How to add a routing policy rule with ip rule

Adding a routing policy rule with ip rule add sends matching traffic to a specific routing table instead of leaving every lookup to the default main table. This is useful on hosts with multiple uplinks, source-based egress policies, firewall-mark steering, or other layouts where the same destination may need different next hops.

A policy rule does not define the path by itself. It matches selectors such as source prefix, destination prefix, firewall mark, or interface, and the matching action tells the kernel which table to consult next. The selected table still needs the correct default route or destination prefix for the traffic that should match.

Rules are processed by increasing priority number, so lower numeric values run first and can override later lookups. New runtime rules affect traffic immediately, and any rule that should survive interface or host restarts must also be defined in the system's persistent network configuration.

Related: How to show routing policy rules with ip rule
Related: How to show routes from a specific routing table with ip route

Steps to add a routing policy rule with ip rule:

  1. Show the current policy-routing rules before choosing a priority for the new entry. 
    $ ip rule show
0:	from all lookup local
32766:	from all lookup main
32767:	from all lookup default

    Lower numeric priorities are evaluated first, so pick a unique value that fits the intended order.

  2. Confirm that the target routing table already contains the route that matching traffic should use. 
    $ ip route show table 100
default via 192.0.2.1 dev lab0 onlink
  3. Add the rule with the required selector, target table, and explicit priority. 
    $ sudo ip rule add from 192.0.2.10/32 table 100 priority 1000
  4. Verify that the new rule now appears in the policy list at the intended priority. 
    $ ip rule show
0:	from all lookup local
1000:	from 192.0.2.10 lookup 100
32766:	from all lookup main
32767:	from all lookup default
  5. Test a route lookup that should match the new selector before applying the same rule persistently. 
    $ ip route get 203.0.113.8 from 192.0.2.10
203.0.113.8 from 192.0.2.10 via 192.0.2.1 dev lab0 table 100 uid 0
    cache

    If the lookup still resolves through the wrong table or interface, remove the rule and correct the selector or target table before continuing.

  6. Add the equivalent rule to the host's normal network configuration if it must survive restart.

    Runtime ip rule add changes only the active kernel policy database.