From 511efcc785aaa146ec0bf392197bf0ef14c70576 Mon Sep 17 00:00:00 2001 From: Vadim Vetrov Date: Tue, 6 Aug 2024 01:00:32 +0300 Subject: [PATCH] Fix service and README for iptables to use connbytes --- README.md | 3 +++ youtubeUnblock.service | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 3691f52..e2cc477 100644 --- a/README.md +++ b/README.md @@ -56,6 +56,9 @@ If you have bad performance you can queue to youtubeUnblock only first, say, 20 The same behavior is also possible in iptables: `iptables -t mangle -A FORWARD -p tcp -m tcp --dport 443 -m connbytes --connbytes-dir original --connbytes-mode packets --connbytes 0:19 -j NFQUEUE --queue-num 537 --queue-bypass`. (The package iptables-mod-conntrack-extra is required for connbytes on OpenWRT) +For hosts change FORWARD to OUTPUT. + + ## OpenWRT case The package is also compatible with routers. The router should be running by linux-based system such as [OpenWRT](https://openwrt.org/). You can build under openwrt with two options: first - through the SDK, which is preferred way and second is cross-compile manually with openwrt toolchain. diff --git a/youtubeUnblock.service b/youtubeUnblock.service index fba168d..e368271 100644 --- a/youtubeUnblock.service +++ b/youtubeUnblock.service @@ -5,7 +5,7 @@ Description=youtubeUnblock StandardError=journal StandardOutput=journal StandardInput=null -ExecStartPre=iptables -t mangle -A OUTPUT -p tcp --dport 443 -j NFQUEUE --queue-num 537 --queue-bypass +ExecStartPre=iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 443 -m connbytes --connbytes-dir original --connbytes-mode packets --connbytes 0:19 -j NFQUEUE --queue-num 537 --queue-bypass ExecStart=$(PREFIX)/bin/youtubeUnblock 537 ExecStop=iptables -t mangle -D OUTPUT -p tcp --dport 443 -j NFQUEUE --queue-num 537 --queue-bypass