From 1b02c5f1749ab6c7b8e6be5e5ebdc87ab7a0950a Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 21 Jul 2023 21:40:54 +0200
Subject: [PATCH] Fix firewall redirection with destination IP

---
 .../files/etc/init.d/openmptcprouter-vps      | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/openmptcprouter/files/etc/init.d/openmptcprouter-vps b/openmptcprouter/files/etc/init.d/openmptcprouter-vps
index db37d8045..8bb124ac0 100755
--- a/openmptcprouter/files/etc/init.d/openmptcprouter-vps
+++ b/openmptcprouter/files/etc/init.d/openmptcprouter-vps
@@ -956,6 +956,18 @@ _vps_firewall_redirect_port() {
 						[ -n "$src_dip" ] && {
 							comment=" to $src_dip"
 							$IPTABLESSAVE --counters | sed "s:-d $src_dip/32::g" | $IPTABLESRESTORE -w
+							[ -f /usr/sbin/nft ] && {
+								rule=$(nft -a list table inet fw4 | grep -m1 "ip daddr $src_dip")
+								[ -n "$rule" ] && {
+									handle=$(echo $rule | awk '{ print $NF }')
+									nft replace rule inet fw4 dstnat_lan handle ${handle} $(echo $rule | awk '{ sub(" comment.*$",""); print }' | sed "s/ip daddr ${src_dip}//") 2>&1 >/dev/null
+								}
+								rule=$(nft -a list table inet fw4 | grep -m1 "ip daddr $src_dip")
+								[ -n "$rule" ] && {
+									handle=$(echo $rule | awk '{ print $NF }')
+									nft replace rule inet fw4 dstnat_vpn handle $handle $(echo $rule | awk '{ sub(" comment.*$",""); print }' | sed "s/ip daddr ${src_dip}/meta nfproto ipv4/") 2>&1 >/dev/null
+								}
+							}
 						}
 						[ -n "$src_ip" ] && comment=" from $src_ip"
 						if [ "$target" = "ACCEPT" ]; then
@@ -1038,6 +1050,18 @@ _vps_firewall_redirect_port() {
 						[ -n "$src_dip" ] && {
 							comment=" to $src_dip"
 							$IPTABLESSAVE --counters | sed "s:-d $src_dip/32::g" | $IPTABLESRESTORE -w
+							[ -f /usr/sbin/nft ] && {
+								rule=$(nft -a list table inet fw4 | grep -m1 "ip daddr $src_dip")
+								[ -n "$rule" ] && {
+									handle=$(echo $rule | awk '{ print $NF }')
+									nft replace rule inet fw4 dstnat_lan handle ${handle} $(echo $rule | awk '{ sub(" comment.*$",""); print }' | sed "s/ip daddr ${src_dip}//") 2>&1 >/dev/null
+								}
+								rule=$(nft -a list table inet fw4 | grep -m1 "ip daddr $src_dip")
+								[ -n "$rule" ] && {
+									handle=$(echo $rule | awk '{ print $NF }')
+									nft replace rule inet fw4 dstnat_vpn handle $handle $(echo $rule | awk '{ sub(" comment.*$",""); print }' | sed "s/ip daddr ${src_dip}/meta nfproto ipv4/") 2>&1 >/dev/null
+								}
+							}
 						}
 						[ -n "$src_ip" ] && comment=" from $src_ip"
 						checkfw=$(echo "$vpsfwlist" | grep "# OMR $username open router $src_dport port ${protoi}${comment} --- V2Ray to ${dest_ip}:${dest_port}")