pbr service error: failed to set up interfaces

[beatstick]

The service pbr sometimes fails to set up any interface. I get the error message: "Failed to set up any interface" on the gui.

logread -e pbr

Tue Mar 21 11:03:52 2023 user.notice pbr: Reload on interface status aborted: service not running. Tue Mar 21 11:03:52 2023 user.notice pbr: Reload on interface status aborted: service not running. Tue Mar 21 11:03:53 2023 user.notice pbr: Reload on interface status aborted: service not running. Tue Mar 21 11:03:53 2023 user.notice pbr: Reloading pbr due to firewall action: includes Tue Mar 21 11:03:53 2023 user.notice pbr: Reload on firewall action aborted: service not running. Tue Mar 21 11:03:53 2023 user.notice pbr: Reloading wan due to ifup of wan (eth1) Tue Mar 21 11:03:55 2023 user.notice pbr: Reloading pbr due to firewall action: includes Tue Mar 21 11:03:55 2023 user.notice pbr: Reload on firewall action aborted: service not running. Tue Mar 21 11:03:55 2023 user.notice pbr: Reloading WGINTERFACE due to ifup of WGINTERFACE (WGINTERFACE) Tue Mar 21 12:33:19 2023 user.notice pbr: Reload on interface status aborted: service not running. Tue Mar 21 12:33:20 2023 user.notice pbr: Reloading pbr due to firewall action: includes Tue Mar 21 12:33:20 2023 user.notice pbr: Reload on firewall action aborted: service not running. Tue Mar 21 12:33:20 2023 user.notice pbr: Reloading wan due to ifupdate of wan (eth1) Tue Mar 21 13:48:04 2023 user.notice pbr: Reload on interface status aborted: service not running. Tue Mar 21 13:48:06 2023 user.notice pbr: Reloading pbr due to firewall action: includes Tue Mar 21 13:48:06 2023 user.notice pbr: Reload on firewall action aborted: service not running. Tue Mar 21 13:48:06 2023 user.notice pbr: Reloading wan due to ifupdate of wan (eth1) Tue Mar 21 15:17:48 2023 user.notice pbr: Reload on interface status aborted: service not running. Tue Mar 21 15:17:49 2023 user.notice pbr: Reloading pbr due to firewall action: includes Tue Mar 21 15:17:50 2023 user.notice pbr: Reload on firewall action aborted: service not running. Tue Mar 21 15:17:50 2023 user.notice pbr: Reloading wan due to ifupdate of wan (eth1) Tue Mar 21 16:32:34 2023 user.notice pbr: Reload on interface status aborted: service not running. Tue Mar 21 16:32:35 2023 user.notice pbr: Reloading pbr due to firewall action: includes Tue Mar 21 16:32:35 2023 user.notice pbr: Reload on firewall action aborted: service not running. Tue Mar 21 16:32:35 2023 user.notice pbr: Reloading wan due to ifupdate of wan (eth1)

It starts working again upon manual reload:

/etc/init.d/pbr reload Activating traffic killswitch [✓] Setting up routing for 'wan/eth1/xxx/64' RTNETLINK answers: File exists [✓] Setting up routing for 'WGINTERFACE/xxx/::/0' RTNETLINK answers: File exists RTNETLINK answers: File exists [✓] Routing 'mediathek' via wan [✓] Routing 'nextcloud talk' via wan [✓] Routing 'searx' via wan [✓] Routing 'jitsi-meet' via wan [✓] Routing 'Aurora Store no vpn' via wan [✓] Routing 'elden ring ports' via wan [✓] Routing 'sniper elite 5' via wan [✓] Routing 'debian server' via wan [✓] Routing 'bloody trapland ' via wan [✓] Routing 'steftop no vpn' via wan [✓] Routing 'stefdroid old no vpn' via wan [✓] Routing 'ebay kleinanzeigen' via wan [✓] Deactivating traffic killswitch [✓] pbr 1.1.0-19 monitoring interfaces: wan WGINTERFACE pbr 1.1.0-19 (nft) started with gateways: wan/eth1/xxx:1103/64 WGINTERFACE/xxx/::/0 [✓]

[stangri]

The log didn't capture initial failure to start, it only captured pbr firewall/interface hotplug events which didn't reload the service because it wasn't running (for cases where you manually stop the pbr service and need to play with firewall/interfaces and don't want the service to be activated thru hotplug events).

