zhao/openwrt_helloworld
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

luci-app-passwall: sync upstream

Browse Source 
last commit: 6a027ea540
This commit is contained in:
actions 2024-07-20 16:30:06 +08:00
parent 87d5ed69bc
commit ca7bf1d0b9
1 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
luci-app-passwall/root/usr/share/passwall/nftables.sh
View File

@ -878,7 +878,8 @@ add_firewall_rule() {
[ "${USE_BLOCK_LIST}" = "1" ] && nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_BLOCKLIST counter drop" [ "${USE_BLOCK_LIST}" = "1" ] && nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_BLOCKLIST counter drop"
# jump chains # jump chains
nft "add rule inet fw4 mangle_prerouting meta nfproto {ipv4} counter jump PSW_MANGLE" nft "add rule inet fw4 mangle_prerouting ip protocol udp counter jump PSW_MANGLE"
[ -n "${is_tproxy}" ] && nft "add rule inet fw4 mangle_prerouting ip protocol tcp counter jump PSW_MANGLE"
insert_rule_before "inet fw4" "mangle_prerouting" "PSW_MANGLE" "counter jump PSW_DIVERT" insert_rule_before "inet fw4" "mangle_prerouting" "PSW_MANGLE" "counter jump PSW_DIVERT"
#ipv4 tcp redirect mode #ipv4 tcp redirect mode
@ -1284,13 +1285,15 @@ gen_include() {
nft "add rule inet fw4 nat_output ip protocol tcp counter jump PSW_OUTPUT_NAT" nft "add rule inet fw4 nat_output ip protocol tcp counter jump PSW_OUTPUT_NAT"
} }
PR_INDEX=\$(sh ${MY_PATH} RULE_LAST_INDEX "inet fw4" PSW_MANGLE WAN_IP_RETURN -1)
if [ \$PR_INDEX -ge 0 ]; then
WAN_IP=\$(sh ${MY_PATH} get_wan_ip)
[ ! -z "\${WAN_IP}" ] && nft "replace rule inet fw4 PSW_MANGLE handle \$PR_INDEX ip daddr "\${WAN_IP}" counter return comment \"WAN_IP_RETURN\""
fi
nft "add rule inet fw4 mangle_prerouting ip protocol udp counter jump PSW_MANGLE"
[ -n "${is_tproxy}" ] && { [ -n "${is_tproxy}" ] && {
PR_INDEX=\$(sh ${MY_PATH} RULE_LAST_INDEX "inet fw4" PSW_MANGLE WAN_IP_RETURN -1) nft "add rule inet fw4 mangle_prerouting ip protocol tcp counter jump PSW_MANGLE"
if [ \$PR_INDEX -ge 0 ]; then
WAN_IP=\$(sh ${MY_PATH} get_wan_ip)
[ ! -z "\${WAN_IP}" ] && nft "replace rule inet fw4 PSW_MANGLE handle \$PR_INDEX ip daddr "\${WAN_IP}" counter return comment \"WAN_IP_RETURN\""
fi
nft "add rule inet fw4 mangle_prerouting meta nfproto {ipv4} counter jump PSW_MANGLE"
nft "add rule inet fw4 mangle_output ip protocol tcp counter jump PSW_OUTPUT_MANGLE comment \"PSW_OUTPUT_MANGLE\"" nft "add rule inet fw4 mangle_output ip protocol tcp counter jump PSW_OUTPUT_MANGLE comment \"PSW_OUTPUT_MANGLE\""
} }
\$(sh ${MY_PATH} insert_rule_before "inet fw4" "mangle_prerouting" "PSW_MANGLE" "counter jump PSW_DIVERT") \$(sh ${MY_PATH} insert_rule_before "inet fw4" "mangle_prerouting" "PSW_MANGLE" "counter jump PSW_DIVERT")