From 15eceeb8ac715b49c0955163f4f7e830efe4644e Mon Sep 17 00:00:00 2001 From: Sheppy Date: Wed, 21 Dec 2022 20:02:45 +0100 Subject: [PATCH] feat: implement transparent proxy routing --- main.py | 12 ++++++++++++ vm.py | 27 +++++++++++++++++++++++++++ 2 files changed, 39 insertions(+) diff --git a/main.py b/main.py index 228e301..96f6179 100644 --- a/main.py +++ b/main.py @@ -23,6 +23,18 @@ if __name__ == "__main__": except ValueError as e: print(e, file=sys.stderr) + with open("/etc/nginx/iptables.sh", "w") as f: + f.write("ip route add local 0.0.0.0/0 dev lo table 100") + f.write("ip rule add fwmark 1 lookup 100") + for vmo in vmList: + [ f.write(c) for c in vmo.dumpIptables()] + + with open("/etc/nginx/iptables-clear.sh", "w") as f: + f.write("ip route delete local 0.0.0.0/0 dev lo table 100") + f.write("ip rule delete fwmark 1 lookup 100") + for vmo in vmList: + [ f.write(c) for c in vmo.dumpIptables(remove=True)] + with open("/etc/nginx/stream_include.conf", "w") as f: for vmo in vmList: [ f.write(c) for c in vmo.dumpStreamComponents()] diff --git a/vm.py b/vm.py index b05117f..7f91f28 100644 --- a/vm.py +++ b/vm.py @@ -48,6 +48,33 @@ class VM: return components + def dumpIptables(self, remove=False): + + entries = [] + BASE = "iptables -t mangle -{option} " + RULE = "PREROUTING -p {proto} -s {ip} {port} -j MARK --set-xmark 0x1/0xffffffff" + PORT_SIMPLE = "--sport {port}" + PORT_MULTI = "--match multiport --sports {port}" + + option = "A" + if remove: + option = "D" + + for portStruct in filter(lambda p: p.get("transparent"), self.ports): + + # port match # + port = portStruct.get("port") + partport = PORT_SIMPLE.format(port=port) + if type(port) == str and "-" in port: + port = port.replace("-", "") + part_port = PORT_MULTI.format(port=port) + + entry = BASE.format(option=option) + entry += RULE.format(ip=self.ip, port=partport, proto=portStruct.get("proto", "tcp")) + entries.append(entry) + + return entries + def dumpServerComponents(self): # https components #