pbr: update to 1.2.1-r41

Remove many obsolete files.

Makefile:
* remove netifd-flavour related code
* remove trailing white spaces

Init-script:
* proper deletion of default network rules for IPv{4,6}
* fix netifd function error when IPv6 is enabled
* remove trailing white spaces

Signed-off-by: Stan Grishin <stangri@melmac.ca>

net/pbr/Makefile

@@ -5,7 +5,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=pbr
 PKG_VERSION:=1.2.1
-PKG_RELEASE:=35
+PKG_RELEASE:=41
 PKG_LICENSE:=AGPL-3.0-or-later
 PKG_MAINTAINER:=Stan Grishin <stangri@melmac.ca>
 
@@ -33,12 +33,6 @@ $(call Package/pbr/default)
   DEFAULT_VARIANT:=1
 endef
 
-define Package/pbr-netifd
-$(call Package/pbr/default)
-  TITLE+= with nft/nft set and netifd support
-  VARIANT:=netifd
-endef
-
 define Package/pbr/default/description
   This service enables policy-based routing for WAN interfaces and various VPN tunnels.
 endef
@@ -48,18 +42,11 @@ define Package/pbr/description
   This version supports OpenWrt (23.05 and newer) with firewall4/nft.
 endef
 
-define Package/pbr-netifd/description
-  $(call Package/pbr/default/description)
-  This version supports OpenWrt with (23.05 and newer) firewall4/nft.
-  This version uses OpenWrt native netifd/tables to set up interfaces. This is a WIP.
-endef
-
 define Package/pbr/default/conffiles
 /etc/config/pbr
 endef
 
 Package/pbr/conffiles = $(Package/pbr/default/conffiles)
-Package/pbr-netifd/conffiles = $(Package/pbr/default/conffiles)
 
 define Build/Configure
 endef
@@ -90,20 +77,14 @@ define Package/pbr/install
 $(call Package/pbr/default/install,$(1))
 endef
 
-define Package/pbr-netifd/install
-$(call Package/pbr/default/install,$(1))
-	$(INSTALL_DIR) $(1)/etc/uci-defaults
-endef
-#	$(INSTALL_BIN)  ./files/etc/uci-defaults/91-pbr-netifd $(1)/etc/uci-defaults/91-pbr-netifd
-
 define Package/pbr/postinst
 #!/bin/sh
 # check if we are on real system
 if [ -z "$${IPKG_INSTROOT}" ]; then
-	/etc/init.d/pbr netifd check && { 
+	/etc/init.d/pbr netifd check && {
 		echo -n "Reinstalling pbr netifd integration... "
 		/etc/init.d/pbr netifd install >/dev/null 2>&1 && echo "OK" || echo "FAIL"
-	} 
+	}
 	echo -n "Installing rc.d symlink for pbr... "
 	/etc/init.d/pbr enable && echo "OK" || echo "FAIL"
 fi
@@ -118,10 +99,10 @@ if [ -z "$${IPKG_INSTROOT}" ]; then
 	/etc/init.d/pbr stop >/dev/null 2>&1 && echo "OK" || echo "FAIL"
 	echo -n "Removing rc.d symlink for pbr... "
 	/etc/init.d/pbr disable && echo "OK" || echo "FAIL"
-	/etc/init.d/pbr netifd check && { 
+	/etc/init.d/pbr netifd check && {
 		echo -n "Uninstalling pbr netifd integration... "
 		/etc/init.d/pbr netifd uninstall >/dev/null 2>&1 && echo "OK" || echo "FAIL"
-	} 
+	}
 fi
 exit 0
 endef
@@ -135,40 +116,4 @@ fi
 exit 0
 endef
 
