From b695723fbda3b2d842a42362c6f55e50490d3c5c Mon Sep 17 00:00:00 2001
From: Yang Liu <i@yangliu.name>
Date: Tue, 20 Jul 2021 16:36:12 +0800
Subject: [PATCH] update nftable rules #1

---
 scripts/setup-tun.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/scripts/setup-tun.sh b/scripts/setup-tun.sh
index 9bfdd28..8d552a8 100755
--- a/scripts/setup-tun.sh
+++ b/scripts/setup-tun.sh
@@ -118,8 +118,8 @@ table ip clash {
         
         ip protocol != { tcp, udp } accept
         
-        udp dport 53 dnat $FORWARD_DNS_REDIRECT
-        tcp dport 53 dnat $FORWARD_DNS_REDIRECT
+        ip daddr \$LOCAL_SUBNET udp dport 53 dnat $FORWARD_DNS_REDIRECT
+        ip daddr \$LOCAL_SUBNET tcp dport 53 dnat $FORWARD_DNS_REDIRECT
     }
 }
 EOF
@@ -157,8 +157,8 @@ table ip clash {
         meta cgroup $BYPASS_CGROUP_CLASSID_AGH accept
 
         ip daddr 127.0.0.0/8 accept
-        udp dport 53 dnat $FORWARD_DNS_REDIRECT
-        tcp dport 53 dnat $FORWARD_DNS_REDIRECT
+        ip daddr \$LOCAL_SUBNET udp dport 53 dnat $FORWARD_DNS_REDIRECT
+        ip daddr \$LOCAL_SUBNET tcp dport 53 dnat $FORWARD_DNS_REDIRECT
 
         ip daddr \$LOCAL_SUBNET accept
         ip protocol tcp redirect to :$redir_port