Mirror/podkop
1
0
Fork 0
mirror of https://github.com/itdoginfo/podkop.git synced 2026-01-27 04:40:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix: avoid outbound traffic loop by adding NFT_OUTBOUND_MARK (0x90000) and mangle_output return rule (#248)

Browse Source
This commit is contained in:
Andrey Petelin
2026-01-14 10:29:13 +05:00
parent 4448c09c34
commit 1e9a7bffa4
2 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
podkop/files/usr/bin/podkop
View File

@@ -321,6 +321,7 @@ create_nft_rules() {
nft add rule inet "$NFT_TABLE_NAME" proxy meta mark "$NFT_FAKEIP_MARK" meta l4proto udp tproxy ip to 127.0.0.1:1602 counter
nft add rule inet "$NFT_TABLE_NAME" mangle_output ip daddr "@$NFT_LOCALV4_SET_NAME" return
nft add rule inet "$NFT_TABLE_NAME" mangle_output meta mark "$NFT_OUTBOUND_MARK" counter return
nft add rule inet "$NFT_TABLE_NAME" mangle_output ip daddr "@$NFT_COMMON_SET_NAME" meta l4proto tcp meta mark set "$NFT_FAKEIP_MARK" counter
nft add rule inet "$NFT_TABLE_NAME" mangle_output ip daddr "@$NFT_COMMON_SET_NAME" meta l4proto udp meta mark set "$NFT_FAKEIP_MARK" counter
nft add rule inet "$NFT_TABLE_NAME" mangle_output ip daddr "$SB_FAKEIP_INET4_RANGE" meta l4proto tcp meta mark set "$NFT_FAKEIP_MARK" counter

1
podkop/files/usr/lib/constants.sh
View File

@@ -21,6 +21,7 @@ NFT_COMMON_SET_NAME="podkop_subnets"
NFT_DISCORD_SET_NAME="podkop_discord_subnets"
NFT_INTERFACE_SET_NAME="interfaces"
NFT_FAKEIP_MARK="0x80000"
NFT_OUTBOUND_MARK="0x90000"
## sing-box
SB_REQUIRED_VERSION="1.12.0"