mirror of
https://github.com/Ysurac/openmptcprouter-feeds.git
synced 2025-03-09 15:40:03 +00:00
Add DPI support to OMR-Bypass
This commit is contained in:
Ycarus
parent
dfbba31e1d
commit
d90d5ea374
11 changed files with 181 additions and 16 deletions
|
|
@ -6,7 +6,7 @@
|
||||||
include $(TOPDIR)/rules.mk
|
include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
LUCI_TITLE:=LuCI Interface to bypass domains
|
LUCI_TITLE:=LuCI Interface to bypass domains
|
||||||
LUCI_DEPENDS:=+dnsmasq-full +shadowsocks-libev-ss-rules
|
LUCI_DEPENDS:=+dnsmasq-full +shadowsocks-libev-ss-rules +iptables-mod-ndpi +iptables-mod-extra
|
||||||
|
|
||||||
PKG_LICENSE:=GPLv3
|
PKG_LICENSE:=GPLv3
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -24,18 +24,21 @@ function bypass_add()
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
ucic:delete("omr-bypass","ips","ip")
|
|
||||||
if table.getn(ip_ipset) > 0 then
|
|
||||||
for _, i in pairs(ip_ipset) do
|
|
||||||
ucic:set_list("omr-bypass","ips","ip",ip_ipset)
|
ucic:set_list("omr-bypass","ips","ip",ip_ipset)
|
||||||
|
|
||||||
|
local dpi = luci.http.formvalue("cbid.omr-bypass.dpi")
|
||||||
|
if (type(dpi) ~= "table") then
|
||||||
|
dpi = {dpi}
|
||||||
end
|
end
|
||||||
end
|
ucic:set_list("omr-bypass","dpi","proto",dpi)
|
||||||
|
|
||||||
ucic:save("omr-bypass")
|
ucic:save("omr-bypass")
|
||||||
ucic:commit("omr-bypass")
|
ucic:commit("omr-bypass")
|
||||||
ucic:set_list("dhcp",ucic:get_first("dhcp","dnsmasq"),"ipset",domains_ipset .. "/ss_rules_dst_bypass")
|
ucic:set_list("dhcp",ucic:get_first("dhcp","dnsmasq"),"ipset",domains_ipset .. "/ss_rules_dst_bypass")
|
||||||
ucic:save("dhcp")
|
ucic:save("dhcp")
|
||||||
ucic:commit("dhcp")
|
ucic:commit("dhcp")
|
||||||
--luci.sys.exec("/etc/init.d/dnsmasq restart")
|
--luci.sys.exec("/etc/init.d/dnsmasq restart")
|
||||||
|
luci.sys.exec("/etc/init.d/omr-bypass restart")
|
||||||
luci.http.redirect(luci.dispatcher.build_url("admin/services/omr-bypass"))
|
luci.http.redirect(luci.dispatcher.build_url("admin/services/omr-bypass"))
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
|
@ -1,11 +1,14 @@
|
||||||
<%+header%>
|
<%+header%>
|
||||||
|
|
||||||
<script type="text/javascript" src="<%=resource%>/cbi.js" data-strings="{"path":{"resource":"\/luci-static\/resources","browser":"\/cgi-bin\/luci\/admin\/filebrowser"},"label":{"choose":"-- Choisir --","custom":"-- autre --"}}"></script>
|
<script type="text/javascript" src="<%=resource%>/cbi.js?v=git-18.170.32705-0f524f1" data-strings="{"path":{"resource":"\/luci-static\/resources","browser":"\/cgi-bin\/luci\/admin\/filebrowser"},"label":{"choose":"-- Choisir --","custom":"-- autre --"}}"></script>
|
||||||
|
|
||||||
<%
|
<%
|
||||||
local uci = require("luci.model.uci").cursor()
|
local uci = require("luci.model.uci").cursor()
|
||||||
local hosts = uci:get_list("dhcp", uci:get_first("dhcp","dnsmasq"), "ipset")
|
local hosts = uci:get_list("dhcp", uci:get_first("dhcp","dnsmasq"), "ipset")
|
||||||
local ips = uci:get_list("omr-bypass", "ips", "ip")
|
local ips = uci:get_list("omr-bypass", "ips", "ip")
|
||||||
|
local dpi = uci:get_list("omr-bypass", "dpi", "proto")
|
||||||
|
local tmpfile = os.tmpname()
|
||||||
|
local dpi_available_proto = luci.util.execi("cat /proc/net/xt_ndpi/proto | awk '{print $3}' | sort -u | head -n -1")
|
||||||
%>
|
%>
|
||||||
|
|
||||||
<% if stderr and #stderr > 0 then %><pre class="error"><%=pcdata(stderr)%></pre><% end %>
|
<% if stderr and #stderr > 0 then %><pre class="error"><%=pcdata(stderr)%></pre><% end %>
|
||||||
|
|
@ -25,7 +28,12 @@
|
||||||
for hst in string.gmatch(host,"([^/]*)/") do
|
for hst in string.gmatch(host,"([^/]*)/") do
|
||||||
if hst ~= "" then
|
if hst ~= "" then
|
||||||
%>
|
%>
|
||||||
<input class="cbi-input-text" value="<%=hst%>" data-update="change" type="text" id="cbid.omr-bypass.hosts.<%=j%>" name="cbid.omr-bypass.hosts" placeholder="google.com" /><br />
|
<input class="cbi-input-text" value="<%=hst%>" data-update="change" type="text" id="cbid.omr-bypass.hosts.<%=j%>" name="cbid.omr-bypass.hosts" placeholder="google.com" />
|
||||||
|
<br />
|
||||||
|
<div class="cbi-value-description">
|
||||||
|
<span class="cbi-value-helpicon"><img src="/luci-static/resources/cbi/help.gif" alt="help" /></span>
|
||||||
|
<%:You need to use OpenMPTCProuter as DNS server when you want to bypass a domain%>
|
||||||
|
</div>
|
||||||
<%
|
<%
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
@ -38,7 +46,12 @@
|
||||||
end
|
end
|
||||||
if j == 1 then
|
if j == 1 then
|
||||||
%>
|
%>
|
||||||
<input class="cbi-input-text" value="" data-update="change" type="text" id="cbid.omr-bypass.hosts.1" name="cbid.omr-bypass.hosts" placeholder="google.com" /><br />
|
<input class="cbi-input-text" value="" data-update="change" type="text" id="cbid.omr-bypass.hosts.1" name="cbid.omr-bypass.hosts" placeholder="google.com" />
|
||||||
|
<br />
|
||||||
|
<div class="cbi-value-description">
|
||||||
|
<span class="cbi-value-helpicon"><img src="/luci-static/resources/cbi/help.gif" alt="help" /></span>
|
||||||
|
<%:You need to use OpenMPTCProuter as DNS server when you want to bypass a domain%>
|
||||||
|
</div>
|
||||||
<%
|
<%
|
||||||
end
|
end
|
||||||
%>
|
%>
|
||||||
|
|
@ -46,6 +59,38 @@
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</fieldset>
|
</fieldset>
|
||||||
|
<fieldset class="cbi-section" id="dpi">
|
||||||
|
<div class="cbi-section-descr"><%:Set protocols you want to bypass.%></div>
|
||||||
|
<div class="cbi-value cbi-value-last" id="cbi-omr-tracker-dpi" data-depends="[]" data-index="<%=table.getn(dpi)%>">
|
||||||
|
<label class="cbi-value-title" for="cbid.omr-tracker.dpi"><%:Protocol%></label>
|
||||||
|
<div class="cbi-value-field">
|
||||||
|
<%
|
||||||
|
local allprt=""""
|
||||||
|
for prt in dpi_available_proto do
|
||||||
|
allprt=allprt .. ","" .. prt .. """
|
||||||
|
end
|
||||||
|
%>
|
||||||
|
|
||||||
|
<div data-prefix="cbid.omr-bypass.dpi" data-browser-path="" data-dynlist="[[<%=allprt%>],[<%=allprt%>],null,false]">
|
||||||
|
<%
|
||||||
|
local k = 1
|
||||||
|
for _ , proto in pairs(dpi) do
|
||||||
|
k = k+1
|
||||||
|
%>
|
||||||
|
