Great catch! Please try pbr 0.9.9-26.
on version 0.9.9-28 using iptables
i'm getting:
Error running custom user file '/usr/share/pbr/pbr.user.netflix'!
me too;
ERROR: Error running custom user file '/usr/share/pbr/pbr.user.netflix'!
@staripper @ray308 service pbr status ?
root@Router:~# service pbr status
pbr 0.9.9-28 running on OpenWrt 22.03.2. WAN (IPv4): wan/eth0.10/82.75.56.1.
============================================================
Dnsmasq version 2.86 Copyright (c) 2000-2021 Simon Kelley
Compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC no-ID loop-detect inotify dumpfile
============================================================
Routes/IP Rules
default 82-75-56-1.cabl 0.0.0.0 UG 10 0 0 eth0.10
default 192.168.0.1 0.0.0.0 UG 20 0 0 wlan0
IPv4 table 255 route:
IPv4 table 255 rule: 0: from all lookup local
IPv4 table 256 route: default via 10.30.0.3 dev tun1
IPv4 table 256 rule: 29999: from all fwmark 0x20000/0xff0000 lookup pbr_vpnclient
30000: from all fwmark 0x10000/0xff0000 lookup pbr_vpnclient
IPv4 table 257 route: default via 192.168.0.1 dev wlan0
IPv4 table 257 rule: 29998: from all fwmark 0x30000/0xff0000 lookup pbr_wwan
IPv4 table 258 route: default via 10.2.0.2 dev wg0
IPv4 table 258 rule: 29997: from all fwmark 0x40000/0xff0000 lookup pbr_wg0
IPv4 table 259 route: default via 10.2.0.2 dev wg1
IPv4 table 259 rule: 29996: from all fwmark 0x50000/0xff0000 lookup pbr_wg1
============================================================
Mangle IP Table: FORWARD
# Warning: iptables-legacy tables present, use iptables-legacy to see them
-N PBR_FORWARD
============================================================
Mangle IP Table: INPUT
# Warning: iptables-legacy tables present, use iptables-legacy to see them
-N PBR_INPUT
============================================================
Mangle IP Table: OUTPUT
# Warning: iptables-legacy tables present, use iptables-legacy to see them
-N PBR_OUTPUT
============================================================
Mangle IP Table: POSTROUTING
# Warning: iptables-legacy tables present, use iptables-legacy to see them
-N PBR_POSTROUTING
============================================================
Mangle IP Table: PREROUTING
# Warning: iptables-legacy tables present, use iptables-legacy to see them
-N PBR_PREROUTING
-A PBR_PREROUTING -s 10.2.0.0/24 -m comment --comment ignore_local_traffic -c 0 0 -j RETURN
-A PBR_PREROUTING -m set --match-set pbr_ignore_4_dst_ip_cfg026ff5 dst -m comment --comment google -c 2273 286665 -j RETURN
-A PBR_PREROUTING -m set --match-set pbr_ignore_4_dst_ip_cfg036ff5 dst -m comment --comment bershka_com -c 0 0 -j RETURN
-A PBR_PREROUTING -m set --match-set pbr_ignore_4_dst_ip_cfg046ff5 dst -m comment --comment netflix -c 141 53552 -j RETURN
-A PBR_PREROUTING -s 192.168.1.100/30 -m comment --comment Alle_dhcp_clients -c 100084 15547400 -g PBR_MARK_0x050000
-A PBR_PREROUTING -s 192.168.1.104/29 -m comment --comment Alle_dhcp_clients -c 0 0 -g PBR_MARK_0x050000
-A PBR_PREROUTING -s 192.168.1.112/28 -m comment --comment Alle_dhcp_clients -c 422583 346108754 -g PBR_MARK_0x050000
-A PBR_PREROUTING -s 192.168.1.128/25 -m comment --comment Alle_dhcp_clients -c 222333 39948203 -g PBR_MARK_0x050000
