fix(xray): default freedom finalRules to allow-all so reverse egress works · 8f5a7b9434 - Gogs

Przeglądaj źródła

fix(xray): default freedom finalRules to allow-all so reverse egress works

xray-core >=26.5 makes the freedom finalRules context-aware: reverse-proxy traffic defaults to "block all targets". The template seeded finalRules with only allow geoip:private, so a bridge could not exit to WAN and reverse proxy silently broke

Switch the default direct freedom to a no-condition allow rule, the documented way to restore pre-policy behavior. Unlike an ip-based rule (0.0.0.0/0 or !geoip:private), it does not force per-connection OS DNS resolution under domainStrategy AsIs, so happyEyeballs/AsIs pass-through stay intact. LAN is still blocked by the geoip:private->blocked routing rule, and removing that rule still regains LAN access
Note: only affects new configs; existing installs keep their stored finalRules until reset or a follow-up migration.

MHSanaei 13 godzin temu

rodzic

1e3c186b2c

commit

8f5a7b9434

1 zmienionych plików z 1 dodań i 1 usunięć

Widok podzielony Pokaż statystyki zmian

						
							+ 1
							
							- 1
						
web/service/config.json
							 
								Wyświetl plik
							
				@@ -32,7 +32,7 @@
			
				       "settings": {
			
				         "domainStrategy": "AsIs",
			
				         "finalRules": [
			
				-          { "action": "allow", "ip": ["geoip:private"] }
			
				+          { "action": "allow" }
			
				         ]
			
				       },
			
				       "tag": "direct"