74 lines
1.8 KiB
Markdown
74 lines
1.8 KiB
Markdown
---
|
|
hide:
|
|
- toc
|
|
---
|
|
|
|
# Use ipset and nftset
|
|
|
|
Like Dnsmasq, smartdns supports ipset and nftset, which can use TPROXY to transparently forward specific domain names. The comparison of transparent forwarding tools is as follows:
|
|
|
|
1. Tools: iptable, nftable
|
|
|
|
iptable: A mature routing rule configuration tool.
|
|
nftable: A more powerful rule configuration tool that is becoming mainstream.
|
|
|
|
## ipset configuration
|
|
|
|
1. Basic configuration
|
|
|
|
The following parameters can be used to configure IPSet rules for specified domain names.
|
|
|
|
```shell
|
|
nftset /domain/[#4:ip#table#set,#6:ipv6#table#setv6]
|
|
```
|
|
|
|
1. Timeout
|
|
|
|
SmartDNS sets IPSet to support enabling timeout function, which can avoid too many IP addresses in IPSet and reduce gateway performance.
|
|
|
|
```shell
|
|
nftset-timeout yes
|
|
```
|
|
|
|
1. Automatically add to IPSet after speed measurement fails
|
|
|
|
SmartDNS can add IP addresses that fail the speed measurement to IPSet, and then forward them through related IP rules.
|
|
|
|
```shell
|
|
nftset-no-speed ipsetname
|
|
```
|
|
|
|
1. Debugging
|
|
|
|
If debugging is needed, nftset's debugging function can be enabled.
|
|
|
|
```shell
|
|
nftset-debug yes
|
|
```
|
|
|
|
## nftset configuration
|
|
|
|
1. Basic configuration
|
|
|
|
The following parameters can be used to configure NFTSet rules for specified domain names.
|
|
|
|
```shell
|
|
ipset /domain/ipset
|
|
```
|
|
|
|
1. Timeout
|
|
|
|
SmartDNS sets IPSet to support enabling timeout function, which can avoid too many IP addresses in NFTSet and reduce gateway performance.
|
|
|
|
```shell
|
|
ipset-timeout yes
|
|
```
|
|
|
|
1. Automatically add to IPSet after speed measurement fails
|
|
|
|
SmartDNS can add IP addresses that fail the speed measurement to IPSet, and then forward them through related IP rules.
|
|
|
|
```shell
|
|
ipset-no-speed ipsetname
|
|
```
|