jinliming2
2022-11-27 22:30:47 +08:00
用 iptables/nftables ,管他本地还是 docker ,全都接管。自己配个 ipv4 保留地址列表和国内 IP 地址列表(网上有)去绕过就行。
参考我用的 nftables 规则(已删减):
define Reserved_IPv4 = {
0.0.0.0/8,
10.0.0.0/8,
# .............省略
}
table ip proxy {
chain proxy {
ip daddr $Reserved_IPv4 return
ip daddr $China_IPv4_Range return
ip protocol tcp redirect to :10086
}
chain prerouting {
type nat hook prerouting priority 100; policy accept;
iifname != { "docker0" } return
goto proxy
}
chain output {
type nat hook output priority 100; policy accept;
goto proxy
}
}