Skip to content
This repository was archived by the owner on Nov 21, 2019. It is now read-only.

Commit a340339

Browse files
author
icymind
committed
update redire udp firewall rule
1 parent 59593ae commit a340339

File tree

1 file changed

+10
-8
lines changed

1 file changed

+10
-8
lines changed

src/renderer/lib/generator.js

Lines changed: 10 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -403,8 +403,9 @@ class Generator {
403403
contents.push(genFWRulesHelper(rule))
404404

405405
if (profile.enableRelayUDP) {
406-
const udpRule = `-p udp -m set --match-set ${firewallInfo.ipset.blackSetName} dst -j REDIRECT --to-port ${udpRedirPort}`
407-
contents.push(genFWRulesHelper(udpRule))
406+
contents.push('ip rule add fwmark 1 lookup 100')
407+
contents.push('ip route add local default dev lo table 100')
408+
contents.push(`iptables -t mangle -A PREROUTING -p udp -m set --match-set ${firewallInfo.ipset.blackSetName} dst -j TPROXY --on-port ${udpRedirPort} --tproxy-mark 0x01/0x01`)
408409
}
409410

410411
contents.push('# bypass whitelist')
@@ -416,8 +417,7 @@ class Generator {
416417
contents.push(genFWRulesHelper(rule))
417418

418419
if (profile.enableRelayUDP) {
419-
const udpRule = `-p udp -j REDIRECT --to-port ${udpRedirPort}`
420-
contents.push(genFWRulesHelper(udpRule))
420+
contents.push(`iptables -t mangle -A PREROUTING -p udp -j TPROXY --on-port ${udpRedirPort} --tproxy-mark 0x01/0x01`)
421421
}
422422
} else if (profile.mode === 'blacklist') {
423423
// 仅代理黑名单模式下, 先将白名单返回(如果自定义白名单中存在黑名单相同项, 先处理白名单符合预期)
@@ -430,17 +430,19 @@ class Generator {
430430
contents.push(genFWRulesHelper(rule))
431431

432432
if (profile.enableRelayUDP) {
433-
const udpRule = `-p udp -m set --match-set ${firewallInfo.ipset.blackSetName} dst -j REDIRECT --to-port ${udpRedirPort}`
434-
contents.push(genFWRulesHelper(udpRule))
433+
contents.push('ip rule add fwmark 1 lookup 100')
434+
contents.push('ip route add local default dev lo table 100')
435+
contents.push(`iptables -t mangle -A PREROUTING -p udp -m set --match-set ${firewallInfo.ipset.blackSetName} dst -j TPROXY --on-port ${udpRedirPort} --tproxy-mark 0x01/0x01`)
435436
}
436437
} else if (profile.mode === 'global') {
437438
contents.push('# route all traffic')
438439
let rule = `-p tcp -j REDIRECT --to-port ${redirPort}`
439440
contents.push(genFWRulesHelper(rule))
440441

441442
if (profile.enableRelayUDP) {
442-
const udpRule = `-p udp -j REDIRECT --to-port ${udpRedirPort}`
443-
contents.push(genFWRulesHelper(udpRule))
443+
contents.push('ip rule add fwmark 1 lookup 100')
444+
contents.push('ip route add local default dev lo table 100')
445+
contents.push(`iptables -t mangle -A PREROUTING -p udp -j TPROXY --on-port ${udpRedirPort} --tproxy-mark 0x01/0x01`)
444446
}
445447
}
446448

0 commit comments

Comments
 (0)