I’m running DNS filtering (pihole) and VPN services (tailscale) on my VyOS. I have some creative routing and DNS forwarding policies that allow my pihole to understand the original source address and filter based on the tailscale source IP, but for this to work I need to route the tailscale 100.64.0.0/10 address between containers. Trying to keep this isolated and prevent leaks, I’m using policy routing to isolate traffic to a limited route table.
The policy rule fails on reboot because the containers come up after policy routing is applied. I saw that wildcard rules can be used and tried adjust my rule to match, but it seems there is some limitation that prevents the policy rules using wildcards on pod networks.
# set policy route containers interface
Possible completions:
<text> Interface name, wildcard (*) supported
eth0
...
pod-DNS-Servers
pod-Containers
...
[edit]
# set policy route containers interface pod*
Incorrect path /sys/class/net/pod*: no such file or directory
Invalid value
Value validation failed
Set failed
[edit]