The RTNETLINK answers: File exists is troublesome. Please follow the Getting Help section in the README to provide the necessary information for troubleshooting.

[beatstick]

---

cat /etc/config/dhcp

config dnsmasq option domainneeded '1' option localise_queries '1' option rebind_protection '1' option rebind_localhost '1' option local '/lan/' option domain 'lan' option expandhosts '1' option authoritative '1' option readethers '1' option leasefile '/tmp/dhcp.leases' option localservice '1' option confdir '/tmp/dnsmasq.d' list addnhosts '/tmp/adb_list.overall' list server '127.0.0.1' list server '127.0.0.1#5453' list server '127.0.0.1#5453' list server '127.0.0.1' list server '127.0.0.1#5453' option dnsseccheckunsigned '1' option noresolv '1' option dnssec '1'

config dhcp 'lan' option interface 'lan' option leasetime '12h' option dhcpv6 'server' option ra 'server' option ra_management '1' option start '130' option limit '180'

config dhcp 'wan' option interface 'wan' option ignore '1'

config odhcpd 'odhcpd' option maindhcp '0' option leasefile '/tmp/hosts/odhcpd' option leasetrigger '/usr/sbin/odhcpd-update' option loglevel '4'

cat /etc/config/firewall

config defaults option input 'ACCEPT' option output 'ACCEPT' option forward 'REJECT' option synflood_protect '1'

config zone option name 'lan' option input 'ACCEPT' option output 'ACCEPT' option forward 'ACCEPT' option network 'lan'

config zone option name 'wan' option output 'ACCEPT' option masq '1' option mtu_fix '1' option input 'DROP' option forward 'DROP' list network 'wan' list network 'wan6' list network 'WGINTERFACE'

config rule option name 'Allow-DHCP-Renew' option src 'wan' option proto 'udp' option dest_port '68' option target 'ACCEPT' option family 'ipv4'

config rule option name 'Allow-Ping' option src 'wan' option proto 'icmp' option icmp_type 'echo-request' option family 'ipv4' option target 'DROP'

config rule option name 'Allow-IGMP' option src 'wan' option proto 'igmp' option family 'ipv4' option target 'ACCEPT'

config rule option name 'Allow-DHCPv6' option src 'wan' option proto 'udp' option src_ip 'fc00::/6' option dest_ip 'fc00::/6' option dest_port '546' option family 'ipv6' option target 'ACCEPT'

config rule option name 'Allow-MLD' option src 'wan' option proto 'icmp' option src_ip 'fe80::/10' list icmp_type '130/0' list icmp_type '131/0' list icmp_type '132/0' list icmp_type '143/0' option family 'ipv6' option target 'ACCEPT'

config rule option name 'Allow-ICMPv6-Input' option src 'wan' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' list icmp_type 'router-solicitation' list icmp_type 'neighbour-solicitation' list icmp_type 'router-advertisement' list icmp_type 'neighbour-advertisement' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT'

config rule option name 'Allow-ICMPv6-Forward' option src 'wan' option dest '*' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT'

config rule option name 'Allow-IPSec-ESP' option src 'wan' option dest 'lan' option proto 'esp' option target 'ACCEPT'

config rule option name 'Allow-ISAKMP' option src 'wan' option dest 'lan' option dest_port '500' option proto 'udp' option target 'ACCEPT'

config include option path '/etc/firewall.user'

config include 'bcp38' option type 'script' option path '/usr/lib/bcp38/run.sh' option family 'IPv4' option reload '1'

config forwarding option dest 'wan' option src 'lan'

config rule option src_port '53' option src 'lan' option name 'Disable doh-less dns' option dest 'wan' option target 'DROP' option dest_port '53'

config include option path '/etc/firewall.cs' option enabled '1' option reload '1'

config include 'pbr' option fw4_compatible '1' option type 'script' option path '/usr/share/pbr/pbr.firewall.include'

