Simple nftables ttl config that can bypass any wifi anti-tethering and anti-hotspot sharing using openwrt router.
Wifi Station 10.0.0.1/20 ttl=1
👇
Openwrt extender with nftables ttl generator
👇
Users 10.0.0.1/20 ttl=64
- Openwrt Router => configured as (
extender/repeater/wireless bridge mode) must be connected to a wifi with TTL value of 1
- SSH:
ssh [email protected] - Telnet:
telnet 192.168.1.1
persistent
wget -O /etc/nftables.d/ttl64.nft https://raw.githubusercontent.com/xiv3r/ttl-bypass/refs/heads/main/ttl64.nft && fw4 check && /etc/init.d/firewall restart
Path:
vim /etc/nftables.d/ttl64.nft
chain mangle_prerouting_ttl64 {
type filter hook prerouting priority 300; policy accept;
ip ttl set 64
ip6 hoplimit set 64
}
chain mangle_postrouting_ttl64 {
type filter hook postrouting priority 300; policy accept;
ip ttl set 64
ip6 hoplimit set 64
}optional
wget -qO- https://raw.githubusercontent.com/xiv3r/ttl-bypass/refs/heads/main/ttl64.sh | sh
nft 'add table inet mangle'
nft 'add chain inet mangle mangle_prerouting_ttl64 { type filter hook prerouting priority 300; policy accept; }'
nft 'add rule inet mangle mangle_prerouting_ttl64 ip ttl set 64'
nft 'add rule inet mangle mangle_prerouting_ttl64 ip6 hoplimit set 64'
nft 'add chain inet mangle mangle_postrouting_ttl64 { type filter hook postrouting priority 300; policy accept; }'
nft 'add rule inet mangle mangle_postrouting_ttl64 ip ttl set 64'
nft 'add rule inet mangle mangle_postrouting_ttl64 ip6 hoplimit set 64'