diff --git a/luci-app-passwall/root/usr/share/passwall/nftables.sh b/luci-app-passwall/root/usr/share/passwall/nftables.sh index 5a64c1231..9281f4116 100755 --- a/luci-app-passwall/root/usr/share/passwall/nftables.sh +++ b/luci-app-passwall/root/usr/share/passwall/nftables.sh @@ -878,7 +878,8 @@ add_firewall_rule() { [ "${USE_BLOCK_LIST}" = "1" ] && nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_BLOCKLIST counter drop" # jump chains - nft "add rule inet fw4 mangle_prerouting meta nfproto {ipv4} counter jump PSW_MANGLE" + nft "add rule inet fw4 mangle_prerouting ip protocol udp counter jump PSW_MANGLE" + [ -n "${is_tproxy}" ] && nft "add rule inet fw4 mangle_prerouting ip protocol tcp counter jump PSW_MANGLE" insert_rule_before "inet fw4" "mangle_prerouting" "PSW_MANGLE" "counter jump PSW_DIVERT" #ipv4 tcp redirect mode @@ -1284,13 +1285,15 @@ gen_include() { nft "add rule inet fw4 nat_output ip protocol tcp counter jump PSW_OUTPUT_NAT" } + PR_INDEX=\$(sh ${MY_PATH} RULE_LAST_INDEX "inet fw4" PSW_MANGLE WAN_IP_RETURN -1) + if [ \$PR_INDEX -ge 0 ]; then + WAN_IP=\$(sh ${MY_PATH} get_wan_ip) + [ ! -z "\${WAN_IP}" ] && nft "replace rule inet fw4 PSW_MANGLE handle \$PR_INDEX ip daddr "\${WAN_IP}" counter return comment \"WAN_IP_RETURN\"" + fi + nft "add rule inet fw4 mangle_prerouting ip protocol udp counter jump PSW_MANGLE" + [ -n "${is_tproxy}" ] && { - PR_INDEX=\$(sh ${MY_PATH} RULE_LAST_INDEX "inet fw4" PSW_MANGLE WAN_IP_RETURN -1) - if [ \$PR_INDEX -ge 0 ]; then - WAN_IP=\$(sh ${MY_PATH} get_wan_ip) - [ ! -z "\${WAN_IP}" ] && nft "replace rule inet fw4 PSW_MANGLE handle \$PR_INDEX ip daddr "\${WAN_IP}" counter return comment \"WAN_IP_RETURN\"" - fi - nft "add rule inet fw4 mangle_prerouting meta nfproto {ipv4} counter jump PSW_MANGLE" + nft "add rule inet fw4 mangle_prerouting ip protocol tcp counter jump PSW_MANGLE" nft "add rule inet fw4 mangle_output ip protocol tcp counter jump PSW_OUTPUT_MANGLE comment \"PSW_OUTPUT_MANGLE\"" } \$(sh ${MY_PATH} insert_rule_before "inet fw4" "mangle_prerouting" "PSW_MANGLE" "counter jump PSW_DIVERT")