From 3dec4a0d658a7d7799f25785dbaceb99621a46cf Mon Sep 17 00:00:00 2001 From: juewuy Date: Tue, 6 Jan 2026 15:58:51 +0800 Subject: [PATCH] =?UTF-8?q?~=E4=BC=98=E5=8C=96=E5=B1=8F=E8=94=BDquic?= =?UTF-8?q?=E5=AE=9E=E7=8E=B0=E6=9C=BA=E5=88=B6=EF=BC=8C=E4=BF=AE=E5=A4=8D?= =?UTF-8?q?bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- scripts/starts/fw_nftables.sh | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/scripts/starts/fw_nftables.sh b/scripts/starts/fw_nftables.sh index e4ae5ad7..509d40c4 100644 --- a/scripts/starts/fw_nftables.sh +++ b/scripts/starts/fw_nftables.sh @@ -91,6 +91,8 @@ start_nft_route() { #nftables-route通用工具 else nft add rule inet shellcrash $1 meta nfproto ipv6 return fi + #屏蔽quic + [ "$quic_rj" = '已启用' -a "$lan_proxy" = true ] && nft add rule inet shellcrash $1 udp dport {443, 8443} return #添加通用路由 nft add rule inet shellcrash "$1" "$JUMP" #处理特殊路由 @@ -151,7 +153,7 @@ start_nft_wan() { #nftables公网防火墙 nft add rule inet shellcrash input udp dport $reject_ports reject #fw4特殊处理 nft list chain inet fw4 input >/dev/null 2>&1 && \ - nft list chain inet fw4 input | grep -q 'meta mark 0x67890 accept' || \ + nft list chain inet fw4 input | grep -q '67890' || \ nft insert rule inet fw4 input meta mark 0x67890 accept 2>/dev/null } start_nftables() { #nftables配置总入口 @@ -206,13 +208,4 @@ start_nftables() { #nftables配置总入口 JUMP="meta l4proto tcp redirect to $redir_port" #跳转劫持的具体命令 start_nft_route prerouting_vm prerouting nat -100 } - #屏蔽QUIC - [ "$quic_rj" = '已启用' -a "$lan_proxy" = true ] && { - [ "$redir_mod" != "Redir模式" ] && { - nft add chain inet shellcrash quic_rj { type filter hook input priority 0 \; } - [ -n "$CN_IP" ] && nft add rule inet shellcrash quic_rj ip daddr @cn_ip return - [ -n "$CN_IP6" ] && nft add rule inet shellcrash quic_rj ip6 daddr @cn_ip6 return - nft add rule inet shellcrash quic_rj udp dport {443, 8443} reject comment 'ShellCrash-QUIC-REJECT' - } - } }