This repository was archived by the owner on Mar 22, 2026. It is now read-only.
FAQ
-
Q: Does the script work with asymmetric routing?
A: Nope. RP filter will nuke the packets. To fix it, open10-main.nftand comment out the RP Filter rule — see the screenshot.Commented out RP Filter rule
-
Q: Does this script work on routers?
A: By default — no, it's for servers and desktops. But you can get it working by reviewing rules in10-main.nftand tweaks insysctl.conf(we have comments there that'll let you know what should you comment out). Also, check out Fast-path — worth it.
-
Q: I installed the script, didn't touch anything, only SSH works. Why?
A: You need to know what ports and protocols your services use. Google the service name, figure that out (like UDP&TCP 53 for DNS), then follow the .gif and restart the script.Quick .gif demo of adding two rules
-
Q: My server's under attack and CPU usage is high. Can I fix that?
A: Ruleset’s already tuned, but yeah, it happens. Run:
sudo tcpdump -n -c 20000 -w pcap.pcap
Save that.pcap, send it to me later. You can also disable all the rules counters if you don't care about them and all your services work properly.
-
Q: How do I uninstall it?
A:- Kill the sysctl tweaks:
sudo rm /etc/sysctl.d/99-yuki.conf - Restore or remove
nftables.conf:
sudo rm /etc/nftables.conf
(or replace it from backup inantiddos/backups/nftables/) - Flush the rules (optional):
sudo nft flush ruleset - If using a restored config, apply it immediately:
sudo nft -f -o /etc/nftables.conf sudo rm -r /etc/yukiscript- Delete the script folder. Done.
Note:-f= apply from file,-o= optimize (e.g., merge rules).
- Kill the sysctl tweaks:
-
Q: How do I check rule stats?
A:- Basic:
sudo nft list ruleset - Live stats:
watch -n0.5 nft list ruleset(change0.5for update interval)
- Basic: