fix: ip rule is not added when only binding to wan (#399)

daeuniverse · Jan 2, 2024 · d1d0f6d · d1d0f6d
1 parent 9aa9b69
commit d1d0f6d
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 4 deletions.
diff --git a/control/control_plane.go b/control/control_plane.go
@@ -194,12 +194,15 @@ func NewControlPlane(
 		}
 	}()
 
-	/// Bind to links. Binding should be advance of dialerGroups to avoid un-routable old connection.
-	// Bind to LAN
-	if len(global.LanInterface) > 0 {
+	if len(global.LanInterface) > 0 || len(global.WanInterface) > 0 {
 		if err = core.setupRoutingPolicy(); err != nil {
 			return nil, err
 		}
+	}
+
+	/// Bind to links. Binding should be advance of dialerGroups to avoid un-routable old connection.
+	// Bind to LAN
+	if len(global.LanInterface) > 0 {
 		if global.AutoConfigKernelParameter {
 			_ = SetIpv4forward("1")
 		}

diff --git a/docs/en/README.md b/docs/en/README.md
@@ -195,7 +195,7 @@ group {
 
 # See https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/routing.md for full examples.
 routing {
-  pname(NetworkManager) -> direct
+  pname(NetworkManager, systemd-resolved, dnsmasq) -> must_direct
   dip(224.0.0.0/3, 'ff00::/8') -> direct
 
   ### Write your rules below.

diff --git a/example.dae b/example.dae
@@ -202,6 +202,9 @@ routing {
     # WAN.
     pname(NetworkManager) -> direct
 
+    # Bypass DNS stubs. We want to bypass their DNS requests, thus use 'must'.
+    pname(systemd-resolved, dnsmasq) -> must_direct
+
     # Put it in the front to prevent broadcast, multicast and other packets that should be sent to the LAN from being
     # forwarded by the proxy.
     # "dip" means destination IP.