Policy-Based-Routing (pbr) package discussion

Sorry, characters limit 2.
/etc/init.d/pbr status

pbr 1.1.0-21 running on OpenWrt 21.02.1. WAN (IPv4): wan/eth1/100.116.0.1.
============================================================
Dnsmasq version 2.85  Copyright (c) 2000-2021 Simon Kelley
Compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC no-ID loop-detect inotify dumpfile
============================================================
Routes/IP Rules
default         100.116.0.1     0.0.0.0         UG    0      0        0 eth1
IPv4 table 256 route: default via 100.116.0.1 dev eth1
IPv4 table 256 rule(s):
30000:  from all fwmark 0x10000/0xff0000 lookup pbr_wan
IPv4 table 257 route: default via 192.168.0.111 dev zt2lr2oxhx
IPv4 table 257 rule(s):
30001:  from all fwmark 0x20000/0xff0000 lookup pbr_ZeroTier
IPv4 table 258 route: default via 172.16.0.2 dev CF
IPv4 table 258 rule(s):
30002:  from all fwmark 0x30000/0xff0000 lookup pbr_CF
IPv4 table 259 route: default via 172.16.0.2 dev CF_USA
IPv4 table 259 rule(s):
30003:  from all fwmark 0x40000/0xff0000 lookup pbr_CF_USA
IPv4 table 260 route: unreachable default
IPv4 table 260 rule(s):
30004:  from all fwmark 0x50000/0xff0000 lookup pbr_j_hongkong
============================================================
Mangle IP Table: FORWARD
-N PBR_FORWARD
============================================================
Mangle IP Table: INPUT
-N PBR_INPUT
============================================================
Mangle IP Table: OUTPUT
-N PBR_OUTPUT
============================================================
Mangle IP Table: POSTROUTING
-N PBR_POSTROUTING
============================================================
Mangle IP Table: PREROUTING
-N PBR_PREROUTING
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg086ff5 dst -m comment --comment jamonshop_es -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg096ff5 dst -m comment --comment 2ip_ru -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_USA_4_dst_ip_cfg0a6ff5 dst -m comment --comment whatismyipaddress_com -c 0 0 -g PBR_MARK_0x040000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg0b6ff5 dst -m comment --comment whatismyip_com -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg0c6ff5 dst -m comment --comment rutracker_org -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg0d6ff5 dst -m comment --comment speedtest_net -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg0e6ff5 dst -m comment --comment nnmclub_to -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg0f6ff5 dst -m comment --comment flibusta_is -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg106ff5 dst -m comment --comment lib_rus_ec -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg116ff5 dst -m comment --comment rustorka_com -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg126ff5 dst -m comment --comment bt_t-ru_org -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg136ff5 dst -m comment --comment rutor_org -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg146ff5 dst -m comment --comment underver_se -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg156ff5 dst -m comment --comment 4pda_ru -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg166ff5 dst -m comment --comment navalny_com -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg176ff5 dst -m comment --comment hdrezka_com -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg186ff5 dst -m comment --comment hdkinoteatr_com -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg196ff5 dst -m comment --comment rarbgmirror_org -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg1a6ff5 dst -m comment --comment lurklurk_com -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg1b6ff5 dst -m comment --comment linkedin_com -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg1c6ff5 dst -m comment --comment ookla_com -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg1d6ff5 dst -m comment --comment trakt_tv -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg1e6ff5 dst -m comment --comment thepiratebay -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg1f6ff5 dst -m comment --comment torproject_org -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg206ff5 dst -m comment --comment tvrain_ru -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg216ff5 dst -m comment --comment echo -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg226ff5 dst -m comment --comment wisdomjobs_com -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg236ff5 dst -m comment --comment facebook_com -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg246ff5 dst -m comment --comment svoboda_org -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -d 95.100.106.0/23 -m comment --comment svoboda_org -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -d 80.239.254.0/23 -m comment --comment svoboda_org -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg256ff5 dst -m comment --comment twitter_com -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg266ff5 dst -m comment --comment anonfiles_com -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg276ff5 dst -m comment --comment cloudflare_com -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg286ff5 dst -m comment --comment instagram_com -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg296ff5 dst -m comment --comment zona_media -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg2a6ff5 dst -m comment --comment meduza_io -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg2b6ff5 dst -m comment --comment theins_ru -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg2d6ff5 dst -m comment --comment mrakopedia_net -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg2e6ff5 dst -m comment --comment fantasy-worlds_org -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg2f6ff5 dst -m comment --comment youtube -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg306ff5 dst -m comment --comment istories_media -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg316ff5 dst -m comment --comment db -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg326ff5 dst -m comment --comment bbc_com -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg336ff5 dst -m comment --comment igg-games_com -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg346ff5 dst -m comment --comment hackernoon_com -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg356ff5 dst -m comment --comment wikiwand_com -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg366ff5 dst -m comment --comment quora_com -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg376ff5 dst -m comment --comment dailymotion_com -c 0 0 -g PBR_MARK_0x030000
-A PBR_PREROUTING -s 192.168.0.0/23 -m set --match-set pbr_CF_4_dst_ip_cfg386ff5 dst -m comment --comment torrentgalaxy_to -c 0 0 -g PBR_MARK_0x030000
============================================================
Mangle IP Table MARK Chain: PBR_MARK_0x010000
-N PBR_MARK_0x010000
-A PBR_MARK_0x010000 -c 0 0 -j MARK --set-xmark 0x10000/0xff0000
-A PBR_MARK_0x010000 -c 0 0 -j RETURN
============================================================
Mangle IP Table MARK Chain: PBR_MARK_0x020000
-N PBR_MARK_0x020000
-A PBR_MARK_0x020000 -c 0 0 -j MARK --set-xmark 0x20000/0xff0000
-A PBR_MARK_0x020000 -c 0 0 -j RETURN
============================================================
Mangle IP Table MARK Chain: PBR_MARK_0x030000
-N PBR_MARK_0x030000
-A PBR_MARK_0x030000 -c 0 0 -j MARK --set-xmark 0x30000/0xff0000
-A PBR_MARK_0x030000 -c 0 0 -j RETURN
============================================================
Mangle IP Table MARK Chain: PBR_MARK_0x040000
-N PBR_MARK_0x040000
-A PBR_MARK_0x040000 -c 0 0 -j MARK --set-xmark 0x40000/0xff0000
-A PBR_MARK_0x040000 -c 0 0 -j RETURN
============================================================
Mangle IP Table MARK Chain: PBR_MARK_0x050000
-N PBR_MARK_0x050000
-A PBR_MARK_0x050000 -c 0 0 -j MARK --set-xmark 0x50000/0xff0000
-A PBR_MARK_0x050000 -c 0 0 -j RETURN
============================================================
NAT IP Table: FORWARD
-N PBR_FORWARD
-A PBR_FORWARD -p udp -m udp --dport 443 -m set --match-set pbr_tor_4_dst_ip dst -m comment --comment TorHTTPS-UDP -c 0 0 -j REDIRECT --to-ports 9040
-A PBR_FORWARD -p tcp -m tcp --dport 443 -m set --match-set pbr_tor_4_dst_ip dst -m comment --comment TorHTTPS-TCP -c 0 0 -j REDIRECT --to-ports 9040
-A PBR_FORWARD -p udp -m udp --dport 80 -m set --match-set pbr_tor_4_dst_ip dst -m comment --comment TorHTTP-UDP -c 0 0 -j REDIRECT --to-ports 9040
-A PBR_FORWARD -p tcp -m tcp --dport 80 -m set --match-set pbr_tor_4_dst_ip dst -m comment --comment TorHTTP-TCP -c 0 0 -j REDIRECT --to-ports 9040
-A PBR_FORWARD -p udp -m udp --dport 53 -m set --match-set pbr_tor_4_dst_ip dst -m comment --comment TorDNS-UDP -c 0 0 -j REDIRECT --to-ports 9053
============================================================
NAT IP Table: INPUT
-N PBR_INPUT
============================================================
NAT IP Table: OUTPUT
-N PBR_OUTPUT
-A PBR_OUTPUT -p udp -m udp --dport 443 -m set --match-set pbr_tor_4_dst_ip dst -m comment --comment TorHTTPS-UDP -c 0 0 -j REDIRECT --to-ports 9040
-A PBR_OUTPUT -p tcp -m tcp --dport 443 -m set --match-set pbr_tor_4_dst_ip dst -m comment --comment TorHTTPS-TCP -c 0 0 -j REDIRECT --to-ports 9040
