nick134920 · April 6, 2023 00:04 · Aug 16, 2020 · Aug 16, 2020
diff --git a/iprule.sh b/iprule.sh
@@ -0,0 +1,2 @@
+ip rule add fwmark 0x233 lookup 100
+ip route add local 0.0.0.0/0 dev lo table 100
diff --git a/private.nft b/private.nft
@@ -0,0 +1,10 @@
+define private_list = {
+	0.0.0.0/8,
+	10.0.0.0/8,
+	127.0.0.0/8,
+	169.254.0.0/16,
+	172.16.0.0/12,
+	192.168.0.0/16,
+	224.0.0.0/4,
+	240.0.0.0/4
+}
diff --git a/proxy.nft b/proxy.nft
@@ -0,0 +1,39 @@
+include "/etc/nftables/private.nft"
+
+table ip nat {
+	chain proxy {
+		ip daddr $private_list accept
+		meta skuid clash accept
+		ip protocol tcp redirect to :8889
+	}
+
+	chain output {
+		type nat hook output priority filter; policy accept;
+		goto proxy
+	}
+
+	chain prerouting {
+		type nat hook prerouting priority dstnat; policy accept;
+		goto proxy
+	}
+}
+
+table ip mangle {
+	chain filter {
+		ip daddr $private_list accept
+		meta skuid clash accept
+		return
+	}
+
+	chain output {
+		type route hook output priority mangle; policy accept;
+		jump filter
+		ip protocol udp mark set 0x233
+	}
+
+	chain prerouting {
+		type filter hook prerouting priority mangle; policy accept;
+		jump filter
+		ip protocol udp tproxy to 127.0.0.1:8889
+	}
+}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		ip rule add fwmark 0x233 lookup 100
		ip route add local 0.0.0.0/0 dev lo table 100