ForkMaster/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2024-11-11 17:29:16 +05:00
Code Issues Actions Packages Projects Releases Wiki Activity

readme.eng.md : minor fix

Browse Source
This commit is contained in:
bol-van 2024-03-02 17:59:08 +03:00
parent f5c3517363
commit 2ab1141b88
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/readme.eng.md
View File

@ -99,7 +99,7 @@ Its necessary to use this filter when also using `connbytes 1:6`. Without it pac
Some attacks require redirection of incoming packets :
iptables -t mangle -I PREROUTING -i <external_interface> -p tcp --sport 80 -m connbytes --connbytes-dir=reply --connbytes-mode=packets --connbytes 1:6 -m set --match-set zapret src -j NFQUEUE --queue-num 200 --queue-bypass
`iptables -t mangle -I PREROUTING -i <external_interface> -p tcp --sport 80 -m connbytes --connbytes-dir=reply --connbytes-mode=packets --connbytes 1:6 -m set --match-set zapret src -j NFQUEUE --queue-num 200 --queue-bypass`
Incoming packets are filtered by incoming interface, source port and IP. This is opposite to the direct rule.