<input class="cbi-input-text" id="cbid.omr-bypass.dpi.<%=k%>" name="cbid.omr-bypass.dpi" data-update="change" value="<%=proto%>" /><br />
|
||||||
|
<%
|
||||||
|
end
|
||||||
|
if k == 1 then
|
||||||
|
%>
|
||||||
|
<input class="cbi-input-text" id="cbid.omr-bypass.dpi.<%=k%>" name="cbid.omr-bypass.dpi" data-update="change" /><br />
|
||||||
|
<%
|
||||||
|
end
|
||||||
|
%>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</fieldset>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<div class="cbi-page-actions">
|
<div class="cbi-page-actions">
|
||||||
<input type="hidden" name="token" value="<%=token%>" />
|
<input type="hidden" name="token" value="<%=token%>" />
|
||||||
|
|
|
||||||
|
|
@ -1 +1,3 @@
|
||||||
config bypass 'ips'
|
config bypass 'ips'
|
||||||
|
|
||||||
|
config bypass 'dpi'
|
||||||
|
|
|
||||||
|
|
@ -1,13 +1,25 @@
|
||||||
#!/bin/sh /etc/rc.common
|
#!/bin/sh /etc/rc.common
|
||||||
# Copyright (C) 2018 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
|
# Copyright (C) 2018 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
|
||||||
|
|
||||||
START=90
|
START=99
|
||||||
STOP=10
|
STOP=10
|
||||||
USE_PROCD=1
|
USE_PROCD=1
|
||||||
|
|
||||||
_bypass_ip() {
|
_bypass_ip() {
|
||||||
local ip="$1"
|
local ip="$1"
|
||||||
|
valid_ip4=$( valid_subnet4 $ip)
|
||||||
|
valid_ip6=$( valid_subnet6 $ip)
|
||||||
|
if [ "$valid_ip4" = "ok" ]; then
|
||||||
ipset add ss_rules_dst_bypass $ip
|
ipset add ss_rules_dst_bypass $ip
|
||||||
|
elif [ "$valid_ip6" = "ok" ]; then
|
||||||
|
ipset add ss_rules6_dst_bypass $ip
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
_bypass_proto() {
|
||||||
|
local proto="$1"
|
||||||
|
ndpi_rules="-A omr-bypass-dpi -m ndpi --$proto -j MARK --set-mark 0x539
|
||||||
|
$ndpi_rules"
|
||||||
}
|
}
|
||||||
|
|
||||||
start_service() {
|
start_service() {
|
||||||
|
|
@ -20,13 +32,28 @@ start_service() {
|
||||||
config_list_foreach ips "ip" _bypass_ip
|
config_list_foreach ips "ip" _bypass_ip
|
||||||
|
|
||||||
ip rule add prio 1 fwmark 0x539 lookup 991337 > /dev/null 2>&1
|
ip rule add prio 1 fwmark 0x539 lookup 991337 > /dev/null 2>&1
|
||||||
if [ "$(iptables -t mangle -L | grep 'mark 0x539')" = "" ]; then
|
|
||||||
|
if [ "$(iptables -t mangle -L | grep 'MARK set 0x539')" = "" ]; then
|
||||||
iptables-restore --noflush <<-EOF
|
iptables-restore --noflush <<-EOF
|
||||||
*mangle
|
*mangle
|
||||||
-A PREROUTING -m set --match-set ss_rules_dst_bypass dst -j MARK --set-mark 0x539
|
-A PREROUTING -m set --match-set ss_rules_dst_bypass dst -j MARK --set-mark 0x539
|
||||||
COMMIT
|
COMMIT
|
||||||
EOF
|
EOF
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
iptables-save --counters | grep -v omr-bypass-dpi | iptables-restore --counters
|
||||||
|
local ndpi_rules=""
|
||||||
|
config_list_foreach dpi "proto" _bypass_proto
|
||||||
|
ndpi_rules=$(echo $ndpi_rules | awk 'NF')
|
||||||
|
if [ "$ndpi_rules" != "" ]; then
|
||||||
|
iptables-restore --noflush <<-EOF
|
||||||
|
*mangle
|
||||||
|
:omr-bypass-dpi -
|
||||||
|
-A PREROUTING -m addrtype ! --dst-type LOCAL -j omr-bypass-dpi
|
||||||
|
