fix: use iptables-nft if nftables is loaded

2025-03-28 18:29:06 +03:00 · 2025-03-28 18:29:06 +03:00 · fa32608c61
commit fa32608c61
parent 2a6e6a1e24
7 changed files with 35 additions and 0 deletions
--- a/client/server_scripts/awg/start.sh
+++ b/client/server_scripts/awg/start.sh
@ -11,6 +11,11 @@ wg-quick down /opt/amnezia/awg/wg0.conf
 # start daemons if configured
 if [ -f /opt/amnezia/awg/wg0.conf ]; then (wg-quick up /opt/amnezia/awg/wg0.conf); fi
 # check if nf_tables is loaded
 if lsmod | grep -qw nf_tables; then
    ln -sf /sbin/xtables-nft-multi /sbin/iptables
 fi
 # Allow traffic on the TUN interface.
 iptables -A INPUT -i wg0 -j ACCEPT
 iptables -A FORWARD -i wg0 -j ACCEPT
--- a/client/server_scripts/openvpn/start.sh
+++ b/client/server_scripts/openvpn/start.sh
@ -7,6 +7,11 @@ ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up
 if [ ! -c /dev/net/tun ]; then mkdir -p /dev/net; mknod /dev/net/tun c 10 200; fi
 # check if nf_tables is loaded
 if lsmod | grep -qw nf_tables; then
    ln -sf /sbin/xtables-nft-multi /sbin/iptables
 fi
 # Allow traffic on the TUN interface.
 iptables -A INPUT -i tun0 -j ACCEPT
 iptables -A FORWARD -i tun0 -j ACCEPT
--- a/client/server_scripts/openvpn_cloak/start.sh
+++ b/client/server_scripts/openvpn_cloak/start.sh
@ -7,6 +7,11 @@ ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up
 if [ ! -c /dev/net/tun ]; then mkdir -p /dev/net; mknod /dev/net/tun c 10 200; fi
 # check if nf_tables is loaded
 if lsmod | grep -qw nf_tables; then
    ln -sf /sbin/xtables-nft-multi /sbin/iptables
 fi
 # Allow traffic on the TUN interface.
 iptables -A INPUT -i tun0 -j ACCEPT
 iptables -A FORWARD -i tun0 -j ACCEPT
--- a/client/server_scripts/openvpn_shadowsocks/start.sh
+++ b/client/server_scripts/openvpn_shadowsocks/start.sh
@ -7,6 +7,11 @@ ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up
 if [ ! -c /dev/net/tun ]; then mkdir -p /dev/net; mknod /dev/net/tun c 10 200; fi
 # check if nf_tables is loaded
 if lsmod | grep -qw nf_tables; then
    ln -sf /sbin/xtables-nft-multi /sbin/iptables
 fi
 # Allow traffic on the TUN interface.
 iptables -A INPUT -i tun0 -j ACCEPT
 iptables -A FORWARD -i tun0 -j ACCEPT
--- a/client/server_scripts/setup_host_firewall.sh
+++ b/client/server_scripts/setup_host_firewall.sh
@ -1,3 +1,8 @@
 # check if nf_tables is loaded
 if lsmod | grep -qw nf_tables; then
    sudo update-alternatives --set iptables /usr/sbin/iptables-nft
 fi
 sudo sysctl -w net.ipv4.ip_forward=1
 sudo iptables -C INPUT -p icmp --icmp-type echo-request -j DROP || sudo iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
--- a/client/server_scripts/wireguard/start.sh
+++ b/client/server_scripts/wireguard/start.sh
@ -11,6 +11,11 @@ wg-quick down /opt/amnezia/wireguard/wg0.conf
 # start daemons if configured
 if [ -f /opt/amnezia/wireguard/wg0.conf ]; then (wg-quick up /opt/amnezia/wireguard/wg0.conf); fi
 # check if nf_tables is loaded
 if lsmod | grep -qw nf_tables; then
    ln -sf /sbin/xtables-nft-multi /sbin/iptables
 fi
 # Allow traffic on the TUN interface.
 iptables -A INPUT -i wg0 -j ACCEPT
 iptables -A FORWARD -i wg0 -j ACCEPT
--- a/client/server_scripts/xray/start.sh
+++ b/client/server_scripts/xray/start.sh
@ -5,6 +5,11 @@
 echo "Container startup"
 #ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up
 # check if nf_tables is loaded
 if lsmod | grep -qw nf_tables; then
    ln -sf /sbin/xtables-nft-multi /sbin/iptables
 fi
 iptables -A INPUT -i lo -j ACCEPT
 iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
 iptables -A INPUT -p icmp -j ACCEPT