The xt_tls module (https://github.com/Lochnair/xt_tls) can make the firewall implement the sni filtering function, but it cannot work properly after compiling and installing, the situation and link (https://github.com/Lochnair/xt_tls/issues/14#issuecomment-1135577163), the same source code can work normally after ubuntu is compiled and installed, what is the problem?
@reinerotto commented there - perhaps he could give you some clarity.
The problem is the libxt_tls.so file is in wrong directory so this file must be in
cp /usr/lib/xtables/libxt_tls.so /usr/lib/iptables then xt_tls module will work
root@OpenWrt:/usr/lib# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination DROP tcp -- anywhere anywhere tcp dpt:https TLS match host *.googlevideo.com