15.230.240.0-15.230.251.6,
			     15.230.252.0-15.230.254.4, 15.230.255.0/24,
			     15.236.0.0/15, 15.248.8.0/22,
			     15.248.16.0-15.248.43.255, 15.248.48.0/21,
			     15.248.64.0/21, 15.251.0.0/28,
			     15.251.0.20-15.251.0.29, 15.253.0.0-15.254.255.255,
			     16.12.0.0-16.12.2.255, 16.12.4.0-16.12.20.255,
			     16.12.24.0-16.12.41.255, 16.12.48.0-16.12.58.255,
			     16.16.0.0/16, 16.24.0.0/14,
			     16.50.0.0-16.55.255.255, 16.62.0.0/15,
			     16.78.0.0/15, 16.154.0.0-16.159.255.255,
			     16.162.0.0/15, 16.168.0.0/14,
			     16.176.0.0/14, 16.182.0.0/16,
			     18.34.0.0-18.34.79.255, 18.34.232.0-18.34.255.255,
			     18.60.0.0/15, 18.64.0.0-18.68.255.255,
			     18.88.0.0/18, 18.88.128.0/18,
			     18.89.0.0/18, 18.100.0.0-18.102.255.255,
			     18.116.0.0/14, 18.130.0.0/16,
			     18.132.0.0-18.136.255.255, 18.138.0.0-18.145.255.255,
			     18.153.0.0-18.173.255.255, 18.175.0.0-18.185.255.255,
			     18.188.0.0-18.239.255.255, 18.244.0.0-18.246.255.255,
			     18.252.0.0-18.254.255.255, 23.20.0.0/14,
			     27.0.0.0/22, 34.192.0.0/10,
			     35.71.64.0-35.71.75.255, 35.71.96.0-35.71.121.255,
			     35.71.128.0-35.95.255.255, 35.152.0.0-35.183.255.255,
			     36.103.232.0-36.103.232.191, 40.176.0.0-40.181.255.255,
			     41.57.96.0/20, 41.72.160.0/19,
			     41.75.144.0/20, 41.76.168.0/21,
			     41.76.184.0/21, 41.78.24.0/22,
			     41.79.8.0/22, 41.79.168.0/22,
			     41.79.228.0/22, 41.79.252.0-41.81.255.255,
			     41.89.0.0-41.90.255.255, 41.138.240.0/20,
			     41.139.128.0/17, 41.191.192.0/21,
			     41.203.208.0/20, 41.204.160.0/19,
			     41.206.32.0/19, 41.207.64.0/18,
			     41.209.0.0/18, 41.212.0.0/17,
			     41.215.0.0-41.215.143.255, 41.217.220.0/22,
			     41.220.112.0/20, 41.222.8.0/21,
			     41.222.160.0/21, 41.223.56.0/22,
			     41.223.148.0/22, 41.242.0.0/21,
			     43.192.0.0-43.193.127.255, 43.194.0.0-43.196.255.255,
			     43.198.0.0-43.211.255.255, 43.218.0.0/16,
			     43.249.44.0/22, 43.250.192.0/23,
			     44.192.0.0/10, 46.51.128.0-46.51.211.255,
			     46.51.216.0-46.51.255.255, 46.137.0.0/16,
			     47.128.0.0/14, 50.16.0.0/14,
			     50.112.0.0/16, 51.16.0.0/15,
			     51.20.0.0-51.31.255.255, 51.44.0.0/14,
			     51.84.0.0/14, 51.92.0.0-51.101.255.255,
			     51.112.0.0/15, 51.118.0.0/15,
			     52.0.0.0-52.46.159.255, 52.46.164.0-52.46.187.255,
			     52.46.192.0-52.46.243.255, 52.46.249.0-52.82.169.31,
			     52.82.170.0/23, 52.82.176.0-52.82.185.255,
			     52.82.187.0-52.93.5.255, 52.93.8.0/22,
			     52.93.12.12/31, 52.93.14.18/31,
			     52.93.16.0/23, 52.93.18.178/31,
			     52.93.19.236/31, 52.93.20.0/24,
			     52.93.21.14/31, 52.93.32.176,
			     52.93.32.179-52.93.32.180, 52.93.32.183-52.93.32.184,
			     52.93.34.40, 52.93.34.42,
			     52.93.34.56/31, 52.93.34.120/29,
			     52.93.35.212/31, 52.93.37.222/31,
			     52.93.38.0/24, 52.93.43.0/24,
			     52.93.48.0/24, 52.93.50.128-52.93.50.195,
