Sammy1Am · July 13, 2023 19:22
diff --git a/gistfile1.txt b/gistfile1.txt
 # It's important to use separate ip/ip6 tables when working with dup (at least for now there are some
 # issues it seems using inet

 # Create ipv4 relay table
 table ip relay4
 flush table ip relay4

 # This will forward TP-Link discovery packets (useful for ensuring cameras stream locally instead of over
 # the Internet, and discovering other IoT devices.  Needs to be paired with a firewall rule to accept
 # forwards on SOURCE port 9999 from br-lan.21 to br-lan.1
 table ip relay4 {
        chain prerouting_mangle_tplinkrelay4 {
                type filter hook prerouting priority mangle; policy accept;
                iifname "br-lan.1" udp dport 9999 ip daddr 255.255.255.255 dup to 255.255.255.255 device br-lan.21
        }
 }

 # mDNS relaying for ipv4 (some implementations expect source address to be on the same subnet, hence sarrd set)
 table ip relay4 {
        chain prerouting_mangle_mdns4 {
                type filter hook prerouting priority mangle; policy accept;
                ip daddr 224.0.0.251 iifname br-lan.1 ip saddr set 192.168.21.1 dup to 224.0.0.251 device br-lan.21 notrack
                ip daddr 224.0.0.251 iifname br-lan.21 ip saddr set 192.168.7.1 dup to 224.0.0.251 device br-lan.1 notrack
        }
 }

 # Create ipv6 relay table
 table ip6 relay6
 flush table ip6 relay6

 # mDNS relaying for ipv4 (some implementations expect source address to be on the same subnet, hence sarrd set)
 table ip6 relay6 {
        chain prerouting_mangle_mdns6 {
                type filter hook prerouting priority mangle; policy accept;
                ip6 daddr ff02::fb iif br-lan.1 ip6 saddr set fd00:0:0:21::1 dup to ff02::fb device br-lan.21 notrack
                ip6 daddr ff02::fb iif br-lan.21 ip6 saddr set fd00:0:0:7::1 dup to ff02::fb device br-lan.1 notrack
        }
 }
	# It's important to use separate ip/ip6 tables when working with dup (at least for now there are some
	# issues it seems using inet

	# Create ipv4 relay table
	table ip relay4
	flush table ip relay4

	# This will forward TP-Link discovery packets (useful for ensuring cameras stream locally instead of over
	# the Internet, and discovering other IoT devices. Needs to be paired with a firewall rule to accept
	# forwards on SOURCE port 9999 from br-lan.21 to br-lan.1
	table ip relay4 {
	chain prerouting_mangle_tplinkrelay4 {
	type filter hook prerouting priority mangle; policy accept;
	iifname "br-lan.1" udp dport 9999 ip daddr 255.255.255.255 dup to 255.255.255.255 device br-lan.21
	}
	}

	# mDNS relaying for ipv4 (some implementations expect source address to be on the same subnet, hence sarrd set)
	table ip relay4 {
	chain prerouting_mangle_mdns4 {
	type filter hook prerouting priority mangle; policy accept;
	ip daddr 224.0.0.251 iifname br-lan.1 ip saddr set 192.168.21.1 dup to 224.0.0.251 device br-lan.21 notrack
	ip daddr 224.0.0.251 iifname br-lan.21 ip saddr set 192.168.7.1 dup to 224.0.0.251 device br-lan.1 notrack
	}
	}

	# Create ipv6 relay table
	table ip6 relay6
	flush table ip6 relay6

	# mDNS relaying for ipv4 (some implementations expect source address to be on the same subnet, hence sarrd set)
	table ip6 relay6 {
	chain prerouting_mangle_mdns6 {
	type filter hook prerouting priority mangle; policy accept;
	ip6 daddr ff02::fb iif br-lan.1 ip6 saddr set fd00:0:0:21::1 dup to ff02::fb device br-lan.21 notrack
	ip6 daddr ff02::fb iif br-lan.21 ip6 saddr set fd00:0:0:7::1 dup to ff02::fb device br-lan.1 notrack
	}
	}