From b8705cc3b2daabc92c7e21a69cb7ce6f0a532272 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E4=B8=8D=E5=8F=AF=E6=8F=8F=E8=BF=B0=E5=85=88=E7=94=9F?=
 <st.indescribable@gmail.com>
Date: Tue, 12 Sep 2017 17:20:28 +0800
Subject: [PATCH] refine doc/ss-redir.asciidoc (#1683)

---
 doc/ss-redir.asciidoc | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/doc/ss-redir.asciidoc b/doc/ss-redir.asciidoc
index 1be1a9a7..242349c2 100644
--- a/doc/ss-redir.asciidoc
+++ b/doc/ss-redir.asciidoc
@@ -128,6 +128,7 @@ ss-redir requires netfilter's NAT function. Here is an example:
 ....
 # Create new chain
 root@Wrt:~# iptables -t nat -N SHADOWSOCKS
+root@Wrt:~# iptables -t mangle -N SHADOWSOCKS
 
 # Ignore your shadowsocks server's addresses
 # It's very IMPORTANT, just be careful.
@@ -149,8 +150,8 @@ root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
 root@Wrt:~# iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 12345
 
 # Add any UDP rules
-root@Wrt:~# ip rule add fwmark 0x01/0x01 table 100
-root@Wrt:~# ip route add local 0.0.0.0/0 dev lo table 100
+root@Wrt:~# ip route add local default dev lo table 100
+root@Wrt:~# ip rule add fwmark 1 lookup 100
 root@Wrt:~# iptables -t mangle -A SHADOWSOCKS -p udp --dport 53 -j TPROXY --on-port 12345 --tproxy-mark 0x01/0x01
 
 # Apply the rules