DISABLE_IPV6=0 TP_PORT=900 TP_USER=daemon EXCLUDE4="10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 169.254.0.0/16" EXCLUDE6="fc00::/7 fe80::/10" IPTS="iptables ip6tables" [ "$DISABLE_IPV6" = 1 ] && IPTS=iptables exists() { which "$1" >/dev/null 2>/dev/null } ipt() { $IPTABLES -C "$@" >/dev/null 2>/dev/null || $IPTABLES -I "$@" } redirect_port() { ipt tpws -t nat -p tcp --dport $1 -j REDIRECT --to-port $2 } redirect() { redirect_port 80 $TP_PORT redirect_port 443 $TP_PORT } for IPTABLES in $IPTS; do $IPTABLES -t nat -N tpws 2>/dev/null $IPTABLES -t nat -F tpws redirect done for net in $EXCLUDE4; do iptables -t nat -I tpws -d $net -j RETURN done [ "$DISABLE_IPV6" = 1 ] || { for net in $EXCLUDE6; do ip6tables -t nat -I tpws -d $net -j RETURN done } for IPTABLES in $IPTS; do ipt PREROUTING -t nat -j tpws ipt OUTPUT -t nat -m owner ! --uid-owner $TP_USER -j tpws done