update example, limit to localhost

2026-02-09 21:14:57 +08:00 · 2020-05-02 08:01:19 +08:00
parent a80187f947
commit aa5ca6f204
4 changed files with 39 additions and 9 deletions
--- a/cgroup-tproxy.sh
+++ b/cgroup-tproxy.sh
@@ -109,8 +109,8 @@ test -d $cgroup_mount_point$cgroup_noproxy  || mkdir $cgroup_mount_point$cgroup_
 ip rule add fwmark $fwmark table $table
 ip route add local default dev lo table $table
 iptables -t mangle -N TPROXY_ENT
-iptables -t mangle -A TPROXY_ENT -p tcp -j TPROXY --on-ip 127.0.0.1 --on-port $port --tproxy-mark $fwmark
-iptables -t mangle -A TPROXY_ENT -p udp -j TPROXY --on-ip 127.0.0.1 --on-port $port --tproxy-mark $fwmark
+iptables -t mangle -A TPROXY_ENT -p tcp -j TPROXY --on-ip localhost --on-port $port --tproxy-mark $fwmark
+iptables -t mangle -A TPROXY_ENT -p udp -j TPROXY --on-ip localhost --on-port $port --tproxy-mark $fwmark

 iptables -t mangle -N TPROXY_PRE
 iptables -t mangle -A TPROXY_PRE -m socket --transparent -j MARK --set-mark $fwmark
@@ -139,8 +139,8 @@ iptables -t mangle -A OUTPUT -j TPROXY_OUT
 ip -6 rule add fwmark $fwmark table $table
 ip -6 route add local default dev lo table $table
 ip6tables -t mangle -N TPROXY_ENT
-ip6tables -t mangle -A TPROXY_ENT -p tcp -j TPROXY --on-ip ::1 --on-port $port --tproxy-mark $fwmark
-ip6tables -t mangle -A TPROXY_ENT -p udp -j TPROXY --on-ip ::1 --on-port $port --tproxy-mark $fwmark
+ip6tables -t mangle -A TPROXY_ENT -p tcp -j TPROXY --on-ip localhost --on-port $port --tproxy-mark $fwmark
+ip6tables -t mangle -A TPROXY_ENT -p udp -j TPROXY --on-ip localhost --on-port $port --tproxy-mark $fwmark

 ip6tables -t mangle -N TPROXY_PRE
 ip6tables -t mangle -A TPROXY_PRE -m socket --transparent -j MARK --set-mark $fwmark
--- a/v2ray_config/02_dns.json
+++ b/v2ray_config/02_dns.json
@@ -1,6 +1,8 @@
 {
  "dns": {
    "servers": [
+      "https+local://1.1.1.1/dns-query",
+      "223.5.5.5",
      {
        "address": "localhost",
        "port": 53,
@@ -10,9 +12,7 @@
        "expectIPs": [
          "geoip:cn"
        ]
-      },
-      "https+local://1.1.1.1/dns-query",
-      "223.6.6.6"
+      }
    ],
    "tag": "dns_inbound"
  }
--- a/v2ray_config/05_inbounds_tproxy_ipv4lo.json
+++ b/v2ray_config/05_inbounds_tproxy_ipv4lo.json
@@ -0,0 +1,30 @@
+{
+  "inbounds": [
+    {
+      "listen": "127.0.0.1",
+      "port": 12345,
+      "protocol": "dokodemo-door",
+      "settings": {
+        "address": "",
+        "followRedirect": true,
+        "network": "tcp,udp",
+        "port": 0,
+        "timeout": 0,
+        "userLevel": 0
+      },
+      "sniffing": {
+        "destOverride": [
+          "http",
+          "tls"
+        ],
+        "enabled": true
+      },
+      "streamSettings": {
+        "sockopt": {
+          "tproxy": "tproxy"
+        }
+      },
+      "tag": "tproxy_IN_ipv4lo"
+    }
+  ]
+}
--- a/v2ray_config/05_inbounds_tproxy_ipv6lo.json
+++ b/v2ray_config/05_inbounds_tproxy_ipv6lo.json
@@ -1,7 +1,7 @@
 {
  "inbounds": [
    {
-      "listen": "0.0.0.0",
+      "listen": "::1",
      "port": 12345,
      "protocol": "dokodemo-door",
      "settings": {
@@ -24,7 +24,7 @@
          "tproxy": "tproxy"
        }
      },
-      "tag": "tproxy_IN"
+      "tag": "tproxy_IN_ipv6lo"
    }
  ]
 }