-A PBR_OUTPUT -p udp -m udp --dport 80 -m set --match-set pbr_tor_4_dst_ip dst -m comment --comment TorHTTP-UDP -c 0 0 -j REDIRECT --to-ports 9040
-A PBR_OUTPUT -p tcp -m tcp --dport 80 -m set --match-set pbr_tor_4_dst_ip dst -m comment --comment TorHTTP-TCP -c 0 0 -j REDIRECT --to-ports 9040
-A PBR_OUTPUT -p udp -m udp --dport 53 -m set --match-set pbr_tor_4_dst_ip dst -m comment --comment TorDNS-UDP -c 0 0 -j REDIRECT --to-ports 9053
============================================================
NAT IP Table: POSTROUTING
-N PBR_POSTROUTING
============================================================
NAT IP Table: PREROUTING
-N PBR_PREROUTING
-A PBR_PREROUTING -p udp -m udp --dport 443 -m set --match-set pbr_tor_4_dst_ip dst -m comment --comment TorHTTPS-UDP -c 0 0 -j REDIRECT --to-ports 9040
-A PBR_PREROUTING -p tcp -m tcp --dport 443 -m set --match-set pbr_tor_4_dst_ip dst -m comment --comment TorHTTPS-TCP -c 0 0 -j REDIRECT --to-ports 9040
-A PBR_PREROUTING -p udp -m udp --dport 80 -m set --match-set pbr_tor_4_dst_ip dst -m comment --comment TorHTTP-UDP -c 0 0 -j REDIRECT --to-ports 9040
-A PBR_PREROUTING -p tcp -m tcp --dport 80 -m set --match-set pbr_tor_4_dst_ip dst -m comment --comment TorHTTP-TCP -c 0 0 -j REDIRECT --to-ports 9040
-A PBR_PREROUTING -p udp -m udp --dport 53 -m set --match-set pbr_tor_4_dst_ip dst -m comment --comment TorDNS-UDP -c 0 0 -j REDIRECT --to-ports 9053
============================================================
Current ipsets
create rublack-dns hash:ip family inet hashsize 1024 maxelem 65536 timeout 86400
create rublack-ip hash:ip family inet hashsize 1024 maxelem 65536
create rublack-ip-tmp hash:ip family inet hashsize 1024 maxelem 65536
create onion hash:ip family inet hashsize 1024 maxelem 65536 timeout 86400
create pbr_tor_4_dst_ip hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg086ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg086ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg096ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg096ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_USA_4_src_net_cfg0a6ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_USA_4_dst_ip_cfg0a6ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg0b6ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg0b6ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg0c6ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg0c6ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg0d6ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg0d6ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg0e6ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg0e6ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
add pbr_CF_4_dst_ip_cfg0e6ff5 172.67.144.20 comment "nnmclub.to: 172.67.144.20"
create pbr_CF_4_src_net_cfg0f6ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg0f6ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg106ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg106ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg116ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg116ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg126ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg126ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg136ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg136ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg146ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg146ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg156ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg156ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg166ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg166ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg176ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg176ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg186ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg186ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg196ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg196ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg1a6ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg1a6ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg1b6ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg1b6ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg1c6ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg1c6ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg1d6ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg1d6ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg1e6ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg1e6ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg1f6ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg1f6ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg206ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg206ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg216ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg216ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg226ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg226ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg236ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg236ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg246ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg246ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_net_cfg246ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg256ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg256ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg266ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg266ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg276ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg276ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg286ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg286ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg296ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg296ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg2a6ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg2a6ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg2b6ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg2b6ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg2d6ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg2d6ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg2e6ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg2e6ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg2f6ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg2f6ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg306ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg306ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg316ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg316ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg326ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg326ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg336ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg336ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg346ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg346ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg356ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg356ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg366ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg366ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg376ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg376ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_src_net_cfg386ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_CF_4_dst_ip_cfg386ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
============================================================
DNSMASQ sets
ipset=/jamonshop.es/pbr_CF_4_dst_ip_cfg086ff5 # jamonshop.es: jamonshop.es
ipset=/2ip.ru/pbr_CF_4_dst_ip_cfg096ff5 # 2ip.ru: 2ip.ru
ipset=/whatismyipaddress.com/pbr_CF_USA_4_dst_ip_cfg0a6ff5 # whatismyipaddress.com: whatismyipaddress.com
ipset=/www.whatismyip.com/pbr_CF_4_dst_ip_cfg0b6ff5 # whatismyip.com: www.whatismyip.com
ipset=/rutracker.org/pbr_CF_4_dst_ip_cfg0c6ff5 # rutracker.org: rutracker.org
ipset=/rutracker.net/pbr_CF_4_dst_ip_cfg0c6ff5 # rutracker.org: rutracker.net
ipset=/rutracker.nl/pbr_CF_4_dst_ip_cfg0c6ff5 # rutracker.org: rutracker.nl
ipset=/speedtest.net/pbr_CF_4_dst_ip_cfg0d6ff5 # speedtest.net: speedtest.net
ipset=/nnmclub.to/pbr_CF_4_dst_ip_cfg0e6ff5 # nnmclub.to: nnmclub.to
ipset=/flibusta.is/pbr_CF_4_dst_ip_cfg0f6ff5 # flibusta.is: flibusta.is
ipset=/lib.rus.ec/pbr_CF_4_dst_ip_cfg106ff5 # lib.rus.ec: lib.rus.ec
ipset=/rustorka.com/pbr_CF_4_dst_ip_cfg116ff5 # rustorka.com: rustorka.com
ipset=/bt.t-ru.org/pbr_CF_4_dst_ip_cfg126ff5 # bt.t-ru.org: bt.t-ru.org
ipset=/bt2.t-ru.org/pbr_CF_4_dst_ip_cfg126ff5 # bt.t-ru.org: bt2.t-ru.org
ipset=/bt3.t-ru.org/pbr_CF_4_dst_ip_cfg126ff5 # bt.t-ru.org: bt3.t-ru.org
ipset=/bt4.t-ru.org/pbr_CF_4_dst_ip_cfg126ff5 # bt.t-ru.org: bt4.t-ru.org
ipset=/rutor.info/pbr_CF_4_dst_ip_cfg136ff5 # rutor.org: rutor.info
ipset=/new-rutor.org/pbr_CF_4_dst_ip_cfg136ff5 # rutor.org: new-rutor.org
ipset=/rutor.is/pbr_CF_4_dst_ip_cfg136ff5 # rutor.org: rutor.is
ipset=/underver.se/pbr_CF_4_dst_ip_cfg146ff5 # underver.se: underver.se
ipset=/4pda.ru/pbr_CF_4_dst_ip_cfg156ff5 # 4pda.ru: 4pda.ru
ipset=/navalny.com/pbr_CF_4_dst_ip_cfg166ff5 # navalny.com: navalny.com
ipset=/fbk.info/pbr_CF_4_dst_ip_cfg166ff5 # navalny.com: fbk.info
