From 96d4917fae042a079a8cdd49ec5c4392882ad5f0 Mon Sep 17 00:00:00 2001
From: SunBK201 <sunbk201gm@gmail.com>
Date: Sun, 30 Nov 2025 23:00:18 +0800
Subject: [PATCH] fix: enhance nfqueue detection to account for DESYNC rules

---
 src/internal/server/nfqueue/iptables.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/internal/server/nfqueue/iptables.go b/src/internal/server/nfqueue/iptables.go
index 1a153d3..5dba699 100644
--- a/src/internal/server/nfqueue/iptables.go
+++ b/src/internal/server/nfqueue/iptables.go
@@ -111,10 +111,14 @@ func (s *Server) detectNfqueue(ipt *iptables.IPTables) (pos int, exists bool) {
 	if err != nil {
 		return 0, false
 	}
+	lastIndex := -1
 	for i, rule := range rules {
 		if strings.Contains(rule, "NFQUEUE") {
-			return i + 1, true
+			lastIndex = max(lastIndex, i)
+		}
+		if strings.Contains(rule, "DESYNC") {
+			lastIndex = max(lastIndex, i)
 		}
 	}
-	return 0, false
+	return lastIndex + 1, lastIndex != -1
 }