XRay Linux firewall rules

bugfix: check for Linux firewall install before use it
fix: adding second new VMess links now works (#1325 )
2026-05-19 17:36:19 +03:00 · 2024-12-30 13:21:45 +02:00 · 2024-12-30 12:24:27 +02:00 · 2024-12-30 12:45:26 +07:00 · 2024-12-28 12:02:14 +07:00
4 changed files with 7 additions and 2 deletions
--- a/client/core/serialization/vmess_new.cpp
+++ b/client/core/serialization/vmess_new.cpp
@@ -104,7 +104,7 @@ QJsonObject Deserialize(const QString &vmessStr, QString *alias, QString *errMes
        server.users.first().security = "auto";
    }

-    const static auto getQueryValue = [&query](const QString &key, const QString &defaultValue) {
+    const auto getQueryValue = [&query](const QString &key, const QString &defaultValue) {
        if (query.hasQueryItem(key))
            return query.queryItemValue(key, QUrl::FullyDecoded);
        else
--- a/client/platforms/linux/daemon/linuxfirewall.cpp
+++ b/client/platforms/linux/daemon/linuxfirewall.cpp
@@ -196,6 +196,8 @@ QStringList LinuxFirewall::getDNSRules(const QStringList& servers)
        result << QStringLiteral("-o amn0+ -d %1 -p tcp --dport 53 -j ACCEPT").arg(server);
        result << QStringLiteral("-o tun0+ -d %1 -p udp --dport 53 -j ACCEPT").arg(server);
        result << QStringLiteral("-o tun0+ -d %1 -p tcp --dport 53 -j ACCEPT").arg(server);
+        result << QStringLiteral("-o tun2+ -d %1 -p udp --dport 53 -j ACCEPT").arg(server);
+        result << QStringLiteral("-o tun2+ -d %1 -p tcp --dport 53 -j ACCEPT").arg(server);
    }
    return result;
 }
@@ -277,6 +279,7 @@ void LinuxFirewall::install()
    installAnchor(Both, QStringLiteral("200.allowVPN"), {
                                                            QStringLiteral("-o amn0+ -j ACCEPT"),
                                                            QStringLiteral("-o tun0+ -j ACCEPT"),
+                                                            QStringLiteral("-o tun2+ -j ACCEPT"),
                                                        });

    installAnchor(IPv4, QStringLiteral("120.blockNets"), {});
--- a/client/utilities.cpp
+++ b/client/utilities.cpp
@@ -248,7 +248,7 @@ bool Utils::killProcessByName(const QString &name)
 #elif defined Q_OS_IOS || defined(Q_OS_ANDROID)
    return false;
 #else
-    QProcess::execute(QString("pkill %1").arg(name));
+    return QProcess::execute(QString("pkill %1").arg(name)) == 0;
 #endif
 }

--- a/ipc/ipcserver.cpp
+++ b/ipc/ipcserver.cpp
@@ -228,6 +228,8 @@ bool IpcServer::enableKillSwitch(const QJsonObject &configStr, int vpnAdapterInd

 #ifdef Q_OS_LINUX
    // double-check + ensure our firewall is installed and enabled
+    if (!LinuxFirewall::isInstalled())
+        LinuxFirewall::install();
    LinuxFirewall::setAnchorEnabled(LinuxFirewall::Both, QStringLiteral("000.allowLoopback"), true);
    LinuxFirewall::setAnchorEnabled(LinuxFirewall::Both, QStringLiteral("100.blockAll"), blockAll);
    LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv4, QStringLiteral("110.allowNets"), allowNets);
Author	SHA1	Message	Date
Mykola Baibuz	e0abd3f9dc	XRay Linux firewall rules	2024-12-30 13:21:45 +02:00
Mykola Baibuz	c0ea38db61	bugfix: check for Linux firewall install before use it	2024-12-30 12:24:27 +02:00
Andrey Alekseenko	212e9b3a91	fix: adding second new VMess links now works (#1325 )	2024-12-30 12:45:26 +07:00
Mikhail Kiselev	2bff37efae	fix: segmentation violation due to missing return (#1321 )	2024-12-28 12:02:14 +07:00