-A PBR_PREROUTING -s 192.168.200.2/31 -m comment --comment vpn_server_clients -c 0 0 -g PBR_MARK_0x040000
-A PBR_PREROUTING -s 192.168.200.4/30 -m comment --comment vpn_server_clients -c 0 0 -g PBR_MARK_0x040000
-A PBR_PREROUTING -s 192.168.200.8/29 -m comment --comment vpn_server_clients -c 0 0 -g PBR_MARK_0x040000
-A PBR_PREROUTING -s 192.168.200.16/28 -m comment --comment vpn_server_clients -c 0 0 -g PBR_MARK_0x040000
-A PBR_PREROUTING -s 192.168.200.32/28 -m comment --comment vpn_server_clients -c 0 0 -g PBR_MARK_0x040000
-A PBR_PREROUTING -s 192.168.200.48/31 -m comment --comment vpn_server_clients -c 0 0 -g PBR_MARK_0x040000
-A PBR_PREROUTING -s 192.168.200.50/32 -m comment --comment vpn_server_clients -c 0 0 -g PBR_MARK_0x040000
============================================================
Mangle IP Table MARK Chain: PBR_MARK_0x010000
# Warning: iptables-legacy tables present, use iptables-legacy to see them
-N PBR_MARK_0x010000
-A PBR_MARK_0x010000 -c 0 0 -j MARK --set-xmark 0x10000/0xff0000
-A PBR_MARK_0x010000 -c 0 0 -j RETURN
============================================================
Mangle IP Table MARK Chain: PBR_MARK_0x020000
# Warning: iptables-legacy tables present, use iptables-legacy to see them
-N PBR_MARK_0x020000
-A PBR_MARK_0x020000 -c 0 0 -j MARK --set-xmark 0x20000/0xff0000
-A PBR_MARK_0x020000 -c 0 0 -j RETURN
============================================================
Mangle IP Table MARK Chain: PBR_MARK_0x030000
# Warning: iptables-legacy tables present, use iptables-legacy to see them
-N PBR_MARK_0x030000
-A PBR_MARK_0x030000 -c 0 0 -j MARK --set-xmark 0x30000/0xff0000
-A PBR_MARK_0x030000 -c 0 0 -j RETURN
============================================================
Mangle IP Table MARK Chain: PBR_MARK_0x040000
# Warning: iptables-legacy tables present, use iptables-legacy to see them
-N PBR_MARK_0x040000
-A PBR_MARK_0x040000 -c 0 0 -j MARK --set-xmark 0x40000/0xff0000
-A PBR_MARK_0x040000 -c 0 0 -j RETURN
============================================================
Mangle IP Table MARK Chain: PBR_MARK_0x050000
# Warning: iptables-legacy tables present, use iptables-legacy to see them
-N PBR_MARK_0x050000
-A PBR_MARK_0x050000 -c 745044 401616994 -j MARK --set-xmark 0x50000/0xff0000
-A PBR_MARK_0x050000 -c 745044 401616994 -j RETURN
============================================================
Current ipsets
create pbr_ignore_4_src_net_cfg016ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_ignore_4_dst_ip_cfg026ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
add pbr_ignore_4_dst_ip_cfg026ff5 142.250.145.106
add pbr_ignore_4_dst_ip_cfg026ff5 108.177.127.106
add pbr_ignore_4_dst_ip_cfg026ff5 108.177.119.139
add pbr_ignore_4_dst_ip_cfg026ff5 142.251.31.138
add pbr_ignore_4_dst_ip_cfg026ff5 142.250.145.113
add pbr_ignore_4_dst_ip_cfg026ff5 108.177.119.106
add pbr_ignore_4_dst_ip_cfg026ff5 142.251.31.102
add pbr_ignore_4_dst_ip_cfg026ff5 108.177.126.147
add pbr_ignore_4_dst_ip_cfg026ff5 108.177.119.100
add pbr_ignore_4_dst_ip_cfg026ff5 142.250.145.105
add pbr_ignore_4_dst_ip_cfg026ff5 216.58.208.110
add pbr_ignore_4_dst_ip_cfg026ff5 142.250.145.139
add pbr_ignore_4_dst_ip_cfg026ff5 172.217.218.139
add pbr_ignore_4_dst_ip_cfg026ff5 142.250.179.196
add pbr_ignore_4_dst_ip_cfg026ff5 142.250.102.188
