From afab455050074740b7e0320fd7dd5a5ee71f832c Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Tue, 19 May 2026 16:29:59 +0800 Subject: [PATCH 1/3] Allow DNATed traffic in the input chain --- src/aproxy.py | 1 + 1 file changed, 1 insertion(+) diff --git a/src/aproxy.py b/src/aproxy.py index f042ea8..b847d71 100644 --- a/src/aproxy.py +++ b/src/aproxy.py @@ -411,6 +411,7 @@ def _render_nft_rules(self) -> str: chain input {{ type filter hook input priority filter; policy accept; iif "lo" accept + ct status dnat tcp dport 8443 accept ip saddr {server_ip} tcp dport {APROXY_LISTEN_PORT} accept tcp dport {APROXY_LISTEN_PORT} drop }} From 23869a56a38b02a1db26ba3c40525f800c62ec9c Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Tue, 19 May 2026 16:30:55 +0800 Subject: [PATCH 2/3] Allow DNATed traffic in the input chain --- src/aproxy.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/aproxy.py b/src/aproxy.py index b847d71..feeb9d8 100644 --- a/src/aproxy.py +++ b/src/aproxy.py @@ -411,7 +411,7 @@ def _render_nft_rules(self) -> str: chain input {{ type filter hook input priority filter; policy accept; iif "lo" accept - ct status dnat tcp dport 8443 accept + ct status dnat tcp dport {APROXY_LISTEN_PORT} accept ip saddr {server_ip} tcp dport {APROXY_LISTEN_PORT} accept tcp dport {APROXY_LISTEN_PORT} drop }} From 34bff20acc2b6a6f5a9f60dfbf85574e92ee16c1 Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Tue, 19 May 2026 16:31:46 +0800 Subject: [PATCH 3/3] Allow DNATed traffic in the input chain --- docs/changelog.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/changelog.md b/docs/changelog.md index 7cb4b49..c48e7cb 100644 --- a/docs/changelog.md +++ b/docs/changelog.md @@ -10,6 +10,10 @@ Each revision is versioned by the date of the revision. Place any unreleased changes here, that are subject to release in coming versions :). +## 2026-05-19 + +- Fix a problem in the input chain that blocks forwarded traffic. + ## 2026-03-05 - Add landing pages for how-to and reference section.