yanistyle/podkop
1
0
Fork 0
mirror of https://github.com/itdoginfo/podkop.git synced 2026-06-10 13:28:14 +03:00
Code Issues Packages Projects Releases 1 Wiki Activity

Merge pull request #384 from itdoginfo/fix/dnat

Browse Source 
fix: skip connections with DNAT status in NFT mangle chain
This commit is contained in:
Kirill Sobakin
2026-06-01 12:22:26 +03:00
committed by GitHub
parent 847895598d 3c34bd1fd0
commit de7b73af3c
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
podkop/files/usr/bin/podkop
View File

@@ -312,6 +312,7 @@ create_nft_rules() {
nft add chain inet "$NFT_TABLE_NAME" mangle_output '{ type route hook output priority -150; policy accept; }'
nft add chain inet "$NFT_TABLE_NAME" proxy '{ type filter hook prerouting priority -100; policy accept; }'
nft add rule inet "$NFT_TABLE_NAME" mangle ct status dnat return
nft add rule inet "$NFT_TABLE_NAME" mangle iifname "@$NFT_INTERFACE_SET_NAME" ip daddr "@$NFT_COMMON_SET_NAME" meta l4proto tcp meta mark set "$NFT_FAKEIP_MARK" counter
nft add rule inet "$NFT_TABLE_NAME" mangle iifname "@$NFT_INTERFACE_SET_NAME" ip daddr "@$NFT_COMMON_SET_NAME" meta l4proto udp meta mark set "$NFT_FAKEIP_MARK" counter
nft add rule inet "$NFT_TABLE_NAME" mangle iifname "@$NFT_INTERFACE_SET_NAME" ip daddr "$SB_FAKEIP_INET4_RANGE" meta l4proto tcp meta mark set "$NFT_FAKEIP_MARK" counter