-define Package/pbr-netifd/postinst
-#!/bin/sh
-# check if we are on real system
-if [ -z "$${IPKG_INSTROOT}" ]; then
-	echo -n "Installing pbr integration with netifd... "
-	/etc/init.d/pbr netifd check && /etc/init.d/pbr netifd install >/dev/null 2>&1 && echo "OK" || echo "FAIL"
-	echo -n "Installing rc.d symlink for pbr... "
-	/etc/init.d/pbr enable && echo "OK" || echo "FAIL"
-fi
-exit 0
-endef
-
-define Package/pbr-netifd/prerm
-#!/bin/sh
-# check if we are on real system
-if [ -z "$${IPKG_INSTROOT}" ]; then
-	echo -n "Stopping pbr service... "
-	/etc/init.d/pbr stop >/dev/null 2>&1 && echo "OK" || echo "FAIL"
-	echo -n "Removing rc.d symlink for pbr... "
-	/etc/init.d/pbr disable && echo "OK" || echo "FAIL"
-	echo -n "Uninstalling pbr integration with netifd... "
-	/etc/init.d/pbr netifd check && /etc/init.d/pbr netifd uninstall >/dev/null 2>&1 && echo "OK" || echo "FAIL"
-fi
-exit 0
-endef
-
-define Package/pbr-netifd/postrm
-#!/bin/sh
-# check if we are on real system
-if [ -z "$${IPKG_INSTROOT}" ]; then
-	fw4 -q reload || true
-fi
-exit 0
-endef
-
 $(eval $(call BuildPackage,pbr))
-# $(eval $(call BuildPackage,pbr-netifd))

net/pbr/files/etc/config/pbr-iptables

@@ -1,50 +0,0 @@
-config pbr 'config'
-	option enabled '0'
-	option verbosity '2'
-	option strict_enforcement '1'
-	option resolver_set 'dnsmasq.ipset'
-	list resolver_instance '*'
-	option ipv6_enabled '0'
-	list ignored_interface 'vpnserver'
-	option boot_timeout '30'
-	option rule_create_option 'add'
-	option procd_boot_delay '0'
-	option procd_reload_delay '1'
-	option webui_show_ignore_target '0'
-	list webui_supported_protocol 'all'
-	list webui_supported_protocol 'tcp'
-	list webui_supported_protocol 'udp'
-	list webui_supported_protocol 'tcp udp'
-	list webui_supported_protocol 'icmp'
-
-config include
-	option path '/usr/share/pbr/pbr.user.aws'
-	option enabled 0
-
-config include
-	option path '/usr/share/pbr/pbr.user.netflix'
-	option enabled 0
-
-config include
-	option path '/usr/share/pbr/pbr.user.wg_server_and_client'
-	option enabled 0
-
-config policy
-	option name 'Plex/Emby Local Server'
-	option interface 'wan'
-	option src_port '8096 8920 32400'
-	option enabled '0'
-
-config policy
-	option name 'Plex/Emby Remote Servers'
-	option interface 'wan'
-	option dest_addr 'plex.tv my.plexapp.com emby.media app.emby.media tv.emby.media'
-	option enabled '0'
-
-config policy
-	option name 'WireGuard Server'
-	option interface 'wan'
-	option src_port '51820'
-	option chain 'OUTPUT'
-	option proto 'udp'
-	option enabled '0'

net/pbr/files/etc/config/pbr.iptables

@@ -1,50 +0,0 @@
-config pbr 'config'
-	option enabled '0'
-	option verbosity '2'
-	option strict_enforcement '1'
-	option resolver_set 'dnsmasq.ipset'
-	list resolver_instance '*'
-	option ipv6_enabled '0'
-	list ignored_interface 'vpnserver'
-	option boot_timeout '30'
-	option rule_create_option 'add'
-	option procd_boot_delay '0'
-	option procd_reload_delay '1'
-	option webui_show_ignore_target '0'
-	list webui_supported_protocol 'all'
-	list webui_supported_protocol 'tcp'
-	list webui_supported_protocol 'udp'
-	list webui_supported_protocol 'tcp udp'
-	list webui_supported_protocol 'icmp'
-
-config include
-	option path '/usr/share/pbr/pbr.user.aws'
-	option enabled 0
-
-config include
-	option path '/usr/share/pbr/pbr.user.netflix'
-	option enabled 0
-
-config include
-	option path '/usr/share/pbr/pbr.user.wg_server_and_client'
-	option enabled 0
-
-config policy
-	option name 'Plex/Emby Local Server'
-	option interface 'wan'
-	option src_port '8096 8920 32400'
-	option enabled '0'
-
-config policy
-	option name 'Plex/Emby Remote Servers'
-	option interface 'wan'
-	option dest_addr 'plex.tv my.plexapp.com emby.media app.emby.media tv.emby.media'
-	option enabled '0'
-
-config policy
-	option name 'WireGuard Server'
-	option interface 'wan'
-	option src_port '51820'
-	option chain 'OUTPUT'
-	option proto 'udp'
-	option enabled '0'