			     52.93.51.28/31, 52.93.55.144-52.93.55.149,
			     52.93.55.152-52.93.55.167, 52.93.56.0/23,
			     52.93.58.32/28, 52.93.59.0-52.93.60.255,
			     52.93.62.0-52.93.64.255, 52.93.66.0/23,
			     52.93.69.0/24, 52.93.71.27-52.93.71.32,
			     52.93.71.37-52.93.71.47, 52.93.73.0/26,
			     52.93.75.0-52.93.76.255, 52.93.78.0/24,
			     52.93.80.0/23, 52.93.87.96/27,
			     52.93.91.96-52.93.91.115, 52.93.92.64-52.93.92.75,
			     52.93.96.0/22, 52.93.112.0/24,
			     52.93.115.0/24, 52.93.116.148/31,
			     52.93.116.250/31, 52.93.120.176/30,
			     52.93.121.187-52.93.121.190, 52.93.121.195-52.93.121.198,
			     52.93.122.131, 52.93.122.202/31,
			     52.93.122.218, 52.93.122.255,
			     52.93.123.6, 52.93.123.11,
			     52.93.123.98/31, 52.93.123.136,
			     52.93.123.255, 52.93.124.14/31,
			     52.93.124.96/31, 52.93.124.210-52.93.124.213,
			     52.93.125.42/31, 52.93.126.76,
			     52.93.126.122/31, 52.93.126.130-52.93.126.139,
			     52.93.126.144/30, 52.93.126.198/31,
			     52.93.126.204/30, 52.93.126.212/30,
			     52.93.126.234/31, 52.93.126.244/31,
			     52.93.126.250/31, 52.93.127.17-52.93.127.19,
			     52.93.127.24/30, 52.93.127.68/30,
			     52.93.127.92-52.93.127.133, 52.93.127.138/31,
			     52.93.127.146-52.93.127.149, 52.93.127.152-52.93.127.169,
			     52.93.127.172-52.93.127.185, 52.93.127.194-52.93.127.207,
			     52.93.127.216-52.93.127.221, 52.93.127.232,
			     52.93.127.237-52.93.127.239, 52.93.127.244-52.93.127.255,
			     52.93.129.95, 52.93.131.217,
			     52.93.133.127, 52.93.133.129,
			     52.93.133.131, 52.93.133.133,
			     52.93.133.153, 52.93.133.155,
			     52.93.133.175, 52.93.133.177,
			     52.93.133.179, 52.93.133.181,
			     52.93.134.181, 52.93.135.195,
			     52.93.137.0/24, 52.93.138.12,
			     52.93.138.252/31, 52.93.139.248-52.93.139.250,
			     52.93.139.252/31, 52.93.141.212-52.93.141.245,
			     52.93.146.5, 52.93.149.0-52.93.151.255,
			     52.93.153.80, 52.93.153.148/31,
			     52.93.153.168-52.93.153.179, 52.93.156.0/22,
			     52.93.178.128-52.93.178.235, 52.93.182.128/26,
			     52.93.193.192-52.93.193.203, 52.93.198.0/25,
			     52.93.229.148/31, 52.93.236.0/23,
			     52.93.240.146-52.93.240.205, 52.93.245.0/24,
			     52.93.247.0/25, 52.93.248.0/22,
			     52.93.254.0/24, 52.94.0.0-52.94.20.255,
			     52.94.22.0-52.94.30.255, 52.94.32.0-52.94.69.255,
			     52.94.72.0-52.94.146.255, 52.94.148.0/22,
			     52.94.152.3, 52.94.152.9,
			     52.94.152.11-52.94.152.12, 52.94.152.44,
			     52.94.152.60-52.94.152.69, 52.94.152.176/29,
			     52.94.160.0-52.94.198.159, 52.94.199.0-52.94.201.63,
			     52.94.204.0-52.94.248.239, 52.94.249.32-52.94.250.63,
			     52.94.252.0-52.95.29.63, 52.95.30.0/23,
			     52.95.34.0-52.95.42.255, 52.95.48.0-52.95.190.255,
			     52.95.192.0-52.95.219.255, 52.95.224.0-52.95.230.255,
			     52.95.235.0/24, 52.95.239.0-52.95.255.159,
			     52.119.128.0-52.119.199.255, 52.119.205.0-52.119.249.255,
			     52.119.252.0/22, 52.124.128.0/17,
			     52.144.133.32/27, 52.144.192.0-52.144.193.191,
			     52.144.194.0-52.144.195.63, 52.144.196.192/26,
			     52.144.197.128/25, 52.144.199.128/26,
			     52.144.200.64-52.144.200.191, 52.144.201.64-52.144.201.191,
			     52.144.205.0/26, 52.144.208.0/30,
			     52.144.208.64-52.144.211.203, 52.144.212.64/26,
			     52.144.212.192/26, 52.144.213.64/26,
			     52.144.214.128/26, 52.144.215.0/30,
			     52.144.215.192-52.144.215.203, 52.144.216.0-52.144.216.11,
			     52.144.218.0/25, 52.144.223.64-52.144.223.191,
			     52.144.224.64-52.144.225.191, 52.144.227.64/26,
			     52.144.227.192-52.144.228.3, 52.144.228.64-52.144.229.127,
			     52.144.230.0/26, 52.144.230.204-52.144.230.211,
			     52.144.231.64/26, 52.144.233.64/29,
			     52.144.233.128/29, 52.144.233.192/26,
			     52.192.0.0-52.219.19.255, 52.219.24.0-52.219.47.255,
			     52.219.56.0-52.219.75.255, 52.219.80.0-52.219.149.255,
			     52.219.152.0-52.219.161.255, 52.219.164.0-52.219.200.255,
			     52.219.202.0-52.219.218.255, 52.219.220.0/23,
			     52.219.224.0-52.219.235.255, 52.220.0.0-52.223.127.255,
			     54.20.0.0/15, 54.46.0.0/15,
			     54.64.0.0/11, 54.116.0.0/15,
			     54.144.0.0-54.222.39.255, 54.222.48.0/21,
			     54.222.57.0-54.222.58.15, 54.222.58.32/27,
			     54.222.59.0/24, 54.222.64.0/21,
			     54.222.76.0-54.222.99.255, 54.222.112.0-54.239.39.255,
			     54.239.40.152/29, 54.239.48.0-54.239.71.255,
			     54.239.96.0/24, 54.239.98.0-54.239.101.255,
			     54.239.102.162/31, 54.239.102.232-54.239.102.237,
			     54.239.103.128/26, 54.239.104.0-54.239.113.255,
			     54.239.115.0/25, 54.239.116.0-54.239.223.255,
			     54.240.17.0/24, 54.240.128.0-54.240.200.255,
			     54.240.202.0-54.240.223.255, 54.240.225.0-54.240.235.255,
			     54.240.236.1-54.240.236.2, 54.240.236.5-54.240.236.6,
			     54.240.236.9-54.240.236.10, 54.240.236.13-54.240.236.14,
			     54.240.236.17-54.240.236.18, 54.240.236.21-54.240.236.22,
			     54.240.236.25-54.240.236.26, 54.240.236.29-54.240.236.30,
			     54.240.236.33-54.240.236.34, 54.240.236.37-54.240.236.38,
			     54.240.236.41-54.240.236.42, 54.240.236.45-54.240.236.46,
			     54.240.236.49-54.240.236.50, 54.240.236.53-54.240.236.54,
			     54.240.236.57-54.240.236.58, 54.240.236.61-54.240.236.62,
			     54.240.236.65-54.240.236.66, 54.240.236.69-54.240.236.70,
			     54.240.236.73-54.240.236.74, 54.240.236.77-54.240.236.78,
			     54.240.236.81-54.240.236.82, 54.240.236.85-54.240.236.86,
			     54.240.236.89-54.240.236.90, 54.240.236.93-54.240.236.94,
			     54.240.241.0/24, 54.240.244.0-54.255.255.255,
			     56.156.0.0/15, 57.104.0.0/13,
			     57.180.0.0/14, 58.254.138.0-58.254.138.191,
			     62.8.64.0/19, 62.12.112.0/21,
			     62.24.96.0/19, 63.32.0.0/14,
			     63.246.112.0/22, 63.246.119.0-63.246.127.255,
			     64.187.128.0/20, 64.252.64.0-64.252.191.255,
