From e7f3e076296e753f9730cd23b966cdad1f53034c Mon Sep 17 00:00:00 2001 From: CHIZI-0618 Date: Tue, 2 Jul 2024 12:22:31 +0800 Subject: [PATCH] Revert "Trying to fix local traffic loops" This reverts commit 74dc2bf4a7cb527360ebf942375ef0cb23524d42. --- box/scripts/box.tproxy | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/box/scripts/box.tproxy b/box/scripts/box.tproxy index d5d1f8b..e6cc44a 100755 --- a/box/scripts/box.tproxy +++ b/box/scripts/box.tproxy @@ -184,9 +184,9 @@ start_tproxy() { # Skip traffic already handled by TProxy # If the interface of the default route has a public IPv4 or IPv6 address assigned by the ISP, omitting these rules will result in abnormal proxy behavior for local traffic, which may cause the entire network to run slower - ${iptables} -t mangle -A BOX_EXTERNAL -p tcp -m socket --transparent -j MARK --set-xmark ${mark_id} - ${iptables} -t mangle -A BOX_EXTERNAL -p udp -m socket --transparent -j MARK --set-xmark ${mark_id} - ${iptables} -t mangle -A BOX_EXTERNAL -m socket -j RETURN + # ${iptables} -t mangle -A BOX_EXTERNAL -p tcp -m socket --transparent -j MARK --set-xmark ${mark_id} + # ${iptables} -t mangle -A BOX_EXTERNAL -p udp -m socket --transparent -j MARK --set-xmark ${mark_id} + # ${iptables} -t mangle -A BOX_EXTERNAL -m socket -j RETURN if [ "${bin_name}" = "clash" ] || [ "${bin_name}" = "hysteria" ] ; then ${iptables} -t mangle -A BOX_EXTERNAL -p tcp --dport 53 -j RETURN @@ -320,13 +320,13 @@ start_tproxy() { ${iptables} -t mangle -I OUTPUT -j BOX_LOCAL - # ${iptables} -t mangle -N DIVERT - # ${iptables} -t mangle -F DIVERT + ${iptables} -t mangle -N DIVERT + ${iptables} -t mangle -F DIVERT - # ${iptables} -t mangle -A DIVERT -j MARK --set-xmark ${mark_id} - # ${iptables} -t mangle -A DIVERT -j ACCEPT + ${iptables} -t mangle -A DIVERT -j MARK --set-xmark ${mark_id} + ${iptables} -t mangle -A DIVERT -j ACCEPT - # ${iptables} -t mangle -I PREROUTING -p tcp -m socket -j DIVERT + ${iptables} -t mangle -I PREROUTING -p tcp -m socket -j DIVERT # This rule blocks local access to tproxy-port to prevent traffic loopback.