shadowsocks-libev: add nft_tcp_extra/nft_udp_extra options

To add extra statement to tcp/udp forward rule, example: ``` config ss_rules 'ss_rules' ... option nft_tcp_extra 'tcp dport { 80, 443 }' # tcp only forward connections with dport 80 or 443 option nft_udp_extra 'udp dport { 53 }' # udp only forward connections with dport 53 ``` This somewhat restores the old ipt_args functionality. Signed-off-by: Zhong Jianxin <azuwis@gmail.com> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> (Amend README.md a bit)
2025-12-26 11:16:31 +04:00 · 2022-03-02 15:26:55 +08:00
parent b370dd2175
commit 2de9035bda
4 changed files with 9 additions and 3 deletions
--- a/net/shadowsocks-libev/files/ss-rules/chain.uc
+++ b/net/shadowsocks-libev/files/ss-rules/chain.uc
@@ -97,7 +97,7 @@ chain ss_rules_dst_{{ proto }} {

 {%   if (proto == "tcp"): %}
 chain ss_rules_forward_{{ proto }} {
-	meta l4proto tcp redirect to :{{ redir_port }};
+	meta l4proto tcp {{ o_nft_tcp_extra }} redirect to :{{ redir_port }};
 }
 {%   let local_verdict = get_local_verdict(); if (local_verdict): %}
 chain ss_rules_local_out {
@@ -112,7 +112,7 @@ chain ss_rules_local_out {
 {%     endif %}
 {%   elif (proto == "udp"): %}
 chain ss_rules_forward_{{ proto }} {
-	meta l4proto udp meta mark set 1 tproxy to :{{ redir_port }};
+	meta l4proto udp {{ o_nft_udp_extra }} meta mark set 1 tproxy to :{{ redir_port }};
 }
 {%   endif %}
 {% endif %}