/etc/systemd/system/network-mirrored.service

network-mirrored.service

[Unit]
Wants=network-pre.target
Before=network-pre.target shutdown.target

[Service]
User=root
ExecStart=/bin/sh -ec '\
  [ -x /usr/bin/wslinfo ] && [ "$(/usr/bin/wslinfo --networking-mode)" = "mirrored" ] || exit 0;\
  echo "\
  add chain   ip nat WSLPREROUTING { type nat hook prerouting priority dstnat - 1; policy accept; };\
  insert rule ip nat WSLPREROUTING iif loopback0  ip daddr 127.0.0.1 counter dnat to 127.0.0.1 comment mirrored;\
  "|nft -f -\
'
ExecStop=/bin/sh -ec '\
  [ -x /usr/bin/wslinfo ] && [ "$(/usr/bin/wslinfo --networking-mode)" = "mirrored" ] || exit 0;\
  for chain in "ip nat WSLPREROUTING";\
  do\
    handle=$(nft -a list chain $chain | sed -En "s/^.*comment \\"mirrored\\" # handle ([0-9]+)$/\\1/p");\
    for n in $handle; do echo "delete rule $chain handle $n"; done;\
  done|nft -f -\
'
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target

you can try it.

$ sudo systemctl --now enable network-mirrored

revision 8:
delete IPv6 routing filter
- natively supported in wsl 2.2.2

I saw your description in the issue "adding this action breaks the prerouting hook and disables any Docker rules set in the PREROUTING chain". Can you explain why? The dnat of 127.0.0.1 to 127.0.0.1 seems redundant. thx

@Adam-Jin
as you said, it is redundant.
nothing changes with this DNAT, except that it can terminate the prerouting hook.
PREROUTING is not processed by applying DNAT first.

this is the reason why PERROUTING (Docker's rules) is handled poorly in mirrored networking.
microsoft/WSL#10494 (comment)

explanation about systemd service can be found here.
microsoft/WSL#10494 (comment)

thx