ipset=/hdrezka.com/pbr_CF_4_dst_ip_cfg176ff5 # hdrezka.com: hdrezka.com
ipset=/hdrezka.bet/pbr_CF_4_dst_ip_cfg176ff5 # hdrezka.com: hdrezka.bet
ipset=/hdkinoteatr.com/pbr_CF_4_dst_ip_cfg186ff5 # hdkinoteatr.com: hdkinoteatr.com
ipset=/rarbgmirror.org/pbr_CF_4_dst_ip_cfg196ff5 # rarbgmirror.org: rarbgmirror.org
ipset=/rarbg.to/pbr_CF_4_dst_ip_cfg196ff5 # rarbgmirror.org: rarbg.to
ipset=/lurklurk.com/pbr_CF_4_dst_ip_cfg1a6ff5 # lurklurk.com: lurklurk.com
ipset=/linkedin.com/pbr_CF_4_dst_ip_cfg1b6ff5 # linkedin.com: linkedin.com
ipset=/static-exp1.licdn.com/pbr_CF_4_dst_ip_cfg1b6ff5 # linkedin.com: static-exp1.licdn.com
ipset=/ookla.com/pbr_CF_4_dst_ip_cfg1c6ff5 # ookla.com: ookla.com
ipset=/trakt.tv/pbr_CF_4_dst_ip_cfg1d6ff5 # trakt.tv: trakt.tv
ipset=/thepiratebay.party/pbr_CF_4_dst_ip_cfg1e6ff5 # thepiratebay: thepiratebay.party
ipset=/torproject.org/pbr_CF_4_dst_ip_cfg1f6ff5 # torproject.org: torproject.org
ipset=/tvrain.ru/pbr_CF_4_dst_ip_cfg206ff5 # tvrain.ru: tvrain.ru
ipset=/echo.msk.ru/pbr_CF_4_dst_ip_cfg216ff5 # echo: echo.msk.ru
ipset=/echofm.online/pbr_CF_4_dst_ip_cfg216ff5 # echo: echofm.online
ipset=/wisdomjobs.com/pbr_CF_4_dst_ip_cfg226ff5 # wisdomjobs.com: wisdomjobs.com
ipset=/facebook.com/pbr_CF_4_dst_ip_cfg236ff5 # facebook.com: facebook.com
ipset=/connect.facebook.net/pbr_CF_4_dst_ip_cfg236ff5 # facebook.com: connect.facebook.net
ipset=/fbcdn.net/pbr_CF_4_dst_ip_cfg236ff5 # facebook.com: fbcdn.net
ipset=/fb.com/pbr_CF_4_dst_ip_cfg236ff5 # facebook.com: fb.com
ipset=/ru-ru.facebook.com/pbr_CF_4_dst_ip_cfg236ff5 # facebook.com: ru-ru.facebook.com
ipset=/svoboda.org/pbr_CF_4_dst_ip_cfg246ff5 # svoboda.org: svoboda.org
ipset=/www.svoboda.org/pbr_CF_4_dst_ip_cfg246ff5 # svoboda.org: www.svoboda.org
ipset=/vp.www.svoboda.org.edgekey.net/pbr_CF_4_dst_ip_cfg246ff5 # svoboda.org: vp.www.svoboda.org.edgekey.net
ipset=/gdb.rferl.org/pbr_CF_4_dst_ip_cfg246ff5 # svoboda.org: gdb.rferl.org
ipset=/e4887.dscb.akamaiedge.net/pbr_CF_4_dst_ip_cfg246ff5 # svoboda.org: e4887.dscb.akamaiedge.net
ipset=/twitter.com/pbr_CF_4_dst_ip_cfg256ff5 # twitter.com: twitter.com
ipset=/api.twitter.com/pbr_CF_4_dst_ip_cfg256ff5 # twitter.com: api.twitter.com
ipset=/mobile.twitter.com/pbr_CF_4_dst_ip_cfg256ff5 # twitter.com: mobile.twitter.com
ipset=/abs.twimg.com/pbr_CF_4_dst_ip_cfg256ff5 # twitter.com: abs.twimg.com
ipset=/pbs.twimg.com/pbr_CF_4_dst_ip_cfg256ff5 # twitter.com: pbs.twimg.com
ipset=/anonfiles.com/pbr_CF_4_dst_ip_cfg266ff5 # anonfiles.com: anonfiles.com
ipset=/CF.com/pbr_CF_4_dst_ip_cfg276ff5 # cloudflare.com: CF.com
ipset=/i.instagram.com/pbr_CF_4_dst_ip_cfg286ff5 # instagram.com: i.instagram.com
ipset=/www.instagram.com/pbr_CF_4_dst_ip_cfg286ff5 # instagram.com: www.instagram.com
ipset=/instagram.com/pbr_CF_4_dst_ip_cfg286ff5 # instagram.com: instagram.com
ipset=/graph.instagram.com/pbr_CF_4_dst_ip_cfg286ff5 # instagram.com: graph.instagram.com
ipset=/scontent.cdninstagram.com/pbr_CF_4_dst_ip_cfg286ff5 # instagram.com: scontent.cdninstagram.com
ipset=/scontent-arn2-1.cdninstagram.com/pbr_CF_4_dst_ip_cfg286ff5 # instagram.com: scontent-arn2-1.cdninstagram.com
ipset=/static.cdninstagram.com/pbr_CF_4_dst_ip_cfg286ff5 # instagram.com: static.cdninstagram.com
ipset=/zona.media/pbr_CF_4_dst_ip_cfg296ff5 # zona.media: zona.media
ipset=/meduza.io/pbr_CF_4_dst_ip_cfg2a6ff5 # meduza.io: meduza.io
ipset=/theins.ru/pbr_CF_4_dst_ip_cfg2b6ff5 # theins.ru: theins.ru
ipset=/mrakopedia.net/pbr_CF_4_dst_ip_cfg2d6ff5 # mrakopedia.net: mrakopedia.net
ipset=/fantasy-worlds.org/pbr_CF_4_dst_ip_cfg2e6ff5 # fantasy-worlds.org: fantasy-worlds.org
ipset=/yt3.ggpht.com/pbr_CF_4_dst_ip_cfg2f6ff5 # youtube: yt3.ggpht.com
ipset=/istories.media/pbr_CF_4_dst_ip_cfg306ff5 # istories.media: istories.media
ipset=/saverudata.info/pbr_CF_4_dst_ip_cfg316ff5 # db: saverudata.info
ipset=/saverudata.net/pbr_CF_4_dst_ip_cfg316ff5 # db: saverudata.net
ipset=/saverudata.online/pbr_CF_4_dst_ip_cfg316ff5 # db: saverudata.online
ipset=/bbc.com/pbr_CF_4_dst_ip_cfg326ff5 # bbc.com: bbc.com
ipset=/igg-games.com/pbr_CF_4_dst_ip_cfg336ff5 # igg-games.com: igg-games.com
ipset=/pcgamestorrents.com/pbr_CF_4_dst_ip_cfg336ff5 # igg-games.com: pcgamestorrents.com
ipset=/hackernoon.com/pbr_CF_4_dst_ip_cfg346ff5 # hackernoon.com: hackernoon.com
ipset=/www.wikiwand.com/pbr_CF_4_dst_ip_cfg356ff5 # wikiwand.com: www.wikiwand.com
ipset=/quora.com/pbr_CF_4_dst_ip_cfg366ff5 # quora.com: quora.com
ipset=/www.quora.com/pbr_CF_4_dst_ip_cfg366ff5 # quora.com: www.quora.com
ipset=/dailymotion.com/pbr_CF_4_dst_ip_cfg376ff5 # dailymotion.com: dailymotion.com
ipset=/torrentgalaxy.to/pbr_CF_4_dst_ip_cfg386ff5 # torrentgalaxy.to: torrentgalaxy.to

