Files
builder/ubuntu/scripts/transparent-proxy.sh
2026-05-18 00:53:22 +08:00

44 lines
1.3 KiB
Bash

#!/usr/bin/env bash
set -euo pipefail
setup() {
local xray_uid
xray_uid="$(id -u xray)"
iptables -t nat -N XRAY_OUTPUT 2>/dev/null || true
iptables -t nat -F XRAY_OUTPUT
iptables -t nat -A XRAY_OUTPUT -m owner --uid-owner "${xray_uid}" -j RETURN
iptables -t nat -A XRAY_OUTPUT -d 0.0.0.0/8 -j RETURN
iptables -t nat -A XRAY_OUTPUT -d 10.0.0.0/8 -j RETURN
iptables -t nat -A XRAY_OUTPUT -d 127.0.0.0/8 -j RETURN
iptables -t nat -A XRAY_OUTPUT -d 169.254.0.0/16 -j RETURN
iptables -t nat -A XRAY_OUTPUT -d 172.16.0.0/12 -j RETURN
iptables -t nat -A XRAY_OUTPUT -d 192.168.0.0/16 -j RETURN
iptables -t nat -A XRAY_OUTPUT -d 224.0.0.0/4 -j RETURN
iptables -t nat -A XRAY_OUTPUT -d 240.0.0.0/4 -j RETURN
iptables -t nat -A XRAY_OUTPUT -p tcp -j REDIRECT --to-ports "${XRAY_REDIRECT_PORT}"
iptables -t nat -C OUTPUT -p tcp -j XRAY_OUTPUT 2>/dev/null || \
iptables -t nat -A OUTPUT -p tcp -j XRAY_OUTPUT
}
cleanup() {
iptables -t nat -D OUTPUT -p tcp -j XRAY_OUTPUT 2>/dev/null || true
iptables -t nat -F XRAY_OUTPUT 2>/dev/null || true
iptables -t nat -X XRAY_OUTPUT 2>/dev/null || true
}
case "${1:-setup}" in
setup)
setup
;;
cleanup)
cleanup
;;
*)
echo "Usage: $0 [setup|cleanup]" >&2
exit 2
;;
esac