Harden resolver and expand traffic runtime controls

2026-02-24 00:17:46 +03:00
parent 89eaaf3f23
commit 50518a641d
18 changed files with 2048 additions and 181 deletions
--- a/README.md
+++ b/README.md
@@ -20,3 +20,11 @@ Requirements (high level):
 - Linux with `systemd`, `nftables`, `iproute2`, cgroup v2.
 - Python 3 + PySide6 + `requests` (GUI).
 - Root privileges for routing/nftables changes (run API as a privileged service).
+
+Quick traffic checklist (production-safe):
+- Start from `Selective` mode for mixed host/server workloads.
+- For `Full tunnel`, open **Advanced bypass** in Traffic basics and usually enable:
+  - `Auto-local bypass` (LAN/container reachability),
+  - `Ingress-reply bypass` (keep inbound/public services reachable).
+- Verify mode health is `OK` and ingress diagnostics are active when ingress bypass is enabled.
+- If something breaks, use **Reset bypass** (advanced bypass dialog) or temporarily switch back to `Selective`.