			     65.0.0.0/14, 65.8.0.0-65.9.191.255,
			     67.202.0.0/18, 67.220.224.0/19,
			     68.66.112.0/20, 68.79.0.0/18,
			     69.107.3.176/28, 69.107.6.112/28,
			     69.107.6.160/28, 69.107.6.200-69.107.6.231,
			     69.107.7.0-69.107.7.23, 69.107.7.32-69.107.7.143,
			     69.230.192.0/18, 69.231.128.0/18,
			     69.234.192.0/18, 69.235.128.0/18,
			     70.132.0.0/18, 70.224.192.0/18,
			     70.232.64.0/18, 71.131.192.0-71.132.63.255,
			     71.136.64.0/18, 71.137.0.0/18,
			     71.141.0.0/20, 71.152.0.0/17,
			     72.21.192.0/19, 72.41.0.0/20,
			     72.44.32.0/19, 75.2.0.0/17,
			     75.79.0.0/16, 75.101.128.0/17,
			     76.223.0.0/17, 76.223.168.0/24,
			     76.223.170.0/28, 76.223.172.0/22,
			     77.220.0.0/19, 79.125.0.0/17,
			     80.72.96.0/20, 80.88.4.0/23,
			     87.238.80.0/21, 87.255.96.0/19,
			     91.233.121.0/24, 96.0.0.0-96.0.93.255,
			     96.0.96.0-96.0.101.255, 96.127.0.0/17,
			     98.80.0.0/12, 98.130.0.0/15,
			     99.77.0.0/18, 99.77.128.0/18,
			     99.77.233.0-99.77.254.255, 99.78.128.0-99.78.172.255,
			     99.78.176.0-99.78.199.255, 99.78.208.0/20,
			     99.78.228.0-99.81.255.255, 99.82.128.0/18,
			     99.83.64.0-99.83.102.255, 99.83.112.0-99.83.123.255,
			     99.83.128.0-99.84.255.255, 99.86.0.0-99.87.35.255,
			     99.150.0.0/17, 99.151.64.0-99.151.159.255,
			     99.151.168.0/21, 99.151.184.0-99.151.189.255,
			     100.20.0.0-100.31.255.255, 102.0.0.0/13,
			     102.22.108.0/22, 102.22.208.0/21,
			     102.23.136.0/22, 102.67.152.0/22,
			     102.68.20.0/23, 102.68.76.0/22,
			     102.68.141.0-102.68.142.255, 102.69.224.0-102.69.235.255,
			     102.69.239.0/24, 102.130.102.0/24,
			     102.134.129.0/24, 102.135.168.0/21,
			     102.140.192.0/18, 102.164.52.0-102.164.63.255,
			     102.166.0.0/15, 102.176.180.0/22,
			     102.213.92.0/22, 102.213.208.0/22,
			     102.213.216.0/22, 102.213.241.0-102.213.242.255,
			     102.213.248.0/22, 102.214.16.0/22,
			     102.214.72.0/21, 102.214.84.0/22,
			     102.214.96.0/22, 102.214.140.0/23,
			     102.214.156.0/22, 102.214.252.0/22,
			     102.215.4.0/22, 102.215.12.0/22,
			     102.215.32.0/22, 102.215.40.0/22,
			     102.215.76.0/22, 102.215.116.0-102.215.123.255,
			     102.215.188.0/22, 102.216.64.0/21,
			     102.216.84.0/22, 102.216.116.0/23,
			     102.216.119.0/24, 102.216.154.0/23,
			     102.217.4.0/22, 102.217.54.0/23,
			     102.217.64.0/22, 102.217.100.0/22,
			     102.217.120.0-102.217.135.255, 102.217.144.0/22,
			     102.217.156.0/22, 102.217.172.0/23,
			     102.217.244.0/22, 102.218.32.0/22,
			     102.218.124.0/22, 102.218.208.0/22,
			     102.218.232.0/22, 102.219.23.0/24,
			     102.219.139.0/24, 102.219.190.0-102.219.193.255,
			     102.219.208.0/22, 102.219.248.0/22,
			     102.220.12.0/22, 102.220.20.0/24,
			     102.220.22.0/23, 102.220.36.0/22,
			     102.220.116.0/23, 102.220.119.0/24,
			     102.220.168.0/22, 102.220.180.0/22,