---

cat /etc/config/network

config interface 'loopback' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' option device 'lo'

config globals 'globals' option ula_prefix 'xx::/48'

config interface 'lan' option proto 'static' option netmask '255.255.255.0' option ip6assign '60' option ipaddr 'xxx' option dns '9.9.9.9 8.8.8.8' option device 'br-lan'

config interface 'wan' option proto 'dhcp' option peerdns '0' option device 'eth1' option dns '127.0.0.1'

config interface 'wan6' option proto 'dhcpv6' option reqprefix 'auto' option reqaddress 'try' option peerdns '0' option device 'eth1' option dns '0::2'

config interface 'WGINTERFACE' option proto 'wireguard' list addresses 'xxx/16' option private_key 'xxx'

config wireguard_WGINTERFACE option persistent_keepalive '25' option route_allowed_ips '1' list allowed_ips '0.0.0.0/0' list allowed_ips '::/0' option endpoint_port '51821' option endpoint_host 'xxx' option public_key 'xxx' option description 'nl3'

config device list ports 'eth0' option type 'bridge' option name 'br-lan'

---

cat /etc/config/pbr

config policy option interface 'wan' option name 'mediathek' option src_addr '192.168.1.100' option dest_addr 'wdrmedien-a.akamaihd.net pmdgeokika-a.akamaihd.net 2.20.189.50 2.20.189.43 92.122.213.185 a1808.w4.akamai.net 2.19.194.176 2.21.242.189 92.122.213.186 185.194.141.246 2.19.194.144 2.19.194.177 2.19.194.139 2.19.194.145 83.243.11.171'

config policy option interface 'wan' option name 'nextcloud talk' option dest_addr 'xxx'

config policy option interface 'wan' option name 'searx' option dest_addr 'xxx'

config policy option interface 'wan' option name 'jitsi-meet' option dest_addr 'xxx'

config policy option interface 'wan' option name 'dnsleaktest.com' option src_addr '192.168.1.100' option dest_addr 'dnsleaktest.com' option enabled '0'

config policy option interface 'wan' option name 'Squad Game' option src_addr '192.168.1.100' option dest_port '4380 27015-27030 50000-65000' option enabled '0'

config policy option interface 'wan' option name 'Aurora Store no vpn' option dest_addr 'play.googleapis.com android.clients.google.com play-lh.googleusercontent.com'

config policy option interface 'wan' option name 'elden ring ports' option src_addr '192.168.1.248' option src_port '3074 3478-3480 4379 4380 27015 27036 27031-27036' option dest_port '3074 3478-3480 4379 4380 27015 27036 27031-27036'

config policy option interface 'wan' option name 'sniper elite 5' option src_port '27015 27031-27036' option dest_port '27015 27031-27036' option src_addr '192.168.1.100'

config policy option interface 'wan' option name 'debian server' option src_addr '192.168.1xxx'

config policy option interface 'wan' option name 'bloody trapland ' option src_addr '192.168.1.100' option src_port '6883' option dest_port '6883'

config policy option interface 'wan' option enabled '0' option name 'unrailed' option src_addr '192.168.1.100' option src_port '27015 27036'

config policy option interface 'wan' option name 'steftop no vpn' option src_addr '192.168.1.xx'

config policy option interface 'wan' option name 'stefdroid old no vpn' option src_addr '192.168.1.xx'

config policy option interface 'wan' option name 'steam gaming' option src_addr '192.168.1.100' option enabled '0'

config pbr 'config' option verbosity '2' option strict_enforcement '1' option src_ipset '0' list ignored_interface 'vpnserver wgserver' option boot_timeout '30' option iprule_enabled '0' option webui_protocol_column '0' option webui_chain_column '0' option webui_sorting '1' option webui_enable_column '1' list webui_supported_protocol 'tcp' list webui_supported_protocol 'udp' list webui_supported_protocol 'tcp udp' list webui_supported_protocol 'icmp' list webui_supported_protocol 'all' option dest_ipset '0' option webui_show_ignore_target '0' option ipv6_enabled '1' option enabled '1' option rule_create_option 'add' option resolver_set 'none'

config include option path '/etc/pbr.netflix.user' option enabled '0'

config policy option interface 'wan' option name 'ebay kleinanzeigen' option src_addr '192.168.1.100' option dest_addr 'ebay-kleinanzeigen.de'

config policy option interface 'wan' option enabled '0' option name 'returnal ports' option src_addr '192.168.1.100' option src_port '3478 3479 5060 5062 5222 6250 12000-65000 ' option dest_port '3478 3479 5060 5062 5222 6250 12000-65000 '