net/pbr/files/etc/hotplug.d/firewall/70-pbr

@@ -1,6 +0,0 @@
-#!/bin/sh
-[ "$ACTION" = "reload" ] || [ "$ACTION" = "restart" ] || exit 0
-if [ -x /etc/init.d/pbr ] && /etc/init.d/pbr enabled; then
-	logger -t "pbr" "Sending reload signal to pbr due to firewall action: $ACTION"
-	/etc/init.d/pbr reload
-fi

net/pbr/files/etc/init.d/pbr

@@ -257,7 +257,7 @@ pbr_get_gateway4() {
 }
 pbr_get_gateway6() {
 	local iface="$2" dev="$3" gw
-	[ "$iface" = "$uplink_interface" ] && iface="$uplink_interface6"  
+	[ "$iface" = "$uplink_interface" ] && iface="$uplink_interface6"
 	network_get_gateway6 gw "$iface" true
 	if [ -z "$gw" ] || [ "$gw" = '::/0' ] || [ "$gw" = '::0/0' ] || [ "$gw" = '::' ]; then
 		gw="$(ip -6 a list dev "$dev" 2>/dev/null | grep inet6 | grep 'scope global' | awk '{print $2}')"
@@ -813,7 +813,7 @@ nft_file() {
 		;;
 		create)
 			rm -f "$nftTempFile" "$nftPermFile"
-			for i in "$nftTempFile" "$nftPermFile"; do 
+			for i in "$nftTempFile" "$nftPermFile"; do
 				mkdir -p "${i%/*}"
 			done
 			{ echo '#!/usr/sbin/nft -f'; echo ''; } > "$nftTempFile"
@@ -847,7 +847,7 @@ nft_file() {
 		;;
 		netifd_create)
 			rm -f "$nftTempFile" "$nftNetifdPermFile"
-			for i in "$nftTempFile" "$nftNetifdPermFile"; do 
+			for i in "$nftTempFile" "$nftNetifdPermFile"; do
 				mkdir -p "${i%/*}"
 			done
 			{ echo '#!/usr/sbin/nft -f'; echo ''; } > "$nftTempFile"
@@ -884,7 +884,7 @@ nftset() {
 	nftset4="${nftPrefix}${iface:+_$iface}_4${target:+_$target}${type:+_$type}${uid:+_$uid}"
 	nftset6="${nftPrefix}${iface:+_$iface}_6${target:+_$target}${type:+_$type}${uid:+_$uid}"
 
-	if [ "${#nftset4}" -gt '255' ]; then 
+	if [ "${#nftset4}" -gt '255' ]; then
 		json add error 'errorNftsetNameTooLong' "$nftset4"
 		return 1
 	fi
@@ -998,7 +998,7 @@ nftset() {
 	fi
 }
 
