Am 20.05.22 um 05:49 schrieb Andrew Clark:
> […] to route all
> traffic in the TOR network, but I have a bunch of addresses which
> should be passed directly, without using TOR.
>
> This is valid rule: iifname $int_ifs ip daddr @rkn meta l4proto tcp
> redirect to :9051
> But this one is not: iifname $int_ifs ip daddr != { @akamai,
> @stormwall } meta l4proto tcp redirect to :9051
>
> […]
Would it be sufficient to have only one list and work with the default
package handling? For example a single whitelist causes direct package
routing without Tor. The default rule forwards to the Tor network.
The other way around a blacklist would force packages through Tor while
the rest via default rule goes through!?
Out already pointed out that one rule is the other's negation.
Is there a third route? Or even more?