			     102.220.221.0/24, 102.220.228.0/22,
			     102.220.236.0/22, 102.220.251.0/24,
			     102.221.32.0/22, 102.221.73.0/24,
			     102.221.98.0/23, 102.221.124.0/22,
			     102.221.192.0/22, 102.222.4.0/22,
			     102.222.44.0/22, 102.222.144.0/22,
			     102.222.220.0/22, 102.222.244.0/22,
			     102.223.32.0/22, 102.223.84.0/22,
			     102.223.204.0/23, 103.4.8.0/21,
			     103.8.172.0/22, 103.246.148.0/22,
			     104.255.56.11-104.255.56.12, 104.255.59.81-104.255.59.83,
			     104.255.59.85-104.255.59.88, 104.255.59.91,
			     104.255.59.101-104.255.59.106, 104.255.59.114/31,
			     104.255.59.118/31, 104.255.59.122-104.255.59.127,
			     104.255.59.130-104.255.59.139, 105.48.0.0/12,
			     105.160.0.0/13, 105.230.0.0/15,
			     107.20.0.0/14, 107.176.0.0/15,
			     108.128.0.0-108.139.255.255, 108.156.0.0/14,
			     108.166.224.0/19, 108.175.48.0/20,
			     116.129.226.0-116.129.226.191, 118.193.97.64-118.193.97.255,
			     119.147.182.0-119.147.182.191, 120.52.12.64/26,
			     120.52.22.96/27, 120.52.39.128/27,
			     120.52.153.192/26, 120.232.236.0-120.232.236.191,
			     120.253.240.192/26, 120.253.241.160/27,
			     120.253.245.128-120.253.245.223, 122.248.192.0/18,
			     130.176.0.0-130.176.239.255, 130.176.254.0/23,
			     136.8.0.0/15, 136.18.18.0-136.18.23.255,
			     136.18.50.0/23, 140.179.0.0/16,
			     142.4.160.0-142.4.161.15, 142.4.177.0/24,
			     143.204.0.0/16, 144.220.0.0/16,
			     150.222.0.0/24, 150.222.2.0/24,
			     150.222.3.176-150.222.3.255, 150.222.5.0-150.222.7.255,
			     150.222.8.240/30, 150.222.10.0-150.222.11.1,
			     150.222.11.74-150.222.11.81, 150.222.11.84-150.222.11.97,
			     150.222.12.0/23, 150.222.14.72/31,
			     150.222.15.124-150.222.15.133, 150.222.27.12,
			     150.222.27.18/31, 150.222.27.234/31,
			     150.222.28.17-150.222.28.19, 150.222.28.104-150.222.28.143,
			     150.222.51.160-150.222.51.255, 150.222.66.0/23,
			     150.222.69.0-150.222.85.255, 150.222.87.0-150.222.102.255,
			     150.222.104.0-150.222.106.255, 150.222.108.0-150.222.110.255,
			     150.222.112.0/21, 150.222.120.20/31,
			     150.222.120.62/31, 150.222.120.224-150.222.120.235,
			     150.222.120.240-150.222.120.252, 150.222.120.255-150.222.121.255,
			     150.222.122.92-150.222.122.117, 150.222.129.19-150.222.129.21,
			     150.222.129.62-150.222.129.67, 150.222.129.69,
			     150.222.129.110-150.222.129.159, 150.222.129.224/30,
			     150.222.129.240-150.222.129.252, 150.222.129.255,
			     150.222.133.0-150.222.136.255, 150.222.138.0/24,
			     150.222.139.116-150.222.139.127, 150.222.140.0/22,
			     150.222.164.208/30, 150.222.164.220-150.222.164.222,
			     150.222.176.0-150.222.180.255, 150.222.196.0/24,
			     150.222.199.0/25, 150.222.202.0-150.222.207.255,
			     150.222.208.64-150.222.208.97, 150.222.210.0/24,
			     150.222.212.0/24, 150.222.213.40/31,
			     150.222.214.0/23, 150.222.217.12,
			     150.222.217.17, 150.222.217.226-150.222.217.235,
