gandc/zapret2
Template
1
0
Fork 0
mirror of https://github.com/bol-van/zapret2.git synced 2026-03-13 22:03:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

nft do not apply FILTER_MARK to incoming

Browse Source
This commit is contained in:
bol-van
2025-12-01 20:06:31 +03:00
parent d279fab308
commit b0455bfee2
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
common/nft.sh
View File

@@ -97,12 +97,13 @@ nft_activate_chain4()
{
# $1 - chain name
# $2 - saddr/daddr
local b rule
local b rule markf=
[ "$DISABLE_IPV4" = "1" ] || {
b=0
nft_wanif_filter_present && b=1
rule="meta mark and $DESYNC_MARK == 0 $(nft_mark_filter)"
[ "$2" = daddr ] && markf=$(nft_mark_filter)
rule="meta mark and $DESYNC_MARK == 0 $markf"
[ $b = 1 ] && rule="$rule oifname @wanif"
rule="$rule ip $2 != @nozapret jump $1"
nft_rule_exists ${1}_hook "$rule" || nft_add_rule ${1}_hook $rule
@@ -112,12 +113,13 @@ nft_activate_chain6()
{
# $1 - chain name
# $2 - saddr/daddr
local b rule
local b rule markf=
[ "$DISABLE_IPV6" = "1" ] || {
b=0
nft_wanif6_filter_present && b=1
rule="meta mark and $DESYNC_MARK == 0 $(nft_mark_filter)"
[ "$2" = daddr ] && markf=$(nft_mark_filter)
rule="meta mark and $DESYNC_MARK == 0 $markf"
[ $b = 1 ] && rule="$rule oifname @wanif6"
rule="$rule ip6 $2 != @nozapret6 jump $1"
nft_rule_exists ${1}_hook "$rule" || nft_add_rule ${1}_hook $rule