---

/etc/init.d/pbr status

pbr - environment pbr 1.1.0-19 running on OpenWrt 22.03.3. WAN (IPv4): wan/eth1/xxx.

Dnsmasq version 2.86 Copyright (c) 2000-2021 Simon Kelley Compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC no-ID loop-detect inotify dumpfile

pbr chains - policies chain pbr_forward { # handle 33 } chain pbr_input { # handle 34 } chain pbr_output { # handle 35 } chain pbr_prerouting { # handle 36 ip saddr @pbr_wan_4_src_ip_cfg016ff5 ip daddr @pbr_wan_4_dst_ip_cfg016ff5 goto pbr_mark_0x010000 comment "mediathek" # handle 1604 ip6 saddr @pbr_wan_6_src_ip_cfg016ff5 ip6 daddr @pbr_wan_6_dst_ip_cfg016ff5 goto pbr_mark_0x010000 comment "mediathek" # handle 1605 ip saddr @pbr_wan_4_src_ip_cfg016ff5 ip daddr { 23.50.131.21, 23.50.131.22 } goto pbr_mark_0x010000 comment "mediathek" # handle 1607 ip saddr @pbr_wan_4_src_ip_cfg016ff5 ip daddr @pbr_wan_4_dst_ip_cfg016ff5 goto pbr_mark_0x010000 comment "mediathek" # handle 1608 ip6 saddr @pbr_wan_6_src_ip_cfg016ff5 ip6 daddr @pbr_wan_6_dst_ip_cfg016ff5 goto pbr_mark_0x010000 comment "mediathek" # handle 1609 ip daddr @pbr_wan_4_dst_ip_cfg026ff5 goto pbr_mark_0x010000 comment "nextcloud talk" # handle 1612 ip6 daddr @pbr_wan_6_dst_ip_cfg026ff5 goto pbr_mark_0x010000 comment "nextcloud talk" # handle 1613 ip daddr @pbr_wan_4_dst_ip_cfg036ff5 goto pbr_mark_0x010000 comment "searx" # handle 1616 ip6 daddr @pbr_wan_6_dst_ip_cfg036ff5 goto pbr_mark_0x010000 comment "searx" # handle 1617 ip daddr @pbr_wan_4_dst_ip_cfg046ff5 goto pbr_mark_0x010000 comment "jitsi-meet" # handle 1620 ip6 daddr @pbr_wan_6_dst_ip_cfg046ff5 goto pbr_mark_0x010000 comment "jitsi-meet" # handle 1621 ip daddr @pbr_wan_4_dst_ip_cfg076ff5 goto pbr_mark_0x010000 comment "Aurora Store no vpn" # handle 1624 ip6 daddr @pbr_wan_6_dst_ip_cfg076ff5 goto pbr_mark_0x010000 comment "Aurora Store no vpn" # handle 1625 ip saddr @pbr_wan_4_src_ip_cfg086ff5 tcp sport { 3074, 3478-3480, 4379-4380, 27015, 27031-27036 } tcp dport { 3074, 3478-3480, 4379-4380, 27015, 27031-27036 } goto pbr_mark_0x010000 comment "elden ring ports" # handle 1630 ip6 saddr @pbr_wan_6_src_ip_cfg086ff5 tcp sport { 3074, 3478-3480, 4379-4380, 27015, 27031-27036 } tcp dport { 3074, 3478-3480, 4379-4380, 27015, 27031-27036 } goto pbr_mark_0x010000 comment "elden ring ports" # handle 1633 ip saddr @pbr_wan_4_src_ip_cfg086ff5 udp sport { 3074, 3478-3480, 4379-4380, 27015, 27031-27036 } udp dport { 3074, 3478-3480, 4379-4380, 27015, 27031-27036 } goto pbr_mark_0x010000 comment "elden ring ports" # handle 1636 ip6 saddr @pbr_wan_6_src_ip_cfg086ff5 udp sport { 3074, 3478-3480, 