From ca61391279cfa024581bb80e710258817c679e9a Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Thu, 10 Jun 2021 21:22:34 +0200
Subject: [PATCH] LAN FW block workaround only on TCP for shadowsocks

---
 shadowsocks-libev/files/ss-rules  | 4 ++--
 shadowsocks-libev/files/ss-rules6 | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/shadowsocks-libev/files/ss-rules b/shadowsocks-libev/files/ss-rules
index e5e9892c7..0f46d5611 100755
--- a/shadowsocks-libev/files/ss-rules
+++ b/shadowsocks-libev/files/ss-rules
@@ -285,11 +285,11 @@ ss_rules_iptchains_mkprerules() {
 }
 
 ss_rules_fw_drop() {
-	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
+	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
 	while IFS=$"\n" read -r c; do
 		iptables -t nat -A zone_lan_prerouting $(echo $c | sed 's/reject/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
 	done
-	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
+	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
 	while IFS=$"\n" read -r c; do
 		iptables -t nat -A zone_lan_prerouting $(echo $c | sed 's/drop/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
 	done
diff --git a/shadowsocks-libev/files/ss-rules6 b/shadowsocks-libev/files/ss-rules6
index d8394cc64..157a14e40 100755
--- a/shadowsocks-libev/files/ss-rules6
+++ b/shadowsocks-libev/files/ss-rules6
@@ -269,11 +269,11 @@ ss_rules6_iptchains_mkprerules() {
 
 
 ss_rules6_fw_drop() {
-	fw3 -6 print 2>/dev/null | awk '/ip6tables/&&/zone_lan_forward/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
+	fw3 -6 print 2>/dev/null | awk '/ip6tables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
 	while IFS=$"\n" read -r c; do
 		ip6tables -t nat -A zone_lan_prerouting $(echo $c | sed 's/reject/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
 	done
-	fw3 -6 print 2>/dev/null | awk '/ip6tables/&&/zone_lan_forward/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
+	fw3 -6 print 2>/dev/null | awk '/ip6tables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
 	while IFS=$"\n" read -r c; do
 		ip6tables -t nat -A zone_lan_prerouting $(echo $c | sed 's/drop/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
 	done