openwrt_packages/luci-app-unblockneteasemusic/root/usr/share/unblockneteasemusic/nftables.ut

#!/usr/bin/utpl -S

set acl_neteasemusic_http {
	type ether_addr;
	flags interval;
	auto-merge;

	{% if (acl_http_addr): %}
	elements = { {{ join(', ', split(trim(acl_http_addr), '\n')) }} }
	{% endif %}
}

set acl_neteasemusic_https {
	type ether_addr;
	flags interval;
	auto-merge;

	{% if (acl_https_addr): %}
	elements = { {{ join(', ', split(trim(acl_https_addr), '\n')) }} }
	{% endif %}
}

set neteasemusic {
	type ipv4_addr;
	flags interval, timeout;
	timeout 2h;
	auto-merge;

	{% if (neteasemusic_addr): %}
	elements = { {{ join(', ', split(trim(neteasemusic_addr), '\n')) }} }
	{% endif %}
}

set neteasemusic6 {
	type ipv6_addr;
	flags interval, timeout;
	timeout 2h;
	auto-merge;

	{% if (neteasemusic_addr6): %}
	elements = { {{ join(', ', split(trim(neteasemusic_addr6), '\n')) }} }
	{% endif %}
}

chain netease_cloud_music {
	type nat hook prerouting priority -1; policy accept;
	meta l4proto tcp ip daddr @neteasemusic counter jump netease_cloud_music_redir;
	meta l4proto tcp ip6 daddr @neteasemusic6 counter jump netease_cloud_music_redir;
}

chain netease_cloud_music_redir {
	ip daddr { 0.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 127.0.0.0/8,
		169.254.0.0/16, 172.16.0.0/12, 192.0.0.0/24,
		192.0.2.0/24, 192.31.196.0/24, 192.52.193.0/24,
		192.88.99.0/24, 192.168.0.0/16, 192.175.48.0/24,
		198.18.0.0/15, 198.51.100.0/24, 203.0.113.0/24,
		224.0.0.0/4, 240.0.0.0/4 } counter return;

	ip6 daddr { ::/128, ::1/128, ::ffff:0:0/96, 100::/64, 64:ff9b::/96,
		2001::/32, 2001:10::/28, 2001:20::/28, 2001:db8::/28, 2002::/16,
		fc00::/7, fe80::/10, ff00::/8 } counter return;

	ether saddr @acl_neteasemusic_http tcp dport 80 counter return;
	ether saddr @acl_neteasemusic_https tcp dport 443 counter return;

	tcp dport 80 counter redirect to :{{ http_port }};
	tcp dport 443 counter redirect to :{{ https_port }};
}