Q: Does the script work with asymmetric routing? A: Nope. RP filter will nuke the packets. To fix it, open 10-main.nft and comment out the RP Filter rule — see the screenshot.
Commented out RP Filter rule
Q: Does this script work on routers? A: By default — no, it's for servers and desktops. But you can get it working by reviewing rules in 10-main.nft and tweaks in sysctl.conf (we have comments there that'll let you know what should you comment out). Also, check out Fast-path — worth it.
Q: I installed the script, didn't touch anything, only SSH works. Why? A: You need to know what ports and protocols your services use. Google the service name, figure that out (like UDP&TCP 53 for DNS), then follow the .gif and restart the script.
Quick .gif demo of adding two rules
Q: My server's under attack and CPU usage is high. Can I fix that? A: Ruleset’s already tuned, but yeah, it happens. Run: sudo tcpdump -n -c 20000 -w pcap.pcap
Save that .pcap, send it to me later.
You can also disable all the rules counters if you don't care about them and all your services work properly.
Q: How do I uninstall it? A:
Kill the sysctl tweaks: sudo rm /etc/sysctl.d/99-yuki.conf
Restore or remove nftables.conf: sudo rm /etc/nftables.conf (or replace it from backup in antiddos/backups/nftables/)
Flush the rules (optional): sudo nft flush ruleset
If using a restored config, apply it immediately: sudo nft -f -o /etc/nftables.conf
sudo rm -r /etc/yukiscript
Delete the script folder. Done. Note:-f = apply from file, -o = optimize (e.g., merge rules).
Q: How do I check rule stats? A:
Basic: sudo nft list ruleset
Live stats: watch -n0.5 nft list ruleset(change 0.5 for update interval)
