unlimited-hotspot icon indicating copy to clipboard operation
unlimited-hotspot copied to clipboard

Published 20 hours ago verified publisher icon felikcat

iptables no longer used

Open GavinKacprowicz opened this issue 1 year ago • 1 comments

How would I do this same thing for nftables?

GavinKacprowicz avatar Jan 05 '24 01:01 GavinKacprowicz

Would this work?

Remove existing iptables entries

nft delete rule ip mangle PREROUTING iifname "usb+" ip ttl set add 2 nft delete rule ip mangle POSTROUTING oifname "usb+" ip ttl set add 2 nft delete rule ip6 mangle PREROUTING iifname "usb+" ip6 ! ip6 nexthdr icmpv6 ttl set add 2 nft delete rule ip6 mangle POSTROUTING oifname "usb+" ip6 ! ip6 nexthdr icmpv6 ttl set add 2

Move past TTL & HL hotspot detections

nft add table inet mangle nft add chain inet mangle PREROUTING { type filter hook prerouting priority 0 ; } nft add chain inet mangle POSTROUTING { type filter hook postrouting priority 0 ; }

nft add rule inet mangle PREROUTING iifname "usb+" ttl set add 2 nft insert rule inet mangle POSTROUTING oifname "usb+" ttl set add 2

nft add rule inet mangle PREROUTING iifname "usb+" ip protocol != icmpv6 hl set add 2 nft insert rule inet mangle POSTROUTING oifname "usb+" ip protocol != icmpv6 hl set add 2

GavinKacprowicz avatar Jan 05 '24 01:01 GavinKacprowicz