$ndpi_rules
|
||||||
|
COMMIT
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
service_triggers() {
|
service_triggers() {
|
||||||
|
|
|
||||||
|
|
@ -7,5 +7,16 @@ uci -q batch <<-EOF >/dev/null
|
||||||
commit ucitrack
|
commit ucitrack
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
if [ "$(uci -q get omr-bypass.dpi)" = "" ]; then
|
||||||
|
uci -q batch <<-EOF >/dev/null
|
||||||
|
set omr-bypass.dpi=bypass
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$(uci -q get ucitrack.@shadowsocks-libev[-1].affects)" = "" ]; then
|
||||||
|
uci -q batch <<-EOF >/dev/null
|
||||||
|
set ucitrack.@shadowsocks-libev[-1].affects=omr-bypass
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
rm -f /tmp/luci-indexcache
|
rm -f /tmp/luci-indexcache
|
||||||
exit 0
|
exit 0
|
||||||
|
|
|
||||||
73
ndpi-netfilter2/Makefile
Normal file
73
ndpi-netfilter2/Makefile
Normal file
|
|
@ -0,0 +1,73 @@
|
||||||
|
#
|
||||||
|
# Based on package from https://github.com/openwrt-develop/ndpi-netfilter/
|
||||||
|
# Copyright (C) 2018 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
|
||||||
|
#
|
||||||
|
# This is free software, licensed under the GNU General Public License v2.
|
||||||
|
# See /LICENSE for more information.
|
||||||
|
#
|
||||||
|
|
||||||
|
include $(TOPDIR)/rules.mk
|
||||||
|
include $(INCLUDE_DIR)/kernel.mk
|
||||||
|
|
||||||
|
PKG_NAME:=ndpi-netfilter2
|
||||||
|
PKG_VERSION:=5bcfd49
|
||||||
|
PKG_RELEASE:=1
|
||||||
|
PKG_REV:=5bcfd49
|
||||||
|
|
||||||
|
PKG_SOURCE_PROTO:=git
|
||||||
|
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
|
||||||
|
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
|
||||||
|
PKG_SOURCE_URL:=https://github.com/vel21ripn/nDPI.git
|
||||||
|
PKG_SOURCE_VERSION:=$(PKG_REV)
|
||||||
|
|
||||||
|
PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
|
||||||
|
|
||||||
|
include $(INCLUDE_DIR)/package.mk
|
||||||
|
|
||||||
|
define Package/iptables-mod-ndpi
|
||||||
|
SUBMENU:=Firewall
|
||||||
|
SECTION:=net
|
||||||
|
CATEGORY:=Network
|
||||||
|
TITLE:=ndpi successor of OpenDPI
|
||||||
|
URL:=http://www.ntop.org/products/ndpi/
|
||||||
|
DEPENDS:=+iptables +iptables-mod-conntrack-extra +kmod-ipt-ndpi
|
||||||
|
MAINTAINER:=Thomas Heil <heil@terminal-consulting.de>
|
||||||
|
endef
|
||||||
|
|
||||||
|
define Package/iptables-mod-ndpi/description
|
||||||
|
nDPI is a ntop-maintained superset of the popular OpenDPI library
|
||||||
|
endef
|
||||||
|
|
||||||
|
CONFIGURE_CMD=./autogen.sh
|
||||||
|
CONFIGURE_ARGS += --with-pic
|
||||||
|
MAKE_PATH := ndpi-netfilter
|
||||||
|
|
||||||
|
MAKE_FLAGS += \
|
||||||
|
KERNEL_DIR="$(LINUX_DIR)" \
|
||||||
|
MODULES_DIR="$(TARGET_MODULES_DIR)" \
|
||||||
|
NDPI_PATH=$(PKG_BUILD_DIR)/ndpi-netfilter
|
||||||
|
|
||||||
|
define Build/Compile
|
||||||
|
(cd $(PKG_BUILD_DIR)/src/lib &&\
|
||||||
|
gcc -I../../src/include/ -I../../src/lib/third_party/include/ ndpi_network_list_compile.c -o ndpi_network_list_compile &&\
|
||||||
|
./ndpi_network_list_compile -o ndpi_network_list.c.inc ndpi_network_list_std.yaml ndpi_network_list_tor.yaml)
|
||||||
