Merge pull request #148 from Ysurac/develop

LAN FW block workaround only on TCP for shadowsocks
2025-02-15 03:51:51 +00:00 · 2021-06-11 09:58:11 +08:00 · 2021-06-11 09:58:11 +08:00 · b164a4a8e9
commit b164a4a8e9
parent 892027dd39 ca61391279
2 changed files with 4 additions and 4 deletions
--- a/shadowsocks-libev/files/ss-rules
+++ b/shadowsocks-libev/files/ss-rules
@ -285,11 +285,11 @@ ss_rules_iptchains_mkprerules() {
 }

 ss_rules_fw_drop() {
-	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
+	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
 	while IFS=$"\n" read -r c; do
 		iptables -t nat -A zone_lan_prerouting $(echo $c | sed 's/reject/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
 	done
-	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
+	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
 	while IFS=$"\n" read -r c; do
 		iptables -t nat -A zone_lan_prerouting $(echo $c | sed 's/drop/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
 	done
--- a/shadowsocks-libev/files/ss-rules6
+++ b/shadowsocks-libev/files/ss-rules6
@ -269,11 +269,11 @@ ss_rules6_iptchains_mkprerules() {


 ss_rules6_fw_drop() {
-	fw3 -6 print 2>/dev/null | awk '/ip6tables/&&/zone_lan_forward/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
+	fw3 -6 print 2>/dev/null | awk '/ip6tables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
 	while IFS=$"\n" read -r c; do
 		ip6tables -t nat -A zone_lan_prerouting $(echo $c | sed 's/reject/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
 	done
-	fw3 -6 print 2>/dev/null | awk '/ip6tables/&&/zone_lan_forward/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
+	fw3 -6 print 2>/dev/null | awk '/ip6tables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
 	while IFS=$"\n" read -r c; do
 		ip6tables -t nat -A zone_lan_prerouting $(echo $c | sed 's/drop/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
 	done