block mark for ospf

ansible/scripts/global-postdown.sh.j2

@@ -7,14 +7,14 @@
 {% if gateway.isTun %}
 DEV={{gateway.dev_or_via}}
 ip route del default dev $DEV table {{gateway.mark}}
-iptables -t mangle -D PREROUTING -i $DEV -m set ! --match-set mycard src -j CONNMARK --set-xmark {{gateway.mark}}
+iptables -t mangle -D PREROUTING ! -p ospf  -i $DEV -m set ! --match-set mycard src -j CONNMARK --set-xmark {{gateway.mark}}
 {% else %}
 ping {{gateway.dev_or_via}} -c 1
 NEIGH_LINE=$(ip neigh show {{gateway.dev_or_via}})
 DEV=$(echo $NEIGH_LINE | awk '{print $3}')
 MAC=$(echo $NEIGH_LINE | awk '{print $5}')
 ip route del default via {{gateway.dev_or_via}} dev $DEV table {{gateway.mark}}
-iptables -t mangle -D PREROUTING -i $DEV -m mac --mac-source $MAC -m set ! --match-set mycard src -j CONNMARK --set-xmark {{gateway.mark}}
+iptables -t mangle -D PREROUTING ! -p ospf -i $DEV -m mac --mac-source $MAC -m set ! --match-set mycard src -j CONNMARK --set-xmark {{gateway.mark}}
 {% endif %}
 
  iptables -t mangle -D PREROUTING -m connmark --mark {{gateway.mark}} -j CONNMARK --restore-mark

ansible/scripts/global-postup.sh.j2

@@ -13,18 +13,18 @@ ipset restore -f /etc/wireguard/{{list}}.ipset
 {% if gateway.isTun %}
 DEV={{gateway.dev_or_via}}
 ip route add default dev $DEV table {{gateway.mark}}
-iptables -t mangle -A PREROUTING -i $DEV -m set ! --match-set mycard src -j CONNMARK --set-xmark {{gateway.mark}}
+iptables -t mangle -A PREROUTING ! -p ospf -i $DEV -m set ! --match-set mycard src -j CONNMARK --set-xmark {{gateway.mark}}
 {% else %}
 ping {{gateway.dev_or_via}} -c 1
 NEIGH_LINE=$(ip neigh show {{gateway.dev_or_via}})
 DEV=$(echo $NEIGH_LINE | awk '{print $3}')
 MAC=$(echo $NEIGH_LINE | awk '{print $5}')
 ip route add default via {{gateway.dev_or_via}} dev $DEV table {{gateway.mark}}
-iptables -t mangle -A PREROUTING -i $DEV -m mac --mac-source $MAC -m set ! --match-set mycard src -j CONNMARK --set-xmark {{gateway.mark}}
+iptables -t mangle -A PREROUTING ! -p ospf -i $DEV -m mac --mac-source $MAC -m set ! --match-set mycard src -j CONNMARK --set-xmark {{gateway.mark}}
 {% endif %}
 
- iptables -t mangle -A PREROUTING -m connmark --mark {{gateway.mark}} -j CONNMARK --restore-mark
- iptables -t mangle -A OUTPUT -m connmark --mark {{gateway.mark}} -j CONNMARK --restore-mark
+iptables -t mangle -A PREROUTING -m connmark --mark {{gateway.mark}} -j CONNMARK --restore-mark
+iptables -t mangle -A OUTPUT -m connmark --mark {{gateway.mark}} -j CONNMARK --restore-mark
 
 {% endif %}
 

ansible/scripts/postup.sh.j2

@@ -17,7 +17,7 @@ mss=$((mtu - 40))
 iptables -t mangle -A FORWARD -i "$dev" -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss $mss:1460 -j TCPMSS --set-mss $mss
 iptables -t mangle -A FORWARD -o "$dev" -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss $mss:1460 -j TCPMSS --set-mss $mss
 
-iptables -t mangle -A PREROUTING -i "$dev" -m set ! --match-set mycard src -j CONNMARK --set-xmark "$remoteMark"
+iptables -t mangle -A PREROUTING ! -p ospf -i "$dev" -m set ! --match-set mycard src -j CONNMARK --set-xmark "$remoteMark"
 iptables -t mangle -A PREROUTING -m connmark --mark "$remoteMark" -j CONNMARK --restore-mark
 iptables -t mangle -A OUTPUT -m connmark --mark "$remoteMark" -j CONNMARK --restore-mark
 

ansible/scripts/predown.sh.j2

@@ -13,7 +13,7 @@ mss=$((mtu - 40))
 iptables -t mangle -D FORWARD -i "$dev" -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss $mss:1460 -j TCPMSS --set-mss $mss
 iptables -t mangle -D FORWARD -o "$dev" -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss $mss:1460 -j TCPMSS --set-mss $mss
 
-iptables -t mangle -D PREROUTING -i "$dev" -m set ! --match-set mycard src -j CONNMARK --set-xmark "$remoteMark"
+iptables -t mangle -D PREROUTING ! -p ospf -i "$dev" -m set ! --match-set mycard src -j CONNMARK --set-xmark "$remoteMark"
 iptables -t mangle -D PREROUTING -m connmark --mark "$remoteMark" -j CONNMARK --restore-mark
 iptables -t mangle -D OUTPUT -m connmark --mark "$remoteMark" -j CONNMARK --restore-mark