megrxu/iptables.rules

## iptables.rules
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:TRANS - [0:0]

-A OUTPUT -p tcp -j TRANS

# The proxy is running in `proxy.slice`, so no loop
-A TRANS -m cgroup --path "proxy.slice" -j RETURN

# Return all internal packets
-A TRANS -d 0.0.0.0/8 -j RETURN
-A TRANS -d 127.0.0.0/8 -j RETURN
-A TRANS -d 10.0.0.0/8 -j RETURN
-A TRANS -d 169.254.0.0/16 -j RETURN
-A TRANS -d 172.16.0.0/12 -j RETURN
-A TRANS -d 192.168.0.0/16 -j RETURN
-A TRANS -d 224.0.0.0/4 -j RETURN
-A TRANS -d 240.0.0.0/4 -j RETURN

# The transparent proxy port is 7891
-A TRANS -p tcp -j REDIRECT --to-ports 7892

COMMIT
	*nat
	:PREROUTING ACCEPT [0:0]
	:INPUT ACCEPT [0:0]
	:OUTPUT ACCEPT [0:0]
	:POSTROUTING ACCEPT [0:0]
	:TRANS - [0:0]

	-A OUTPUT -p tcp -j TRANS

	# The proxy is running in `proxy.slice`, so no loop
	-A TRANS -m cgroup --path "proxy.slice" -j RETURN

	# Return all internal packets
	-A TRANS -d 0.0.0.0/8 -j RETURN
	-A TRANS -d 127.0.0.0/8 -j RETURN
	-A TRANS -d 10.0.0.0/8 -j RETURN
	-A TRANS -d 169.254.0.0/16 -j RETURN
	-A TRANS -d 172.16.0.0/12 -j RETURN
	-A TRANS -d 192.168.0.0/16 -j RETURN
	-A TRANS -d 224.0.0.0/4 -j RETURN
	-A TRANS -d 240.0.0.0/4 -j RETURN

	# The transparent proxy port is 7891
	-A TRANS -p tcp -j REDIRECT --to-ports 7892

	COMMIT