diff --git a/client/server_scripts/awg/start.sh b/client/server_scripts/awg/start.sh index 108e85df..a23d2111 100644 --- a/client/server_scripts/awg/start.sh +++ b/client/server_scripts/awg/start.sh @@ -11,6 +11,11 @@ wg-quick down /opt/amnezia/awg/wg0.conf # start daemons if configured if [ -f /opt/amnezia/awg/wg0.conf ]; then (wg-quick up /opt/amnezia/awg/wg0.conf); fi +# check if nf_tables is loaded +if lsmod | grep -qw nf_tables; then + ln -sf /sbin/xtables-nft-multi /sbin/iptables +fi + # Allow traffic on the TUN interface. iptables -A INPUT -i wg0 -j ACCEPT iptables -A FORWARD -i wg0 -j ACCEPT diff --git a/client/server_scripts/openvpn/start.sh b/client/server_scripts/openvpn/start.sh index 4a56b5de..c3a73950 100644 --- a/client/server_scripts/openvpn/start.sh +++ b/client/server_scripts/openvpn/start.sh @@ -7,6 +7,11 @@ ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up if [ ! -c /dev/net/tun ]; then mkdir -p /dev/net; mknod /dev/net/tun c 10 200; fi +# check if nf_tables is loaded +if lsmod | grep -qw nf_tables; then + ln -sf /sbin/xtables-nft-multi /sbin/iptables +fi + # Allow traffic on the TUN interface. iptables -A INPUT -i tun0 -j ACCEPT iptables -A FORWARD -i tun0 -j ACCEPT diff --git a/client/server_scripts/openvpn_cloak/start.sh b/client/server_scripts/openvpn_cloak/start.sh index d40dafce..ea66ff4c 100644 --- a/client/server_scripts/openvpn_cloak/start.sh +++ b/client/server_scripts/openvpn_cloak/start.sh @@ -7,6 +7,11 @@ ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up if [ ! -c /dev/net/tun ]; then mkdir -p /dev/net; mknod /dev/net/tun c 10 200; fi +# check if nf_tables is loaded +if lsmod | grep -qw nf_tables; then + ln -sf /sbin/xtables-nft-multi /sbin/iptables +fi + # Allow traffic on the TUN interface. iptables -A INPUT -i tun0 -j ACCEPT iptables -A FORWARD -i tun0 -j ACCEPT diff --git a/client/server_scripts/openvpn_shadowsocks/start.sh b/client/server_scripts/openvpn_shadowsocks/start.sh index f9ab99c4..94664e48 100644 --- a/client/server_scripts/openvpn_shadowsocks/start.sh +++ b/client/server_scripts/openvpn_shadowsocks/start.sh @@ -7,6 +7,11 @@ ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up if [ ! -c /dev/net/tun ]; then mkdir -p /dev/net; mknod /dev/net/tun c 10 200; fi +# check if nf_tables is loaded +if lsmod | grep -qw nf_tables; then + ln -sf /sbin/xtables-nft-multi /sbin/iptables +fi + # Allow traffic on the TUN interface. iptables -A INPUT -i tun0 -j ACCEPT iptables -A FORWARD -i tun0 -j ACCEPT diff --git a/client/server_scripts/prepare_host.sh b/client/server_scripts/prepare_host.sh index 1cc56a01..1f176c8c 100644 --- a/client/server_scripts/prepare_host.sh +++ b/client/server_scripts/prepare_host.sh @@ -7,3 +7,8 @@ if ! sudo docker network ls | grep -q amnezia-dns-net; then sudo docker network --opt com.docker.network.bridge.name=amn0 \ amnezia-dns-net;\ fi + +# check if nf_tables is loaded +if lsmod | grep -qw nf_tables; then + sudo update-alternatives --set iptables /usr/sbin/iptables-nft +fi \ No newline at end of file diff --git a/client/server_scripts/wireguard/start.sh b/client/server_scripts/wireguard/start.sh index 62d8127c..7d523c67 100644 --- a/client/server_scripts/wireguard/start.sh +++ b/client/server_scripts/wireguard/start.sh @@ -11,6 +11,11 @@ wg-quick down /opt/amnezia/wireguard/wg0.conf # start daemons if configured if [ -f /opt/amnezia/wireguard/wg0.conf ]; then (wg-quick up /opt/amnezia/wireguard/wg0.conf); fi +# check if nf_tables is loaded +if lsmod | grep -qw nf_tables; then + ln -sf /sbin/xtables-nft-multi /sbin/iptables +fi + # Allow traffic on the TUN interface. iptables -A INPUT -i wg0 -j ACCEPT iptables -A FORWARD -i wg0 -j ACCEPT diff --git a/client/server_scripts/xray/start.sh b/client/server_scripts/xray/start.sh index 0148552f..5eeb0ca2 100644 --- a/client/server_scripts/xray/start.sh +++ b/client/server_scripts/xray/start.sh @@ -5,6 +5,11 @@ echo "Container startup" #ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up +# check if nf_tables is loaded +if lsmod | grep -qw nf_tables; then + ln -sf /sbin/xtables-nft-multi /sbin/iptables +fi + iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p icmp -j ACCEPT