Slow Teathering With PinePhone

[treebeard]

There are various posts suggesting some nftables magic can change the TTL to evade the sniffing but I haven't been able to get that to work.

For what it's worth, I did find a way to "fix" the TTL but it was not enough to avoid Verizon's tether-block.  After starting tether (or hotspot) do

Code:

sudo nft add rule ip nm-shared-usb0 filter_forward index 0 ip saddr 10.42.0.0/24 iifname "usb0" ip ttl set 64 accept

This will make the filter_forward chain look like:

Code:

chain filter_forward {
    type filter hook forward priority filter; policy accept;
    ip daddr 10.42.0.0/24 oifname "usb0" ct state { established, related } accept
    ip saddr 10.42.0.0/24 iifname "usb0" ip ttl set 64 accept
    ip saddr 10.42.0.0/24 iifname "usb0" accept
    iifname "usb0" oifname "usb0" accept
    iifname "usb0" reject
    oifname "usb0" reject
}

... where rule #3 becomes redundant but harmless.  This is quite a bit different than the other techniques I ran across, and perhaps it's not the best approach.  I leave it here in case someone else finds it useful.