|
make $(MAKE_FLAGS) -C $(PKG_BUILD_DIR)/ndpi-netfilter
|
||||||
|
endef
|
||||||
|
|
||||||
|
define Package/iptables-mod-ndpi/install
|
||||||
|
$(INSTALL_DIR) $(1)/usr/lib/iptables
|
||||||
|
$(INSTALL_BIN) $(PKG_BUILD_DIR)/ndpi-netfilter/ipt/libxt_ndpi.so $(1)/usr/lib/iptables
|
||||||
|
endef
|
||||||
|
|
||||||
|
define KernelPackage/ipt-ndpi
|
||||||
|
SUBMENU:=Netfilter Extensions
|
||||||
|
TITLE:= nDPI net netfilter module
|
||||||
|
DEPENDS:=+kmod-nf-conntrack +kmod-nf-conntrack-netlink +kmod-ipt-compat-xtables
|
||||||
|
KCONFIG:=CONFIG_NF_CONNTRACK_LABELS=y \
|
||||||
|
CONFIG_NETFILTER_XT_MATCH_CONNLABEL=y
|
||||||
|
FILES:= $(PKG_BUILD_DIR)/ndpi-netfilter/src/xt_ndpi.ko
|
||||||
|
AUTOLOAD:=$(call AutoProbe,xt_ndpi)
|
||||||
|
endef
|
||||||
|
|
||||||
|
$(eval $(call BuildPackage,iptables-mod-ndpi))
|
||||||
|
$(eval $(call KernelPackage,ipt-ndpi))
|
||||||
|
|
@ -8,7 +8,7 @@
|
||||||
include $(TOPDIR)/rules.mk
|
include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
PKG_NAME:=openmptcprouter-full
|
PKG_NAME:=openmptcprouter-full
|
||||||
PKG_VERSION:=0.8
|
PKG_VERSION:=0.9
|
||||||
PKG_RELEASE:=1
|
PKG_RELEASE:=1
|
||||||
|
|
||||||
include $(INCLUDE_DIR)/package.mk
|
include $(INCLUDE_DIR)/package.mk
|
||||||
|
|
@ -42,7 +42,7 @@ MY_DEPENDS := \
|
||||||
omr-update \
|
omr-update \
|
||||||
openvpn-openssl \
|
openvpn-openssl \
|
||||||
kmod-rt2800-usb libimobiledevice \
|
kmod-rt2800-usb libimobiledevice \
|
||||||
rng-tools \
|
wpad \
|
||||||
kmod-rtl8xxxu kmod-rtl8192cu kmod-net-rtl8192su comgt kmod-usb-serial kmod-usb-serial-option kmod-usb-serial-wwan usb-modeswitch uqmi adb-enablemodem umbim kmod-mii kmod-usb-net kmod-usb-wdm kmod-usb-net-qmi-wwan kmod-usb-net-cdc-mbim
|
kmod-rtl8xxxu kmod-rtl8192cu kmod-net-rtl8192su comgt kmod-usb-serial kmod-usb-serial-option kmod-usb-serial-wwan usb-modeswitch uqmi adb-enablemodem umbim kmod-mii kmod-usb-net kmod-usb-wdm kmod-usb-net-qmi-wwan kmod-usb-net-cdc-mbim
|
||||||
|
|
||||||
OMR_SUPPORTED_LANGS := ca zh-cn en fr de el he hu it ja ms no pl pt-br pt ro ru es sv uk vi
|
OMR_SUPPORTED_LANGS := ca zh-cn en fr de el he hu it ja ms no pl pt-br pt ro ru es sv uk vi
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@
|
||||||
|
|
||||||
USE_PROCD=1
|
USE_PROCD=1
|
||||||
EXTRA_COMMANDS="rules_up rules_down"
|
EXTRA_COMMANDS="rules_up rules_down"
|
||||||
START=99
|
START=98
|
||||||
|
|
||||||
ss_confdir=/var/etc/shadowsocks-libev
|
ss_confdir=/var/etc/shadowsocks-libev
|
||||||
ss_bindir=/usr/bin
|
ss_bindir=/usr/bin
|
||||||
|
|
|
||||||
|
|
@ -186,6 +186,7 @@ ss_rules_iptchains_init_tcp() {
|
||||||
-I OUTPUT 1 -p tcp -j ss_rules_local_out
|
-I OUTPUT 1 -p tcp -j ss_rules_local_out
|
||||||
-A ss_rules_local_out -m set --match-set ss_rules_dst_bypass dst -j RETURN
|
-A ss_rules_local_out -m set --match-set ss_rules_dst_bypass dst -j RETURN
|
||||||
-A ss_rules_local_out -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
|
-A ss_rules_local_out -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
|
||||||
|
-A ss_rules_local_out -m mark --mark 0x539 -j RETURN
|
