him411/UA3F
1
0
Fork 0
mirror of https://github.com/SunBK201/UA3F.git synced 2025-12-16 08:44:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: ensure firewall setup netlink helper behind nfqueue server

Browse Source
This commit is contained in:
SunBK201 2025-11-21 01:27:18 +08:00
parent a3cd2cbef8
commit 16a08cb5a3
1 changed files with 22 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/internal/server/nfqueue/iptables.go
View File

@ -4,6 +4,7 @@ package nfqueue
import (
"strconv"
"strings"
"github.com/coreos/go-iptables/iptables"
"github.com/sunbk201/ua3f/internal/netfilter"
@ -36,7 +37,13 @@ func (s *Server) iptSetup() error {
return err
}
err = ipt.Append(table, jumpPoint, JumpChain...)
// ensure netlink helper behind nfqueue server
pos, exists := s.detectNfqueue(ipt)
if !exists {
err = ipt.Append(table, jumpPoint, JumpChain...)
} else {
err = ipt.Insert(table, jumpPoint, pos-1, JumpChain...)
}
if err != nil {
return err
}
@ -97,3 +104,17 @@ func (s *Server) IptSetNfqueue(ipt *iptables.IPTables) error {
}
return nil
}
// detect if iptables nfqueue rule exists and return nfqueue rule position
func (s *Server) detectNfqueue(ipt *iptables.IPTables) (pos int, exists bool) {
rules, err := ipt.List(table, jumpPoint)
if err != nil {
return 0, false
}
for i, rule := range rules {
if strings.Contains(rule, "NFQUEUE") {
return i + 1, true
}
}
return 0, false
}