chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2024-10-23 08:29:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

Revert "services.xray: nebula do not bypass"

Browse Source 
This reverts commit 5a30ebe7b6.
This commit is contained in:
陈浩南 2023-12-05 14:41:05 +08:00
parent 5a30ebe7b6
commit a0c9b62c0e
1 changed files with 18 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
modules/services/xray.nix
View File

@ -258,18 +258,24 @@ inputs:
"${iptables} -t mangle -A OUTPUT -j v2ray_mark -w" "${iptables} -t mangle -A OUTPUT -j v2ray_mark -w"
] ]
++ (map (action: "${iptables} -t mangle -A v2ray_mark ${action} -w") ++ (map (action: "${iptables} -t mangle -A v2ray_mark ${action} -w")
[ (
"-m owner --uid-owner $(id -u v2ray) -j RETURN" (if inputs.config.nixos.system.networking.nebula.enable then
"-m set --match-set noproxy_src_net src -j RETURN" let user = inputs.config.systemd.services."nebula@nebula".serviceConfig.User;
"-m set --match-set xmu_net dst -p tcp -j MARK --set-mark 1/1" in [ "-m owner --uid-owner $(id -u ${user}) -j RETURN" ]
"-m set --match-set xmu_net dst -p udp -j MARK --set-mark 1/1" else [])
"-m set --match-set noproxy_net dst -j RETURN" ++ [
"-m set --match-set proxy_net dst -p tcp -j MARK --set-mark 1/1" "-m owner --uid-owner $(id -u v2ray) -j RETURN"
"-m set --match-set proxy_net dst -p udp -j MARK --set-mark 1/1" "-m set --match-set noproxy_src_net src -j RETURN"
"-m set --match-set lo_net dst -j RETURN" "-m set --match-set xmu_net dst -p tcp -j MARK --set-mark 1/1"
"-p tcp -j MARK --set-mark 1/1" "-m set --match-set xmu_net dst -p udp -j MARK --set-mark 1/1"
"-p udp -j MARK --set-mark 1/1" "-m set --match-set noproxy_net dst -j RETURN"
]) "-m set --match-set proxy_net dst -p tcp -j MARK --set-mark 1/1"
"-m set --match-set proxy_net dst -p udp -j MARK --set-mark 1/1"
"-m set --match-set lo_net dst -j RETURN"
"-p tcp -j MARK --set-mark 1/1"
"-p udp -j MARK --set-mark 1/1"
]
))
++ [ ++ [
"${ip} rule add fwmark 1/1 table 100" "${ip} rule add fwmark 1/1 table 100"
"${ip} route add local 0.0.0.0/0 dev lo table 100" "${ip} route add local 0.0.0.0/0 dev lo table 100"