			     150.222.217.248/30, 150.222.218.0-150.222.224.255,
			     150.222.226.0-150.222.229.255, 150.222.230.51,
			     150.222.230.92-150.222.230.131, 150.222.231.0/24,
			     150.222.232.51, 150.222.232.88,
			     150.222.232.93-150.222.232.126, 150.222.232.128-150.222.232.227,
			     150.222.233.0-150.222.234.87, 150.222.234.96-150.222.234.143,
			     150.222.235.0-150.222.237.255, 150.222.239.0/24,
			     150.222.242.84/31, 150.222.242.214/31,
			     150.222.245.122/31, 150.222.252.244-150.222.252.251,
			     151.148.8.0/21, 151.148.32.0-151.148.41.255,
			     154.70.0.0/18, 154.76.0.0/14,
			     154.115.160.0/19, 154.122.0.0/15,
			     154.152.0.0/13, 156.0.232.0/23,
			     157.152.0.0/16, 157.175.0.0/16,
			     157.241.0.0/16, 160.1.0.0/16,
			     160.119.216.0/22, 160.119.244.0/23,
			     161.188.128.0-161.188.161.255, 161.189.0.0/16,
			     162.213.232.0/22, 162.222.148.0/22,
			     162.250.236.0/22, 165.90.0.0/19,
			     169.239.160.0/22, 169.239.168.0/22,
			     169.239.252.0/22, 169.255.9.0/24,
			     169.255.104.0/22, 172.96.97.0-172.96.98.255,
			     172.96.110.0/24, 174.129.0.0/16,
			     175.41.128.0/17, 176.32.64.0-176.32.123.255,
			     176.32.124.128-176.32.125.255, 176.34.0.0/16,
			     177.71.128.0/17, 177.72.240.0/21,
			     178.236.0.0/20, 180.163.57.0-180.163.57.191,
			     184.32.0.0/12, 184.72.0.0/15,
			     184.169.128.0/17, 185.48.120.0/22,
			     185.143.16.0/24, 192.26.25.0/24,
			     193.109.66.0/23, 194.9.64.0/23,
			     194.9.82.0/23, 195.17.0.0/24,
			     195.202.64.0/19, 196.1.4.0/24,
			     196.1.116.0/23, 196.1.131.0-196.1.132.255,
			     196.3.58.0/23, 196.6.202.0/23,
			     196.6.215.0/24, 196.6.220.0/24,
			     196.6.229.0/24, 196.11.88.0/23,
			     196.11.190.0/23, 196.13.121.0/24,
			     196.13.136.0/23, 196.13.173.0/24,
			     196.13.202.0/24, 196.13.209.0/24,
			     196.13.255.0/24, 196.22.131.0/24,
			     196.28.11.0/24, 196.32.226.0/23,
			     196.41.68.0/24, 196.41.87.0/24,
			     196.41.89.0/24, 196.43.192.0/24,
			     196.43.202.0/24, 196.43.205.0/24,
			     196.43.211.0-196.43.212.255, 196.43.220.0/24,
			     196.43.228.0/24, 196.43.239.0/24,
			     196.43.246.0/24, 196.43.248.0/24,
			     196.45.236.0/22, 196.46.16.0/24,
			     196.49.22.0/24, 196.60.2.0/24,
			     196.60.12.0/24, 196.60.14.0/24,
			     196.60.36.0/24, 196.60.66.0/24,
			     196.60.68.0/24, 196.60.80.0/24,
			     196.60.114.0/24, 196.61.52.0/22,
			     196.96.0.0/12, 196.200.16.0-196.200.47.255,
			     196.201.128.0/19, 196.201.208.0-196.201.227.255,
			     196.202.160.0-196.202.223.255, 196.207.16.0/20,
			     196.207.128.0/18, 196.216.128.0/22,
			     196.216.222.0/23, 196.216.242.0/23,
			     196.216.245.0/24, 196.223.21.0/24,
			     196.223.160.0/20, 196.223.253.0-196.223.255.255,
			     196.250.208.0/21, 196.251.144.0/22,
			     197.136.0.0/14, 197.156.128.0/18,
			     197.157.228.0/22, 197.159.96.0/20,
