fix: ip rule is not added when only binding to wan (#399)

control/control_plane.go

@@ -194,12 +194,15 @@ func NewControlPlane(
 		}
 	}()
 
-	/// Bind to links. Binding should be advance of dialerGroups to avoid un-routable old connection.
-	// Bind to LAN
-	if len(global.LanInterface) > 0 {
+	if len(global.LanInterface) > 0 || len(global.WanInterface) > 0 {
 		if err = core.setupRoutingPolicy(); err != nil {
 			return nil, err
 		}
+	}
+
+	/// Bind to links. Binding should be advance of dialerGroups to avoid un-routable old connection.
+	// Bind to LAN
+	if len(global.LanInterface) > 0 {
 		if global.AutoConfigKernelParameter {
 			_ = SetIpv4forward("1")
 		}

docs/en/README.md

@@ -195,7 +195,7 @@ group {
 
 # See https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/routing.md for full examples.
 routing {
-  pname(NetworkManager) -> direct
+  pname(NetworkManager, systemd-resolved, dnsmasq) -> must_direct
   dip(224.0.0.0/3, 'ff00::/8') -> direct
 
   ### Write your rules below.

example.dae

@@ -202,6 +202,9 @@ routing {
     # WAN.
     pname(NetworkManager) -> direct
 
+    # Bypass DNS stubs. We want to bypass their DNS requests, thus use 'must'.
+    pname(systemd-resolved, dnsmasq) -> must_direct
+
     # Put it in the front to prevent broadcast, multicast and other packets that should be sent to the LAN from being
     # forwarded by the proxy.
     # "dip" means destination IP.