github-mirror/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2026-03-09 14:55:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

blockcheck: fix frag6 notrack

Browse Source
This commit is contained in:
bol-van
2022-02-05 17:58:56 +03:00
parent 4aef7a96a4
commit bf74a6caf9
3 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
blockcheck.sh
View File

@@ -340,7 +340,7 @@ pktws_ipt_prepare()
IPT OUTPUT -p tcp --dport $1 -m conntrack --ctstate INVALID -j ACCEPT
if [ "$IPV" = 6 -a -n "$IP6_DEFRAG_DISABLE" ]; then
# the only way to reliable disable ipv6 defrag. works only in 4.16+ kernels
IPT OUTPUT -t raw -p tcp --dport $1 -j CT --notrack
IPT OUTPUT -t raw -p tcp -m frag -j CT --notrack
elif [ "$IPV" = 4 ]; then
# enable fragments
IPT OUTPUT -f -j ACCEPT
@@ -363,7 +363,7 @@ pktws_ipt_unprepare()
IPT_DEL INPUT -p tcp --sport $1 ! --syn -j ACCEPT
IPT_DEL OUTPUT -p tcp --dport $1 -m conntrack --ctstate INVALID -j ACCEPT
if [ "$IPV" = 6 -a -n "$IP6_DEFRAG_DISABLE" ]; then
IPT_DEL OUTPUT -t raw -p tcp --dport $1 -j CT --notrack
IPT_DEL OUTPUT -t raw -p tcp -m frag -j CT --notrack
elif [ "$IPV" = 4 ]; then
IPT_DEL OUTPUT -f -j ACCEPT
fi