| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | shadowsocks-libev: ss-rules: setup policy rules for udp/ip6 | Yousong Zhou | 2022-08-11 |
| | | | | | | | Supersedes: https://github.com/openwrt/packages/pull/18852 Fixes: https://github.com/openwrt/packages/issues/18850 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> | ||
| * | shadowsocks-libev: add nft_tcp_extra/nft_udp_extra options | Zhong Jianxin | 2022-03-07 |
| | | | | | | | | | | | | | | | | | | To add extra statement to tcp/udp forward rule, example: ``` config ss_rules 'ss_rules' ... option nft_tcp_extra 'tcp dport { 80, 443 }' # tcp only forward connections with dport 80 or 443 option nft_udp_extra 'udp dport { 53 }' # udp only forward connections with dport 53 ``` This somewhat restores the old ipt_args functionality. Signed-off-by: Zhong Jianxin <azuwis@gmail.com> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> (Amend README.md a bit) | ||
| * | shadowsocks-libev: convert to using nft | Yousong Zhou | 2022-03-01 |
| It will be mostly implemented with ucode templates installed at /usr/share/ss-rules and called from init script. The generated nftables rules will be stored at /etc/nftables.d/ Incompatible changes were introduced as described in the README.md file - Netfilter ipset was replaced with nftables sets - UCI options ipt_args and dst_forward_recentrst of section ss_rules are now deprecated. The former does not apply to nftables. The later not yet implemented with nftables. Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> | |||