drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2025-05-24 22:32:58 +03:00
Code Issues Packages Projects Releases Wiki Activity

major config re-think and re-write

Browse Source
This commit is contained in:
bol-van
2024-10-25 14:29:47 +03:00
parent d86aa42f48
commit 906e67af55
39 changed files with 963 additions and 1340 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/nftables.txt
View File

@@ -20,12 +20,12 @@ nft delete table inet ztest
nft create table inet ztest
nft add chain inet ztest post "{type filter hook postrouting priority mangle;}"
nft add rule inet ztest post meta mark and 0x40000000 == 0 tcp dport "{80,443}" ct original packets 1-12 queue num 200 bypass
nft add rule inet ztest post meta mark and 0x40000000 == 0 udp dport 443 ct original packets 1-4 queue num 200 bypass
nft add rule inet ztest post meta mark and 0x40000000 == 0 udp dport 443 ct original packets 1-12 queue num 200 bypass
# auto hostlist with avoiding wrong ACK numbers in RST,ACK packets sent by russian DPI
sysctl net.netfilter.nf_conntrack_tcp_be_liberal=1
nft add chain inet ztest pre "{type filter hook prerouting priority filter;}"
nft add rule inet ztest pre tcp sport "{80,443}" ct reply packets 1-4 queue num 200 bypass
nft add rule inet ztest pre tcp sport "{80,443}" ct reply packets 1-3 queue num 200 bypass
show rules : nft list table inet ztest