From 5b625fa7099bb5867f2a2466a123a11bd20cefd6 Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Sat, 3 May 2025 10:54:59 +0300
Subject: [PATCH] update nftables.txt,iptables.txt

---
 docs/iptables.txt | 1 +
 docs/nftables.txt | 1 +
 2 files changed, 2 insertions(+)

diff --git a/docs/iptables.txt b/docs/iptables.txt
index 742f926c..397554a3 100644
--- a/docs/iptables.txt
+++ b/docs/iptables.txt
@@ -13,6 +13,7 @@ iptables -t mangle -I POSTROUTING -p udp --dport 443 -m mark ! --mark 0x40000000
 sysctl net.netfilter.nf_conntrack_tcp_be_liberal=1 
 iptables -t mangle -I POSTROUTING -p tcp -m multiport --dports 80,443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:12 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass
 iptables -t mangle -I PREROUTING -p tcp -m multiport --sports 80,443 -m connbytes --connbytes-dir=reply --connbytes-mode=packets --connbytes 1:3 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass
+iptables -t mangle -I PREROUTING -p udp -m multiport --sports 443 -m connbytes --connbytes-dir=reply --connbytes-mode=packets --connbytes 1:1 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass
 
 
 For TPROXY :
diff --git a/docs/nftables.txt b/docs/nftables.txt
index 43f21504..243f8701 100644
--- a/docs/nftables.txt
+++ b/docs/nftables.txt
@@ -26,6 +26,7 @@ nft add rule inet ztest post meta mark and 0x40000000 == 0 udp dport 443 ct orig
 sysctl net.netfilter.nf_conntrack_tcp_be_liberal=1 
 nft add chain inet ztest pre "{type filter hook prerouting priority filter;}"
 nft add rule inet ztest pre tcp sport "{80,443}" ct reply packets 1-3 queue num 200 bypass
+nft add rule inet ztest pre udp sport 443 ct reply packets 1 queue num 200 bypass
 
 
 show rules   : nft list table inet ztest