			     197.176.0.0/13, 197.211.0.0/19,
			     197.220.96.0/19, 197.231.176.0/21,
			     197.232.0.0/16, 197.234.236.0/22,
			     197.237.0.0/16, 197.248.0.0/16,
			     197.254.0.0/17, 198.99.2.0/24,
			     199.127.232.0/22, 203.83.220.0/22,
			     204.45.0.0/16, 204.236.128.0/17,
			     204.246.160.0/19, 205.251.192.0-205.251.254.255,
			     207.171.160.0/19, 208.86.88.0/22,
			     208.110.48.0/20, 209.54.176.0/20,
			     212.22.160.0/19, 212.49.64.0/19,
			     216.137.32.0/19, 216.182.224.0/20,
			     217.199.144.0/20, 223.71.11.0/27,
			     223.71.71.96-223.71.71.255 }
	}
	set pbr_wan_4_src_ip_user {
		type ipv4_addr
		policy memory
		flags interval
		auto-merge
		comment ""
	}
	set pbr_wan_4_src_mac_user {
		type ether_addr
		policy memory
		flags interval
		auto-merge
		comment ""
	}
	set pbr_vpnclient0_4_dst_ip_user {
		type ipv4_addr
		policy memory
		flags interval
		auto-merge
		comment ""
	}
	set pbr_vpnclient0_4_src_ip_user {
		type ipv4_addr
		policy memory
		flags interval
		auto-merge
		comment ""
	}
	set pbr_vpnclient0_4_src_mac_user {
		type ether_addr
		policy memory
		flags interval
		auto-merge
		comment ""
	}
	set pbr_vpnclient1_4_dst_ip_user {
		type ipv4_addr
		policy memory
		flags interval
		auto-merge
		comment ""
	}
	set pbr_vpnclient1_4_src_ip_user {
		type ipv4_addr
		policy memory
		flags interval
		auto-merge
		comment ""
	}
	set pbr_vpnclient1_4_src_mac_user {
		type ether_addr
		policy memory
		flags interval
		auto-merge
		comment ""
	}
	set pbr_vpnclient2_4_dst_ip_user {
		type ipv4_addr
		policy memory
		flags interval
		auto-merge
		comment ""
	}
	set pbr_vpnclient2_4_src_ip_user {
		type ipv4_addr
		policy memory
		flags interval
		auto-merge
		comment ""
	}
	set pbr_vpnclient2_4_src_mac_user {
		type ether_addr
		policy memory
		flags interval
		auto-merge
		comment ""
	}
	set pbr_wgc0_4_dst_ip_user {
		type ipv4_addr
		policy memory
		flags interval
		auto-merge
		comment ""
	}
	set pbr_wgc0_4_src_ip_user {
		type ipv4_addr
		policy memory
		flags interval
		auto-merge
		comment ""
	}
	set pbr_wgc0_4_src_mac_user {
		type ether_addr
		policy memory
		flags interval
		auto-merge
		comment ""
	}
============================================================
IPv4 table 10 route: 
IPv4 table 10 rule(s):
IPv4 table 11 route: 
IPv4 table 11 rule(s):
IPv4 table 12 route: default via 192.168.1.1 dev wan 
IPv4 table 12 rule(s):
30000:	from all fwmark 0x10000/0xff0000 lookup pbr_wan
IPv4 table 13 route: unreachable default 
IPv4 table 13 rule(s):
30001:	from all fwmark 0x20000/0xff0000 lookup pbr_vpnclient0
IPv4 table 14 route: unreachable default 
IPv4 table 14 rule(s):
30002:	from all fwmark 0x30000/0xff0000 lookup pbr_vpnclient1
IPv4 table 15 route: unreachable default 
IPv4 table 15 rule(s):
30003:	from all fwmark 0x40000/0xff0000 lookup pbr_vpnclient2
IPv4 table 16 route: default via 10.5.0.2 dev wgc0 
IPv4 table 16 rule(s):
30004:	from all fwmark 0x50000/0xff0000 lookup pbr_wgc0

