Mirror/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2026-01-06 08:38:49 +03:00
Code Issues Packages Projects Releases Wiki Activity

readme: nfqws synack : more precise nat info

Browse Source
This commit is contained in:
bol-van
2021-04-07 13:13:42 +03:00
parent 268b1faeef
commit 609c25ded8
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/readme.eng.txt
View File

@@ -254,7 +254,7 @@ Can be useful for ISPs with more than one DPI.
SYNACK MODE
In geneva docs it's called "TCP turnaround". Attempt to make the DPI believe the roles of client and server are reversed.
!!! This mode breaks NAT operation and can be used only from devices with external IP address !
!!! This mode breaks NAT operation and can be used only if there's no NAT between the attacker's device and the DPI !
In linux it's required to remove standard firewall rule dropping INVALID packets in the OUTPUT chain,
for example : -A OUTPUT -m state --state INVALID -j DROP
In openwrt it's possible to disable the rule for both FORWARD and OUTPUT chains in /etc/config/firewall :