github-mirror/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2026-03-14 09:11:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

allow to specify protocol in helper function, do not fix tcp

Browse Source
This commit is contained in:
bol-van
2022-03-04 17:30:02 +03:00
parent d572264a92
commit 7f5731c5d0
6 changed files with 23 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
common/nft.sh
View File

@@ -346,8 +346,8 @@ _nft_fw_tpws4()
[ "$DISABLE_IPV4" = "1" ] || {
local filter="$1" port="$2"
nft_print_op "$filter" "tpws (port $2)" 4
nft_add_rule dnat_output skuid != $WS_USER ${3:+oifname @wanif }meta l4proto tcp $filter ip daddr != @nozapret dnat ip to $TPWS_LOCALHOST4:$port
nft_add_rule dnat_pre iifname @lanif meta l4proto tcp $filter ip daddr != @nozapret dnat ip to $TPWS_LOCALHOST4:$port
nft_add_rule dnat_output skuid != $WS_USER ${3:+oifname @wanif }$filter ip daddr != @nozapret dnat ip to $TPWS_LOCALHOST4:$port
nft_add_rule dnat_pre iifname @lanif $filter ip daddr != @nozapret dnat ip to $TPWS_LOCALHOST4:$port
prepare_route_localnet
}
}
@@ -361,9 +361,9 @@ _nft_fw_tpws6()
[ "$DISABLE_IPV6" = "1" ] || {
local filter="$1" port="$2" DNAT6 i
nft_print_op "$filter" "tpws (port $port)" 6
nft_add_rule dnat_output skuid != $WS_USER ${4:+oifname @wanif6 }meta l4proto tcp $filter ip6 daddr != @nozapret6 dnat ip6 to [::1]:$port
nft_add_rule dnat_output skuid != $WS_USER ${4:+oifname @wanif6 }$filter ip6 daddr != @nozapret6 dnat ip6 to [::1]:$port
[ -n "$3" ] && {
nft_add_rule dnat_pre meta l4proto tcp $filter ip6 daddr != @nozapret6 dnat ip6 to iifname map @link_local:$port
nft_add_rule dnat_pre $filter ip6 daddr != @nozapret6 dnat ip6 to iifname map @link_local:$port
for i in $3; do
_dnat6_target $i DNAT6
# can be multiple tpws processes on different ports
@@ -391,7 +391,7 @@ _nft_fw_nfqws_post4()
[ "$DISABLE_IPV4" = "1" ] || {
local filter="$1" port="$2" rule
nft_print_op "$filter" "nfqws postrouting (qnum $port)" 4
rule="${3:+oifname @wanif }meta l4proto tcp $filter ip daddr != @nozapret"
rule="${3:+oifname @wanif }$filter ip daddr != @nozapret"
nft_add_rule postrouting $rule queue num $port bypass
nft_add_nfqws_flow_exempt_rule "$rule"
}
@@ -405,7 +405,7 @@ _nft_fw_nfqws_post6()
[ "$DISABLE_IPV6" = "1" ] || {
local filter="$1" port="$2" rule
nft_print_op "$filter" "nfqws postrouting (qnum $port)" 6
rule="${3:+oifname @wanif6 }meta l4proto tcp $filter ip6 daddr != @nozapret6"
rule="${3:+oifname @wanif6 }$filter ip6 daddr != @nozapret6"
nft_add_rule postrouting $rule queue num $port bypass
nft_add_nfqws_flow_exempt_rule "$rule"
}