shinobu/router: Reduce semicolon usage

Only use it where it is necessary
This commit is contained in:
Simon Bruder 2023-09-08 13:08:43 +02:00
parent 2dab79f0bc
commit 94fcee359a
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC

View file

@ -66,7 +66,7 @@ in
table inet filter { table inet filter {
chain forward { chain forward {
type filter hook forward priority filter; policy drop; type filter hook forward priority filter; policy drop
# Use MSS clamping # Use MSS clamping
# to avoid too large packets from client on the lan # to avoid too large packets from client on the lan
@ -74,38 +74,40 @@ in
iifname wg-upstream tcp flags syn / syn,rst tcp option maxseg size set rt mtu iifname wg-upstream tcp flags syn / syn,rst tcp option maxseg size set rt mtu
oifname wg-upstream tcp flags syn / syn,rst tcp option maxseg size set rt mtu oifname wg-upstream tcp flags syn / syn,rst tcp option maxseg size set rt mtu
iifname $NAT_LAN_IFACES oifname $NAT_WAN_IFACES counter accept; iifname $NAT_LAN_IFACES oifname $NAT_WAN_IFACES counter accept
iifname $NAT_WAN_IFACES oifname $NAT_LAN_IFACES ct state established,related counter accept; iifname $NAT_WAN_IFACES oifname $NAT_LAN_IFACES ct state established,related counter accept
# plastic router # plastic router
iifname $NAT_LAN_IFACES oifname $PHYSICAL_WAN ip daddr $PLASTIC_ROUTER_V4 counter accept; iifname $NAT_LAN_IFACES oifname $PHYSICAL_WAN ip daddr $PLASTIC_ROUTER_V4 counter accept
iifname $PHYSICAL_WAN oifname $NAT_LAN_IFACES ip saddr $PLASTIC_ROUTER_V4 ct state established,related counter accept; iifname $PHYSICAL_WAN oifname $NAT_LAN_IFACES ip saddr $PLASTIC_ROUTER_V4 ct state established,related counter accept
iifname $NAT_LAN_IFACES oifname $PHYSICAL_WAN ip daddr $VUEKO_V4 udp dport $VUEKO_PORT counter accept; iifname $NAT_LAN_IFACES oifname $PHYSICAL_WAN ip daddr $VUEKO_V4 udp dport $VUEKO_PORT counter accept
iifname $PHYSICAL_WAN oifname $NAT_LAN_IFACES ip saddr $VUEKO_V4 udp sport $VUEKO_PORT ct state established,related counter accept; iifname $PHYSICAL_WAN oifname $NAT_LAN_IFACES ip saddr $VUEKO_V4 udp sport $VUEKO_PORT ct state established,related counter accept
iifname $NAT_LAN_IFACES oifname $PHYSICAL_WAN ip6 daddr $VUEKO_V6 udp dport $VUEKO_PORT counter accept; iifname $NAT_LAN_IFACES oifname $PHYSICAL_WAN ip6 daddr $VUEKO_V6 udp dport $VUEKO_PORT counter accept
iifname $PHYSICAL_WAN oifname $NAT_LAN_IFACES ip6 saddr $VUEKO_V6 udp sport $VUEKO_PORT ct state established,related counter accept; iifname $PHYSICAL_WAN oifname $NAT_LAN_IFACES ip6 saddr $VUEKO_V6 udp sport $VUEKO_PORT ct state established,related counter accept
} }
} }
table inet nat { table inet nat {
chain prerouting { chain prerouting {
type nat hook prerouting priority filter; policy accept; type nat hook prerouting priority filter; policy accept
} }
chain postrouting { chain postrouting {
type nat hook postrouting priority filter; policy accept; type nat hook postrouting priority filter; policy accept
oifname $MASQUERADE_IFACES masquerade; oifname $MASQUERADE_IFACES masquerade
} }
} }
table inet mangle { table inet mangle {
chain output { chain output {
type route hook output priority mangle; type route hook output priority mangle
# Add fwmark noVpnMark to packets to vueko, so it will get routed correctly # Add fwmark noVpnMark to packets to vueko, so it will get routed correctly
ip daddr $VUEKO_V4 udp dport $VUEKO_PORT mark set ${toString noVpnFwMark} counter; ip daddr $VUEKO_V4 udp dport $VUEKO_PORT mark set ${toString noVpnFwMark} counter
ip6 daddr $VUEKO_V6 udp dport $VUEKO_PORT mark set ${toString noVpnFwMark} counter; ip6 daddr $VUEKO_V6 udp dport $VUEKO_PORT mark set ${toString noVpnFwMark} counter
}
}
} }
} }
''; '';