From 20013a05d537c97f5101394cb3b48ab433b35999 Mon Sep 17 00:00:00 2001
From: wangyu- <wangyucn@gmail.com>
Date: Thu, 14 Dec 2017 08:40:45 -0800
Subject: [PATCH] Updated run udp2raw with non root account (markdown)

---
 run-udp2raw-with-non-root-account.md | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/run-udp2raw-with-non-root-account.md b/run-udp2raw-with-non-root-account.md
index be1fd31..53dd386 100644
--- a/run-udp2raw-with-non-root-account.md
+++ b/run-udp2raw-with-non-root-account.md
@@ -3,14 +3,17 @@ It's not security secure to run udp2raw with root. This page demonstrates how to
 You must have `setcap` as a prerequisite. `setcap` is shipped with most desktop linux distributions by defualt. But its seems to be missing on OpenWRT/LEDE.
 
 ```
+# grant udp2raw CAP_NET_RAW permission
 sudo setcap cap_net_raw+ep udp2raw_amd64
 
-./udp2raw_amd64 -s -l0.0.0.0:4096 -r 127.0.0.1:7777  -k "passwd" --raw-mode faketcp -g    #use -g option instead of -a, then udp2raw will generate a iptables rule for you 
+# run udp2raw with -g option instead of -a, then udp2raw will generate a iptables rule for you 
+./udp2raw_amd64 -s -l0.0.0.0:4096 -r 127.0.0.1:7777  -k "passwd" --raw-mode faketcp -g    
 
-sudo iptables -I INPUT -p tcp -m tcp --dport 4096 -j DROP     # add the generated iptables rule manually
-
-./udp2raw_amd64 -s -l0.0.0.0:4096 -r 127.0.0.1:7777  -k "passwd" --raw-mode faketcp     #then run udp2raw without -g option
+# add the generated iptables rule manually
+sudo iptables -I INPUT -p tcp -m tcp --dport 4096 -j DROP     
 
+#then run udp2raw without -g option
+./udp2raw_amd64 -s -l0.0.0.0:4096 -r 127.0.0.1:7777  -k "passwd" --raw-mode faketcp
 ```
 
 It works for both client and server.
\ No newline at end of file