From 2f9c69b33f179471d1ac98621e456ad6b0d51abe Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Thu, 14 Mar 2024 16:04:18 +0300
Subject: [PATCH] fix incoming connbytes range

---
 common/ipt.sh | 4 +++-
 common/nft.sh | 8 ++++++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/common/ipt.sh b/common/ipt.sh
index 81c7f7a..ec5af86 100644
--- a/common/ipt.sh
+++ b/common/ipt.sh
@@ -328,7 +328,9 @@ produce_reverse_nfqws_rule()
 		# autottl - need only one incoming packet
 		[ "$MODE_FILTER" = autohostlist ] || rule=$(echo "$rule" | sed -re "s/$ipt_connbytes [0-9]+:[0-9]+/$ipt_connbytes 1:1/")
 	else
-		rule="$ipt_connbytes 1:$(first_packets_for_mode) $rule"
+		local n=1
+		[ "$MODE_FILTER" = autohostlist ] && n=$(first_packets_for_mode)
+		rule="$ipt_connbytes 1:$n $rule"
 	fi
 	echo "$rule" | reverse_nfqws_rule_stream
 }
diff --git a/common/nft.sh b/common/nft.sh
index 20e1a3a..1acd64f 100644
--- a/common/nft.sh
+++ b/common/nft.sh
@@ -598,9 +598,13 @@ nft_produce_reverse_nfqws_rule()
 	if contains "$rule" "$nft_connbytes "; then
 		# autohostlist - need several incoming packets
 		# autottl - need only one incoming packet
-		[ "$MODE_FILTER" = autohostlist ] || rule=$(echo "$rule" | sed -re 's/$nft_connbytes [0-9]+-[0-9]+/$nft_connbytes 1-1/')
+		[ "$MODE_FILTER" = autohostlist ] || rule=$(echo "$rule" | sed -re "s/$nft_connbytes [0-9]+-[0-9]+/$nft_connbytes 1/")
 	else
-		rule="$nft_connbytes 1-$(first_packets_for_mode) $rule"
+		# old nft does not swallow 1-1
+		local range=1
+		[ "$MODE_FILTER" = autohostlist ] && range=$(first_packets_for_mode)
+		[ "$range" = 1 ] || range="1-$range"
+		rule="$nft_connbytes $range $rule"
 	fi
 	nft_reverse_nfqws_rule $rule
 }