Hello,

Is there a way to redirect the traffic of a specific application/PID via an interface of choice?

Thanks

Has anyone had any success installing dnsmasq-full_2.89 (that's what is available from snapshots at the moment) on OpenWrt 22.03.4 with pbr 1.1.0-25?
After installing it (and all the dependencies from https://docs.openwrt.melmac.net/pbr/#how-to-install-dnsmasq-full and some others, like libubus, libubox, etc.) I'm getting no dhcp and no dns replies from https-dns-proxy. The router itself can make dns requests.
Used to work with dnsmasq-full 2.88 and OpenWrt 22.03.3.
No particular errors in syslog and sorry, my report is kinda vague, cause I needed the internet and wasn't getting any, so I've reverted quickly to a working configuration.
Any leads on what to test for to figure out the source of the problem?

No, don't have this issue with:

xg-135r3 in ~ # dnsmasq --version
Dnsmasq version 2.89  Copyright (c) 2000-2022 Simon Kelley

Sometimes I have to restart https-dns-proxy on boot, but it works fine after that.

PS. I don't like the fact that you have to install supporting libraries from snapshot for the snapshot build of dinsmasq to work, but I don't have the time to deal with building 2.89 dnsmasq-full for release. There was an x86_64 ipk of dnsmasq-full 2.88 for 22.03 tree, you may have better luck using that.

Please post a URL to where it says that so I can fix it.

It's been fixed in the version available from my repo.

Have you tried restarting rpcd service and/or rebooting the router? If it still doesn't help, can you run a few commands from CLI to troubleshoot?

If those switches are of any use:

dnsmasq --version
Dnsmasq version 2.89  Copyright (c) 2000-2022 Simon Kelley
Compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack no-ipset nftset auth cryptohash DNSSEC no-ID loop-detect inotify dumpfile

And with option logdhcp '1':

dnsmasq[1]: 3592 10.0.0.10/64770 query[A] github.com.lan from 10.0.0.10
dnsmasq[1]: 3592 10.0.0.10/64770 config github.com.lan is NXDOMAIN
dnsmasq[1]: 3593 10.0.0.10/64771 query[AAAA] github.com.lan from 10.0.0.10
dnsmasq[1]: 3593 10.0.0.10/64771 config github.com.lan is NXDOMAIN
dnsmasq[1]: 3594 10.0.0.10/64772 query[A] github.com from 10.0.0.10
dnsmasq[1]: 3594 10.0.0.10/64772 forwarded github.com to 127.0.0.1#5054
dnsmasq[1]: 3594 10.0.0.10/64772 forwarded github.com to 127.0.0.1#5053
dnsmasq[1]: 3605 10.0.0.10/64773 query[AAAA] github.com from 10.0.0.10
dnsmasq[1]: 3605 10.0.0.10/64773 forwarded github.com to 127.0.0.1#5054
dnsmasq[1]: 3605 10.0.0.10/64773 forwarded github.com to 127.0.0.1#5053

It shows that it's receiving requests but not getting replies.