add pbr_ignore_4_dst_ip_cfg026ff5 142.251.36.36
add pbr_ignore_4_dst_ip_cfg026ff5 173.194.69.188
add pbr_ignore_4_dst_ip_cfg026ff5 142.250.179.174
add pbr_ignore_4_dst_ip_cfg026ff5 142.250.145.103
add pbr_ignore_4_dst_ip_cfg026ff5 108.177.119.104
add pbr_ignore_4_dst_ip_cfg026ff5 108.177.119.113
add pbr_ignore_4_dst_ip_cfg026ff5 108.177.127.104
add pbr_ignore_4_dst_ip_cfg026ff5 142.250.145.102
add pbr_ignore_4_dst_ip_cfg026ff5 108.177.119.138
add pbr_ignore_4_dst_ip_cfg026ff5 142.251.39.110
add pbr_ignore_4_dst_ip_cfg026ff5 142.250.179.142
add pbr_ignore_4_dst_ip_cfg026ff5 142.250.145.101
add pbr_ignore_4_dst_ip_cfg026ff5 108.177.119.105
add pbr_ignore_4_dst_ip_cfg026ff5 108.177.126.105
add pbr_ignore_4_dst_ip_cfg026ff5 108.177.126.106
add pbr_ignore_4_dst_ip_cfg026ff5 74.125.200.26
add pbr_ignore_4_dst_ip_cfg026ff5 172.217.168.238
add pbr_ignore_4_dst_ip_cfg026ff5 142.250.150.26
add pbr_ignore_4_dst_ip_cfg026ff5 142.251.36.14
add pbr_ignore_4_dst_ip_cfg026ff5 108.177.119.147
add pbr_ignore_4_dst_ip_cfg026ff5 142.250.145.99
add pbr_ignore_4_dst_ip_cfg026ff5 74.125.143.188
add pbr_ignore_4_dst_ip_cfg026ff5 108.177.119.102
add pbr_ignore_4_dst_ip_cfg026ff5 142.250.145.138
add pbr_ignore_4_dst_ip_cfg026ff5 142.251.31.139
add pbr_ignore_4_dst_ip_cfg026ff5 142.250.157.26
add pbr_ignore_4_dst_ip_cfg026ff5 108.177.126.103
add pbr_ignore_4_dst_ip_cfg026ff5 108.177.127.103
add pbr_ignore_4_dst_ip_cfg026ff5 172.217.218.138
add pbr_ignore_4_dst_ip_cfg026ff5 108.177.126.99
add pbr_ignore_4_dst_ip_cfg026ff5 142.250.145.147
add pbr_ignore_4_dst_ip_cfg026ff5 142.251.36.46
add pbr_ignore_4_dst_ip_cfg026ff5 108.177.127.27
add pbr_ignore_4_dst_ip_cfg026ff5 142.251.31.100
add pbr_ignore_4_dst_ip_cfg026ff5 172.217.218.101
add pbr_ignore_4_dst_ip_cfg026ff5 142.250.145.100
add pbr_ignore_4_dst_ip_cfg026ff5 216.239.35.8
add pbr_ignore_4_dst_ip_cfg026ff5 142.251.31.101
add pbr_ignore_4_dst_ip_cfg026ff5 108.177.127.147
add pbr_ignore_4_dst_ip_cfg026ff5 108.177.119.103
add pbr_ignore_4_dst_ip_cfg026ff5 172.217.218.100
add pbr_ignore_4_dst_ip_cfg026ff5 216.239.35.0
add pbr_ignore_4_dst_ip_cfg026ff5 173.194.202.26
add pbr_ignore_4_dst_ip_cfg026ff5 142.251.39.100
add pbr_ignore_4_dst_ip_cfg026ff5 108.177.119.99
add pbr_ignore_4_dst_ip_cfg026ff5 108.177.119.101
add pbr_ignore_4_dst_ip_cfg026ff5 108.177.119.188
add pbr_ignore_4_dst_ip_cfg026ff5 108.177.127.105
add pbr_ignore_4_dst_ip_cfg026ff5 172.217.218.113
add pbr_ignore_4_dst_ip_cfg026ff5 108.177.126.104
add pbr_ignore_4_dst_ip_cfg026ff5 108.177.127.99
add pbr_ignore_4_dst_ip_cfg026ff5 172.217.218.102
add pbr_ignore_4_dst_ip_cfg026ff5 216.239.35.12
add pbr_ignore_4_dst_ip_cfg026ff5 142.251.31.113
add pbr_ignore_4_dst_ip_cfg026ff5 142.250.179.206
add pbr_ignore_4_dst_ip_cfg026ff5 216.239.35.4
add pbr_ignore_4_dst_ip_cfg026ff5 142.250.145.104
create pbr_ignore_4_dst_ip_cfg036ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
create pbr_ignore_4_dst_ip_cfg046ff5 hash:ip family inet hashsize 1024 maxelem 65536 comment
add pbr_ignore_4_dst_ip_cfg046ff5 54.73.99.78
add pbr_ignore_4_dst_ip_cfg046ff5 45.57.40.1
add pbr_ignore_4_dst_ip_cfg046ff5 52.50.113.5
add pbr_ignore_4_dst_ip_cfg046ff5 52.16.213.55
add pbr_ignore_4_dst_ip_cfg046ff5 54.77.110.160