4379-4380, 27015, 27031-27036 } udp dport { 3074, 3478-3480, 4379-4380, 27015, 27031-27036 } goto pbr_mark_0x010000 comment "elden ring ports" # handle 1639 ip saddr @pbr_wan_4_src_ip_cfg096ff5 tcp sport { 27015, 27031-27036 } tcp dport { 27015, 27031-27036 } goto pbr_mark_0x010000 comment "sniper elite 5" # handle 1644 ip6 saddr @pbr_wan_6_src_ip_cfg096ff5 tcp sport { 27015, 27031-27036 } tcp dport { 27015, 27031-27036 } goto pbr_mark_0x010000 comment "sniper elite 5" # handle 1647 ip saddr @pbr_wan_4_src_ip_cfg096ff5 udp sport { 27015, 27031-27036 } udp dport { 27015, 27031-27036 } goto pbr_mark_0x010000 comment "sniper elite 5" # handle 1650 ip6 saddr @pbr_wan_6_src_ip_cfg096ff5 udp sport { 27015, 27031-27036 } udp dport { 27015, 27031-27036 } goto pbr_mark_0x010000 comment "sniper elite 5" # handle 1653 ip saddr @pbr_wan_4_src_ip_cfg0a6ff5 goto pbr_mark_0x010000 comment "debian server" # handle 1656 ip6 saddr @pbr_wan_6_src_ip_cfg0a6ff5 goto pbr_mark_0x010000 comment "debian server" # handle 1657 ip saddr @pbr_wan_4_src_ip_cfg0b6ff5 tcp sport 6883 tcp dport 6883 goto pbr_mark_0x010000 comment "bloody trapland " # handle 1660 ip6 saddr @pbr_wan_6_src_ip_cfg0b6ff5 tcp sport 6883 tcp dport 6883 goto pbr_mark_0x010000 comment "bloody trapland " # handle 1661 ip saddr @pbr_wan_4_src_ip_cfg0b6ff5 udp sport 6883 udp dport 6883 goto pbr_mark_0x010000 comment "bloody trapland " # handle 1662 ip6 saddr @pbr_wan_6_src_ip_cfg0b6ff5 udp sport 6883 udp dport 6883 goto pbr_mark_0x010000 comment "bloody trapland " # handle 1663 ip saddr @pbr_wan_4_src_ip_cfg0d6ff5 goto pbr_mark_0x010000 comment "steftop no vpn" # handle 1666 ip6 saddr @pbr_wan_6_src_ip_cfg0d6ff5 goto pbr_mark_0x010000 comment "steftop no vpn" # handle 1667 ip saddr @pbr_wan_4_src_ip_cfg0e6ff5 goto pbr_mark_0x010000 comment "stefdroid old no vpn" # handle 1670 ip6 saddr @pbr_wan_6_src_ip_cfg0e6ff5 goto pbr_mark_0x010000 comment "stefdroid old no vpn" # handle 1671 ip saddr @pbr_wan_4_src_ip_cfg126ff5 ip daddr @pbr_wan_4_dst_ip_cfg126ff5 goto pbr_mark_0x010000 comment "ebay kleinanzeigen" # handle 1676 ip6 saddr @pbr_wan_6_src_ip_cfg126ff5 ip6 daddr @pbr_wan_6_dst_ip_cfg126ff5 goto pbr_mark_0x010000 comment "ebay kleinanzeigen" # handle 1677 } chain pbr_postrouting { # handle 37 }

pbr chains - marking chain pbr_mark_0x010000 { # handle 1594 counter packets 319 bytes 37241 meta mark set meta mark & 0xff01ffff | 0x00010000 # handle 1595 return # handle 1596 } chain pbr_mark_0x020000 { # handle 1597 counter packets 0 bytes 0 meta mark set meta mark & 0xff02ffff | 0x00020000 # handle 1598 return # handle 1599 }

