route-update.sh: remove iif from ip rule, suppress FIB flush errors

Drop iif interface restriction so policy routes apply to both forwarded and locally-generated traffic. Suppress harmless "FIB table does not exist" errors on first flush. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

route-update.sh: remove iif from ip rule, suppress FIB flush errors
72415afa · Vitaly Lipatov · e8923ba7 · 72415afa
Commit 72415afa authored Feb 14, 2026 by Vitaly Lipatov
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 9 deletions

route-update.sh router/route-update.sh +7 -9

No files found.
--- a/router/route-update.sh
+++ b/router/route-update.sh
@@ -10,8 +10,6 @@ cd "$(dirname "$(realpath "$0")")" || exit

 . ./functions

-IFACE="${IFACE:-eth0}"
-IFACE6="${IFACE6:-vmbr0}"
 ROUTES_DIR=routes.d
 ROUTES6_DIR=routes6.d
 STATE_DIR=.state
@@ -99,7 +97,7 @@ fi
 if [ -n "$FLUSH_GW" ] ; then
    table=$(ipv4_table "$FLUSH_GW")
    log "Flushing table $table (gateway $FLUSH_GW)"
-    [ -z "$SHOW" ] && ip route flush table "$table"
+    [ -z "$SHOW" ] && ip route flush table "$table" 2>/dev/null
    exit
 fi

@@ -193,13 +191,13 @@ process_v4()
        fi

        # Flush and load via batch
-        ip route flush table "$table"
+        ip route flush table "$table" 2>/dev/null
        sed "s|^|route replace |; s|$| via $gw table $table|" "$resolved_new" | \
            ip -batch - 2>&1 | grep -v "^$" | head -5

        # Ensure ip rule exists
        if ! ip rule show | grep -q "lookup $table.*pref $pref" ; then
-            ip rule add iif "$IFACE" lookup "$table" pref "$pref" 2>/dev/null
+            ip rule add lookup "$table" pref "$pref" 2>/dev/null
        fi

        # Save state
@@ -307,12 +305,12 @@ process_v6()
            continue
        fi

-        ip -6 route flush table "$table"
+        ip -6 route flush table "$table" 2>/dev/null
        sed "s|^|route replace |; s|$| via $gw table $table|" "$resolved_new" | \
            ip -6 -batch - 2>&1 | grep -v "^$" | head -5

        if ! ip -6 rule show | grep -q "lookup $table.*pref $pref" ; then
-            ip -6 rule add iif "$IFACE6" lookup "$table" pref "$pref" 2>/dev/null
+            ip -6 rule add lookup "$table" pref "$pref" 2>/dev/null
        fi

        echo "$current_hash" > "$STATE_DIR/$state/hash"
@@ -373,7 +371,7 @@ if [ -n "$SET_RULES" ] ; then
        table=$(ipv4_table "$gw")
        pref=$(rule_pref "$table")
        if ! ip rule show | grep -q "lookup $table.*pref $pref" ; then
-            ip rule add iif "$IFACE" lookup "$table" pref "$pref"
+            ip rule add lookup "$table" pref "$pref"
        fi
    done
    for gwdir in "$ROUTES6_DIR"/*/ ; do
@@ -383,7 +381,7 @@ if [ -n "$SET_RULES" ] ; then
        read -r table < "$gwdir/table"
        pref=$(rule_pref "$table")
        if ! ip -6 rule show | grep -q "lookup $table.*pref $pref" ; then
-            ip -6 rule add iif "$IFACE6" lookup "$table" pref "$pref"
+            ip -6 rule add lookup "$table" pref "$pref"
        fi
    done
    exit