-cleanup_rt_tables() { 
+cleanup_rt_tables() {
 	local i
 # shellcheck disable=SC2013
 	for i in $(grep -oh "${ipTablePrefix}_.*" "$rtTablesFile"); do
@@ -1204,7 +1204,7 @@ resolver() {
 				;;
 				compare_hash)
 					[ -z "$resolverSetSupported" ] && return 1
-					uci_changes 'dhcp' && uci_commit 'dhcp' 
+					uci_changes 'dhcp' && uci_commit 'dhcp'
 					local resolverNewHash
 					if [ -s "$packageDnsmasqFile" ]; then
 						resolverNewHash="$(md5sum "$packageDnsmasqFile" | awk '{ print $1; }')"
@@ -1238,8 +1238,8 @@ netifd() {
 		local iface="$1" action="${2:-install}"
 		local rt_name="${ipTablePrefix}_${iface%6}"
 
-		uci_remove 'network' "${rt_name}_ipv4" 2>/dev/null
-		uci_remove 'network' "${rt_name}_ipv6" 2>/dev/null
+		uci_remove 'network' 'rule' "${rt_name}_ipv4"  2>/dev/null
+		uci_remove 'network' 'rule6' "${rt_name}_ipv6" 2>/dev/null
 
 		if [ -n "$netifd_strict_enforcement" ] && str_contains "$netifd_interface_local" "$iface"; then
 			if [ -n "$netifd_interface_default" ]; then
@@ -1275,7 +1275,7 @@ netifd() {
 					uci_set 'network' "${rt_name}_ipv4" 'lookup' "${rt_name}"
 					uci_set 'network' "${rt_name}_ipv4" 'mark' "${mark}"
 					uci_set 'network' "${rt_name}_ipv4" 'mask' "${fw_mask}"
-					if [ -n "$ipv6_enabled"]; then
+					if [ -n "$ipv6_enabled" ]; then
 						uci_add 'network' 'rule6' "${rt_name}_ipv6"
 						uci_set 'network' "${rt_name}_ipv6" 'priority' "${priority}"
 						uci_set 'network' "${rt_name}_ipv6" 'lookup' "${rt_name}"
@@ -1408,7 +1408,7 @@ dns_policy_routing() {
 	fi
 
 	if { is_ipv4 "$(str_first_word "$src_addr")" && [ -z "$dest_dns_ipv4" ]; } || \
-		{ is_ipv6 "$(str_first_word "$src_addr")" && [ -z "$dest_dns_ipv6" ]; }; then 
+		{ is_ipv6 "$(str_first_word "$src_addr")" && [ -z "$dest_dns_ipv6" ]; }; then
 		processPolicyError='true'
 		json add error 'errorPolicyProcessMismatchFamily' "${name}: '$src_addr' '$dest_dns':'$dest_dns_port'"
 		return 1
@@ -1531,14 +1531,14 @@ policy_routing() {
 	fi
 
 	# TODO: implement actual family mismatch check on lists
-#	if is_family_mismatch "$src_addr" "$dest_addr"; then 
+#	if is_family_mismatch "$src_addr" "$dest_addr"; then
 #		processPolicyError='true'
 #		json add error 'errorPolicyProcessMismatchFamily' "${name}: '$src_addr' '$dest_addr'"
 #		return 1
 #	fi
 
 	if [ -z "$proto" ]; then
-		if [ -n "${src_port}${dest_port}" ]; then 
+		if [ -n "${src_port}${dest_port}" ]; then
 			proto='tcp udp'
 		else
 			proto='all'
@@ -1594,7 +1594,7 @@ policy_routing() {
 			fi
 		fi
 
-		if [ -n "$dest_addr" ]; then 
+		if [ -n "$dest_addr" ]; then
 			if [ "${dest_addr:0:1}" = "!" ]; then
 				negation='!='; value="${dest_addr//\!}"; nftset_suffix='_neg';
 			else
@@ -1917,7 +1917,7 @@ interface_routing() {
 				}
 				try ip -4 rule replace fwmark "${mark}/${fw_mask}" table "$tid" priority "$priority" || ipv4_error=1
 			fi
-			try nft add chain inet "$nftTable" "${nftPrefix}_mark_${mark}" || ipv4_error=1 
+			try nft add chain inet "$nftTable" "${nftPrefix}_mark_${mark}" || ipv4_error=1
 			try nft add rule inet "$nftTable" "${nftPrefix}_mark_${mark} ${nftRuleParams} meta mark set (meta mark & ${fw_maskXor}) | ${mark}" || ipv4_error=1
 			try nft add rule inet "$nftTable" "${nftPrefix}_mark_${mark} return" || ipv4_error=1
 			if [ -n "$ipv6_enabled" ]; then
@@ -2085,7 +2085,7 @@ process_interface() {
 		return 0
 	fi
 