add pbr_ignore_4_dst_ip_cfg046ff5 54.170.129.192
add pbr_ignore_4_dst_ip_cfg046ff5 63.35.92.152
add pbr_ignore_4_dst_ip_cfg046ff5 52.48.64.229
add pbr_ignore_4_dst_ip_cfg046ff5 52.48.41.199
add pbr_ignore_4_dst_ip_cfg046ff5 54.220.162.182
add pbr_ignore_4_dst_ip_cfg046ff5 54.77.152.21
add pbr_ignore_4_dst_ip_cfg046ff5 34.245.243.235
add pbr_ignore_4_dst_ip_cfg046ff5 54.75.19.70
add pbr_ignore_4_dst_ip_cfg046ff5 52.212.53.236
add pbr_ignore_4_dst_ip_cfg046ff5 54.155.136.132
add pbr_ignore_4_dst_ip_cfg046ff5 54.195.14.93
add pbr_ignore_4_dst_ip_cfg046ff5 52.16.102.88
add pbr_ignore_4_dst_ip_cfg046ff5 52.209.204.219
add pbr_ignore_4_dst_ip_cfg046ff5 34.249.255.8
add pbr_ignore_4_dst_ip_cfg046ff5 176.34.214.23
add pbr_ignore_4_dst_ip_cfg046ff5 52.210.197.136
add pbr_ignore_4_dst_ip_cfg046ff5 52.212.39.69
add pbr_ignore_4_dst_ip_cfg046ff5 54.75.143.18
add pbr_ignore_4_dst_ip_cfg046ff5 52.19.61.123
add pbr_ignore_4_dst_ip_cfg046ff5 108.128.140.216
add pbr_ignore_4_dst_ip_cfg046ff5 52.17.140.56
add pbr_ignore_4_dst_ip_cfg046ff5 54.229.82.20
add pbr_ignore_4_dst_ip_cfg046ff5 34.249.192.130
add pbr_ignore_4_dst_ip_cfg046ff5 63.34.204.103
add pbr_ignore_4_dst_ip_cfg046ff5 45.57.91.1
add pbr_ignore_4_dst_ip_cfg046ff5 34.243.101.152
add pbr_ignore_4_dst_ip_cfg046ff5 52.31.101.30
add pbr_ignore_4_dst_ip_cfg046ff5 52.210.48.125
add pbr_ignore_4_dst_ip_cfg046ff5 52.17.11.141
add pbr_ignore_4_dst_ip_cfg046ff5 54.217.14.166
add pbr_ignore_4_dst_ip_cfg046ff5 34.252.178.70
add pbr_ignore_4_dst_ip_cfg046ff5 54.228.167.112
add pbr_ignore_4_dst_ip_cfg046ff5 52.209.122.118
add pbr_ignore_4_dst_ip_cfg046ff5 54.76.182.220
add pbr_ignore_4_dst_ip_cfg046ff5 34.252.142.55
add pbr_ignore_4_dst_ip_cfg046ff5 45.57.90.1
add pbr_ignore_4_dst_ip_cfg046ff5 52.213.189.29
add pbr_ignore_4_dst_ip_cfg046ff5 45.57.41.1
add pbr_ignore_4_dst_ip_cfg046ff5 3.248.72.3
add pbr_ignore_4_dst_ip_cfg046ff5 54.217.117.252
add pbr_ignore_4_dst_ip_cfg046ff5 52.213.145.0
add pbr_ignore_4_dst_ip_cfg046ff5 54.228.171.0
add pbr_ignore_4_dst_ip_cfg046ff5 52.16.234.78
add pbr_ignore_4_dst_ip_cfg046ff5 52.49.107.43
add pbr_ignore_4_dst_ip_cfg046ff5 54.195.224.8
add pbr_ignore_4_dst_ip_cfg046ff5 54.220.170.166
add pbr_ignore_4_dst_ip_cfg046ff5 52.51.186.20
add pbr_ignore_4_dst_ip_cfg046ff5 34.252.29.56
add pbr_ignore_4_dst_ip_cfg046ff5 52.30.114.77
add pbr_ignore_4_dst_ip_cfg046ff5 54.170.208.20
add pbr_ignore_4_dst_ip_cfg046ff5 54.154.3.223
add pbr_ignore_4_dst_ip_cfg046ff5 52.213.117.215
add pbr_ignore_4_dst_ip_cfg046ff5 3.248.68.85
create pbr_wg1_4_src_net_cfg066ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
create pbr_wg0_4_src_net_cfg076ff5 hash:net family inet hashsize 1024 maxelem 65536 comment
============================================================
DNSMASQ sets
ipset=/google.nl/pbr_ignore_4_dst_ip_cfg026ff5 # google: google.nl
ipset=/google.com/pbr_ignore_4_dst_ip_cfg026ff5 # google: google.com
ipset=/bershka.com/pbr_ignore_4_dst_ip_cfg036ff5 # bershka.com: bershka.com
ipset=/netflix.com/pbr_ignore_4_dst_ip_cfg046ff5 # netflix: netflix.com
============================================================
Your support details have been logged to '/var/pbr-support'. [✓]
root@Router:~#
Funny it looks like it is loading, but it gives the error.
