Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] Fake-IP 下 ICMP 行为的处理 #4228

Open
5 of 6 tasks
ljcbaby opened this issue Dec 13, 2024 · 3 comments
Open
5 of 6 tasks

[Feature] Fake-IP 下 ICMP 行为的处理 #4228

ljcbaby opened this issue Dec 13, 2024 · 3 comments
Labels
enhancement New feature or request

Comments

@ljcbaby
Copy link

ljcbaby commented Dec 13, 2024
edited
Loading

Verify Steps

  • Tracker 我已经在 Issue Tracker 中找过我要提出的问题
  • Latest 我已经使用最新 Dev 版本查看过,并不包含该功能特性或者还不完善
  • Relevant 我知道 OpenClash 与 内核(Core)、控制面板(Dashboard)、在线订阅转换(Subconverter)等项目之间无直接关系,仅相互调用
  • Definite 这确实是 OpenClash 应包含的特性
  • Contributors 我有能力协助 OpenClash 开发或完善此功能特性
  • Meaningless 我提交的是无意义的催促更新或修复请求

Describe the Feature

Fake-IP(增强) 模式下,防火墙会处理 tcp/udp 包,但是ICMP包不会被处理,是否可以适当补充规则,返回echo-reply/unreachable 或者直接 drop。

我的场景是主路由通过静态路由分流fake-ip地址段到op,现在的情况是ICMP包会在两台路由器之间转发到超过TTL。

Describe Alternatives

尝试过:垫一条 unreachable 的静态路由,对其他设备确实效果正常,但会导致op自身无法走代理
@ljcbaby ljcbaby added the enhancement New feature or request label Dec 13, 2024
@ljcbaby ljcbaby changed the title [Feature] [Feature] Fake-IP 下 ICMP 行为的处理 Dec 13, 2024
@vernesong
Copy link
Owner 

iptables -I INPUT -p icmp --icmp-type echo-request -d 198.18.0.1/16 -j REJECT -m comment --comment "OpenClash ICMP REJECT"

@ljcbaby
Copy link
Author

ljcbaby commented Dec 16, 2024 

iptables -I INPUT -p icmp --icmp-type echo-request -d 198.18.0.1/16 -j REJECT -m comment --comment "OpenClash ICMP REJECT"

fw4/nft 好像没有 iptables 命令了

@vernesong
Copy link
Owner

改成nft不就行了

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vernesong @ljcbaby