Is there any archive of those? Cause ATM there is only 2.89 at https://downloads.openwrt.org/snapshots/packages/x86_64/base/

Might be IPv6 related issue, by default the https-dns-proxy starts instances with -4 parameter for IPv4-only mode.

The 2.88 ipk was just posted by a user on the forum. Do you need x86_64 platform?

It would be nice, couldn't find it myself yet. However, that would still need those snapshot libs that you didn't like.
Any idea on why the maintainers wouldn't release the 2.88+ already with the release?

Update:
Not sure what's wrong with my config, as I've said it used to work fine on the previous OpenWrt release with dnsmasq-full 2.88, but 2.87 is giving me the same symptoms, no dns or dhcp. Should do a fresh install and try with that.

Slight inaccuracy. Said not "removed" but "disabled" automatically, nevertheless. It's first paragraph of section A Word About Migrating from vpn-policy-routing

I have installed your repo and all pbr packages from. Checked for updates. Is it pbr-iptables 1.1.0-21 » 1.1.0-26?

Of course i tried and can run a few commands Thanks for help!

Updated to 1.1.0-26 and the luci pbr app doesn't seem to recognize what version I'm using so it's giving this warning.

Service Warnings
The WebUI application is outdated (version ), please update it.

I've already cleared my cache and restarted rpcd. Functionality is working ok.

@ebmaster @rawd are you using pbr or pbr-iptables packages?

Will be fixed in 1.1.1-2 to reflect what it says in the docs, thanks!

pbr... no iptables over here

What's the output of opkg list-installed | grep pbr?

root@R4S:~# opkg list-installed | grep pbr

luci-app-pbr - 1.1.0-26
luci-i18n-pbr-en - git-23.090.61754-f7f34d4
pbr - 1.1.0-26

And i have pbr-iptables cause have openwrt 21.02

opkg list-installed | grep pbr
luci-app-pbr - 1.1.0-26
pbr-iptables - 1.1.0-26

@ebmaster @rawd if you're still having issues with the luci app, could you please post the output of running these commands in CLI:

ubus -v list luci.pbr
ubus -S call luci.pbr getInitList '{"name": "pbr" }'
ubus -S call luci.pbr getInitStatus '{"name": "pbr" }'
ubus -S call luci.pbr getPlatformSupport '{"name": "pbr" }'
ubus -S call luci.pbr getGateways '{"name": "pbr" }'
ubus -S call luci.pbr getInterfaces '{"name": "pbr" }'

@stangri I just upgraded to 22.03.5 and pbr 1.1.1-2 and the warning is gone now.. don't know what to tell you

ubus -v list luci.pbr
'luci.pbr' @3f9245b7
        "getGateways":{"name":"String"}
        "getInitList":{"name":"String"}
        "getInitStatus":{"name":"String"}
        "getInterfaces":{"name":"String"}
        "getPlatformSupport":{"name":"String"}
        "setInitAction":{"name":"String","action":"String"}

ubus -S call luci.pbr getInitStatus '{"name": "pbr" }'
{"pbr":{"enabled":true,"running":true,"running_iptables":true,"running_nft":false,"version":"1.1.0-21","gateways":"","errors":[],"warnings":[]}}

ubus -S call luci.pbr getPlatformSupport '{"name": "pbr" }'
{"pbr":{"ipset_installed":true,"nft_installed":true,"adguardhome_installed":false,"dnsmasq_installed":true,"unbound_installed":false,"adguardhome_ipset_support":false,"dnsmasq_ipset_support":true,"dnsmasq_nftset_support":false}}

and ubus -S call luci.pbr getInterfaces '{"name": "pbr" }' returns nothing. Now I understand, why i see only "wan" interface in luci. Because of this code in overview.js

if(data[0]&&data[0][pkg.Name]&&data[0][pkg.Name].interfaces){arrInterfaces=data[0][pkg.Name].interfaces;}
else{arrInterfaces=["wan"];}