pbr nft sets set pbr_wan_4_src_ip_cfg016ff5 { # handle 1600 type ipv4_addr flags interval counter auto-merge comment "mediathek" elements = { 192.168.1.100 counter packets 20119 bytes 7547319 } } set pbr_wan_6_src_ip_cfg016ff5 { # handle 1601 type ipv6_addr flags interval counter auto-merge comment "mediathek" } set pbr_wan_4_dst_ip_cfg016ff5 { # handle 1602 type ipv4_addr flags interval counter auto-merge comment "mediathek" elements = { 2.19.194.139 counter packets 0 bytes 0, 2.19.194.144 counter packets 0 bytes 0, 2.19.194.145 counter packets 0 bytes 0, 2.19.194.176 counter packets 0 bytes 0, 2.19.194.177 counter packets 0 bytes 0, 2.20.189.43 counter packets 0 bytes 0, 2.20.189.50 counter packets 0 bytes 0, 2.21.242.189 counter packets 0 bytes 0, 23.50.131.21-23.50.131.22 counter packets 0 bytes 0, 83.243.11.171 counter packets 0 bytes 0, 92.122.213.185 counter packets 0 bytes 0, 92.122.213.186 counter packets 0 bytes 0, 95.101.75.72 counter packets 0 bytes 0, 95.101.75.119 counter packets 0 bytes 0, 185.194.141.246 counter packets 0 bytes 0 } } set pbr_wan_6_dst_ip_cfg016ff5 { # handle 1603 type ipv6_addr flags interval counter auto-merge comment "mediathek" } set pbr_wan_4_dst_ip_cfg026ff5 { # handle 1610 type ipv4_addr flags interval counter auto-merge comment "nextcloud talk" elements = { 185.26.156.167 counter packets 268 bytes 26741 } } set pbr_wan_6_dst_ip_cfg026ff5 { # handle 1611 type ipv6_addr flags interval counter auto-merge comment "nextcloud talk" elements = { 2a00:d0c0:200:0:b9:1a:9c:76 counter packets 0 bytes 0 } } set pbr_wan_4_dst_ip_cfg036ff5 { # handle 1614 type ipv4_addr flags interval counter auto-merge comment "searx" elements = { 185.26.156.167 counter packets 0 bytes 0 } } set pbr_wan_6_dst_ip_cfg036ff5 { # handle 1615 type ipv6_addr flags interval counter auto-merge comment "searx" elements = { 2a00:d0c0:200:0:b9:1a:9c:76 counter packets 0 bytes 0 } } set pbr_wan_4_dst_ip_cfg046ff5 { # handle 1618 type ipv4_addr flags interval counter auto-merge comment "jitsi-meet" elements = { 5.181.50.207 counter packets 0 bytes 0, 185.233.104.133 counter packets 0 bytes 0 } } set pbr_wan_6_dst_ip_cfg046ff5 { # handle 1619 type ipv6_addr flags interval counter auto-merge comment "jitsi-meet" } set pbr_wan_4_dst_ip_cfg076ff5 { # handle 1622 type ipv4_addr flags interval counter auto-merge comment "Aurora Store no vpn" elements = { 142.250.74.14 counter packets 0 bytes 0, 142.250.74.46 counter packets 0 bytes 0, 142.250.74.78 counter packets 0 bytes 0, 142.250.74.142 counter packets 0 bytes 0, 142.250.74.174 counter packets 0 bytes 0, 142.250.74.202 counter packets 0 bytes 0, 142.250.181.234 counter packets 0 bytes 0, 142.250.184.202 counter packets 0 bytes 0, 142.250.184.234 counter packets 0 bytes 0, 142.250.185.74 counter packets 0 bytes 0, 142.250.186.42 counter packets 0 bytes 0, 142.250.186.74 counter packets 0 bytes 0, 142.250.186.106 counter packets 0 bytes 0, 142.250.186.170 counter packets 0 bytes 0, 142.250.186.182 counter packets 0 bytes 0, 172.217.16.138 counter packets 0 bytes 0, 172.217.16.202 counter packets 0 bytes 0, 172.217.18.10 counter packets 0 bytes 0, 172.217.18.106 counter packets 0 bytes 0, 172.217.23.106 counter packets 0 bytes 0, 216.58.207.206 counter packets 0 bytes 0, 216.58.212.138 counter packets 0 bytes 0, 216.58.212.170 counter packets 0 bytes 0 } } set pbr_wan_6_dst_ip_cfg076ff5 { # handle 1623 type ipv6_addr flags interval counter auto-merge comment "Aurora Store no vpn" elements = { 2a00:1450:4001:800::200a counter packets 0 bytes 0, 2a00:1450:4001:809::200a counter packets 0 bytes 0, 2a00:1450:4001:80e::200a counter packets 0 bytes 0, 2a00:1450:4001:80f::200a counter packets 0 bytes 0, 2a00:1450:400f:802::2016 counter packets 0 bytes 0 } } set pbr_wan_4_src_ip_cfg086ff5 { # handle 1626 type ipv4_addr flags interval counter auto-merge comment "elden ring ports" elements = { 192.168.1.248 counter packets 0 bytes 0 } } set pbr_wan_6_src_ip_cfg086ff5 { # handle 1627 type ipv6_addr flags interval counter auto-merge comment "elden ring ports" } set pbr_wan_4_src_ip_cfg096ff5 { # handle 1640 type ipv4_addr flags interval counter auto-merge comment "sniper elite 5" elements = { 192.168.1.100 counter packets 12714 bytes 4773204 } } set pbr_wan_6_src_ip_cfg096ff5 { # handle 1641 type ipv6_addr flags interval counter auto-merge comment "sniper elite 5" } set pbr_wan_4_src_ip_cfg0a6ff5 { # handle 1654 type ipv4_addr flags interval counter auto-merge comment "debian server" elements = { 192.168.1.114 counter packets 51 bytes 10500 } } set pbr_wan_6_src_ip_cfg0a6ff5 { # handle 1655 type ipv6_addr flags interval counter auto-merge comment "debian server" } set pbr_wan_4_src_ip_cfg0b6ff5 { # handle 1658 type ipv4_addr flags interval counter auto-merge comment "bloody trapland " elements = { 192.168.1.100 counter packets 12629 bytes 4746735 } } set pbr_wan_6_src_ip_cfg0b6ff5 { # handle 1659 type ipv6_addr flags interval counter auto-merge comment "bloody trapland " } set pbr_wan_4_src_ip_cfg0d6ff5 { # handle 1664 type ipv4_addr flags interval counter auto-merge comment "steftop no vpn" elements = { 192.168.1.109 counter packets 0 bytes 0 } } set pbr_wan_6_src_ip_cfg0d6ff5 { # handle 1665 type ipv6_addr flags interval counter auto-merge comment "steftop no vpn" } set pbr_wan_4_src_ip_cfg0e6ff5 { # handle 1668 type ipv4_addr flags interval counter auto-merge comment "stefdroid old no vpn" elements = { 192.168.1.104 counter packets 0 bytes 0 } } set pbr_wan_6_src_ip_cfg0e6ff5 { # handle 1669 type ipv6_addr flags interval counter auto-merge comment "stefdroid old no vpn" } set pbr_wan_4_src_ip_cfg126ff5 { # handle 1672 type ipv4_addr flags interval counter auto-merge comment "ebay kleinanzeigen" elements = { 192.168.1.100 counter packets 6299 bytes 2358886 } } set pbr_wan_6_src_ip_cfg126ff5 { # handle 1673 type ipv6_addr flags interval counter auto-merge comment "ebay kleinanzeigen" } set pbr_wan_4_dst_ip_cfg126ff5 { # handle 1674 type ipv4_addr flags interval counter auto-merge comment "ebay kleinanzeigen" elements = { 34.107.128.149 counter packets 0 bytes 0 } } set pbr_wan_6_dst_ip_cfg126ff5 { # handle 1675 type ipv6_addr flags interval counter auto-merge comment "ebay kleinanzeigen" elements = { 2600:1901:0:5e49:: counter packets 0 bytes 0 } }

IPv4 table 256 route: default via 31.17.62.254 dev eth1 IPv4 table 256 rule(s): 30000: from all fwmark 0x10000/0xff0000 lookup pbr_wan IPv4 table 257 route: default via 10.11.2.179 dev WGINTERFACE IPv4 table 257 rule(s): 30001: from all fwmark 0x20000/0xff0000 lookup pbr_WGINTERFACE

---

/etc/init.d/pbr reload

Activating traffic killswitch [✓] Setting up routing for 'wan/eth1/xxx/fe80::2a0:ff:fec0:1103/64' RTNETLINK answers: File exists [✓] Setting up routing for 'WGINTERFACE/xxx/::/0' RTNETLINK answers: File exists RTNETLINK answers: File exists [✓] Routing 'mediathek' via wan [✓] Routing 'nextcloud talk' via wan [✓] Routing 'searx' via wan [✓] Routing 'jitsi-meet' via wan [✓] Routing 'Aurora Store no vpn' via wan [✓] Routing 'elden ring ports' via wan [✓] Routing 'sniper elite 5' via wan [✓] Routing 'debian server' via wan [✓] Routing 'bloody trapland ' via wan [✓] Routing 'steftop no vpn' via wan [✓] Routing 'stefdroid old no vpn' via wan [✓] Routing 'ebay kleinanzeigen' via wan [✓] Deactivating traffic killswitch [✓] pbr 1.1.0-19 monitoring interfaces: wan WGINTERFACE pbr 1.1.0-19 (nft) started with gateways: wan/eth1/xxx/xxx:1103/64 WGINTERFACE/xxx/::/0 [✓]

[stangri]

While I haven't figured out what's producing the RTNETLINK answers: File exists (I suspect it's IPv6 related), the general start up should have been addressed in pbr 1.1.0-22 available from my dev repo. I'd appreciate if you test it and let me know.

[beatstick]

Ok, I installed it and will report back if the error still occurs.

This is how the install went:

opkg install pbr_1.1.0-22_all.ipk Upgrading pbr on root from 1.1.0-19 to 1.1.0-22... Stopping pbr service... Activating traffic killswitch [✓] Removing routing for 'wan/eth1/xxx/64' [✓] Removing routing for 'WGINTERFACE/xxx/::/0' [✓] Deactivating traffic killswitch [✓] pbr 1.1.0-19 (nft) stopped [✓] OK Removing rc.d symlink for pbr... OK Command failed: Not found Configuring pbr. Installing rc.d symlink for pbr... OK uci: Entry not found uci: Entry not found

uci: Entry not found

uci: Entry not found

uci: Entry not found

uci: Entry not found

uci: Entry not found

Activating traffic killswitch [✓] Setting up routing for 'wan/eth1/xxx1103/64' RTNETLINK answers: File exists [✓] Setting up routing for 'WGINTERFACE/xxx/::/0' RTNETLINK answers: File exists RTNETLINK answers: File exists [✓] Routing 'mediathek' via wan [✓] Routing 'nextcloud talk' via wan [✓] Routing 'searx' via wan [✓] Routing 'jitsi-meet' via wan [✓] Routing 'Aurora Store no vpn' via wan [✓] Routing 'elden ring ports' via wan [✓] Routing 'sniper elite 5' via wan [✓] Routing 'debian server' via wan [✓] Routing 'bloody trapland ' via wan [✓] Routing 'steftop no vpn' via wan [✓] Routing 'stefdroid old no vpn' via wan [✓] Routing 'ebay kleinanzeigen' via wan [✓] Deactivating traffic killswitch [✓] pbr 1.1.0-22 monitoring interfaces: wan WGINTERFACE pbr 1.1.0-22 (nft) started with gateways: wan/eth1/xx/64 WGINTERFACE/1xxx/::/0 [✓]

[beatstick]

No problems so far with pbr 1.1.0-22. The system has been running stable for the last two days and the interfaces always stay up.

[stangri]

Closing for now, feel free to reopen if you still experience the issue.