Browse Source
Cloudflare (NFQWS): correct IPv6 rule
Co-authored-by: Ivan Trubach <mr.trubach@icloud.com>
pull/1319/head
Wend4r
4 months ago
No known key found for this signature in database
GPG Key ID: 257EC620087B0C06
1 changed files with
4 additions and
3 deletions
-
init.d/custom.d.examples.linux/50-cloudflare
|
|
|
@ -53,18 +53,19 @@ zapret_custom_firewall_nft() |
|
|
|
local first_packets_only="$nft_connbytes 1-3" |
|
|
|
local dest_set_ipv4="ip daddr @$NFQWS_CLOUDFLARE_SET_NAME_IPV4" |
|
|
|
local dest_set_ipv6="ip6 daddr @$NFQWS_CLOUDFLARE_SET_NAME_IPV6" |
|
|
|
local nft_rules="type ipv4_addr; size 4096; auto-merge; flags interval;" |
|
|
|
local nft_rules_ipv4="type ipv4_addr; size 4096; auto-merge; flags interval;" |
|
|
|
local nft_rules_ipv6="type ipv6_addr; size 4096; auto-merge; flags interval;" |
|
|
|
local subnets subnets_ipv6 |
|
|
|
|
|
|
|
make_comma_list subnets $NFQWS_CLOUDFLARE_SUBNETS_IPV4 |
|
|
|
make_comma_list subnets_ipv6 $NFQWS_CLOUDFLARE_SUBNETS_IPV6 |
|
|
|
|
|
|
|
nft_create_set $NFQWS_CLOUDFLARE_SET_NAME_IPV4 "$nft_rules" |
|
|
|
nft_create_set $NFQWS_CLOUDFLARE_SET_NAME_IPV4 "$nft_rules_ipv4" |
|
|
|
nft_flush_set $NFQWS_CLOUDFLARE_SET_NAME_IPV4 |
|
|
|
nft_add_set_element $NFQWS_CLOUDFLARE_SET_NAME_IPV4 "$subnets" |
|
|
|
|
|
|
|
[ "$DISABLE_IPV6" != "1" ] && { |
|
|
|
nft_create_set $NFQWS_CLOUDFLARE_SET_NAME_IPV6 "$nft_rules" |
|
|
|
nft_create_set $NFQWS_CLOUDFLARE_SET_NAME_IPV6 "$nft_rules_ipv6" |
|
|
|
nft_flush_set $NFQWS_CLOUDFLARE_SET_NAME_IPV6 |
|
|
|
nft_add_set_element $NFQWS_CLOUDFLARE_SET_NAME_IPV6 "$subnets_ipv6" |
|
|
|
} |
|
|
|
|
