Cloudflare (NFT): correct IPv6 rule

Co-authored-by: Ivan Trubach <mr.trubach@icloud.com>
2025-04-19 05:22:58 +03:00 · 2025-04-08 17:45:41 +03:00 · 2025-04-08 17:45:41 +03:00 · 0273679447
commit 0273679447
parent 59ff6f1c7c
1 changed files with 4 additions and 3 deletions
--- a/init.d/custom.d.examples.linux/50-cloudflare
+++ b/init.d/custom.d.examples.linux/50-cloudflare
@ -53,18 +53,19 @@ zapret_custom_firewall_nft()
 	local first_packets_only="$nft_connbytes 1-3"
 	local dest_set_ipv4="ip daddr @$NFQWS_CLOUDFLARE_SET_NAME_IPV4"
 	local dest_set_ipv6="ip6 daddr @$NFQWS_CLOUDFLARE_SET_NAME_IPV6"
-	local nft_rules="type ipv4_addr; size 4096; auto-merge; flags interval;"
+	local nft_rules_ipv4="type ipv4_addr; size 4096; auto-merge; flags interval;"
+	local nft_rules_ipv6="type ipv6_addr; size 4096; auto-merge; flags interval;"
 	local subnets subnets_ipv6

 	make_comma_list subnets $NFQWS_CLOUDFLARE_SUBNETS_IPV4
 	make_comma_list subnets_ipv6 $NFQWS_CLOUDFLARE_SUBNETS_IPV6

-	nft_create_set $NFQWS_CLOUDFLARE_SET_NAME_IPV4 "$nft_rules"
+	nft_create_set $NFQWS_CLOUDFLARE_SET_NAME_IPV4 "$nft_rules_ipv4"
 	nft_flush_set $NFQWS_CLOUDFLARE_SET_NAME_IPV4
 	nft_add_set_element $NFQWS_CLOUDFLARE_SET_NAME_IPV4 "$subnets"

 	[ "$DISABLE_IPV6" != "1" ] && {
-		nft_create_set $NFQWS_CLOUDFLARE_SET_NAME_IPV6 "$nft_rules"
+		nft_create_set $NFQWS_CLOUDFLARE_SET_NAME_IPV6 "$nft_rules_ipv6"
 		nft_flush_set $NFQWS_CLOUDFLARE_SET_NAME_IPV6
 		nft_add_set_element $NFQWS_CLOUDFLARE_SET_NAME_IPV6 "$subnets_ipv6"
 	}