fix rule priority

main table should be first, else masqueraded packet responses will never reach internal network
2024-12-10 00:34:58 +01:00 · 2024-12-10 00:34:58 +01:00 · 59435f987b
commit 59435f987b
parent 933d758e3b
1 changed files with 10 additions and 10 deletions
--- a/systems/LoutreOS/network.nix
+++ b/systems/LoutreOS/network.nix
@ -151,13 +151,13 @@

  # 0:      from all lookup local
  # 60:     from all iif lo dport 25 lookup vpn  # mails are forced to vpn table
-  # 4000:   from all fwmark 0x1 lookup fiber     # fwmark indicate established connection that must go through same interface
-  # 5000:   from all fwmark 0x2 lookup lte
-  # 6000:   from all fwmark 0x3 lookup vpn
  # 32766:  from all lookup main                 # main table should contain no default routes, only local network routes
  # 32767:  from all lookup default
-  # 40000:  from all lookup fiber                # first table encountered with a default route if fiber is up
-  # 50000:  from all lookup lte                  # first table encountered with a default route if fiber is down
+  # 41000:  from all fwmark 0x1 lookup fiber     # fwmark indicate established connection that must go through same interface
+  # 42000:  from all fwmark 0x2 lookup lte
+  # 43000:  from all fwmark 0x3 lookup vpn
+  # 51000:  from all lookup fiber                # first table encountered with a default route if fiber is up
+  # 52000:  from all lookup lte                  # first table encountered with a default route if fiber is down

  systemd.network = let
    routeTables = {
@ -238,14 +238,14 @@
            routingPolicyRuleConfig = {
              FirewallMark = 1;
              Table = routeTables.fiber;
-              Priority = 4000;
+              Priority = 41000;
              Family = "both";
            };
          }
          {
            routingPolicyRuleConfig = {
              Table = routeTables.fiber;
-              Priority = 40000;
+              Priority = 51000;
              Family = "both";
            };
          }
@ -269,14 +269,14 @@
            routingPolicyRuleConfig = {
              FirewallMark = 2;
              Table = routeTables.lte;
-              Priority = 5000;
+              Priority = 42000;
              Family = "both";
            };
          }
          {
            routingPolicyRuleConfig = {
              Table = routeTables.lte;
-              Priority = 50000;
+              Priority = 52000;
              Family = "both";
            };
          }
@ -311,7 +311,7 @@
            routingPolicyRuleConfig = {
              FirewallMark = 3;
              Table = routeTables.vpn;
-              Priority = 6000;
+              Priority = 43000;
              Family = "both";
            };
          }