Grey out DoT port 853 from proxy

Signed-off-by: Xu Tianliang <yorutsuki@live.com>
This commit is contained in:
Xu Tianliang 2022-01-02 03:32:35 +08:00
parent 6023dcae7c
commit 579ebdc018

View File

@ -120,7 +120,7 @@ flush_nat_iptables() {
echo "[Info]: Clean nat proxy iptables rules." echo "[Info]: Clean nat proxy iptables rules."
iptables_chains=`iptables-save -t nat | cut -d ' ' -f 1 | tr "\n" " "` iptables_chains=`iptables-save -t nat | cut -d ' ' -f 1 | tr "\n" " "`
${iptables_wait} -t nat -D PREROUTING -p tcp -j GUEST_TCP_PROXY 2>/dev/null ${iptables_wait} -t nat -D PREROUTING -p tcp -j GUEST_TCP_PROXY 2>/dev/null
${iptables_wait} -t nat -D OUTPUT -p tcp -j APP_TCP_PROXY 2>/dev/null ${iptables_wait} -t nat -D OUTPUT -p tcp ! --dport 853 -j APP_TCP_PROXY 2>/dev/null
if eval "echo \"${iptables_chains}\" | grep -q \":GUEST_TCP_PROXY \"" ; then if eval "echo \"${iptables_chains}\" | grep -q \":GUEST_TCP_PROXY \"" ; then
${iptables_wait} -t nat -F GUEST_TCP_PROXY ${iptables_wait} -t nat -F GUEST_TCP_PROXY
${iptables_wait} -t nat -X GUEST_TCP_PROXY ${iptables_wait} -t nat -X GUEST_TCP_PROXY
@ -176,7 +176,7 @@ proxy_app_tcp_iptables() {
${iptables_wait} -t nat -A APP_TCP_PROXY -m owner ! --uid-owner ${inet_uid} -j V2RAY ${iptables_wait} -t nat -A APP_TCP_PROXY -m owner ! --uid-owner ${inet_uid} -j V2RAY
fi fi
## apply proxy rules to iptables ## apply proxy rules to iptables
${iptables_wait} -t nat -A OUTPUT -p tcp -j APP_TCP_PROXY ${iptables_wait} -t nat -A OUTPUT -p tcp ! --dport 853 -j APP_TCP_PROXY
} }
proxy_guest_tcp_iptables() { proxy_guest_tcp_iptables() {