drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2024-11-26 20:20:53 +03:00
Code Issues Packages Projects Releases Wiki Activity

docs/nftables.txt : add mark filter

Browse Source
This commit is contained in:
bol-van 2024-10-12 21:55:18 +03:00
parent 755915a3ba
commit d3f540a62b
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/nftables.txt
View File

@ -19,8 +19,8 @@ For dpi desync attack :
nft delete table inet ztest nft delete table inet ztest
nft create table inet ztest nft create table inet ztest
nft add chain inet ztest post "{type filter hook postrouting priority mangle;}" nft add chain inet ztest post "{type filter hook postrouting priority mangle;}"
nft add rule inet ztest post tcp dport "{80,443}" ct original packets 1-12 queue num 200 bypass nft add rule inet ztest post meta mark and 0x40000000 == 0 tcp dport "{80,443}" ct original packets 1-12 queue num 200 bypass
nft add rule inet ztest post udp dport 443 ct original packets 1-4 queue num 200 bypass nft add rule inet ztest post meta mark and 0x40000000 == 0 udp dport 443 ct original packets 1-4 queue num 200 bypass
# auto hostlist with avoiding wrong ACK numbers in RST,ACK packets sent by russian DPI # auto hostlist with avoiding wrong ACK numbers in RST,ACK packets sent by russian DPI
sysctl net.netfilter.nf_conntrack_tcp_be_liberal=1 sysctl net.netfilter.nf_conntrack_tcp_be_liberal=1