fix: enhance nfqueue detection to account for DESYNC rules

2025-12-16 08:44:29 +00:00 · 2025-11-30 23:00:18 +08:00 · 2025-11-30 23:00:18 +08:00 · 96d4917fae
commit 96d4917fae
parent 97c9371aef
1 changed files with 6 additions and 2 deletions
--- a/src/internal/server/nfqueue/iptables.go
+++ b/src/internal/server/nfqueue/iptables.go
@ -111,10 +111,14 @@ func (s *Server) detectNfqueue(ipt *iptables.IPTables) (pos int, exists bool) {
 	if err != nil {
 		return 0, false
 	}
+	lastIndex := -1
 	for i, rule := range rules {
 		if strings.Contains(rule, "NFQUEUE") {
-			return i + 1, true
+			lastIndex = max(lastIndex, i)
+		}
+		if strings.Contains(rule, "DESYNC") {
+			lastIndex = max(lastIndex, i)
 		}
 	}
-	return 0, false
+	return lastIndex + 1, lastIndex != -1
 }