Skip to content

pbr: update to 1.2.1-r35 #28037

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
stangri merged 1 commit into from
Dec 9, 2025
Merged

pbr: update to 1.2.1-r35 #28037

stangri merged 1 commit into from
Dec 9, 2025
+592 −341

Conversation

@stangri
Copy link
Member

@stangri stangri commented Dec 8, 2025

Maintainer: me
Compile tested: x86_64, Dell EMC Edge 620, OpenWrt 24.10.3
Run tested: x86_64, Dell EMC Edge 620, OpenWrt 24.10.3

Description:
Makefile:

  • split uci-defaults into different purpose files
  • add handling of netifd integration

Config:

Init-script:

  • add netifd integration handling
  • add ip() function to emulate ip rule replace
  • add netbird intrfaces support (thanks @egc112)
  • reorganize loading/handling of options in load_package_config()
  • improve display of interface triggers in service_triggers()
  • remove chains cleanup from stop_service() due to exclusive use of fw4 nft files
  • improve status_service() output
  • drop input and postrouting as valid options for policy chain

Uci-defaults files:

  • 91-pbr-nft: cosmetic improvements

Default nft files:

  • drop use of input and postrouting chanins

Custom User files:

@stangri
pbr: update to 1.2.1-r35
3759024 
pbr 1.2.1-r35

Makefile:
* split uci-defaults into different purpose files
* add handling of netifd integration

Config:
* update with default values for all options (thanks @betonmischer86)

Init-script:
* add netifd integration handling
* add ip() function to emulate ip rule replace
* add netbird intrfaces support (thanks @egc112)
* reorganize loading/handling of options in load_package_config()
* improve display of interface triggers in service_triggers()
* remove chains cleanup from stop_service() due to exclusive use of fw4 nft files
* improve status_service() output
* drop input and postrouting as valid options for policy chain

Uci-defaults files:
* 91-pbr-nft: cosmetic improvements

Default nft files:
* drop use of input and postrouting chanins

Custom User files:
* dns-prefetch: functional improvements (thanks @betonmischer86)

Signed-off-by: Stan Grishin <[email protected]>
@schuettecarsten
Copy link
Contributor

schuettecarsten commented Dec 8, 2025

I get some trailing whitespaces errors when I try to apply this on my local repo:

pbr: update to 1.2.1-r35 #28037
<stdin>:91: trailing whitespace.
        /etc/init.d/pbr netifd check && {
<stdin>:94: trailing whitespace.
        }
<stdin>:106: trailing whitespace.
        /etc/init.d/pbr netifd check && {
<stdin>:109: trailing whitespace.
        }
<stdin>:566: trailing whitespace.
                        for i in "$nftTempFile" "$nftNetifdPermFile"; do

@stangri stangri merged commit 8bf5f68 into openwrt:master Dec 9, 2025
3 of 4 checks passed
@stangri
Copy link
Member Author

stangri commented Dec 9, 2025

I get some trailing whitespaces errors when I try to apply this on my local repo:

Thank you, these will be addressed in 1.2.1-r41

@schuettecarsten
Copy link
Contributor

schuettecarsten commented Dec 10, 2025
edited
Loading

It looks like the latest changes break firewall.

root@GatewayDummi:~# service firewall restart
In file included from /dev/stdin:613:3-75:
/usr/share/nftables.d/chain-post/mangle_postrouting/30-pbr.nft:1:6-20: Error: Could not process rule: No such file or directory
jump pbr_postrouting comment "Jump into pbr postrouting chain";
     ^^^^^^^^^^^^^^^
/dev/stdin:4:12-14: Error: No such file or directory; did you mean table 'banIP' in family inet?
table inet fw4 {
           ^^^
The rendered ruleset contains errors, not doing firewall restart.

@egc112
Copy link
Contributor

egc112 commented Dec 10, 2025
edited
Loading

It looks like the latest changes break firewall.

root@GatewayDummi:~# service firewall restart
In file included from /dev/stdin:613:3-75:
/usr/share/nftables.d/chain-post/mangle_postrouting/30-pbr.nft:1:6-20: Error: Could not process rule: No such file or directory
jump pbr_postrouting comment "Jump into pbr postrouting chain";
     ^^^^^^^^^^^^^^^
/dev/stdin:4:12-14: Error: No such file or directory; did you mean table 'banIP' in family inet?
table inet fw4 {
           ^^^
The rendered ruleset contains errors, not doing firewall restart.

Not really a solution (yet) but
pbr_postrouting chain (and pbr_input) chain were removed on 30 September
stangri/pbr@481b71d

I checked and postrouting is also removed from LuCi so maybe you have old rules in your config using postrouting which are no longer valid?

@schuettecarsten
Copy link
Contributor

schuettecarsten commented Dec 10, 2025
edited
Loading

Not really a solution (yet) but pbr_postrouting chain (and pbr_input) chain were removed on 30 September stangri/pbr@481b71d

But the file is still there in this repo:
https://github.com/openwrt/packages/blob/master/net/pbr/files/usr/share/nftables.d/chain-post/mangle_postrouting/30-pbr.nft

So maybe @stangri simply forgot to delete the files here?
Compared to his original repo, the packages repo here has some (orphaned?) files.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@stangri @schuettecarsten @egc112