chunyu/sing-box-shell
1
0
Fork 0
mirror of https://github.com/Lsmoisu/sing-box-shell.git synced 2025-06-08 12:14:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

防火墙配置:允许本地回环接口流量

Browse Source
This commit is contained in:
chunyu 2025-03-10 10:50:44 +08:00
parent cfd2e19417
commit 4a3b00dea5
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
install.sh
View File

@ -401,6 +401,7 @@ flush ruleset
table inet filter { table inet filter {
chain input { chain input {
type filter hook input priority 0; policy drop; type filter hook input priority 0; policy drop;
iifname "lo" accept
ct state established,related accept ct state established,related accept
ip saddr { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 } accept ip saddr { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 } accept
tcp dport 22 accept tcp dport 22 accept
@ -423,6 +424,7 @@ EOF
systemctl enable nftables 2>/dev/null || log "WARN" "无法启用 nftables 服务" systemctl enable nftables 2>/dev/null || log "WARN" "无法启用 nftables 服务"
else else
iptables -F && iptables -t nat -F || { log "ERROR" "清理 IPv4 规则失败"; exit 1; } iptables -F && iptables -t nat -F || { log "ERROR" "清理 IPv4 规则失败"; exit 1; }
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 10.0.0.0/8 -j ACCEPT iptables -A INPUT -s 10.0.0.0/8 -j ACCEPT
iptables -A INPUT -s 172.16.0.0/12 -j ACCEPT iptables -A INPUT -s 172.16.0.0/12 -j ACCEPT