fix: revert ih rule

2025-12-16 08:44:29 +00:00 · 2025-12-13 16:08:24 +08:00 · 2025-12-13 16:08:24 +08:00 · 47bb5874f2
commit 47bb5874f2
parent 97263044f0
1 changed files with 12 additions and 27 deletions
--- a/src/internal/server/desync/nftables.go
+++ b/src/internal/server/desync/nftables.go
@ -57,31 +57,16 @@ func (s *Server) NftSetDesync(tx *knftables.Transaction, table *knftables.Table)
 		Rule:  netfilter.NftRuleIgnorePorts,
 	})

-	if netfilter.NftIHAvailable() {
-		tx.Add(&knftables.Rule{
-			Chain: chain.Name,
-			Rule: knftables.Concat(
-				"meta l4proto tcp",
-				"ct state established",
-				"ct direction original",
-				"@ih,0,8 & 0 == 0",
-				fmt.Sprintf("ct bytes < %d", s.CtByte),
-				fmt.Sprintf("ct packets < %d", s.CtPackets),
-				fmt.Sprintf("counter queue num %d bypass", s.nfqServer.QueueNum),
-			),
-		})
-	} else {
-		tx.Add(&knftables.Rule{
-			Chain: chain.Name,
-			Rule: knftables.Concat(
-				"meta l4proto tcp",
-				"ct state established",
-				"ct direction original",
-				"ip length > 41",
-				fmt.Sprintf("ct bytes < %d", s.CtByte),
-				fmt.Sprintf("ct packets < %d", s.CtPackets),
-				fmt.Sprintf("counter queue num %d bypass", s.nfqServer.QueueNum),
-			),
-		})
-	}
+	tx.Add(&knftables.Rule{
+		Chain: chain.Name,
+		Rule: knftables.Concat(
+			"meta l4proto tcp",
+			"ct state established",
+			"ct direction original",
+			"ip length > 41",
+			fmt.Sprintf("ct bytes < %d", s.CtByte),
+			fmt.Sprintf("ct packets < %d", s.CtPackets),
+			fmt.Sprintf("counter queue num %d bypass", s.nfqServer.QueueNum),
+		),
+	})
 }