Thank you. There was a typo in one of the commands preventing the user sets from being created. Was fixed in 0.9.9-29 and later. While I was at it, I fixed traffic killswitch not deactivating if the user script misbehaves (in 0.9.9-30).
1 Like
Reporting a minor bug. /etc/init.d/pbr reload fails with ip: RTNETLINK answers: File exists. stop and start works though.
I can't reproduce it, but I've looked more into the table/routes/rules management and made some changes, see if 0.9.9-32 fixed it.
Still have same error.
ERROR: Error running custom user file '/usr/share/pbr/pbr.user.netflix'!
it looks like it is loading, but it gives the error.
On version 0.9.9-32
Funny how you quoted what exact information I asked for before, yet failed to provide said information.
because [ray308] already gave you the info.
and untill 4 versions ago i wasnt getting this error.
as i wrote before, everything is still working good this is only a false error.
Thanks. Appears to have worked. No error with reload now.
1 Like
Ugraded to version 0.9.9-32
No errors on loading pbr.user.netflix. (it was gone from version 0.9.9-30 though)
1 Like
Thanks to a lot of testing by https://github.com/bonuzzz, the 0.9.9-35 supports using AdGuardHome (version 107.13 and higher) as the resolver to populate ipsets.
2 Likes
ive spent days trying to get this thing to work. it appears it fails to assign the created iptables to the interfaces. idk y
Hi stangri a chance to see appear in official packages luci-app-pbr thanks
i cant install it from the openwrt package menu, why?
See line;
Again, until these packages are found in the official feed/repo for your version of OpenWrt, you will need to add a custom repo to your router following instructions on GitHub/jsDelivr first.
2 Likes
Consult the readme;
Getting Help
If things are not working as intended, please include the following in your post:
- content of
/etc/config/dhcp - content of
/etc/config/firewall - content of
/etc/config/network - content of
/etc/config/pbr - the output of
/etc/init.d/pbr status - the output of
/etc/init.d/pbr reloadwith verbosity setting set to 2
First Troubleshooting Step
If your router is set to use default routing via VPN tunnel and the WAN-targeting policies do not work, you need to stop your VPN tunnel first and ensure that you still have internet connection. If your router is set up to use the default routing via VPN tunnel and when you stop the VPN tunnel you have no internet connection, this package can’t help you. You first need to make sure that you do have internet connection when the VPN tunnel is stopped.
1 Like
pbr chains - policies
chain pbr_forward {
}
chain pbr_input {
}
chain pbr_output {
}
chain pbr_prerouting {
ip daddr @pbr_wan_4_dst_ip_user goto pbr_mark_0x010000
ip saddr @pbr_wan_4_src_ip_user goto pbr_mark_0x010000
ether saddr @pbr_wan_4_src_mac_user goto pbr_mark_0x010000
ip daddr @pbr_vpn_4_dst_ip_user goto pbr_mark_0x020000
ip saddr @pbr_vpn_4_src_ip_user goto pbr_mark_0x020000
ether saddr @pbr_vpn_4_src_mac_user goto pbr_mark_0x020000
ip saddr @pbr_vpn_4_src_ip_cfg076ff5 goto pbr_mark_0x020000 comment "device 1"
ip saddr @pbr_vpn_4_src_ip_cfg086ff5 goto pbr_mark_0x020000 comment "device 2"
ip saddr @pbr_vpn_4_src_ip_cfg096ff5 goto pbr_mark_0x020000 comment "device 3"
ip saddr @pbr_wan_4_src_ip_cfg0a6ff5 goto pbr_mark_0x010000 comment "device 4 "
everything seems good for vpn i'm use expressvpn and i has test adress he work