Andrew Clark <andrewclarkii@xxxxxxxxx> writes:
> I use Debian 11 as my home router, and I have a script for workaround
> blocked addresses. Alas Roskomnadzor lists are getting bigger, so I
> came to the simple thought that it would be much easier to route all
> traffic in the TOR network, but I have a bunch of addresses which
> should be passed directly, without using TOR.
>
> This is valid rule: iifname $int_ifs ip daddr @rkn meta l4proto tcp
> redirect to :9051
> But this one is not: iifname $int_ifs ip daddr != { @akamai,
> @stormwall } meta l4proto tcp redirect to :9051
What do you mean "not valid?" You got error, or rule does not work as
expected?
Can you try:
--8<---------------cut here---------------start------------->8---
iifname $int_ifs ip daddr != @akamai meta l4proto tcp redirect to :9051
--8<---------------cut here---------------end--------------->8---
?
I suspect that problem is with "{ @akamai, @stormwall }" construct and not with
exclusion.
>
> How to exclude couple of named sets properly?
KJ
--
http://stopstopnop.pl/stop_stopnop.pl_o_nas.html