-	if [ "$iface" = 'tor' ]; then 
+	if [ "$iface" = 'tor' ]; then
 		case "$action" in
 			create|reload|reload_interface)
 				torDnsPort="$(get_tor_dns_port)"
@@ -2320,7 +2320,7 @@ boot() {
 	rc_procd start_service 'on_boot' && service_started 'on_boot'
 }
 
-on_interface_reload() { 
+on_interface_reload() {
 	if [ ! -e "$packageLockFile" ]; then
 		logger -t "$packageName" "Reload on interface change aborted: service is stopped."
 		return 0
@@ -2570,7 +2570,7 @@ stop_service() {
 		output_okn
 	else
 		output_failn
-	fi 
+	fi
 	output 1 'Resetting interfaces '
 	config_load 'network'
 	config_foreach process_interface 'interface' 'destroy'

net/pbr/files/etc/uci-defaults/91-pbr

@@ -1,62 +0,0 @@
-#!/bin/sh
-# shellcheck disable=SC3037,SC3043
-
-readonly pbrFunctionsFile='/etc/init.d/pbr'
-if [ -s "$pbrFunctionsFile" ]; then
-# shellcheck source=../../etc/init.d/pbr
-	. "$pbrFunctionsFile"
-else
-	printf "%b: pbr init.d file (%s) not found! \n" '\033[0;31mERROR\033[0m' "$pbrFunctionsFile"
-fi
-
-# shellcheck disable=SC2317
-pbr_iface_setup() {
-	local iface="${1}"
-	local proto
-	config_get proto "${iface}" proto
-	case "${iface}" in
-		(lan|loopback) return 0 ;;
-	esac
-	case "${proto}" in
-		(gre*|nebula|relay|vti*|vxlan|xfrm) return 0 ;;
-		(none)
-			uci_add network route "${iface}_rt"
-			uci_set network "${iface}_rt" interface "${iface}"
-			uci_set network "${iface}_rt" target '0.0.0.0/0'
-			uci_add route6 network "${iface}_rt6"
-			uci_set network "${iface}_rt6" interface "${iface}"
-			uci_set network "${iface}_rt6" target '::/0'
-		;;
-	esac
-	echo -en "Setting up ${packageName} routing tables for ${iface}... "
-	uci_set 'network' "${iface}" 'ip4table' "${packageName}_${iface%6}"
-	uci_set 'network' "${iface}" 'ip6table' "${packageName}_${iface%6}"
-	if ! grep -q -E -e "^[0-9]+\s+${packageName}_${iface%6}$" /etc/iproute2/rt_tables; then
-		sed -i -e "\$a $(($(sort -r -n /etc/iproute2/rt_tables | grep -o -E -m 1 "^[0-9]+")+1))\t${packageName}_${iface%6}" \
-			/etc/iproute2/rt_tables
-	fi
-	echo -e "${__OK__}"
-}
-
-config_load network
-config_foreach pbr_iface_setup interface
-network_flush_cache
-network_find_wan iface
-network_find_wan6 iface6
-# shellcheck disable=SC2154
-[ -n "$iface" ] && uci -q batch << EOF
-set network.default='rule'
-set network.default.lookup='${packageName}_${iface%6}'
-set network.default.priority='80000'
-EOF
-[ -n "$iface6" ] && uci -q batch << EOF
-set network.default6='rule6'
-set network.default6.lookup='${packageName}_${iface6%6}'
-set network.default6.priority='80000'
-EOF
-uci_commit network
-echo -en "Restarting network... "
-/etc/init.d/network restart
-echo -e "${__OK__}"
-
-exit 0

