drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2024-12-02 14:40:52 +03:00
Code Issues Packages Projects Releases Wiki Activity

wireguard docs: add missing nfset @zapret filter

Browse Source
This commit is contained in:
bol-van 2022-06-18 12:11:19 +03:00
parent faa2ac4a80
commit 56352edbd8
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/wireguard/wireguard_iproute_openwrt.txt
View File

@ -283,12 +283,12 @@ cat << EOF | nft -f -
add chain inet $ZAPRET_NFT_TABLE my_output { type route hook output priority mangle; } add chain inet $ZAPRET_NFT_TABLE my_output { type route hook output priority mangle; }
flush chain inet $ZAPRET_NFT_TABLE my_output flush chain inet $ZAPRET_NFT_TABLE my_output
add rule inet $ZAPRET_NFT_TABLE my_output oifname @wanif ip daddr @ipban meta mark set mark or 0x800 add rule inet $ZAPRET_NFT_TABLE my_output oifname @wanif ip daddr @ipban meta mark set mark or 0x800
add rule inet $ZAPRET_NFT_TABLE my_output oifname @wanif tcp dport 443 meta mark set mark or 0x800 add rule inet $ZAPRET_NFT_TABLE my_output oifname @wanif tcp dport 443 ip daddr @zapret meta mark set mark or 0x800
add chain inet $ZAPRET_NFT_TABLE my_prerouting { type filter hook prerouting priority mangle; } add chain inet $ZAPRET_NFT_TABLE my_prerouting { type filter hook prerouting priority mangle; }
flush chain inet $ZAPRET_NFT_TABLE my_prerouting flush chain inet $ZAPRET_NFT_TABLE my_prerouting
add rule inet $ZAPRET_NFT_TABLE my_prerouting iifname @lanif ip daddr @ipban meta mark set mark or 0x800 add rule inet $ZAPRET_NFT_TABLE my_prerouting iifname @lanif ip daddr @ipban meta mark set mark or 0x800
add rule inet $ZAPRET_NFT_TABLE my_prerouting iifname @lanif tcp dport 443 meta mark set mark or 0x800 add rule inet $ZAPRET_NFT_TABLE my_prerouting iifname @lanif tcp dport 443 ip daddr @zapret meta mark set mark or 0x800
EOF EOF
------------------------------------------------ ------------------------------------------------
@ -408,7 +408,7 @@ cat << EOF | nft -f -
add chain inet $ZAPRET_NFT_TABLE my_output { type route hook output priority mangle; } add chain inet $ZAPRET_NFT_TABLE my_output { type route hook output priority mangle; }
flush chain inet $ZAPRET_NFT_TABLE my_output flush chain inet $ZAPRET_NFT_TABLE my_output
add rule inet $ZAPRET_NFT_TABLE my_output oifname @wanif ip daddr @ipban meta mark set mark or 0x800 add rule inet $ZAPRET_NFT_TABLE my_output oifname @wanif ip daddr @ipban meta mark set mark or 0x800
add rule inet $ZAPRET_NFT_TABLE my_output oifname @wanif tcp dport 443 meta mark set mark or 0x800 add rule inet $ZAPRET_NFT_TABLE my_output oifname @wanif tcp dport 443 ip daddr @zapret meta mark set mark or 0x800
add rule inet $ZAPRET_NFT_TABLE my_output oifname @wanif meta mark set mark or 0x1000 add rule inet $ZAPRET_NFT_TABLE my_output oifname @wanif meta mark set mark or 0x1000
add chain inet $ZAPRET_NFT_TABLE my_prerouting { type filter hook prerouting priority mangle; } add chain inet $ZAPRET_NFT_TABLE my_prerouting { type filter hook prerouting priority mangle; }
@ -416,7 +416,7 @@ cat << EOF | nft -f -
add rule inet $ZAPRET_NFT_TABLE my_prerouting iifname $DEVICE ct state new ct mark set ct mark or 0x800 add rule inet $ZAPRET_NFT_TABLE my_prerouting iifname $DEVICE ct state new ct mark set ct mark or 0x800
add rule inet $ZAPRET_NFT_TABLE my_prerouting iifname != $DEVICE meta mark set ct mark and 0x800 add rule inet $ZAPRET_NFT_TABLE my_prerouting iifname != $DEVICE meta mark set ct mark and 0x800
add rule inet $ZAPRET_NFT_TABLE my_prerouting iifname @lanif ip daddr @ipban meta mark set mark or 0x800 add rule inet $ZAPRET_NFT_TABLE my_prerouting iifname @lanif ip daddr @ipban meta mark set mark or 0x800
add rule inet $ZAPRET_NFT_TABLE my_prerouting iifname @lanif tcp dport 443 meta mark set mark or 0x800 add rule inet $ZAPRET_NFT_TABLE my_prerouting iifname @lanif tcp dport 443 ip daddr @zapret meta mark set mark or 0x800
add chain inet $ZAPRET_NFT_TABLE my_nat { type nat hook postrouting priority 100 ; } add chain inet $ZAPRET_NFT_TABLE my_nat { type nat hook postrouting priority 100 ; }
flush chain inet $ZAPRET_NFT_TABLE my_nat flush chain inet $ZAPRET_NFT_TABLE my_nat