update nftables.txt,iptables.txt

3 months ago · 5b625fa709
2 changed files with 2 additions and 0 deletions
--- a/docs/iptables.txt
+++ b/docs/iptables.txt
@ -13,6 +13,7 @@ iptables -t mangle -I POSTROUTING -p udp --dport 443 -m mark ! --mark 0x40000000
 sysctl net.netfilter.nf_conntrack_tcp_be_liberal=1 
 iptables -t mangle -I POSTROUTING -p tcp -m multiport --dports 80,443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:12 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass
 iptables -t mangle -I PREROUTING -p tcp -m multiport --sports 80,443 -m connbytes --connbytes-dir=reply --connbytes-mode=packets --connbytes 1:3 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass
+iptables -t mangle -I PREROUTING -p udp -m multiport --sports 443 -m connbytes --connbytes-dir=reply --connbytes-mode=packets --connbytes 1:1 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass


 For TPROXY :
--- a/docs/nftables.txt
+++ b/docs/nftables.txt
@ -26,6 +26,7 @@ nft add rule inet ztest post meta mark and 0x40000000 == 0 udp dport 443 ct orig
 sysctl net.netfilter.nf_conntrack_tcp_be_liberal=1 
 nft add chain inet ztest pre "{type filter hook prerouting priority filter;}"
 nft add rule inet ztest pre tcp sport "{80,443}" ct reply packets 1-3 queue num 200 bypass
+nft add rule inet ztest pre udp sport 443 ct reply packets 1 queue num 200 bypass


 show rules   : nft list table inet ztest