From d77a1c8cd6e9707ba7d3d385a3bd31a93a2c9182 Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Tue, 19 Nov 2024 19:54:21 +0300
Subject: [PATCH] init.d: keenetic udp fix script

---
 .../custom.d.examples/10-keenetic-udp-fix     | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 init.d/sysv/custom.d.examples/10-keenetic-udp-fix

diff --git a/init.d/sysv/custom.d.examples/10-keenetic-udp-fix b/init.d/sysv/custom.d.examples/10-keenetic-udp-fix
new file mode 100644
index 0000000..b87766c
--- /dev/null
+++ b/init.d/sysv/custom.d.examples/10-keenetic-udp-fix
@@ -0,0 +1,20 @@
+# This script fixes keenetic issue with nfqws generated udp packets
+# Keenetic uses proprietary ndmmark and does not masquerade without this mark
+# If not masqueraded packets go to WAN with LAN IP and get dropped by ISP
+
+# !!! MUST set IFACE_WAN in config !!!
+
+zapret_custom_firewall()
+{
+        # $1 - 1 - add, 0 - stop
+
+	local wan
+
+        ipt_print_op $1 "-j MASQUERADE" "keenetic udp fix"
+
+        if [ -n "$IFACE_WAN" ] ; then
+                for wan in $IFACE_WAN; do
+                        ipt_add_del $1 POSTROUTING -t nat -o $wan -j MASQUERADE
+                done
+        fi
+}