||||||
-A ss_rules_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
|
-A ss_rules_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
|
||||||
COMMIT
|
COMMIT
|
||||||
EOF
|
EOF
|
||||||
|
|
@ -243,6 +244,7 @@ ss_rules_iptchains_init_() {
|
||||||
-A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
|
-A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
|
||||||
-A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass dst -j MARK --set-mark 0x539
|
-A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass dst -j MARK --set-mark 0x539
|
||||||
-A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass dst -j RETURN
|
-A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass dst -j RETURN
|
||||||
|
-A ss_rules_pre_src -m mark --mark 0x539 -j RETURN
|
||||||
-A ss_rules_dst -m set --match-set ss_rules_dst_bypass dst -j RETURN
|
-A ss_rules_dst -m set --match-set ss_rules_dst_bypass dst -j RETURN
|
||||||
-A ss_rules_pre_src -p $proto $o_ipt_extra -j ss_rules_src
|
-A ss_rules_pre_src -p $proto $o_ipt_extra -j ss_rules_src
|
||||||
-A ss_rules_src -m set --match-set ss_rules_src_bypass src -j RETURN
|
-A ss_rules_src -m set --match-set ss_rules_src_bypass src -j RETURN
|
||||||
|
|
|
||||||
|
|
@ -170,6 +170,7 @@ ss_rules6_iptchains_init_tcp() {
|
||||||
-I OUTPUT 1 -p tcp -j ss_rules6_local_out
|
-I OUTPUT 1 -p tcp -j ss_rules6_local_out
|
||||||
-A ss_rules6_local_out -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN
|
-A ss_rules6_local_out -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN
|
||||||
-A ss_rules6_local_out -m set --match-set ss_rules6_dst_bypass dst -j RETURN
|
-A ss_rules6_local_out -m set --match-set ss_rules6_dst_bypass dst -j RETURN
|
||||||
|
-A ss_rules6_local_out -m mark --mark 0x539 -j RETURN
|
||||||
-A ss_rules6_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
|
-A ss_rules6_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
|
||||||
COMMIT
|
COMMIT
|
||||||
EOF
|
EOF
|
||||||
|
|
@ -228,6 +229,7 @@ ss_rules6_iptchains_init_() {
|
||||||
-A ss_rules6_pre_src -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN
|
-A ss_rules6_pre_src -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN
|
||||||
-A ss_rules6_dst -m set --match-set ss_rules6_dst_bypass dst -j MARK --set-mark 0x539
|
-A ss_rules6_dst -m set --match-set ss_rules6_dst_bypass dst -j MARK --set-mark 0x539
|
||||||
-A ss_rules6_dst -m set --match-set ss_rules6_dst_bypass dst -j RETURN
|
-A ss_rules6_dst -m set --match-set ss_rules6_dst_bypass dst -j RETURN
|
||||||
|
-A ss_rules6_dst -m mark --mark 0x539 -j RETURN
|
||||||
-A ss_rules6_pre_src -p $proto $o_ipt_extra -j ss_rules6_src
|
-A ss_rules6_pre_src -p $proto $o_ipt_extra -j ss_rules6_src
|
||||||
-A ss_rules6_src -m set --match-set ss_rules6_src_bypass src -j RETURN
|
-A ss_rules6_src -m set --match-set ss_rules6_src_bypass src -j RETURN
|
||||||
-A ss_rules6_src -m set --match-set ss_rules6_src_forward src -j ss_rules6_forward
|
-A ss_rules6_src -m set --match-set ss_rules6_src_forward src -j ss_rules6_forward
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue