@
Aaron325 你说把 IPv6 流量转发到 clash 上?就是通过 tproxy 在路由器上劫持呀,思路大概如下(用 nftables ):
```
ip -6 route add local ::/0 dev lo table 130
ip -6 rule del fwmark 130 table 130 >/dev/null 2>&1
ip -6 rule add fwmark 130 table 130
CNIP6=$(cat /etc/clash/CN-ip6-cidr.txt | sed '/^[[:space:]]*$/d' | tr '\n' ',' | sed 's/,$//')
nft -f - << EOF
table ip6 clash6
flush table ip6 clash6
table ip6 clash6 {
set local {
typeof ip6 daddr
flags interval
auto-merge
elements = { ::/128, ::1/128, ::ffff:0:0/96, ::ffff:0:0:0/96, 64:ff9b::/96, 100::/64, 2001::/32, 2001:20::/28, 2001:db8::/32, 2002::/16, fc00::/7, fe80::/10, ff00::/8 }
}
set cnip {
typeof ip6 daddr
flags interval
elements = {
$CNIP6
}
auto-merge
}
chain prerouting {
type filter hook prerouting priority 5; policy accept;
socket cgroupv2 level 1 "bypass.slice" counter accept
ip6 daddr @
local counter accept
ip6 daddr @
cnip counter accept
tcp dport { 0-65535 } tproxy to :7894 meta mark set 130 counter accept
udp dport { 0-65535 } tproxy to :7894 meta mark set 130 counter accept
}
}
EOF
```