packages

Difuse/packages

Fork 0

Commit graph

Author	SHA1	Message	Date
Yousong Zhou	58aa859d06	shadowsocks-libev: ss-rules: setup policy rules for udp/ip6 Supersedes: https://github.com/openwrt/packages/pull/18852 Fixes: https://github.com/openwrt/packages/issues/18850 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>	2022-08-11 09:54:18 +08:00
Zhong Jianxin	2de9035bda	shadowsocks-libev: add nft_tcp_extra/nft_udp_extra options To add extra statement to tcp/udp forward rule, example: ``` config ss_rules 'ss_rules' ... option nft_tcp_extra 'tcp dport { 80, 443 }' # tcp only forward connections with dport 80 or 443 option nft_udp_extra 'udp dport { 53 }' # udp only forward connections with dport 53 ``` This somewhat restores the old ipt_args functionality. Signed-off-by: Zhong Jianxin <azuwis@gmail.com> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> (Amend README.md a bit)	2022-03-07 10:09:56 +08:00
Yousong Zhou	fdaf2de2ae	shadowsocks-libev: convert to using nft It will be mostly implemented with ucode templates installed at /usr/share/ss-rules and called from init script. The generated nftables rules will be stored at /etc/nftables.d/ Incompatible changes were introduced as described in the README.md file - Netfilter ipset was replaced with nftables sets - UCI options ipt_args and dst_forward_recentrst of section ss_rules are now deprecated. The former does not apply to nftables. The later not yet implemented with nftables. Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>	2022-03-01 10:06:48 +08:00

Author

SHA1

Message

Date

Yousong Zhou

58aa859d06

shadowsocks-libev: ss-rules: setup policy rules for udp/ip6

Supersedes: https://github.com/openwrt/packages/pull/18852
Fixes: https://github.com/openwrt/packages/issues/18850
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>

2022-08-11 09:54:18 +08:00

Zhong Jianxin

2de9035bda

shadowsocks-libev: add nft_tcp_extra/nft_udp_extra options

To add extra statement to tcp/udp forward rule, example:

```
config ss_rules 'ss_rules'
    ...
    option nft_tcp_extra 'tcp dport { 80, 443 }' # tcp only forward connections with dport 80 or 443
    option nft_udp_extra 'udp dport { 53 }' # udp only forward connections with dport 53
```

This somewhat restores the old ipt_args functionality.

Signed-off-by: Zhong Jianxin <azuwis@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(Amend README.md a bit)

2022-03-07 10:09:56 +08:00

Yousong Zhou

fdaf2de2ae

shadowsocks-libev: convert to using nft

It will be mostly implemented with ucode templates installed at
/usr/share/ss-rules and called from init script.  The generated nftables
rules will be stored at /etc/nftables.d/

Incompatible changes were introduced as described in the README.md file

 - Netfilter ipset was replaced with nftables sets
 - UCI options ipt_args and dst_forward_recentrst of section ss_rules
   are now deprecated.  The former does not apply to nftables.  The
   later not yet implemented with nftables.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>

2022-03-01 10:06:48 +08:00

3 commits