The xt_tls module (https://github.com/Lochnair/xt_tls) can make the firewall implement the sni filtering function, but it cannot work properly after compiling and installing, the situation and link (https://github.com/Lochnair/xt_tls/issues/14#issuecomment-1135577163), the same source code can work normally after ubuntu is compiled and installed, what is the problem?
The problem is the libxt_tls.so file is in wrong directory so this file must be in /usr/lib/iptables
directory.
cp /usr/lib/xtables/libxt_tls.so /usr/lib/iptables
then xt_tls module will work
root@OpenWrt:/usr/lib# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp dpt:https TLS match host *.googlevideo.com
1 Like