From e0abd3f9dc54aa2a60395785e6a348bb6058e9b7 Mon Sep 17 00:00:00 2001
From: Mykola Baibuz <mykola.baibuz@gmail.com>
Date: Mon, 30 Dec 2024 13:21:45 +0200
Subject: [PATCH] XRay Linux firewall rules

---
 client/platforms/linux/daemon/linuxfirewall.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/client/platforms/linux/daemon/linuxfirewall.cpp b/client/platforms/linux/daemon/linuxfirewall.cpp
index 393c24f2..96194bc7 100644
--- a/client/platforms/linux/daemon/linuxfirewall.cpp
+++ b/client/platforms/linux/daemon/linuxfirewall.cpp
@@ -196,6 +196,8 @@ QStringList LinuxFirewall::getDNSRules(const QStringList& servers)
         result << QStringLiteral("-o amn0+ -d %1 -p tcp --dport 53 -j ACCEPT").arg(server);
         result << QStringLiteral("-o tun0+ -d %1 -p udp --dport 53 -j ACCEPT").arg(server);
         result << QStringLiteral("-o tun0+ -d %1 -p tcp --dport 53 -j ACCEPT").arg(server);
+        result << QStringLiteral("-o tun2+ -d %1 -p udp --dport 53 -j ACCEPT").arg(server);
+        result << QStringLiteral("-o tun2+ -d %1 -p tcp --dport 53 -j ACCEPT").arg(server);
     }
     return result;
 }
@@ -277,6 +279,7 @@ void LinuxFirewall::install()
     installAnchor(Both, QStringLiteral("200.allowVPN"), {
                                                             QStringLiteral("-o amn0+ -j ACCEPT"),
                                                             QStringLiteral("-o tun0+ -j ACCEPT"),
+                                                            QStringLiteral("-o tun2+ -j ACCEPT"),
                                                         });
 
     installAnchor(IPv4, QStringLiteral("120.blockNets"), {});