feat: implement transparent proxy routing

main.py

@@ -23,6 +23,18 @@ if __name__ == "__main__":
             except ValueError as e:
                 print(e, file=sys.stderr)
 
+        with open("/etc/nginx/iptables.sh", "w") as f:
+            f.write("ip route add local 0.0.0.0/0 dev lo table 100")
+            f.write("ip rule add fwmark 1 lookup 100")
+            for vmo in vmList:
+                [ f.write(c) for c in vmo.dumpIptables()]
+
+        with open("/etc/nginx/iptables-clear.sh", "w") as f:
+            f.write("ip route delete local 0.0.0.0/0 dev lo table 100")
+            f.write("ip rule delete fwmark 1 lookup 100")
+            for vmo in vmList:
+                [ f.write(c) for c in vmo.dumpIptables(remove=True)]
+
         with open("/etc/nginx/stream_include.conf", "w") as f:
             for vmo in vmList:
                 [ f.write(c) for c in vmo.dumpStreamComponents()]

vm.py

@@ -48,6 +48,33 @@ class VM:
 
         return components
 
+    def dumpIptables(self, remove=False):
+
+        entries = []
+        BASE = "iptables -t mangle -{option} "
+        RULE = "PREROUTING -p {proto} -s {ip} {port} -j MARK --set-xmark 0x1/0xffffffff"
+        PORT_SIMPLE = "--sport {port}"
+        PORT_MULTI  = "--match multiport --sports {port}"
+
+        option = "A"
+        if remove:
+            option = "D"
+
+        for portStruct in filter(lambda p: p.get("transparent"), self.ports):
+
+            # port match #
+            port = portStruct.get("port")
+            partport = PORT_SIMPLE.format(port=port)
+            if type(port) == str and "-" in port:
+                port = port.replace("-", "")
+                part_port = PORT_MULTI.format(port=port)
+
+            entry = BASE.format(option=option)
+            entry += RULE.format(ip=self.ip, port=partport, proto=portStruct.get("proto", "tcp"))
+            entries.append(entry)
+
+        return entries
+
     def dumpServerComponents(self):
 
         # https components #