From bd66dc341e3d3e64111f724651f35b026dc21dd7 Mon Sep 17 00:00:00 2001
From: Wojciech Kozlowski <wk@wojciechkozlowski.eu>
Date: Thu, 27 Jul 2023 23:24:41 +0200
Subject: [PATCH] Make IPv6 primary on the bridge

---
 vpn/bridge/templates/br0 | 26 ++++++++++++++++----------
 1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/vpn/bridge/templates/br0 b/vpn/bridge/templates/br0
index 01298ec..04191b9 100644
--- a/vpn/bridge/templates/br0
+++ b/vpn/bridge/templates/br0
@@ -1,13 +1,10 @@
 auto br0
-iface br0 inet static
+iface br0 inet6 static
     pre-up /usr/local/sbin/ip-link-add.sh $IFACE type bridge
 
     post-up /usr/local/sbin/post-up-$IFACE-inet.nft
-    post-up /usr/local/sbin/post-up-$IFACE-ipv4.nft
     post-up /usr/local/sbin/post-up-$IFACE-ipv6.nft
 {% if vpn_bridge_routing_table is defined %}
-    post-up ip rule add dev $IFACE table {{ vpn_bridge_routing_table }}
-    post-up ip rule add dev $IFACE to {{ local_inet_network }} table main priority 1
     post-up ip -6 rule add dev $IFACE table {{ vpn_bridge_routing_table }}
     post-up ip -6 rule add dev $IFACE to {{ local_inet6_network }} table main priority 1
 {% endif %}
@@ -15,11 +12,8 @@ iface br0 inet static
 {% if vpn_bridge_routing_table is defined %}
     pre-down ip -6 rule del dev $IFACE to {{ local_inet6_network }} table main priority 1
     pre-down ip -6 rule del dev $IFACE table {{ vpn_bridge_routing_table }}
-    pre-down ip rule del dev $IFACE to {{ local_inet_network }} table main priority 1
-    pre-down ip rule del dev $IFACE table {{ vpn_bridge_routing_table }}
 {% endif %}
     pre-down /usr/local/sbin/pre-down-$IFACE-ipv6.nft
-    pre-down /usr/local/sbin/pre-down-$IFACE-ipv4.nft
     pre-down /usr/local/sbin/pre-down-$IFACE-inet.nft
 
     bridge_stp off
@@ -27,8 +21,20 @@ iface br0 inet static
     bridge_fd 0
     bridge_ports none
 
-    address {{ vpn_bridge_inet_address }}/{{ vpn_bridge_inet_prefixlen }}
-
-iface br0 inet6 static
     address {{ vpn_bridge_inet6_address }}/{{ vpn_bridge_inet6_prefixlen }}
     dad-attempts 0
+
+iface br0 inet static
+    post-up /usr/local/sbin/post-up-$IFACE-ipv4.nft
+{% if vpn_bridge_routing_table is defined %}
+    post-up ip rule add dev $IFACE table {{ vpn_bridge_routing_table }}
+    post-up ip rule add dev $IFACE to {{ local_inet_network }} table main priority 1
+{% endif %}
+
+{% if vpn_bridge_routing_table is defined %}
+    pre-down ip rule del dev $IFACE to {{ local_inet_network }} table main priority 1
+    pre-down ip rule del dev $IFACE table {{ vpn_bridge_routing_table }}
+{% endif %}
+    pre-down /usr/local/sbin/pre-down-$IFACE-ipv4.nft
+
+    address {{ vpn_bridge_inet_address }}/{{ vpn_bridge_inet_prefixlen }}