ForkMaster/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2025-05-06 10:40:48 +05:00
Code Issues Actions Packages Projects Releases Wiki Activity

update nftables.txt,iptables.txt

Browse Source
This commit is contained in:
bol-van 2025-05-03 10:54:59 +03:00
parent 0a8135b2de
commit 5b625fa709
2 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/iptables.txt
View File

@ -13,6 +13,7 @@ iptables -t mangle -I POSTROUTING -p udp --dport 443 -m mark ! --mark 0x40000000
sysctl net.netfilter.nf_conntrack_tcp_be_liberal=1
iptables -t mangle -I POSTROUTING -p tcp -m multiport --dports 80,443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:12 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass
iptables -t mangle -I PREROUTING -p tcp -m multiport --sports 80,443 -m connbytes --connbytes-dir=reply --connbytes-mode=packets --connbytes 1:3 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass
iptables -t mangle -I PREROUTING -p udp -m multiport --sports 443 -m connbytes --connbytes-dir=reply --connbytes-mode=packets --connbytes 1:1 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass
For TPROXY :

1
docs/nftables.txt
View File

@ -26,6 +26,7 @@ nft add rule inet ztest post meta mark and 0x40000000 == 0 udp dport 443 ct orig
sysctl net.netfilter.nf_conntrack_tcp_be_liberal=1
nft add chain inet ztest pre "{type filter hook prerouting priority filter;}"
nft add rule inet ztest pre tcp sport "{80,443}" ct reply packets 1-3 queue num 200 bypass
nft add rule inet ztest pre udp sport 443 ct reply packets 1 queue num 200 bypass
show rules : nft list table inet ztest