mostm
/
openwrt-xray
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openwrt-xray/etc/xray/fwd_functions.sh

70 lines
2.6 KiB
Bash
Raw Blame History

#!/bin/sh
# Function to add nftables rules for a specific IP and port
direct_port_for_ip() {
ip=$1
port=$2
nft insert rule ip xray prerouting ip daddr "$ip" tcp dport "$port" counter return
nft insert rule ip xray prerouting ip daddr "$ip" udp dport "$port" counter return
nft insert rule ip xray output ip daddr "$ip" tcp dport "$port" counter return
nft insert rule ip xray output ip daddr "$ip" udp dport "$port" counter return
}
# Function to add nftables rules for a single port without specifying IP
direct_port() {
port=$1
nft insert rule ip xray prerouting tcp dport "$port" counter return
nft insert rule ip xray prerouting udp dport "$port" counter return
nft insert rule ip xray output tcp dport "$port" counter return
nft insert rule ip xray output udp dport "$port" counter return
}
# Function to add nftables rules for a range of ports for a specific IP
direct_port_range_for_ip() {
ip=$1
start_port=$2
end_port=$3
nft insert rule ip xray prerouting ip daddr "$ip" tcp dport { "$start_port"-"$end_port" } counter return
nft insert rule ip xray prerouting ip daddr "$ip" udp dport { "$start_port"-"$end_port" } counter return
nft insert rule ip xray output ip daddr "$ip" tcp dport { "$start_port"-"$end_port" } counter return
nft insert rule ip xray output ip daddr "$ip" udp dport { "$start_port"-"$end_port" } counter return
}
# Function to add nftables rules for a range of ports without specifying IP
direct_port_range() {
start_port=$1
end_port=$2
nft insert rule ip xray prerouting tcp dport { "$start_port"-"$end_port" } counter return
nft insert rule ip xray prerouting udp dport { "$start_port"-"$end_port" } counter return
nft insert rule ip xray output tcp dport { "$start_port"-"$end_port" } counter return
nft insert rule ip xray output udp dport { "$start_port"-"$end_port" } counter return
}
# Function to add nftables rules for an IP without specifying ports
direct_ip() {
ip=$1
nft insert rule ip xray prerouting ip saddr "$ip" counter return
nft insert rule ip xray output ip saddr "$ip" counter return
nft insert rule ip xray prerouting ip daddr "$ip" counter return
nft insert rule ip xray output ip daddr "$ip" counter return
}
# Function to add nftables rules for blocking IP
block_ip() {
ip=$1
# Block in prerouting chain
nft insert rule ip xray prerouting ip daddr "$ip" counter drop
nft insert rule ip xray prerouting ip saddr "$ip" counter drop
# Block in output chain
nft insert rule ip xray output ip daddr "$ip" counter drop
nft insert rule ip xray output ip saddr "$ip" counter drop
}
Reference in New Issue View Git Blame Copy Permalink