Last active
January 22, 2022 11:00
-
-
Save duanckham/50bd8ed81d0955f0d83e7248c91655b8 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This file is interpreted as shell script. | |
| # Put your custom iptables rules here, they will | |
| # be executed with each firewall (re-)start. | |
| # Internal uci firewall chains are flushed and recreated on reload, so | |
| # put custom rules into the root chains e.g. INPUT or FORWARD or into the | |
| # special user chains, e.g. input_wan_rule or postrouting_lan_rule. | |
| # /etc/init.d/firewall restart | |
| iptables -t nat -N CLASH | |
| iptables -t nat -A CLASH -d 10.0.0.0/8 -j RETURN | |
| iptables -t nat -A CLASH -d 127.0.0.0/8 -j RETURN | |
| iptables -t nat -A CLASH -d 169.254.0.0/16 -j RETURN | |
| iptables -t nat -A CLASH -d 172.16.0.0/12 -j RETURN | |
| iptables -t nat -A CLASH -d 192.168.0.0/16 -j RETURN | |
| iptables -t nat -A CLASH -d 224.0.0.0/4 -j RETURN | |
| iptables -t nat -A CLASH -d 240.0.0.0/4 -j RETURN | |
| # Commonly used ports. | |
| iptables -t nat -A CLASH -p tcp -j REDIRECT --to-port 9999 | |
| # For fake-ip. | |
| iptables -t nat -A OUTPUT -p tcp -d 198.18.0.1/16 -j CLASH | |
| # For DNS request. | |
| iptables -t nat -A OUTPUT -p udp --dport 53 -s localhost -j RETURN | |
| iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-port 5353 | |
| # For all tcp connection. | |
| iptables -t nat -A PREROUTING -p tcp -m multiport --dports 22,80,443 -s 10.10.0.0/16 -j CLASH |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment