I installed PBR, and it's working now. What I want to do is use custom user files. I use the /usr/share/pbr/pbr.user.netflix
file as reference. I understand what it should do. I notice that I'm running in NFT mode (PBR).
Running (version: 1.1.1-7 using nft)
root@OpenWrt:~# cat /usr/share/pbr/pbr.user.netflix
TARGET_SET='pbr_wan_4_dst_ip_user'
TARGET_IPSET='pbr_wan_4_dst_net_user'
TARGET_TABLE='inet fw4'
TARGET_ASN='2906'
TARGET_DL_FILE="/var/pbr_tmp_AS${TARGET_ASN}"
TARGET_NFT_FILE="/var/pbr_tmp_AS${TARGET_ASN}.nft"
DB_SOURCE='api.bgpview.io'
[ -z "$nft" ] && nft="$(command -v nft)"
_ret=1
if [ ! -s "$TARGET_DL_FILE" ]; then
if [ "$DB_SOURCE" = "ipinfo.io" ]; then
TARGET_URL="https://ipinfo.io/AS${TARGET_ASN}"
uclient-fetch --no-check-certificate -qO- "$TARGET_URL" 2>/dev/null | grep -E "a href.*${TARGET_ASN}\/" | grep -v ":" | sed "s/^.*<a href=\"\/AS${TARGET_ASN}\///; s/\" >//" > "$TARGET_DL_FILE"
fi
if [ "$DB_SOURCE" = "api.hackertarget.com" ]; then
TARGET_URL="https://api.hackertarget.com/aslookup/?q=AS${TARGET_ASN}"
uclient-fetch --no-check-certificate -qO- "$TARGET_URL" 2>/dev/null | sed '1d' > "$TARGET_DL_FILE"
fi
if [ "$DB_SOURCE" = "api.bgpview.io" ]; then
TARGET_URL="https://api.bgpview.io/asn/${TARGET_ASN}/prefixes"
uclient-fetch --no-check-certificate -qO- "$TARGET_URL" 2>/dev/null | jsonfilter -e '@.data.ipv4_prefixes[*].prefix' > "$TARGET_DL_FILE"
fi
fi
if [ -s "$TARGET_DL_FILE" ]; then
if ipset -q list "$TARGET_IPSET" >/dev/null 2>&1; then
if awk -v ipset="$TARGET_IPSET" '{print "add " ipset " " $1}' "$TARGET_DL_FILE" | ipset restore -!; then
_ret=0
fi
elif [ -n "$nft" ] && [ -x "$nft" ] && "$nft" list set "$TARGET_TABLE" "$TARGET_SET" >/dev/null 2>&1; then
printf "add element %s %s { " "$TARGET_TABLE" "$TARGET_SET" > "$TARGET_NFT_FILE"
awk '{printf $1 ", "}' "$TARGET_DL_FILE" >> "$TARGET_NFT_FILE"
printf " } " >> "$TARGET_NFT_FILE"
if "$nft" -f "$TARGET_NFT_FILE"; then
rm -f "$TARGET_NFT_FILE"
_ret=0
fi
fi
fi
return $_ret
I already know that this line if ipset -q list "$TARGET_IPSET" >/dev/null 2>&1;
will always return false, so it will go to elif [ -n "$nft" ] && [ -x "$nft" ] && "$nft" list set "$TARGET_TABLE" "$TARGET_SET" >/dev/null 2>&1;
.
Now I don't understand what TARGET_SET: pbr_wan_4_dst_ip_user is. I read the documentation, but it seems I don't understand it. What I want is to point to an interface, such as wan2 or wan, because I looked on the internet and got this code from somewhere.
#!/bin/sh
TARGET_IPSET='your_wan_interface'
TARGET_FNAME="link_to_IP_list"
_ret=1
if [ -s "$TARGET_FNAME" ]; then
awk -v ipset="$TARGET_IPSET" '{print "add " ipset " " $1}' "$TARGET_FNAME" | ipset restore -! && _ret=0
fi
return $_ret
So, I understand that the TARGET_IPSET can point to your WAN interface. However, I don't understand the Netflix code or what pbr_wan_4_dst_ip_user
is. How can I create it to point to an interface?
I try to run in CLI and i get this error:
root@OpenWrt:~# nft list set "inet fw4" "pbr_wan_4_dst_ip_user" >/dev/null
Error: No such file or directory
list set inet fw4 pbr_wan_4_dst_ip_user
^^^^^^^^^^^^^^^^^^^^^
So, in this code, it basically does nothing because it always returns false
root@OpenWrt:~# nft list set "inet fw4" "pbr_wan_4_dst_ip_user" >/dev/null 2>&1 && echo "true" || echo "false"
false
Any help would be greatly appreciated.