modules.services.nginx/xray: fix iptables rules

2026-01-12 04:39:23 +08:00 · 2025-03-09 21:50:16 +08:00
parent 5b74c36347
commit 121bd9a541
2 changed files with 6 additions and 1 deletions
--- a/modules/services/nginx/default.nix
+++ b/modules/services/nginx/default.nix
@@ -352,10 +352,12 @@ inputs:
                ${iptables} -t mangle -A OUTPUT -j nginx_proxy_mark
                ${iptables} -t mangle -A nginx_proxy_mark -s 127.0.0.1 -p tcp \
                  -m set --match-set nginx_proxy_port src -j MARK --set-mark 2/2
+                ${iptables} -t mangle -A nginx_proxy_mark -j RETURN
                ${iptables} -t mangle -N nginx_proxy
                ${iptables} -t mangle -A PREROUTING -j nginx_proxy
                ${iptables} -t mangle -A nginx_proxy -s 127.0.0.1 -p tcp \
                  -m set --match-set nginx_proxy_port src -j MARK --set-mark 2/2
+                ${iptables} -t mangle -A nginx_proxy -j RETURN
                ${ip} rule add fwmark 2/2 table 200
                ${ip} route add local 0.0.0.0/0 dev lo table 200
              ''
--- a/modules/services/xray.nix
+++ b/modules/services/xray.nix
@@ -279,6 +279,7 @@ inputs:
                    "-m set --match-set lo_net dst -j RETURN"
                    "-p tcp -j TPROXY --on-port ${autoPort} --tproxy-mark 1/1"
                    "-p udp -j TPROXY --on-port ${autoPort} --tproxy-mark 1/1"
+                    "-j RETURN"
                  ])
                  ++ [
                    "${iptables} -t mangle -N v2ray_mark -w"
@@ -298,7 +299,9 @@ inputs:
                      "-m set --match-set xmu_net dst -j MARK --set-mark 1/1"
                      "-m set --match-set proxy_net dst -j MARK --set-mark 1/1"
                      "-m set --match-set lo_net dst -j RETURN"
-                      "-j MARK --set-mark 1/1"
+                      "-p tcp -j MARK --set-mark 1/1"
+                      "-p udp -j MARK --set-mark 1/1"
+                      "-j RETURN"
                    ]
                  ))
                  ++ [