# FILE_LOCATION: /etc/firewall.shadowsocks-customize
# DESCRIPTION: Customize firewall (re)startup script

logger -t fw3 "inserting ss-redir routing rules due to restarting of firewall..."
# Common
iptables -t nat -N SHADOWSOCKS
iptables -t nat -A PREROUTING -j SHADOWSOCKS
iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 100.64.0.0/10 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 192.0.0.0/24 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 192.0.2.0/24 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 192.31.196.0/24 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 192.52.193.0/24 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 192.88.99.0/24 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 192.175.48.0/24 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 198.18.0.0/15 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 198.51.100.0/24 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 203.0.113.0/24 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 255.255.255.255/32 -j RETURN
# IPSet - GFWList routing
logger -t fw3 "inserting ipset-SHADOWSOCKS redirect rules..."
iptables -t nat -A SHADOWSOCKS -p tcp -m set --match-set SHADOWSOCKS dst -j REDIRECT --to-port 10800
# GeoIP - Whitelist routing
logger -t fw3 "inserting geoip-CN_WHITELIST redirect rules..."
iptables -t nat -A SHADOWSOCKS -p tcp -m geoip ! --dst-cc CN,HK,TW,JP,KR -j REDIRECT --to-port 10801