#Define a netwrok-group
set firewall group network-group china-ip-ranges

#Define lan network group
set firewall group network-group lan-net-group network '192.168.11.0/24'

set policy route network-shunt rule 20 destination group network-group 'china-ip-ranges'
set policy route network-shunt rule 20 set table '20'
set policy route network-shunt rule 20 source group network-group 'lan-net-group'
set policy route network-shunt rule 30 set table '30'
set policy route network-shunt rule 30 source group network-group 'lan-net-group'

#create the update shell script
cat  > /config/scripts/generate_china_ip_address.sh <<EOF
#!/bin/sh
wget -c http://ftp.apnic.net/stats/apnic/delegated-apnic-latest -O - | cat | awk -F '|' '/CN/&&/ipv4/ {print $4 "/" 32-log($5)/log(2)}' | cat > /config/chinaiprange.txt
EOF

# make the script an run
chmod +x /config/scripts/generate_china_ip_address.sh 

#Run the script
/config/scripts/generate_china_ip_address.sh 

cat >> /config/scripts/vyos-postconfig-bootup.script << EOF
for l in `cat /config/chinaiprange.txt`; do sudo ipset add china-ip-ranges $l;done
EOF

set protocols static interface-route 0.0.0.0/0 next-hop-interface pppoe0
set protocols static interface-route 172.16.131.0/24 next-hop-interface wg01
set protocols static table 20 interface-route 0.0.0.0/0 next-hop-interface pppoe0
set protocols static table 30 route 0.0.0.0/0 next-hop 172.16.131.1

set interfaces bridge br0 policy route network-shunt