Fix shadowsocks iptables rules

shadowsocks-libev/files/shadowsocks-libev.init

@@ -308,6 +308,7 @@ start_service() {
 	# Add rule to match traffic marked by firewall for bypass
 	ip rule add prio 1 fwmark 0x539 lookup 991337 > /dev/null 2>&1
 	rules_up
+	[ -f /etc/firewall.gre-tunnel ] && sh /etc/firewall.gre-tunnel > /dev/null 2>&1
 }
 
 stop_service() {
@@ -320,7 +321,7 @@ reload_service() {
 }
 
 rules_exist() {
-	[ -n "$(iptables -t nat -L -n | grep ssr)" ] && return 0
+	[ -n "$(iptables-save | grep 'A ssr')" ] && return 0
 	return 1
 }
 
@@ -347,6 +348,7 @@ rules_up() {
 		config_foreach ss_rules_restart "$cfgtype" "$cfgtype"
 	done
 	config_foreach ss_rules ss_rules
+	[ -z "$(iptables-save | grep :ssr)" ] && logger -t "Shadowsocks" "Rules not applied"
 	[ -f /etc/init.d/omr-bypass ] && {
 		logger -t "Shadowsocks" "Reload omr-bypass rules"
 		/etc/init.d/omr-bypass reload_rules

shadowsocks-libev/files/ss-rules

@@ -187,7 +187,7 @@ ss_rules_iptchains_init_tcp() {
 		forward) local_target=ssr_${rule}_forward ;;
 		bypass|*) return 0;;
 	esac
-	if [ "$(iptables -t nat -L ssr_${rule}_local_out | grep ssr_${rule}_dst_bypass)" = "" ]; then
+	if [ "$(iptables-save | grep ssr_${rule}_local_out | grep ssr_${rule}_dst_bypass)" = "" ]; then
 		iptables-restore -w --noflush <<-EOF
 			*nat
 			:ssr_${rule}_local_out -

shadowsocks-libev/files/ss-rules6

@@ -175,7 +175,7 @@ ss_rules6_iptchains_init_tcp() {
 		:ssr6_${rule}_local_out -
 		-I OUTPUT 1 -p tcp -j ssr6_${rule}_local_out
 		-A ssr6_${rule}_local_out -m set --match-set ssr6_${rule}_dst_bypass dst -j RETURN
-		-A ssr6_${rule}_local_out -m set --match-set ssr6_${rule}_dst_bypass_all dst -j RETURN
+		-A ssr6_${rule}_local_out -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN
 		-A ssr6_${rule}_local_out -m set --match-set ssr6_${rule}_dst_bypass_ dst -j RETURN
 		-A ssr6_${rule}_local_out -m mark --mark 0x6539 -j RETURN
 		-A ssr6_${rule}_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"