transparent proxy modulev0.2.14

fixes #1582

1 files changed, 41 insertions, 0 deletions

diff --git a/awall/modules/tproxy.lua b/awall/modules/tproxy.lua
new file mode 100644
index 0000000..f2931b2
--- /dev/null
+++ b/awall/modules/tproxy.lua
@@ -0,0 +1,41 @@
+--[[
+Transparent proxy module for Alpine Wall
+Copyright (C) 2012-2013 Kaarle Ritvanen
+Licensed under the terms of GPL2
+]]--
+
+
+module(..., package.seeall)
+
+local class = require('awall.model').class
+local combinations = require('awall.optfrag').combinations
+local util = require('awall.util')
+
+local MarkRule = require('awall').loadclass('mark')
+
+local TProxyRule = class(MarkRule)
+
+function TProxyRule:target()
+   if not self['to-port'] then self:error('Proxy port not specified') end
+   return 'TPROXY --tproxy-mark '..self.mark..' --on-port '..self['to-port']
+end
+
+function TProxyRule:mangleoptfrag(ofrag)
+   local dof = util.copy(ofrag)
+   dof.target = nil
+   local res = combinations(
+      {dof},
+      {{opts='-m socket', target=self:newchain('divert')}}
+   )
+   table.insert(res, ofrag)
+   return res
+end
+
+function TProxyRule:extraoptfrags()
+   return combinations(
+      {{chain=self:newchain('divert')}},
+      {{target=MarkRule.target(self)}, {target='ACCEPT'}}
+   )
+end
+
+export = {tproxy={class=TProxyRule, before={'clamp-mss', '%mark-rt'}}}