mirror of
https://github.com/bol-van/zapret.git
synced 2024-12-23 14:53:18 +00:00
readme: correct iptables-nft patch
This commit is contained in:
parent
c80a0d6273
commit
623675110f
@ -439,9 +439,18 @@ In some linux distros its possible to change current ip6tables using this comman
|
||||
If you want to stay with nftables-nft you need to patch and recompile your version.
|
||||
In nft.c find :
|
||||
```
|
||||
name= "PREROUTING",
|
||||
type = "filter",
|
||||
prio = -300, /* NF_IP_PRI_RAW */
|
||||
{
|
||||
.name = "PREROUTING",
|
||||
.type = "filter",
|
||||
.prio = -300, /* NF_IP_PRI_RAW */
|
||||
.hook = NF_INET_PRE_ROUTING,
|
||||
},
|
||||
{
|
||||
.name = "OUTPUT",
|
||||
.type = "filter",
|
||||
.prio = -300, /* NF_IP_PRI_RAW */
|
||||
.hook = NF_INET_LOCAL_OUT,
|
||||
},
|
||||
```
|
||||
and replace -300 to -450.
|
||||
|
||||
|
@ -473,10 +473,19 @@ options ip6table_raw raw_before_defrag=1
|
||||
В некоторых традиционных дистрибутивах можно изменить текущий ip6tables через : update-alternatives --config ip6tables
|
||||
Если вы хотите оставаться на iptables-nft, вам придется пересобрать патченную версию. Патч совсем небольшой.
|
||||
В nft.c найдите фрагмент :
|
||||
name= "PREROUTING",
|
||||
type = "filter",
|
||||
prio = -300, /* NF_IP_PRI_RAW */
|
||||
и замените -300 на -450.
|
||||
{
|
||||
.name = "PREROUTING",
|
||||
.type = "filter",
|
||||
.prio = -300, /* NF_IP_PRI_RAW */
|
||||
.hook = NF_INET_PRE_ROUTING,
|
||||
},
|
||||
{
|
||||
.name = "OUTPUT",
|
||||
.type = "filter",
|
||||
.prio = -300, /* NF_IP_PRI_RAW */
|
||||
.hook = NF_INET_LOCAL_OUT,
|
||||
},
|
||||
и замените везде -300 на -450.
|
||||
|
||||
Это нужно сделать вручную, никакой автоматики в blockcheck.sh нет.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user