DaTekShaman/clash-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add functions to delete iptables rules by target and interface for improved cleanup

Browse Source
This commit is contained in:
DaTekShaman
2025-12-27 15:50:13 +03:00
parent 16ca0a11b6
commit a6cb527bb3
1 changed files with 22 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
scripts/iptables-mihomo-setup.sh
View File

@@ -19,6 +19,21 @@ EXCLUDE_IFACES=("tun0" "wg0")
# ---------------------------- # ----------------------------
ipt() { iptables "$@"; } ipt() { iptables "$@"; }
del_jump_all() {
local table="$1" chain="$2" target="$3"
# Delete all rules in $chain that jump to $target (repeat until none left)
while iptables -t "$table" -C "$chain" -j "$target" 2>/dev/null; do
iptables -t "$table" -D "$chain" -j "$target"
done
}
del_jump_iface_all() {
local table="$1" chain="$2" iface="$3" target="$4"
while iptables -t "$table" -C "$chain" -i "$iface" -j "$target" 2>/dev/null; do
iptables -t "$table" -D "$chain" -i "$iface" -j "$target"
done
}
ensure_ip_rule() { ensure_ip_rule() {
# Remove duplicates if any (doesn't error if absent) # Remove duplicates if any (doesn't error if absent)
while ip rule list | grep -q "fwmark ${FW_MARK} lookup ${ROUTE_TABLE}"; do while ip rule list | grep -q "fwmark ${FW_MARK} lookup ${ROUTE_TABLE}"; do
@@ -43,15 +58,15 @@ ipt -t nat -X MIHOMO_REDIR 2>/dev/null || true
# Keeping behavior to match your current approach, but yes, it nukes other rules. # Keeping behavior to match your current approach, but yes, it nukes other rules.
ipt -t nat -F OUTPUT 2>/dev/null || true ipt -t nat -F OUTPUT 2>/dev/null || true
del_jump_all nat OUTPUT MIHOMO_REDIR
# Create chain # Create chain
ipt -t nat -F MIHOMO_REDIR 2>/dev/null || true
ipt -t nat -X MIHOMO_REDIR 2>/dev/null || true
ipt -t nat -N MIHOMO_REDIR ipt -t nat -N MIHOMO_REDIR
# Exclude loopback and local subnets # Exclude loopback and local subnets
ipt -t nat -A MIHOMO_REDIR -d 127.0.0.0/8 -j RETURN # ipt -t nat -A MIHOMO_REDIR -d 127.0.0.0/8 -j RETURN
ipt -t nat -A MIHOMO_REDIR -d 10.0.0.0/8 -j RETURN # ipt -t nat -A MIHOMO_REDIR -d 10.0.0.0/8 -j RETURN
ipt -t nat -A MIHOMO_REDIR -d 172.16.0.0/12 -j RETURN # ipt -t nat -A MIHOMO_REDIR -d 172.16.0.0/12 -j RETURN
ipt -t nat -A MIHOMO_REDIR -d 192.168.0.0/16 -j RETURN ipt -t nat -A MIHOMO_REDIR -d 192.168.0.0/16 -j RETURN
# Exclude traffic that is going via tun0/wg0 (your "do not touch" tunnels) # Exclude traffic that is going via tun0/wg0 (your "do not touch" tunnels)
@@ -89,9 +104,9 @@ ensure_ip_rule
ipt -t mangle -F MIHOMO_TPROXY 2>/dev/null || true ipt -t mangle -F MIHOMO_TPROXY 2>/dev/null || true
ipt -t mangle -X MIHOMO_TPROXY 2>/dev/null || true ipt -t mangle -X MIHOMO_TPROXY 2>/dev/null || true
del_jump_iface_all mangle PREROUTING wt0 MIHOMO_TPROXY
# Create chain # Create chain
ipt -t mangle -F MIHOMO_TPROXY 2>/dev/null || true
ipt -t mangle -X MIHOMO_TPROXY 2>/dev/null || true
ipt -t mangle -N MIHOMO_TPROXY ipt -t mangle -N MIHOMO_TPROXY
# Exclusions: loopback/local subnets # Exclusions: loopback/local subnets