Make sure to read that section in its entirety.

Compiled firmware using image builder with the following:
make -j4 image PROFILE=router_profile PACKAGES="luci luci-theme-material luci-app-sqm luci-app-wireguard luci-app-pbr dnsmasq-full ipset nano -luci-theme-bootstrap -dnsmasq" FILES=files/

and now I'm still seeing

The adguardhome.ipset is not supported on this system.
The dnsmasq.nftset is not supported on this system.
Please check the README before changing this option.

I'm skipping "The adguardhome.ipset is not supported on this system." as I'm not going to use it however, why I'm still seeing the others?

Can someone rewrite my compile command to make it correct?

I have been using this script since 22.03.2

#!/bin/sh

TARGET_IPSET='wan'
TARGET_FNAME="/etc/my-ipv4.list"

_ret=1

if [ -s "$TARGET_FNAME" ]; then
	awk -v ipset="$TARGET_IPSET" '{print "add " ipset " " $1}' "$TARGET_FNAME" | ipset restore -! && _ret=0
fi

return $_ret

Now, this script seems not to be working with the new version. Any changes I need to make?

So, did you check README?

With which package?

I read multiple times and could not figure out which else package to install.
and that script was for luci-app-vpn-policy-routing and it's no longer working with pbr system,

Hi, can I leave out these messages?

make menuconfig
Collecting package info: done
tmp/.config-package.in:56656:error: recursive dependency detected!
tmp/.config-package.in:56656:	symbol PACKAGE_luci-app-pbr depends on PACKAGE_luci-app-pbr
For a resolution refer to Documentation/kbuild/kconfig-language.rst
subsection "Kconfig recursive dependency limitations"

configuration written to .config

*** End of the configuration.
*** Execute 'make' to start the build or try 'make help'.

If the custom user file includes are set, the service will load and execute them after setting up routing and the sets and processing policies. This allows, for example, to add large numbers of domains/IP addresses to ipsets or nft sets without manually adding all of them to the config file.

Two example custom user-files are provided: /usr/share/pbr/pbr.user.aws and /usr/share/pbr/pbr.user.netflix. They are provided to pull the AWS and Netflix IP addresses into the default WAN IPv4 sets the service sets up, indicated in the TARGET_IPSET variable at the top of each script.

The pbr package can be configure to utilize dnsmasq ’s nft sets support, which requires the dnsmasq-full package with nft sets support to be installed.