francisuk1989 · February 4, 2023 03:50
diff --git a/pbr b/pbr
 Copy pbr.user.cloudflare to /usr/share/pbr folder.

 Edit /etc/config/pbr and add

 config include
        option path '/usr/share/pbr/pbr.user.cloudflare'
        option enabled '1'
        
        Reboot router.
diff --git a/pbr.user.cloudflare b/pbr.user.cloudflare
 #!/bin/sh
 # Edited https://github.com/stangri/packages/blob/master-pbr/net/pbr/files/usr/share/pbr/pbr.user.aws

 TARGET_SET='pbr_wan_4_dst_ip_user'
 TARGET_IPSET='pbr_wan_4_dst_net_user'
 TARGET_TABLE='inet fw4'
 TARGET_URL="https://www.cloudflare.com/ips-v4"
 TARGET_DL_FILE="/var/pbr_tmp_cloudflare_ip_ranges"
 TARGET_NFT_FILE="/var/pbr_tmp_cloudflare_ip_ranges.nft"
 [ -z "$nft" ] && nft="$(command -v nft)"
 _ret=1

 if [ ! -s "$TARGET_DL_FILE" ]; then
 	uclient-fetch --no-check-certificate -qO- "$TARGET_URL" 2>/dev/null | sort -n > "$TARGET_DL_FILE"
 fi

 if [ -s "$TARGET_DL_FILE" ]; then
 	if ipset -q list "$TARGET_IPSET" >/dev/null 2>&1; then
 		if awk -v ipset="$TARGET_IPSET" '{print "add " ipset " " $1}' "$TARGET_DL_FILE" | ipset restore -!; then
 			_ret=0
 		fi
 	elif [ -n "$nft" ] && [ -x "$nft" ] && "$nft" list set "$TARGET_TABLE" "$TARGET_SET" >/dev/null 2>&1; then
 		printf "add element %s %s { " "$TARGET_TABLE" "$TARGET_SET" > "$TARGET_NFT_FILE"
 		awk '{printf $1 ", "}' "$TARGET_DL_FILE" >> "$TARGET_NFT_FILE"
 		printf " } " >> "$TARGET_NFT_FILE"
 		if "$nft" -f "$TARGET_NFT_FILE"; then
 			rm -f "$TARGET_NFT_FILE"
 			_ret=0
 		fi
 	fi
 fi

 return $_ret
	Copy pbr.user.cloudflare to /usr/share/pbr folder.

	Edit /etc/config/pbr and add

	config include
	option path '/usr/share/pbr/pbr.user.cloudflare'
	option enabled '1'

	Reboot router.
	#!/bin/sh
	# Edited https://github.com/stangri/packages/blob/master-pbr/net/pbr/files/usr/share/pbr/pbr.user.aws

	TARGET_SET='pbr_wan_4_dst_ip_user'
	TARGET_IPSET='pbr_wan_4_dst_net_user'
	TARGET_TABLE='inet fw4'
	TARGET_URL="https://www.cloudflare.com/ips-v4"
	TARGET_DL_FILE="/var/pbr_tmp_cloudflare_ip_ranges"
	TARGET_NFT_FILE="/var/pbr_tmp_cloudflare_ip_ranges.nft"
	[ -z "$nft" ] && nft="$(command -v nft)"
	_ret=1

	if [ ! -s "$TARGET_DL_FILE" ]; then
	uclient-fetch --no-check-certificate -qO- "$TARGET_URL" 2>/dev/null \| sort -n > "$TARGET_DL_FILE"
	fi

	if [ -s "$TARGET_DL_FILE" ]; then
	if ipset -q list "$TARGET_IPSET" >/dev/null 2>&1; then
	if awk -v ipset="$TARGET_IPSET" '{print "add " ipset " " $1}' "$TARGET_DL_FILE" \| ipset restore -!; then
	_ret=0
	fi
	elif [ -n "$nft" ] && [ -x "$nft" ] && "$nft" list set "$TARGET_TABLE" "$TARGET_SET" >/dev/null 2>&1; then
	printf "add element %s %s { " "$TARGET_TABLE" "$TARGET_SET" > "$TARGET_NFT_FILE"
	awk '{printf $1 ", "}' "$TARGET_DL_FILE" >> "$TARGET_NFT_FILE"
	printf " } " >> "$TARGET_NFT_FILE"
	if "$nft" -f "$TARGET_NFT_FILE"; then
	rm -f "$TARGET_NFT_FILE"
	_ret=0
	fi
	fi
	fi

	return $_ret