Merge 924fda7c80 into 979ab42c5a

2025-06-30 02:39:37 +00:00 · 2025-06-30 02:39:37 +00:00 · 1d17b81ded
commit 1d17b81ded
parent 979ab42c5a 924fda7c80
7 changed files with 35 additions and 0 deletions
--- a/client/server_scripts/awg/start.sh
+++ b/client/server_scripts/awg/start.sh
@ -11,6 +11,11 @@ wg-quick down /opt/amnezia/awg/wg0.conf
 # start daemons if configured
 if [ -f /opt/amnezia/awg/wg0.conf ]; then (wg-quick up /opt/amnezia/awg/wg0.conf); fi

+# check if nf_tables is loaded
+if lsmod | grep -qw nf_tables; then
+    ln -sf /sbin/xtables-nft-multi /sbin/iptables
+fi
+
 # Allow traffic on the TUN interface.
 iptables -A INPUT -i wg0 -j ACCEPT
 iptables -A FORWARD -i wg0 -j ACCEPT
--- a/client/server_scripts/openvpn/start.sh
+++ b/client/server_scripts/openvpn/start.sh
@ -7,6 +7,11 @@ ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up

 if [ ! -c /dev/net/tun ]; then mkdir -p /dev/net; mknod /dev/net/tun c 10 200; fi

+# check if nf_tables is loaded
+if lsmod | grep -qw nf_tables; then
+    ln -sf /sbin/xtables-nft-multi /sbin/iptables
+fi
+
 # Allow traffic on the TUN interface.
 iptables -A INPUT -i tun0 -j ACCEPT
 iptables -A FORWARD -i tun0 -j ACCEPT
--- a/client/server_scripts/openvpn_cloak/start.sh
+++ b/client/server_scripts/openvpn_cloak/start.sh
@ -7,6 +7,11 @@ ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up

 if [ ! -c /dev/net/tun ]; then mkdir -p /dev/net; mknod /dev/net/tun c 10 200; fi

+# check if nf_tables is loaded
+if lsmod | grep -qw nf_tables; then
+    ln -sf /sbin/xtables-nft-multi /sbin/iptables
+fi
+
 # Allow traffic on the TUN interface.
 iptables -A INPUT -i tun0 -j ACCEPT
 iptables -A FORWARD -i tun0 -j ACCEPT
--- a/client/server_scripts/openvpn_shadowsocks/start.sh
+++ b/client/server_scripts/openvpn_shadowsocks/start.sh
@ -7,6 +7,11 @@ ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up

 if [ ! -c /dev/net/tun ]; then mkdir -p /dev/net; mknod /dev/net/tun c 10 200; fi

+# check if nf_tables is loaded
+if lsmod | grep -qw nf_tables; then
+    ln -sf /sbin/xtables-nft-multi /sbin/iptables
+fi
+
 # Allow traffic on the TUN interface.
 iptables -A INPUT -i tun0 -j ACCEPT
 iptables -A FORWARD -i tun0 -j ACCEPT
--- a/client/server_scripts/prepare_host.sh
+++ b/client/server_scripts/prepare_host.sh
@ -7,3 +7,8 @@ if ! sudo docker network ls | grep -q amnezia-dns-net; then sudo docker network
  --opt com.docker.network.bridge.name=amn0 \
  amnezia-dns-net;\
 fi
+
+# check if nf_tables is loaded
+if lsmod | grep -qw nf_tables; then
+    sudo update-alternatives --set iptables /usr/sbin/iptables-nft
+fi
--- a/client/server_scripts/wireguard/start.sh
+++ b/client/server_scripts/wireguard/start.sh
@ -11,6 +11,11 @@ wg-quick down /opt/amnezia/wireguard/wg0.conf
 # start daemons if configured
 if [ -f /opt/amnezia/wireguard/wg0.conf ]; then (wg-quick up /opt/amnezia/wireguard/wg0.conf); fi

+# check if nf_tables is loaded
+if lsmod | grep -qw nf_tables; then
+    ln -sf /sbin/xtables-nft-multi /sbin/iptables
+fi
+
 # Allow traffic on the TUN interface.
 iptables -A INPUT -i wg0 -j ACCEPT
 iptables -A FORWARD -i wg0 -j ACCEPT
--- a/client/server_scripts/xray/start.sh
+++ b/client/server_scripts/xray/start.sh
@ -5,6 +5,11 @@
 echo "Container startup"
 #ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up

+# check if nf_tables is loaded
+if lsmod | grep -qw nf_tables; then
+    ln -sf /sbin/xtables-nft-multi /sbin/iptables
+fi
+
 iptables -A INPUT -i lo -j ACCEPT
 iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
 iptables -A INPUT -p icmp -j ACCEPT