From 4a3b00dea582bbf193d332fb2a5f26e9b39f3d7a Mon Sep 17 00:00:00 2001
From: chunyu <springrain_he@163.com>
Date: Mon, 10 Mar 2025 10:50:44 +0800
Subject: [PATCH] =?UTF-8?q?=E9=98=B2=E7=81=AB=E5=A2=99=E9=85=8D=E7=BD=AE?=
 =?UTF-8?q?=EF=BC=9A=E5=85=81=E8=AE=B8=E6=9C=AC=E5=9C=B0=E5=9B=9E=E7=8E=AF?=
 =?UTF-8?q?=E6=8E=A5=E5=8F=A3=E6=B5=81=E9=87=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 install.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/install.sh b/install.sh
index 24f7a4a..413886e 100644
--- a/install.sh
+++ b/install.sh
@@ -401,6 +401,7 @@ flush ruleset
 table inet filter {
     chain input {
         type filter hook input priority 0; policy drop;
+        iifname "lo" accept
         ct state established,related accept
         ip saddr { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 } accept
         tcp dport 22 accept
@@ -423,6 +424,7 @@ EOF
         systemctl enable nftables 2>/dev/null || log "WARN" "无法启用 nftables 服务"
     else
         iptables -F && iptables -t nat -F || { log "ERROR" "清理 IPv4 规则失败"; exit 1; }
+        iptables -A INPUT -i lo -j ACCEPT
         iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
         iptables -A INPUT -s 10.0.0.0/8 -j ACCEPT
         iptables -A INPUT -s 172.16.0.0/12 -j ACCEPT