Merge 6e9b6ba5d6 into d83ace0f0d

2 years ago · a2f8fde334
1 changed files with 10 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -454,10 +454,19 @@ you may refer to the man pages of the applications, respectively.

 The latest shadowsocks-libev has provided a *redir* mode. You can configure your Linux-based box or router to proxy all TCP traffic transparently, which is handy if you use an OpenWRT-powered router.

+    # Create ipset
+    ipset create gfw  hash:ip hashsize  10000
+    
+    # Dnsmasq with ipset support, add block domain by GFW into dnsmasq.conf
+    ipset=/google.com/gfw
+    
+    # Anything else should be redirected to shadowsocks's local port
+    iptables -t nat -I PREROUTING -p tcp -m set --match-set gfw dst -m multiport --dports 80,443 -j REDIRECT --to-ports 12345
+
    # Create new chain
    iptables -t nat -N SHADOWSOCKS
    iptables -t mangle -N SHADOWSOCKS
-
+    
    # Ignore your shadowsocks server's addresses
    # It's very IMPORTANT, just be careful.
    iptables -t nat -A SHADOWSOCKS -d 123.123.123.123 -j RETURN
@ -474,9 +483,6 @@ The latest shadowsocks-libev has provided a *redir* mode. You can configure your
    iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
    iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN

-    # Anything else should be redirected to shadowsocks's local port
-    iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 12345
-
    # Add any UDP rules
    ip route add local default dev lo table 100
    ip rule add fwmark 1 lookup 100