net/pbr/files/etc/uci-defaults/91-pbr-iptables

@@ -1,27 +0,0 @@
-#!/bin/sh
-# shellcheck disable=SC2015,SC3037,SC3043
-
-readonly pbrFunctionsFile='/etc/init.d/pbr'
-if [ -s "$pbrFunctionsFile" ]; then
-# shellcheck source=../../etc/init.d/pbr
-	. "$pbrFunctionsFile"
-else
-	printf "%b: pbr init.d file (%s) not found! \n" '\033[0;31mERROR\033[0m' "$pbrFunctionsFile"
-fi
-
-# Transition resolver_set depending on dnsmasq support
-if [ "$(uci_get pbr config resolver_set)" != 'dnsmasq.ipset' ] && [ "$(uci_get pbr config resolver_set)" != 'adguardhome.ipset' ]; then
-	if check_agh_ipset; then
-		output "Setting resolver_set to 'adguardhome.ipset'... "
-		uci_set pbr config resolver_set 'adguardhome.ipset' && output_okn || output_failn
-	elif check_dnsmasq_ipset; then
-		output "Setting resolver_set to 'dnsmasq.ipset'... "
-		uci_set pbr config resolver_set 'dnsmasq.ipset' && output_okn || output_failn
-	else
-		output "Setting resolver_set to 'none'... "
-		uci_set pbr config resolver_set 'none' && output_okn || output_failn
-	fi
-	uci_commit pbr
-fi
-
-exit 0

net/pbr/files/usr/share/nftables.d/chain-post/mangle_input/30-pbr.nft

@@ -1 +0,0 @@
-jump pbr_input comment "Jump into pbr input chain";

net/pbr/files/usr/share/nftables.d/chain-post/mangle_postrouting/30-pbr.nft

@@ -1 +0,0 @@
-jump pbr_postrouting comment "Jump into pbr postrouting chain";

net/pbr/files/usr/share/pbr/firewall.include

@@ -1,5 +0,0 @@
-#!/bin/sh
-if [ -x /etc/init.d/pbr ] && /etc/init.d/pbr enabled; then
-	logger -t "pbr" "Sending reload signal to pbr due to firewall action: $ACTION"
-	/etc/init.d/pbr on_firewall_reload "$ACTION"
-fi

net/pbr/files/usr/share/pbr/pbr.firewall.include

@@ -1,5 +0,0 @@
-#!/bin/sh
-if [ -x /etc/init.d/pbr ] && /etc/init.d/pbr enabled; then
-	logger -t "pbr" "Reloading pbr due to firewall action: $ACTION"
-	/etc/init.d/pbr on_firewall_reload "$ACTION"
-fi

