From bf965cfd1882753d5ed8d7a6549d8db6fe2e7e5d Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Wed, 1 May 2024 20:35:02 -0500
Subject: [PATCH] Fix for CentOS 9

- Fixed an issue with nftables on CentOS 9/8, where users may
  encounter the error "unsupported xtables compat expression"
  during VPN setup.
---
 vpnsetup_centos.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh
index 12a5096..c1d43fa 100755
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@@ -624,7 +624,11 @@ update_iptables() {
     if [ "$use_nft" != 1 ]; then
       iptables -A FORWARD -j DROP
     fi
-    $ipp -s "$XAUTH_NET" -o "$NET_IFACE" -m policy --dir out --pol none -j MASQUERADE
+    if [ "$use_nft" = 1 ]; then
+      $ipp -s "$XAUTH_NET" -o "$NET_IFACE" ! -d "$XAUTH_NET" -j MASQUERADE
+    else
+      $ipp -s "$XAUTH_NET" -o "$NET_IFACE" -m policy --dir out --pol none -j MASQUERADE
+    fi
     $ipp -s "$L2TP_NET" -o "$NET_IFACE" -j MASQUERADE
     echo "# Modified by hwdsl2 VPN script" > "$IPT_FILE"
     if [ "$use_nft" = 1 ]; then