#!/bin/bash
source ./00_env.sh
set -euo pipefail

iptables -t nat -F
iptables -t nat -X REDSOCKS 2>/dev/null || true
iptables -t nat -N REDSOCKS

iptables -t nat -A REDSOCKS -m set --match-set chnroute dst -j RETURN
iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports $REDSOCKS_PORT
iptables -t nat -A PREROUTING -s $LAN_NET -p tcp -j REDSOCKS
iptables -t nat -A POSTROUTING -s $LAN_NET -o $WAN_IF -j MASQUERADE

netfilter-persistent save || true
echo "iptables 分流规则已应用"