From 23580da4956e915354dcb75bd874f28d00418f6d Mon Sep 17 00:00:00 2001 From: Vladimir Avtsenov <vladimir.lsk.cool@gmail.com> Date: Wed, 12 Feb 2025 04:07:09 +0300 Subject: [PATCH] add FixProtect to NetfilterDHook --- group/group.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/group/group.go b/group/group.go index 339655f..e62db19 100644 --- a/group/group.go +++ b/group/group.go @@ -159,6 +159,13 @@ func (g *Group) Sync(records *records.Records) error { } func (g *Group) NetfilterDHook(table string) error { + if g.enabled && g.FixProtect && table == "filter" { + err := g.iptables.AppendUnique("filter", "_NDM_SL_FORWARD", "-o", g.Interface, "-m", "state", "--state", "NEW", "-j", "_NDM_SL_PROTECT") + if err != nil { + return fmt.Errorf("failed to fix protect: %w", err) + } + } + return g.ipsetToLink.NetfilterDHook(table) }