configs/ru-vds/postdown.sh

#!/bin/bash

#
# PostDown script for WireGuard wg0 interface
# Pure nftables solution - no iptables/ipset dependencies
#

# Remove policy routing rule
ip rule del from 10.10.0.0/24 fwmark 0x1 table proxy priority 100 2>/dev/null || true

# Flush routing table
ip route flush table proxy 2>/dev/null || true

# Flush nftables vpn-routing table (keeps filter and nat rules intact)
nft flush table ip vpn-routing 2>/dev/null || true

echo "PostDown script completed"
Init 2026-02-02 20:11:05 +03:00			`#!/bin/bash`

Migrate to pure nftables routing (remove iptables/ipset) - Replace hybrid iptables/ipset/nftables approach with pure nftables - Add nftables native set for Russian IP ranges (populated from RIPE) - Create update-direct-routes.sh script to load IP ranges from RIPE database - Remove ipset and iptables dependencies from postup.sh/postdown.sh - Add automatic weekly cron job for IP range updates - Update all documentation to reflect the new approach Benefits: - More reliable: no iptables/nftables conflicts - Simpler debugging: single tool for all rules (nft list ruleset) - Atomic rule loading: prevents partial failures - IP-based routing is more predictable than DNS-based Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-02-19 18:02:28 +03:00			`#`
			`# PostDown script for WireGuard wg0 interface`
			`# Pure nftables solution - no iptables/ipset dependencies`
			`#`

Init 2026-02-02 20:11:05 +03:00			`# Remove policy routing rule`
			`ip rule del from 10.10.0.0/24 fwmark 0x1 table proxy priority 100 2>/dev/null \|\| true`

			`# Flush routing table`
			`ip route flush table proxy 2>/dev/null \|\| true`

Migrate to pure nftables routing (remove iptables/ipset) - Replace hybrid iptables/ipset/nftables approach with pure nftables - Add nftables native set for Russian IP ranges (populated from RIPE) - Create update-direct-routes.sh script to load IP ranges from RIPE database - Remove ipset and iptables dependencies from postup.sh/postdown.sh - Add automatic weekly cron job for IP range updates - Update all documentation to reflect the new approach Benefits: - More reliable: no iptables/nftables conflicts - Simpler debugging: single tool for all rules (nft list ruleset) - Atomic rule loading: prevents partial failures - IP-based routing is more predictable than DNS-based Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-02-19 18:02:28 +03:00			`# Flush nftables vpn-routing table (keeps filter and nat rules intact)`
			`nft flush table ip vpn-routing 2>/dev/null \|\| true`
Init 2026-02-02 20:11:05 +03:00
			`echo "PostDown script completed"`