shinobu/router: Reduce semicolon usage

Only use it where it is necessary
This commit is contained in:
Simon Bruder 2023-09-08 13:08:43 +02:00
parent 2dab79f0bc
commit 94fcee359a
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC

View file

@ -66,7 +66,7 @@ in
table inet filter {
chain forward {
type filter hook forward priority filter; policy drop;
type filter hook forward priority filter; policy drop
# Use MSS clamping
# to avoid too large packets from client on the lan
@ -74,38 +74,40 @@ in
iifname wg-upstream tcp flags syn / syn,rst tcp option maxseg size set rt mtu
oifname wg-upstream tcp flags syn / syn,rst tcp option maxseg size set rt mtu
iifname $NAT_LAN_IFACES oifname $NAT_WAN_IFACES counter accept;
iifname $NAT_WAN_IFACES oifname $NAT_LAN_IFACES ct state established,related counter accept;
iifname $NAT_LAN_IFACES oifname $NAT_WAN_IFACES counter accept
iifname $NAT_WAN_IFACES oifname $NAT_LAN_IFACES ct state established,related counter accept
# plastic router
iifname $NAT_LAN_IFACES oifname $PHYSICAL_WAN ip daddr $PLASTIC_ROUTER_V4 counter accept;
iifname $PHYSICAL_WAN oifname $NAT_LAN_IFACES ip saddr $PLASTIC_ROUTER_V4 ct state established,related counter accept;
iifname $NAT_LAN_IFACES oifname $PHYSICAL_WAN ip daddr $PLASTIC_ROUTER_V4 counter accept
iifname $PHYSICAL_WAN oifname $NAT_LAN_IFACES ip saddr $PLASTIC_ROUTER_V4 ct state established,related counter accept
iifname $NAT_LAN_IFACES oifname $PHYSICAL_WAN ip daddr $VUEKO_V4 udp dport $VUEKO_PORT counter accept;
iifname $PHYSICAL_WAN oifname $NAT_LAN_IFACES ip saddr $VUEKO_V4 udp sport $VUEKO_PORT ct state established,related counter accept;
iifname $NAT_LAN_IFACES oifname $PHYSICAL_WAN ip6 daddr $VUEKO_V6 udp dport $VUEKO_PORT counter accept;
iifname $PHYSICAL_WAN oifname $NAT_LAN_IFACES ip6 saddr $VUEKO_V6 udp sport $VUEKO_PORT ct state established,related counter accept;
iifname $NAT_LAN_IFACES oifname $PHYSICAL_WAN ip daddr $VUEKO_V4 udp dport $VUEKO_PORT counter accept
iifname $PHYSICAL_WAN oifname $NAT_LAN_IFACES ip saddr $VUEKO_V4 udp sport $VUEKO_PORT ct state established,related counter accept
iifname $NAT_LAN_IFACES oifname $PHYSICAL_WAN ip6 daddr $VUEKO_V6 udp dport $VUEKO_PORT counter accept
iifname $PHYSICAL_WAN oifname $NAT_LAN_IFACES ip6 saddr $VUEKO_V6 udp sport $VUEKO_PORT ct state established,related counter accept
}
}
table inet nat {
chain prerouting {
type nat hook prerouting priority filter; policy accept;
type nat hook prerouting priority filter; policy accept
}
chain postrouting {
type nat hook postrouting priority filter; policy accept;
oifname $MASQUERADE_IFACES masquerade;
type nat hook postrouting priority filter; policy accept
oifname $MASQUERADE_IFACES masquerade
}
}
table inet mangle {
chain output {
type route hook output priority mangle;
type route hook output priority mangle
# Add fwmark noVpnMark to packets to vueko, so it will get routed correctly
ip daddr $VUEKO_V4 udp dport $VUEKO_PORT mark set ${toString noVpnFwMark} counter;
ip6 daddr $VUEKO_V6 udp dport $VUEKO_PORT mark set ${toString noVpnFwMark} counter;
ip daddr $VUEKO_V4 udp dport $VUEKO_PORT mark set ${toString noVpnFwMark} counter
ip6 daddr $VUEKO_V6 udp dport $VUEKO_PORT mark set ${toString noVpnFwMark} counter
}
}
}
}
'';