FR: Tun ip_is_private routing

[Mahdi-zarei]

Currently the Tun inbound allows for specifying rulesets to include or exclude, which makes it quite efficient at bypassing domestic destinations. In most use cases, private destinations are not meant to be proxied and routing them through the Tun interface and then using a rule to use direct outbound is pointless, it would be much better if there were options like route_exclude_private_ip and route_include_private_ip which would add the private ip cidrs to the nftables/firewall rules so that they would be routed more efficiently.

[devilofcyber]

داکو درست بخون سینگ همه چی داره

[Someone-Practice]

Is this really needed? Excluding a rule set containing private addresses gives identical result.

[Mahdi-zarei]

The current solution is to manually create a ruleset with the private cidrs or entering the cidrs in the route_exclude_address, but this is also possible in the Routing rules and there is a ip_is_private to make this clearer. Having a boolean option for Tun routing, in my opinion, makes it more uniform and also clearer and more convenient.

[devilofcyber]

The current solution is to manually create a ruleset with the private cidrs or entering the cidrs in the route_exclude_address, but this is also possible in the Routing rules and there is a ip_is_private to make this clearer. Having a boolean option for Tun routing, in my opinion, makes it more uniform and also clearer and more convenient.

داش لقمه رو میپیچونی دور خودت