Disable iptables DNS not needed lookups

2025-03-09 15:40:03 +00:00 · 2019-12-03 22:52:34 +01:00 · 2019-12-03 22:52:34 +01:00 · 275a0eb2e6
commit 275a0eb2e6
parent 0b2c504244
3 changed files with 7 additions and 7 deletions
--- a/luci-app-omr-bypass/root/etc/init.d/omr-bypass
+++ b/luci-app-omr-bypass/root/etc/init.d/omr-bypass
@ -279,14 +279,14 @@ _intf_rule() {
 			ip -6 rule add prio 1 fwmark 0x6539$count lookup 6$count > /dev/null 2>&1
 		fi
 	}
-	if [ "$(iptables -w 40 -t mangle -L | grep omr_dst_bypass_$intf)" = "" ]; then
+	if [ "$(iptables -w 40 -t mangle -L -n | grep omr_dst_bypass_$intf)" = "" ]; then
 		iptables-restore --wait=60 --noflush <<-EOF
 		*mangle
 		-I omr-bypass 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
 		COMMIT
 		EOF
 	fi
-	if [ "$(iptables -w 40 -t nat -L | grep ss_rules_pre_src)" != "" ] && [ "$(iptables -w 40 -t nat -L | grep omr_dst_bypass_$intf)" = "" ]; then
+	if [ "$(iptables -w 40 -t nat -L -n | grep ss_rules_pre_src)" != "" ] && [ "$(iptables -w 40 -t nat -L -n | grep omr_dst_bypass_$intf)" = "" ]; then
 		iptables-restore --wait=60 --noflush <<-EOF
 		*nat
 		-I ss_rules_dst 1 -m set --match-set omr_dst_bypass_$intf dst -j RETURN
@ -423,14 +423,14 @@ start_service() {
 	ip rule add prio 1 fwmark 0x539 lookup 991337 > /dev/null 2>&1
 	ip -6 rule add prio 1 fwmark 0x6539 lookup 6991337 > /dev/null 2>&1

-	if [ "$(iptables -w 40 -t mangle -L | grep 'match-set omr_dst_bypass_all dst MARK set')" = "" ]; then
+	if [ "$(iptables -w 40 -t mangle -L -n | grep 'match-set omr_dst_bypass_all dst MARK set')" = "" ]; then
 		iptables-restore --wait=60 --noflush <<-EOF
 		*mangle
 		-A omr-bypass -m set --match-set omr_dst_bypass_all dst -j MARK --set-mark 0x539
 		COMMIT
 		EOF
 	fi
-	if [ "$(iptables -w 40 -t nat -L | grep ss_rules_pre_src)" != "" ] && [ "$(iptables -w 40 -t nat -L | grep omr_dst_bypass_all)" = "" ]; then
+	if [ "$(iptables -w 40 -t nat -L -n | grep ss_rules_pre_src)" != "" ] && [ "$(iptables -w 40 -t nat -L -n | grep omr_dst_bypass_all)" = "" ]; then
 		iptables-restore --wait=60 --noflush <<-EOF
 		*nat
 		-I ss_rules_dst 1 -m set --match-set omr_dst_bypass_all dst -j RETURN
--- a/omr-tracker/files/bin/omr-tracker-ss
+++ b/omr-tracker/files/bin/omr-tracker-ss
@ -63,7 +63,7 @@ while true; do
 			uci -q set openmptcprouter.omr.shadowsocks="up"
 			uci -q commit openmptcprouter.omr
 		}
-		if [ -z "$(iptables -t nat -L | grep ss_rules_forward)" ] && [ "$(uci -q get shadowsocks-libev.ss_rules.disabled)" != "1" ]; then
+		if [ -z "$(iptables -t nat -L -n | grep ss_rules_forward)" ] && [ "$(uci -q get shadowsocks-libev.ss_rules.disabled)" != "1" ]; then
 			_log "Reload Shadowsocks rules"
 			/etc/init.d/shadowsocks-libev rules_up 2> /dev/null
 			_get_ip
@ -74,7 +74,7 @@ while true; do
 		last=$((last + 1 ))
 		[ -z "$nocontact" ] && nocontact="$host" || nocontact="$nocontact, $host"
 		[ "${last}" -ge "${retry}" ] && {
-			if [ -n "$(iptables -t nat -L | grep ss_rules_forward)" ]; then
+			if [ -n "$(iptables -t nat -L -n | grep ss_rules_forward)" ]; then
 				_log "Shadowsocks is down (can't contact ${nocontact})"
 				uci -q set openmptcprouter.omr.shadowsocks="down"
 				uci -q commit openmptcprouter.omr
--- a/shadowsocks-libev/files/shadowsocks-libev.init
+++ b/shadowsocks-libev/files/shadowsocks-libev.init
@ -249,7 +249,7 @@ stop_service() {
 }

 rules_exist() {
-	[ -n "$(iptables -t nat -L | grep ss_rules_forward)" ] && return 0
+	[ -n "$(iptables -t nat -L -n | grep ss_rules_forward)" ] && return 0
 	return 1
 }