francisuk1989/pbr

## pbr
Copy pbr.user.cloudflare to /usr/share/pbr folder.

Edit /etc/config/pbr and add

config include
        option path '/usr/share/pbr/pbr.user.cloudflare'
        option enabled '1'

        Reboot router.

## pbr.user.cloudflare
#!/bin/sh
# Edited https://github.com/stangri/packages/blob/master-pbr/net/pbr/files/usr/share/pbr/pbr.user.aws

TARGET_SET='pbr_wan_4_dst_ip_user'
TARGET_IPSET='pbr_wan_4_dst_net_user'
TARGET_TABLE='inet fw4'
TARGET_URL="https://www.cloudflare.com/ips-v4"
TARGET_DL_FILE="/var/pbr_tmp_cloudflare_ip_ranges"
TARGET_NFT_FILE="/var/pbr_tmp_cloudflare_ip_ranges.nft"
[ -z "$nft" ] && nft="$(command -v nft)"
_ret=1

if [ ! -s "$TARGET_DL_FILE" ]; then
	uclient-fetch --no-check-certificate -qO- "$TARGET_URL" 2>/dev/null | sort -n > "$TARGET_DL_FILE"
fi

if [ -s "$TARGET_DL_FILE" ]; then
	if ipset -q list "$TARGET_IPSET" >/dev/null 2>&1; then
		if awk -v ipset="$TARGET_IPSET" '{print "add " ipset " " $1}' "$TARGET_DL_FILE" | ipset restore -!; then
			_ret=0
		fi
	elif [ -n "$nft" ] && [ -x "$nft" ] && "$nft" list set "$TARGET_TABLE" "$TARGET_SET" >/dev/null 2>&1; then
		printf "add element %s %s { " "$TARGET_TABLE" "$TARGET_SET" > "$TARGET_NFT_FILE"
		awk '{printf $1 ", "}' "$TARGET_DL_FILE" >> "$TARGET_NFT_FILE"
		printf " } " >> "$TARGET_NFT_FILE"
		if "$nft" -f "$TARGET_NFT_FILE"; then
			rm -f "$TARGET_NFT_FILE"
			_ret=0
		fi
	fi
fi

return $_ret
	Copy pbr.user.cloudflare to /usr/share/pbr folder.

	Edit /etc/config/pbr and add

	config include
	option path '/usr/share/pbr/pbr.user.cloudflare'
	option enabled '1'

	Reboot router.
	#!/bin/sh
	# Edited https://github.com/stangri/packages/blob/master-pbr/net/pbr/files/usr/share/pbr/pbr.user.aws

	TARGET_SET='pbr_wan_4_dst_ip_user'
	TARGET_IPSET='pbr_wan_4_dst_net_user'
	TARGET_TABLE='inet fw4'
	TARGET_URL="https://www.cloudflare.com/ips-v4"
	TARGET_DL_FILE="/var/pbr_tmp_cloudflare_ip_ranges"
	TARGET_NFT_FILE="/var/pbr_tmp_cloudflare_ip_ranges.nft"
	[ -z "$nft" ] && nft="$(command -v nft)"
	_ret=1

	if [ ! -s "$TARGET_DL_FILE" ]; then
	uclient-fetch --no-check-certificate -qO- "$TARGET_URL" 2>/dev/null \| sort -n > "$TARGET_DL_FILE"
	fi

	if [ -s "$TARGET_DL_FILE" ]; then
	if ipset -q list "$TARGET_IPSET" >/dev/null 2>&1; then
	if awk -v ipset="$TARGET_IPSET" '{print "add " ipset " " $1}' "$TARGET_DL_FILE" \| ipset restore -!; then
	_ret=0
	fi
	elif [ -n "$nft" ] && [ -x "$nft" ] && "$nft" list set "$TARGET_TABLE" "$TARGET_SET" >/dev/null 2>&1; then
	printf "add element %s %s { " "$TARGET_TABLE" "$TARGET_SET" > "$TARGET_NFT_FILE"
	awk '{printf $1 ", "}' "$TARGET_DL_FILE" >> "$TARGET_NFT_FILE"
	printf " } " >> "$TARGET_NFT_FILE"
	if "$nft" -f "$TARGET_NFT_FILE"; then
	rm -f "$TARGET_NFT_FILE"
	_ret=0
	fi
	fi
	fi

	return $_ret