net/pbr/files/usr/share/pbr/pbr.user.aws-iptables

@@ -1,46 +0,0 @@
-#!/bin/sh
-# This file is heavily based on code from https://github.com/Xentrk/netflix-vpn-bypass/blob/master/IPSET_Netflix.sh
-
-TARGET_INTERFACE='wan'
-TARGET_NFTSET_4="pbr_${TARGET_INTERFACE}_4_dst_ip_user"
-TARGET_NFTSET_6="pbr_${TARGET_INTERFACE}_6_dst_ip_user"
-TARGET_IPSET_4="pbr_${TARGET_INTERFACE}_4_dst_net_user"
-TARGET_IPSET_6="pbr_${TARGET_INTERFACE}_6_dst_net_user"
-TARGET_TABLE='inet fw4'
-TARGET_URL="https://ip-ranges.amazonaws.com/ip-ranges.json"
-TARGET_DL_FILE_4="/var/pbr_tmp_aws_ip_ranges.ipv4"
-# Uncomment the following line if you enabled ipv6 for pbr and want IPv6 entries added to the IPv6 set
-# TARGET_DL_FILE_6="/var/pbr_tmp_aws_ip_ranges.ipv6"
-_ret=0
-
-if [ ! -s "$TARGET_DL_FILE_4" ]; then
-	uclient-fetch --no-check-certificate -qO- "$TARGET_URL" 2>/dev/null | grep "ip_prefix" | sed 's/^.*\"ip_prefix\": \"//; s/\",//' > "$TARGET_DL_FILE_4"
-fi
-if [ -s "$TARGET_DL_FILE_4" ]; then
-	if [ -n "$nft" ] && [ -x "$nft" ]; then
-		while read -r p; do nft "add element $TARGET_TABLE $TARGET_NFTSET_4 { $p }" || _ret=1; done < "$TARGET_DL_FILE_4"
-	elif ipset -q list "$TARGET_IPSET_4" >/dev/null 2>&1; then
-		if awk -v ipset="$TARGET_IPSET_4" '{print "add " ipset " " $1}' "$TARGET_DL_FILE_4" | ipset restore -!; then
-			_ret=0
-		else
-			_ret=1
-		fi
-	fi
-fi
-
-if [ -n "$TARGET_DL_FILE_6" ] && [ ! -s "$TARGET_DL_FILE_6" ]; then
-	uclient-fetch --no-check-certificate -qO- "$TARGET_URL" 2>/dev/null | grep "ipv6_prefix" | sed 's/^.*\"ipv6_prefix\": \"//; s/\",//' > "$TARGET_DL_FILE_6"
-fi
-if [ -s "$TARGET_DL_FILE_6" ]; then
-	if [ -n "$nft" ] && [ -x "$nft" ]; then
-		while read -r p; do nft "add element $TARGET_TABLE $TARGET_NFTSET_6 { $p }" || _ret=1; done < "$TARGET_DL_FILE_6"
-	elif ipset -q list "$TARGET_IPSET_6" >/dev/null 2>&1; then
-		if awk -v ipset="$TARGET_IPSET_6" '{print "add " ipset " " $1}' "$TARGET_DL_FILE_6" | ipset restore -!; then
-			_ret=0
-		else
-			_ret=1
-		fi
-	fi
-fi
-
-return $_ret

