33 lines
1.0 KiB
Plaintext
33 lines
1.0 KiB
Plaintext
#!/usr/sbin/nft -f
|
|
|
|
define RESERVED_IP = {
|
|
10.0.0.0/8,
|
|
100.64.0.0/10,
|
|
127.0.0.0/8,
|
|
169.254.0.0/16,
|
|
172.16.0.0/12,
|
|
192.0.0.0/24,
|
|
224.0.0.0/4,
|
|
240.0.0.0/4,
|
|
255.255.255.255/32
|
|
}
|
|
|
|
table ip xray {
|
|
chain prerouting {
|
|
type filter hook prerouting priority mangle; policy accept;
|
|
ip daddr $RESERVED_IP return
|
|
ip daddr 192.168.0.0/16 tcp dport != 53 return
|
|
ip daddr 192.168.0.0/16 udp dport != 53 return
|
|
ip protocol tcp tproxy to 127.0.0.1:61219 meta mark set 1
|
|
ip protocol udp tproxy to 127.0.0.1:61219 meta mark set 1
|
|
}
|
|
chain output {
|
|
type route hook output priority mangle; policy accept;
|
|
ip daddr $RESERVED_IP return
|
|
ip daddr 192.168.0.0/16 tcp dport != 53 return
|
|
ip daddr 192.168.0.0/16 udp dport != 53 return
|
|
meta mark 2 return
|
|
ip protocol tcp meta mark set 1
|
|
ip protocol udp meta mark set 1
|
|
}
|
|
} |