Shadowsocks-libev Iptables Firewalld

路由器全局走ss

iptables -t nat -N SHADOWSOCKS
iptables -t mangle -N SHADOWSOCKS

# Ignore your shadowsocks server's addresses
# It's very IMPORTANT, just be careful.
iptables -t nat -A SHADOWSOCKS -d 47.240.28.126 -j RETURN

# Ignore LANs and any other addresses you'd like to bypass the proxy
# See Wikipedia and RFC5735 for full list of reserved networks.
# See ashi009/bestroutetb for a highly optimized CHN route list.
iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN

# Anything else should be redirected to shadowsocks's local port
iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 1080

# Add any UDP rules
ip route add local default dev lo table 100
ip rule add fwmark 1 lookup 100
iptables -t mangle -A SHADOWSOCKS -p udp --dport 53 -j TPROXY --on-port 1080 --tproxy-mark 0x01/0x01

# Apply the rules
iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS
iptables -t mangle -A PREROUTING -j SHADOWSOCKS

Firewalld

路由器全局走ss

firewall-cmd --permanent --zone=public --direct --add-chain ipv4 nat SHADOWSOCKS
firewall-cmd --permanent --direct --add-rule ipv4 nat SHADOWSOCKS 1 -d 47.240.28.126 -j RETURN
firewall-cmd --permanent --direct --add-rule ipv4 nat SHADOWSOCKS 1 -d 0.0.0.0/8 -j RETURN
firewall-cmd --permanent --direct --add-rule ipv4 nat SHADOWSOCKS 1 -d 10.0.0.0/8 -j RETURN
firewall-cmd --permanent --direct --add-rule ipv4 nat SHADOWSOCKS 1 -d 127.0.0.0/8 -j RETURN
firewall-cmd --permanent --direct --add-rule ipv4 nat SHADOWSOCKS 1 -d 169.254.0.0/16 -j RETURN
firewall-cmd --permanent --direct --add-rule ipv4 nat SHADOWSOCKS 1 -d 172.17.0.0/12 -j RETURN
firewall-cmd --permanent --direct --add-rule ipv4 nat SHADOWSOCKS 1 -d 192.168.0.0/16 -j RETURN

firewall-cmd --permanent --direct --add-rule ipv4 nat SHADOWSOCKS 2 -p tcp -j REDIRECT --to-ports 1080

firewall-cmd --permanent --direct --add-rule ipv4 nat PREROUTING 3 -p tcp -j SHADOWSOCKS

# 让设备自身流量全部走ss
firewall-cmd --permanent --direct --add-rule ipv4 nat OUTPUT 3 -p tcp -j SHADOWSOCKS
# 重载入
firewall-cmd --reload
# 检测IP是否变更成ss
curl icanhazip.com
Show Comments