From b0455bfee21d1fb787bab829398557f72c9dd526 Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Mon, 1 Dec 2025 20:06:31 +0300
Subject: [PATCH] nft do not apply FILTER_MARK to incoming

---
 common/nft.sh | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/common/nft.sh b/common/nft.sh
index 165279d..7c9b81e 100644
--- a/common/nft.sh
+++ b/common/nft.sh
@@ -97,12 +97,13 @@ nft_activate_chain4()
 {
 	# $1 - chain name
 	# $2 - saddr/daddr
-	local b rule
+	local b rule markf=
 	[ "$DISABLE_IPV4" = "1" ] || {
 		b=0
 		nft_wanif_filter_present && b=1
 
-		rule="meta mark and $DESYNC_MARK == 0 $(nft_mark_filter)"
+		[ "$2" = daddr ] && markf=$(nft_mark_filter)
+		rule="meta mark and $DESYNC_MARK == 0 $markf"
 		[ $b = 1 ] && rule="$rule oifname @wanif"
 		rule="$rule ip $2 != @nozapret jump $1"
 		nft_rule_exists ${1}_hook "$rule" || nft_add_rule ${1}_hook $rule
@@ -112,12 +113,13 @@ nft_activate_chain6()
 {
 	# $1 - chain name
 	# $2 - saddr/daddr
-	local b rule
+	local b rule markf=
 	[ "$DISABLE_IPV6" = "1" ] || {
 		b=0
 		nft_wanif6_filter_present && b=1
 
-		rule="meta mark and $DESYNC_MARK == 0 $(nft_mark_filter)"
+		[ "$2" = daddr ] && markf=$(nft_mark_filter)
+		rule="meta mark and $DESYNC_MARK == 0 $markf"
 		[ $b = 1 ] && rule="$rule oifname @wanif6"
 		rule="$rule ip6 $2 != @nozapret6 jump $1"
 		nft_rule_exists ${1}_hook "$rule" || nft_add_rule ${1}_hook $rule