From fad0a57f67b8d9fe4fdf3019ccb2a6d40c55b972 Mon Sep 17 00:00:00 2001
From: Konano <nanoapezlk@gmail.com>
Date: Fri, 2 Aug 2024 03:42:07 +0800
Subject: [PATCH] update iptables-load

---
 files/iptables-load | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/files/iptables-load b/files/iptables-load
index 801a9f8..cff9446 100644
--- a/files/iptables-load
+++ b/files/iptables-load
@@ -15,15 +15,23 @@ add_input_tcp_filter() {
     check_and_add_iptables INPUT -p tcp -m tcp --dport "$1" -m comment --comment "$2" -j ACCEPT
 }
 
+add_input_udp_filter() {
+    check_and_add_iptables INPUT -p udp -m udp --dport "$1" -m comment --comment "$2" -j ACCEPT
+}
+
 # allow basic services
 add_input_tcp_filter 22 SSH
 add_input_tcp_filter 2263 SSH
 add_input_tcp_filter 80 HTTP
 add_input_tcp_filter 443 HTTPS
 
+# allow TCP
+# add_input_tcp_filter 111 Tencent
+# add_input_udp_filter 111 Tencent
+
 # allow DNS
-check_and_add_iptables INPUT -p tcp --dport 53 -j ACCEPT -m comment --comment "DNS"
-check_and_add_iptables INPUT -p udp --dport 53 -j ACCEPT -m comment --comment "DNS"
+# add_input_tcp_filter 53 DNS
+# add_input_udp_filter 53 DNS
 
 # allow internal network
 check_and_add_iptables INPUT -s 127.0.0.0/24 -m comment --comment "Internal Network" -j ACCEPT
@@ -36,4 +44,7 @@ check_and_add_iptables INPUT -i lo -j ACCEPT
 # dropped for INPUT by default
 iptables -P INPUT DROP
 
+# allow by default
 add_input_tcp_filter 9443 gost-proxy
+
+# ====================