i11th/ruantiblock_openwrt
1
0
Fork 0
mirror of https://github.com/gSpotx2f/ruantiblock_openwrt.git synced 2026-05-14 22:50:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

ruantiblock: Nft chains prio

Browse Source
This commit is contained in:
gSpot
2023-07-10 17:14:46 +03:00
parent e9be3a0732
commit 6d6bed7903
4 changed files with 18 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ruantiblock/files/usr/share/ruantiblock/nft_functions
+5 -5
View File
@@ -6,11 +6,11 @@ NFT_LOCAL_CLIENTS_CHAIN="local_clients"
VPN_ROUTE_TABLE_ID=99
if [ "$PROXY_MODE" = "2" ]; then
MAIN_CHAIN_TYPE="type filter hook prerouting priority -160; policy accept;"
LOCAL_CLIENTS_CHAIN_TYPE="type route hook output priority -160; policy accept;"
MAIN_CHAIN_TYPE="type filter hook prerouting priority ${NFT_PRIO_ROUTE}; policy accept;"
LOCAL_CLIENTS_CHAIN_TYPE="type route hook output priority ${NFT_PRIO_ROUTE}; policy accept;"
else
MAIN_CHAIN_TYPE="type nat hook prerouting priority -110; policy accept;"
LOCAL_CLIENTS_CHAIN_TYPE="type nat hook output priority -110; policy accept;"
MAIN_CHAIN_TYPE="type nat hook prerouting priority ${NFT_PRIO_NAT}; policy accept;"
LOCAL_CLIENTS_CHAIN_TYPE="type nat hook output priority ${NFT_PRIO_NAT}; policy accept;"
fi
case "$ALLOWED_HOSTS_MODE" in
@@ -48,7 +48,7 @@ NftVpnRouteAdd() {
if [ -n "$VPN_IP" ]; then
echo 0 > /proc/sys/net/ipv4/conf/$IF_VPN/rp_filter
NftVpnRouteDelete 2> /dev/null
$IP_CMD rule add fwmark $VPN_PKTS_MARK table $VPN_ROUTE_TABLE_ID priority 1000
$IP_CMD rule add fwmark $VPN_PKTS_MARK table $VPN_ROUTE_TABLE_ID priority $VPN_RULE_PRIO
$IP_CMD route add default via $VPN_IP table $VPN_ROUTE_TABLE_ID
fi
}