fix: add missing --on-ip equivalence in nft tproxy rules

cubercsl · cubercsl · commit 0b2c9a4c8264 · 2023-01-25T17:20:30.000+08:00
diff --git a/nftables.sh b/nftables.sh
@@ -38,7 +38,8 @@ table inet cgproxy {
     chain tproxy_ent {
         # core
         socket wildcard 0 mark set $fwmark_tproxy accept
-        meta l4proto { tcp, udp } tproxy to :$port meta mark set $fwmark_tproxy
+        meta l4proto { tcp, udp } tproxy ip to 127.0.0.1:$port meta mark set $fwmark_tproxy
+        meta l4proto { tcp, udp } tproxy ip6 to [::1]:$port meta mark set $fwmark_tproxy
     }
 
     chain tproxy_pre {

Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,8 @@ table inet cgproxy {`
`38`	`38`	`chain tproxy_ent {`
`39`	`39`	`# core`
`40`	`40`	`socket wildcard 0 mark set $fwmark_tproxy accept`
`41`		`- meta l4proto { tcp, udp } tproxy to :$port meta mark set $fwmark_tproxy`
	`41`	`+ meta l4proto { tcp, udp } tproxy ip to 127.0.0.1:$port meta mark set $fwmark_tproxy`
	`42`	`+ meta l4proto { tcp, udp } tproxy ip6 to [::1]:$port meta mark set $fwmark_tproxy`
`42`	`43`	`}`
`43`	`44`
`44`	`45`	`chain tproxy_pre {`