gandc/zapret2
Template
1
0
Fork 0
mirror of https://github.com/bol-van/zapret2.git synced 2026-03-13 22:03:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

nft optimize rules

Browse Source
This commit is contained in:
bol-van
2025-12-02 10:49:50 +03:00
parent 837833feaf
commit 63668fc84e
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
common/nft.sh
View File

@@ -328,16 +328,16 @@ nft_apply_flow_offloading()
[ "$DISABLE_IPV4" = "1" ] || {
# allow only outgoing packets to initiate flow offload
nft_add_rule forward_hook oifname @wanif meta l4proto "{ tcp, udp }" jump flow_offload
nft_add_rule flow_offload ip daddr == @nozapret jump flow_offload_always
nft_add_rule forward_hook meta l4proto "{ tcp, udp }" oifname @wanif jump flow_offload
nft_add_rule flow_offload ip daddr == @nozapret goto flow_offload_always
}
[ "$DISABLE_IPV6" = "1" ] || {
nft_add_rule forward_hook oifname @wanif6 meta l4proto "{ tcp, udp }" jump flow_offload
nft_add_rule flow_offload ip6 daddr == @nozapret6 jump flow_offload_always
nft_add_rule forward_hook meta l4proto "{ tcp, udp }" oifname @wanif6 jump flow_offload
nft_add_rule flow_offload ip6 daddr == @nozapret6 goto flow_offload_always
}
nft_add_rule flow_offload jump flow_offload_zapret
nft_add_rule flow_offload_zapret jump flow_offload_always
nft_add_rule flow_offload_zapret goto flow_offload_always
}
}