Mudfish Exclude User Guide

info

This mudfish-exclude tool is available after Mudfish Cloud VPN 6.5.4 or above.

mudfish-exclude runs a selected Linux program outside the Mudfish routing policy.

Use it when Mudfish is running, but you want one program, such as a browser, chat app, launcher, or updater, to use your normal internet connection instead of the Mudfish path.

Supported Environment

mudfish-exclude is for Linux only.

Your system needs:

Mudfish for Linux
sudo or root permission
cgroup v2 mounted at /sys/fs/cgroup
the ip command
iptables
an IPv4 default route

This tool controls IPv4 traffic. IPv6 traffic is not redirected by mudfish-exclude.

Basic Use

Run the program through mudfish-exclude:

sudo mudfish-exclude firefox

You can pass normal program arguments after the program name:

sudo mudfish-exclude firefox --private-window
sudo mudfish-exclude curl https://mudfish.net

If the command has many options, you can separate mudfish-exclude options from the program command with --:

sudo mudfish-exclude -- firefox --private-window

Although you start it with sudo, the launched program is normally returned to your regular user account. This helps GUI programs use your usual home directory, desktop session, and configuration files instead of root's settings.

What Happens While It Runs

When you start a command, mudfish-exclude temporarily creates network policy rules for that command. Traffic from the command is marked and sent through your system's normal IPv4 default route.

When the command exits, mudfish-exclude waits for the related process group to finish and then removes the temporary rules.

Mudfish itself is not stopped. Other programs continue to use Mudfish according to your Mudfish settings.

Examples

Open Firefox outside Mudfish:

sudo mudfish-exclude firefox

Run Discord outside Mudfish:

sudo mudfish-exclude discord

Run Steam outside Mudfish:

sudo mudfish-exclude steam

Run a command-line download outside Mudfish:

sudo mudfish-exclude wget https://example.com/file.zip

Using Setup and Cleanup Manually

For normal use, you do not need these commands. mudfish-exclude sets up and cleans up the policy automatically.

If you need to prepare the policy once and then run several commands with the same policy, use:

sudo mudfish-exclude --setup
sudo mudfish-exclude --no-setup firefox
sudo mudfish-exclude --no-setup discord
sudo mudfish-exclude --cleanup

Always run --cleanup when you are done with manual setup mode.

Advanced Options

Most users should keep the defaults.

Option	Purpose	Default
`--cgroup NAME`	cgroup v2 name used for the excluded program	`mudfish-exclude`
`--mark VALUE`	firewall mark value	`0x6d660001`
`--priority VALUE`	IPv4 rule priority	`8252`
`--table VALUE`	IPv4 routing table number	`8252`
`--setup`	create the policy and exit	off
`--cleanup`	remove the policy and exit	off
`--no-setup`	join an existing policy and run the command	off

Change these only if Mudfish support asks you to, or if the default mark, priority, or table conflicts with another local network tool.

Example:

sudo mudfish-exclude --table 9000 --priority 9000 firefox

Important Notes for GUI Apps

Some desktop applications reuse an already running process. For example, if a browser is already open, running sudo mudfish-exclude firefox may only ask the existing browser to open a new window. In that case, the existing browser process may not be excluded.

For best results:

Close the application before launching it with mudfish-exclude.
For browsers, use a separate profile if you need both Mudfish-routed and excluded browser windows at the same time.
Start the real application command, not only a desktop shortcut.

Troubleshooting

`network policy setup requires root`

Run the command with sudo:

sudo mudfish-exclude firefox

`cgroup v2 is required at /sys/fs/cgroup`

Your Linux system is not using cgroup v2 in the expected location. Update the system configuration to enable cgroup v2, or use a Linux distribution that provides it by default.

`failed to find the IPv4 default route`

The system does not have a usable IPv4 default route. Check that your normal internet connection works before running mudfish-exclude.

The app still seems to use Mudfish

Close the app completely and start it again through mudfish-exclude. This is especially important for browsers, game launchers, and chat apps that keep background processes running.

Network rules remain after an interrupted run

Run cleanup manually:

sudo mudfish-exclude --cleanup

If you used custom --mark, --priority, --table, or --cgroup values, use the same values with --cleanup.

Quick Reference

sudo mudfish-exclude COMMAND [ARGS...]
sudo mudfish-exclude --setup
sudo mudfish-exclude --no-setup COMMAND [ARGS...]
sudo mudfish-exclude --cleanup

Supported Environment​

Basic Use​

What Happens While It Runs​

Examples​

Using Setup and Cleanup Manually​

Advanced Options​

Important Notes for GUI Apps​

Troubleshooting​

network policy setup requires root​

cgroup v2 is required at /sys/fs/cgroup​

failed to find the IPv4 default route​

The app still seems to use Mudfish​

Network rules remain after an interrupted run​

Quick Reference​