net/pbr/files/usr/share/pbr/pbr.user.netflix-iptables

@@ -1,67 +0,0 @@
-#!/bin/sh
-# This file is heavily based on code from https://github.com/Xentrk/netflix-vpn-bypass/blob/master/IPSET_Netflix.sh
-# Credits to https://forum.openwrt.org/u/dscpl for api.hackertarget.com code.
-# Credits to https://github.com/kkeker and https://github.com/tophirsch for api.bgpview.io code.
-
-TARGET_INTERFACE='wan'
-TARGET_NFTSET_4="pbr_${TARGET_INTERFACE}_4_dst_ip_user"
-TARGET_NFTSET_6="pbr_${TARGET_INTERFACE}_6_dst_ip_user"
-TARGET_IPSET_4="pbr_${TARGET_INTERFACE}_4_dst_net_user"
-TARGET_IPSET_6="pbr_${TARGET_INTERFACE}_6_dst_net_user"
-TARGET_TABLE='inet fw4'
-TARGET_ASN='2906'
-TARGET_DL_FILE_4="/var/pbr_tmp_AS${TARGET_ASN}.ipv4"
-# Uncomment the following line if you enabled ipv6 for pbr and want IPv6 entries added to the IPv6 set
-# TARGET_DL_FILE_6="/var/pbr_tmp_AS${TARGET_ASN}.ipv6"
-DB_SOURCE='ipinfo.io'
-#DB_SOURCE='api.hackertarget.com'
-#DB_SOURCE='api.bgpview.io'
-REGEX_IPV4='[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\/[0-9]\{1,\}'
-REGEX_IPV6='.*::.*'
-_ret=0
-
-if [ ! -s "$TARGET_DL_FILE_4" ]; then
-	if [ "$DB_SOURCE" = "ipinfo.io" ]; then
-		TARGET_URL="https://ipinfo.io/AS${TARGET_ASN}"
-		uclient-fetch --no-check-certificate -qO- "$TARGET_URL" 2>/dev/null | sed -n "s|\(.*\)/AS${TARGET_ASN}/\($REGEX_IPV4\)\"|\2|p" > "$TARGET_DL_FILE_4"
-	fi
-	if [ "$DB_SOURCE" = "api.hackertarget.com" ]; then
-		TARGET_URL="https://api.hackertarget.com/aslookup/?q=AS${TARGET_ASN}"
-		uclient-fetch --no-check-certificate -qO- "$TARGET_URL" 2>/dev/null | sed '1d' > "$TARGET_DL_FILE_4"
-	fi
-	if [ "$DB_SOURCE" = "api.bgpview.io" ]; then
-		TARGET_URL="https://api.bgpview.io/asn/${TARGET_ASN}/prefixes"
-		uclient-fetch --no-check-certificate -qO- "$TARGET_URL" 2>/dev/null | jsonfilter -e '@.data.ipv4_prefixes[*].prefix' > "$TARGET_DL_FILE_4"
-	fi
-fi
-if [ -s "$TARGET_DL_FILE_4" ]; then
-	if [ -n "$nft" ] && [ -x "$nft" ]; then
-		while read -r p; do nft "add element $TARGET_TABLE $TARGET_NFTSET_4 { $p }" || _ret=1; done < "$TARGET_DL_FILE_4"
-	elif ipset -q list "$TARGET_IPSET_4" >/dev/null 2>&1; then
-		if awk -v ipset="$TARGET_IPSET_4" '{print "add " ipset " " $1}' "$TARGET_DL_FILE_4" | ipset restore -!; then
-			_ret=0
-		else
-			_ret=1
-		fi
-	fi
-fi
-
-if [ -n "$TARGET_DL_FILE_6" ] && [ ! -s "$TARGET_DL_FILE_6" ]; then
-	if [ "$DB_SOURCE" = "ipinfo.io" ]; then
-		TARGET_URL="https://ipinfo.io/AS${TARGET_ASN}"
-		uclient-fetch --no-check-certificate -qO- "$TARGET_URL" 2>/dev/null | sed -n "s|\(.*\)/AS${TARGET_ASN}/\($REGEX_IPV6\)\"|\2|p" > "$TARGET_DL_FILE_6"
-	fi
-fi
-if [ -s "$TARGET_DL_FILE_6" ]; then
-	if [ -n "$nft" ] && [ -x "$nft" ]; then
-		while read -r p; do nft "add element $TARGET_TABLE $TARGET_NFTSET_6 { $p }" || _ret=1; done < "$TARGET_DL_FILE_6"
-	elif ipset -q list "$TARGET_IPSET_6" >/dev/null 2>&1; then
-		if awk -v ipset="$TARGET_IPSET_6" '{print "add " ipset " " $1}' "$TARGET_DL_FILE_6" | ipset restore -!; then
-			_ret=0
-		else
-			_ret=1
-		fi
-	fi
-fi
-
-return $_ret

net/pbr/files/usr/share/pbr/pbr.user.wg_server_and_client

@@ -1,23 +0,0 @@
-#!/bin/sh
-# shellcheck disable=SC1091,SC3043
-# This code is based on idea of https://github.com/egc112
-
-WAN_INTERFACE='wan'
-_ret='1'
-
-insert_ip_rule() {
-	local disabled proto listen_port
-	config_get disabled "$1" disabled "0"
-	config_get proto "$1" proto
-	config_get listen_port "$1" listen_port
-	if [ "$disabled" -ne '1' ] && [ "$proto" = 'wireguard' ] && [ -n "$listen_port" ]; then
-		ip rule del sport "$listen_port" table "pbr_${WAN_INTERFACE}" >/dev/null 2>&1
-		ip rule add sport "$listen_port" table "pbr_${WAN_INTERFACE}" >/dev/null 2>&1 && _ret=0
-	fi
-}
-
-. /lib/functions.sh
-config_load network
-config_foreach insert_ip_rule 'interface'
-
-return $_ret