修改 tfe-env.service

	* 删除 tfe-kmod
	* 增加 iptables bpf

1 files changed, 2 insertions, 0 deletions

diff --git a/script/service/tfe-env.service b/script/service/tfe-env.service
index 5bf650f..252532e 100644
--- a/script/service/tfe-env.service
+++ b/script/service/tfe-env.service
@@ -20,6 +20,7 @@ ExecStartPost=/usr/sbin/ip addr flush dev ${TFE_DEVICE_DATA_INCOMING}
 ExecStartPost=/usr/sbin/ip addr add ${TFE_LOCAL_IP_DATA_INCOMING}/30 dev ${TFE_DEVICE_DATA_INCOMING}
 ExecStartPost=/usr/sbin/ip neigh flush dev ${TFE_DEVICE_DATA_INCOMING}
 ExecStartPost=/usr/sbin/ip neigh add ${TFE_PEER_IP_DATA_INCOMING} lladdr ${TFE_PEER_MAC_DATA_INCOMING} dev ${TFE_DEVICE_DATA_INCOMING} nud permanent
+ExecStartPost=/usr/sbin/iptables -A INPUT -i ${TFE_DEVICE_DATA_INCOMING} -m bpf --bytecode '14,48 0 0 0,84 0 0 240,21 0 10 64,48 0 0 9,21 0 8 6,40 0 0 6,69 6 0 8191,177 0 0 0,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
 
 # policy route
 ExecStartPost=/usr/sbin/ip rule add iif ${TFE_DEVICE_DATA_INCOMING} tab 100
@@ -35,6 +36,7 @@ ExecStartPost=/usr/sbin/ip -6 route add local default dev lo table 102
 ExecStartPost=/usr/sbin/ip -6 neigh add fd00::01 lladdr ${TFE_PEER_MAC_DATA_INCOMING} dev ${TFE_DEVICE_DATA_INCOMING} nud permanent
 
 # stop
+ExecStopPost=/usr/sbin/iptables -D INPUT -i ${TFE_DEVICE_DATA_INCOMING} -m bpf --bytecode '14,48 0 0 0,84 0 0 240,21 0 10 64,48 0 0 9,21 0 8 6,40 0 0 6,69 6 0 8191,177 0 0 0,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
 ExecStopPost=/usr/sbin/ip rule del iif ${TFE_DEVICE_DATA_INCOMING} tab 100
 ExecStopPost=/usr/sbin/ip route del local default dev lo table 100
 ExecStopPost=/usr/sbin/ip rule del fwmark 0x65 lookup 101