mirror of
https://github.com/bol-van/zapret.git
synced 2024-12-23 06:42:34 +00:00
fix incoming connbytes range
This commit is contained in:
parent
f892b625d2
commit
2f9c69b33f
@ -328,7 +328,9 @@ produce_reverse_nfqws_rule()
|
||||
# autottl - need only one incoming packet
|
||||
[ "$MODE_FILTER" = autohostlist ] || rule=$(echo "$rule" | sed -re "s/$ipt_connbytes [0-9]+:[0-9]+/$ipt_connbytes 1:1/")
|
||||
else
|
||||
rule="$ipt_connbytes 1:$(first_packets_for_mode) $rule"
|
||||
local n=1
|
||||
[ "$MODE_FILTER" = autohostlist ] && n=$(first_packets_for_mode)
|
||||
rule="$ipt_connbytes 1:$n $rule"
|
||||
fi
|
||||
echo "$rule" | reverse_nfqws_rule_stream
|
||||
}
|
||||
|
@ -598,9 +598,13 @@ nft_produce_reverse_nfqws_rule()
|
||||
if contains "$rule" "$nft_connbytes "; then
|
||||
# autohostlist - need several incoming packets
|
||||
# autottl - need only one incoming packet
|
||||
[ "$MODE_FILTER" = autohostlist ] || rule=$(echo "$rule" | sed -re 's/$nft_connbytes [0-9]+-[0-9]+/$nft_connbytes 1-1/')
|
||||
[ "$MODE_FILTER" = autohostlist ] || rule=$(echo "$rule" | sed -re "s/$nft_connbytes [0-9]+-[0-9]+/$nft_connbytes 1/")
|
||||
else
|
||||
rule="$nft_connbytes 1-$(first_packets_for_mode) $rule"
|
||||
# old nft does not swallow 1-1
|
||||
local range=1
|
||||
[ "$MODE_FILTER" = autohostlist ] && range=$(first_packets_for_mode)
|
||||
[ "$range" = 1 ] || range="1-$range"
|
||||
rule="$nft_connbytes $range $rule"
|
||||
fi
|
||||
nft_reverse_nfqws_rule $rule
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user