From 23580da4956e915354dcb75bd874f28d00418f6d Mon Sep 17 00:00:00 2001
From: Vladimir Avtsenov <vladimir.lsk.cool@gmail.com>
Date: Wed, 12 Feb 2025 04:07:09 +0300
Subject: [PATCH] add FixProtect to NetfilterDHook

---
 group/group.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/group/group.go b/group/group.go
index 339655f..e62db19 100644
--- a/group/group.go
+++ b/group/group.go
@@ -159,6 +159,13 @@ func (g *Group) Sync(records *records.Records) error {
 }
 
 func (g *Group) NetfilterDHook(table string) error {
+	if g.enabled && g.FixProtect && table == "filter" {
+		err := g.iptables.AppendUnique("filter", "_NDM_SL_FORWARD", "-o", g.Interface, "-m", "state", "--state", "NEW", "-j", "_NDM_SL_PROTECT")
+		if err != nil {
+			return fmt.Errorf("failed to fix protect: %w", err)
+		}
+	}
+
 	return g.ipsetToLink.NetfilterDHook(table)
 }