Last active
March 4, 2024 09:39
-
-
Save codehz/db39a6d5732ccbd6343f277b78f1eb19 to your computer and use it in GitHub Desktop.
nftables for redir proxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ip rule add fwmark 0x233 lookup 100 | |
| ip route add local 0.0.0.0/0 dev lo table 100 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| define private_list = { | |
| 0.0.0.0/8, | |
| 10.0.0.0/8, | |
| 127.0.0.0/8, | |
| 169.254.0.0/16, | |
| 172.16.0.0/12, | |
| 192.168.0.0/16, | |
| 224.0.0.0/4, | |
| 240.0.0.0/4 | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| include "/etc/nftables/private.nft" | |
| table ip nat { | |
| chain proxy { | |
| ip daddr $private_list accept | |
| meta skuid clash accept | |
| ip protocol tcp redirect to :8889 | |
| } | |
| chain output { | |
| type nat hook output priority filter; policy accept; | |
| goto proxy | |
| } | |
| chain prerouting { | |
| type nat hook prerouting priority dstnat; policy accept; | |
| goto proxy | |
| } | |
| } | |
| table ip mangle { | |
| chain filter { | |
| ip daddr $private_list accept | |
| meta skuid clash accept | |
| return | |
| } | |
| chain output { | |
| type route hook output priority mangle; policy accept; | |
| jump filter | |
| ip protocol udp mark set 0x233 | |
| } | |
| chain prerouting { | |
| type filter hook prerouting priority mangle; policy accept; | |
| jump filter | |
| ip protocol udp tproxy to 127.0.0.1:8889 | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
请问一下clash有相应的配置文件吗