recall704/iprule.sh

## iprule.sh
ip rule add fwmark 0x233 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100

## private.nft
define private_list = {
	0.0.0.0/8,
	10.0.0.0/8,
	127.0.0.0/8,
	169.254.0.0/16,
	172.16.0.0/12,
	192.168.0.0/16,
	224.0.0.0/4,
	240.0.0.0/4
}

## proxy.nft
include "/etc/nftables/private.nft"

table ip nat {
	chain proxy {
		ip daddr $private_list accept
		meta skuid clash accept
		ip protocol tcp redirect to :8889
	}

	chain output {
		type nat hook output priority filter; policy accept;
		goto proxy
	}

	chain prerouting {
		type nat hook prerouting priority dstnat; policy accept;
		goto proxy
	}
}

table ip mangle {
	chain filter {
		ip daddr $private_list accept
		meta skuid clash accept
		return
	}

	chain output {
		type route hook output priority mangle; policy accept;
		jump filter
		ip protocol udp mark set 0x233
	}

	chain prerouting {
		type filter hook prerouting priority mangle; policy accept;
		jump filter
		ip protocol udp tproxy to 127.0.0.1:8889
	}
}
	ip rule add fwmark 0x233 lookup 100
	ip route add local 0.0.0.0/0 dev lo table 100
	define private_list = {
	0.0.0.0/8,
	10.0.0.0/8,
	127.0.0.0/8,
	169.254.0.0/16,
	172.16.0.0/12,
	192.168.0.0/16,
	224.0.0.0/4,
	240.0.0.0/4
	}
	include "/etc/nftables/private.nft"

	table ip nat {
	chain proxy {
	ip daddr $private_list accept
	meta skuid clash accept
	ip protocol tcp redirect to :8889
	}

	chain output {
	type nat hook output priority filter; policy accept;
	goto proxy
	}

	chain prerouting {
	type nat hook prerouting priority dstnat; policy accept;
	goto proxy
	}
	}

	table ip mangle {
	chain filter {
	ip daddr $private_list accept
	meta skuid clash accept
	return
	}

	chain output {
	type route hook output priority mangle; policy accept;
	jump filter
	ip protocol udp mark set 0x233
	}

	chain prerouting {
	type filter hook prerouting priority mangle; policy accept;
	jump filter
	ip protocol udp tproxy to 127.0.0.1:8889
	}
	}