How to use ss-redir on openwrt with fw4 nft #3012
Description
On openwrt 24 version,use fw4, the script file add iptables failed. I try write .nft file but not sure it working. Please Help! Help! Help!
.nft file:
set bypass_ipv4 {
type ipv4_addr
flags interval
auto-merge
elements = { 0.0.0.0/8, 10.0.0.0/8,
100.64.0.0/10, 127.0.0.0/8,
169.254.0.0/16, 172.16.0.0/12,
192.0.0.0/24, 192.0.2.0/24,
192.88.99.0/24, 192.168.0.0/16,
198.18.0.0/15, 198.51.100.0/24,
203.0.113.0/24, 224.0.0.0/3
}
}
set bypass_ipv6 {
type ipv6_addr
flags interval
elements = { ::1,
2001:db8::/32,
fc00::/7,
fe80::/10
}
}
chain prerouting_proxy {
type filter hook prerouting priority -300; policy accept;
fib daddr type local return
meta mark 0x00002333 return
ip daddr @bypass_ipv4 counter packets 1 bytes 144 return
ip6 daddr @bypass_ipv6 counter packets 0 bytes 0 return
ip6 daddr != 2000::/3 counter packets 0 bytes 0 return
ip daddr 192.168.90.15 tcp dport 38080 counter packets 0 bytes 0 return
ip daddr 192.168.90.15 udp dport 38080 counter packets 0 bytes 0 return
tcp flags syn meta mark set 0x00002333 counter
meta l4proto udp meta mark set 0x00002333 counter
ct mark set meta mark counter
meta l4proto { tcp, udp } counter packets 0 bytes 0 meta mark 0x00002333 tproxy ip to 127.0.0.1:60080
}
chain output_proxy {
type route hook output priority -300; policy accept;
fib daddr type local return
ip daddr @bypass_ipv4 counter packets 0 bytes 0 return
ip6 daddr { ::1, 2001:db8::/32, fc00::/7, fe80::/10 } counter packets 0 bytes 0 return
ip6 daddr != 2000::/3 counter packets 0 bytes 0 return
meta l4proto { tcp, udp } counter packets 0 bytes 0 meta mark set 0x00002333
}