Skip to content

Instantly share code, notes, and snippets.

@EkkoG

EkkoG/PSW.rules

Last active May 5, 2021 14:36
Show Gist options
  • Save EkkoG/c5f3d3bae8687b3566fa2db74d8a95a7 to your computer and use it in GitHub Desktop.
Save EkkoG/c5f3d3bae8687b3566fa2db74d8a95a7 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
PSW.rules
:PSW - [0:0]
:PSW_OUTPUT - [0:0]
-A PREROUTING -p tcp -j PSW
-A OUTPUT -p tcp -j PSW_OUTPUT
-A PSW -m set --match-set laniplist dst -j RETURN
-A PSW -m set --match-set vpsiplist dst -j RETURN
-A PSW -m set --match-set whitelist dst -j RETURN
-A PSW -m mark --mark 0xff -j RETURN
-A PSW -d 11.1.1.1/32 -p tcp -m comment --comment "\'默认\'" -j REDIRECT --to-ports 1041
-A PSW -p tcp -m comment --comment "\'默认\'" -m set --match-set shuntlist dst -j REDIRECT --to-ports 1041
-A PSW -p tcp -m comment --comment "\'默认\'" -m set --match-set blacklist dst -j REDIRECT --to-ports 1041
-A PSW -p tcp -m comment --comment "\'默认\'" -m set ! --match-set chnroute dst -j REDIRECT --to-ports 1041
-A PSW -p tcp -m comment --comment "\'默认\'" -j RETURN
-A PSW_OUTPUT -m set --match-set laniplist dst -j RETURN
-A PSW_OUTPUT -d xxxxxxx/32 -p tcp -m comment --comment "\':20002\'" -m tcp --dport 20002 -j RETURN
-A PSW_OUTPUT -m set --match-set vpsiplist dst -j RETURN
-A PSW_OUTPUT -m set --match-set whitelist dst -j RETURN
-A PSW_OUTPUT -m mark --mark 0xff -j RETURN
-A PSW_OUTPUT -d 11.1.1.1/32 -p tcp -j REDIRECT --to-ports 1041
-A PSW_OUTPUT -p tcp -m set --match-set shuntlist dst -j REDIRECT --to-ports 1041
-A PSW_OUTPUT -p tcp -m set --match-set blacklist dst -j REDIRECT --to-ports 1041
-A PSW_OUTPUT -p tcp -m set ! --match-set chnroute dst -j REDIRECT --to-ports 1041
:PSW - [0:0]
:PSW_DIVERT - [0:0]
:PSW_OUTPUT - [0:0]
-A PREROUTING -p tcp -m socket -j PSW_DIVERT
-A PREROUTING -j PSW
-A OUTPUT -p udp -j PSW_OUTPUT
-A PSW -m set --match-set laniplist dst -j RETURN
-A PSW -m set --match-set vpsiplist dst -j RETURN
-A PSW -m set --match-set whitelist dst -j RETURN
-A PSW -m mark --mark 0xff -j RETURN
-A PSW -m set --match-set blocklist dst -j DROP
-A PSW -p tcp -m comment --comment "\'默认\'" -j RETURN
-A PSW -d 11.1.1.1/32 -p udp -m comment --comment "\'默认\'" -j TPROXY --on-port 1051 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1
-A PSW -p udp -m comment --comment "\'默认\'" -m set --match-set shuntlist dst -j TPROXY --on-port 1051 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1
-A PSW -p udp -m comment --comment "\'默认\'" -m set --match-set blacklist dst -j TPROXY --on-port 1051 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1
-A PSW -p udp -m comment --comment "\'默认\'" -m set ! --match-set chnroute dst -j TPROXY --on-port 1051 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1
-A PSW -p udp -m comment --comment "\'默认\'" -j RETURN
-A PSW_DIVERT -j MARK --set-xmark 0x1/0xffffffff
-A PSW_DIVERT -j ACCEPT
-A PSW_OUTPUT -m set --match-set laniplist dst -j RETURN
-A PSW_OUTPUT -d xxxxxxx/32 -p udp -m comment --comment "\'20002\'" -m udp --dport 20002 -j RETURN
-A PSW_OUTPUT -m set --match-set vpsiplist dst -j RETURN
-A PSW_OUTPUT -m set --match-set whitelist dst -j RETURN
-A PSW_OUTPUT -m mark --mark 0xff -j RETURN
-A PSW_OUTPUT -m set --match-set blocklist dst -j DROP
-A PSW_OUTPUT -d 11.1.1.1/32 -p udp -j MARK --set-xmark 0x1/0xffffffff
-A PSW_OUTPUT -p udp -m set --match-set shuntlist dst -j MARK --set-xmark 0x1/0xffffffff
-A PSW_OUTPUT -p udp -m set --match-set blacklist dst -j MARK --set-xmark 0x1/0xffffffff
-A PSW_OUTPUT -p udp -m set ! --match-set chnroute dst -j MARK --set-xmark 0x1/0xffffffff
Raw
PSW6.rules
:PSW - [0:0]
:PSW_DIVERT - [0:0]
:PSW_OUTPUT - [0:0]
-A PREROUTING -p tcp -m socket -j PSW_DIVERT
-A PREROUTING -j PSW
-A OUTPUT -j PSW_OUTPUT
-A PSW -m set --match-set laniplist6 dst -j RETURN
-A PSW -m set --match-set vpsiplist6 dst -j RETURN
-A PSW -m set --match-set whitelist6 dst -j RETURN
-A PSW -m mark --mark 0xff -j RETURN
-A PSW -m set --match-set blocklist6 dst -j DROP
-A PSW -p tcp -m comment --comment "\'默认\'" -m set --match-set shuntlist6 dst -j TPROXY --on-port 1041 --on-ip :: --tproxy-mark 0x1/0x1
-A PSW -p tcp -m comment --comment "\'默认\'" -m set --match-set blacklist6 dst -j TPROXY --on-port 1041 --on-ip :: --tproxy-mark 0x1/0x1
-A PSW -p tcp -m comment --comment "\'默认\'" -m set ! --match-set chnroute6 dst -j TPROXY --on-port 1041 --on-ip :: --tproxy-mark 0x1/0x1
-A PSW -p tcp -m comment --comment "\'默认\'" -j RETURN
-A PSW -p udp -m comment --comment "\'默认\'" -m set --match-set shuntlist6 dst -j TPROXY --on-port 1051 --on-ip :: --tproxy-mark 0x1/0x1
-A PSW -p udp -m comment --comment "\'默认\'" -m set --match-set blacklist6 dst -j TPROXY --on-port 1051 --on-ip :: --tproxy-mark 0x1/0x1
-A PSW -p udp -m comment --comment "\'默认\'" -m set ! --match-set chnroute6 dst -j TPROXY --on-port 1051 --on-ip :: --tproxy-mark 0x1/0x1
-A PSW -p udp -m comment --comment "\'默认\'" -j RETURN
-A PSW_DIVERT -j MARK --set-xmark 0x1/0xffffffff
-A PSW_DIVERT -j ACCEPT
-A PSW_OUTPUT -m set --match-set laniplist6 dst -j RETURN
-A PSW_OUTPUT -m set --match-set vpsiplist6 dst -j RETURN
-A PSW_OUTPUT -m set --match-set whitelist6 dst -j RETURN
-A PSW_OUTPUT -m mark --mark 0xff -j RETURN
-A PSW_OUTPUT -m set --match-set blocklist6 dst -j DROP
-A PSW_OUTPUT -p tcp -m set --match-set shuntlist6 dst -j MARK --set-xmark 0x1/0xffffffff
-A PSW_OUTPUT -p tcp -m set --match-set blacklist6 dst -j MARK --set-xmark 0x1/0xffffffff
-A PSW_OUTPUT -p tcp -m set ! --match-set chnroute6 dst -j MARK --set-xmark 0x1/0xffffffff
-A PSW_OUTPUT -p udp -m set --match-set shuntlist6 dst -j MARK --set-xmark 0x1/0xffffffff
-A PSW_OUTPUT -p udp -m set --match-set blacklist6 dst -j MARK --set-xmark 0x1/0xffffffff
-A PSW_OUTPUT -p udp -m set ! --match-set chnroute6 dst -j MARK --set-xmark 0x1/0xffffffff
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment