flush ruleset
define RESERVED_IP = {
100.64.0.0/10,
127.0.0.0/8,
169.254.0.0/16,
172.16.0.0/12,
192.0.0.0/24,
224.0.0.0/4,
240.0.0.0/4,
255.255.255.255/32
}
define RESERVED_IP6 = {
::1/128,
::/128,
fe80::/10,
ff00::/8,
fc00::/7,
2001:db8::/32,
fec0::/10
}
define LOCAL_NET = { 10.10.10.0/24 }
define LOCAL_NET6 = { fddd:dddd::/64 }
table ip mihomo {
chain prerouting {
type filter hook prerouting priority mangle; policy accept;
ip daddr $RESERVED_IP return
ip daddr $LOCAL_NET return
udp dport { 123 } return
meta mark 1234 return
ip protocol tcp tproxy to :7895 meta mark set 1
ip protocol udp tproxy to :7895 meta mark set 1
}
chain output {
type route hook output priority mangle; policy accept;
ip daddr $RESERVED_IP return
ip daddr $LOCAL_NET return
udp dport { 123 } return
meta mark 1234 return
ip protocol tcp meta mark set 1
ip protocol udp meta mark set 1
}
}
table ip6 mihomo {
chain prerouting {
type filter hook prerouting priority mangle; policy accept;
ip6 daddr $RESERVED_IP6 return
ip6 daddr $LOCAL_NET6 return
meta mark 1234 return
ip6 nexthdr tcp tproxy to :7895 meta mark set 1
ip6 nexthdr udp tproxy to :7895 meta mark set 1
}
chain output {
type route hook output priority mangle; policy accept;
ip6 daddr $RESERVED_IP6 return
ip6 daddr $LOCAL_NET6 return
meta mark 1234 return
ip6 nexthdr tcp meta mark set 1
ip6 nexthdr udp meta mark set 1
}
chain forward {
type filter hook forward priority mangle; policy accept;
tcp flags syn tcp option maxseg size set 1280
}
}
