push.rocks/smartproxy
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(nftables):add nftables support for nftables

Browse Source
This commit is contained in:
Philipp Kunz
2025-05-15 14:35:01 +00:00
parent cf96ff8a47
commit a2e3e38025
22 changed files with 2331 additions and 201 deletions
Download Patch File Download Diff File Expand all files Collapse all files

214
examples/nftables-integration.ts Normal file
View File

@ -0,0 +1,214 @@
/**
* NFTables Integration Example
*
* This example demonstrates how to use the NFTables forwarding engine with SmartProxy
* for high-performance network routing that operates at the kernel level.
*
* NOTE: This requires elevated privileges to run (sudo) as it interacts with nftables.
*/
import { SmartProxy } from '../ts/proxies/smart-proxy/index.js';
import {
createNfTablesRoute,
createNfTablesTerminateRoute,
createCompleteNfTablesHttpsServer
} from '../ts/proxies/smart-proxy/utils/route-helpers.js';
// Simple NFTables-based HTTP forwarding example
async function simpleForwardingExample() {
console.log('Starting simple NFTables forwarding example...');
// Create a SmartProxy instance with a simple NFTables route
const proxy = new SmartProxy({
routes: [
createNfTablesRoute('example.com', {
host: 'localhost',
port: 8080
}, {
ports: 80,
protocol: 'tcp',
preserveSourceIP: true,
tableName: 'smartproxy_example'
})
],
enableDetailedLogging: true
});
// Start the proxy
await proxy.start();
console.log('NFTables proxy started. Press Ctrl+C to stop.');
// Handle shutdown
process.on('SIGINT', async () => {
console.log('Stopping proxy...');
await proxy.stop();
process.exit(0);
});
}
// HTTPS termination example with NFTables
async function httpsTerminationExample() {
console.log('Starting HTTPS termination with NFTables example...');
// Create a SmartProxy instance with an HTTPS termination route using NFTables
const proxy = new SmartProxy({
routes: [
createNfTablesTerminateRoute('secure.example.com', {
host: 'localhost',
port: 8443
}, {
ports: 443,
certificate: 'auto', // Automatic certificate provisioning
tableName: 'smartproxy_https'
})
],
enableDetailedLogging: true
});
// Start the proxy
await proxy.start();
console.log('HTTPS termination proxy started. Press Ctrl+C to stop.');
// Handle shutdown
process.on('SIGINT', async () => {
console.log('Stopping proxy...');
await proxy.stop();
process.exit(0);
});
}
// Complete HTTPS server with HTTP redirects using NFTables
async function completeHttpsServerExample() {
console.log('Starting complete HTTPS server with NFTables example...');
// Create a SmartProxy instance with a complete HTTPS server
const proxy = new SmartProxy({
routes: createCompleteNfTablesHttpsServer('complete.example.com', {
host: 'localhost',
port: 8443
}, {
certificate: 'auto',
tableName: 'smartproxy_complete'
}),
enableDetailedLogging: true
});
// Start the proxy
await proxy.start();
console.log('Complete HTTPS server started. Press Ctrl+C to stop.');
// Handle shutdown
process.on('SIGINT', async () => {
console.log('Stopping proxy...');
await proxy.stop();
process.exit(0);
});
}
// Load balancing example with NFTables
async function loadBalancingExample() {
console.log('Starting load balancing with NFTables example...');
// Create a SmartProxy instance with a load balancing configuration
const proxy = new SmartProxy({
routes: [
createNfTablesRoute('lb.example.com', {
// NFTables will automatically distribute connections to these hosts
host: 'backend1.example.com',
port: 8080
}, {
ports: 80,
tableName: 'smartproxy_lb'
})
],
enableDetailedLogging: true
});
// Start the proxy
await proxy.start();
console.log('Load balancing proxy started. Press Ctrl+C to stop.');
// Handle shutdown
process.on('SIGINT', async () => {
console.log('Stopping proxy...');
await proxy.stop();
process.exit(0);
});
}
// Advanced example with QoS and security settings
async function advancedExample() {
console.log('Starting advanced NFTables example with QoS and security...');
// Create a SmartProxy instance with advanced settings
const proxy = new SmartProxy({
routes: [
createNfTablesRoute('advanced.example.com', {
host: 'localhost',
port: 8080
}, {
ports: 80,
protocol: 'tcp',
preserveSourceIP: true,
maxRate: '10mbps', // QoS rate limiting
priority: 2, // QoS priority (1-10, lower is higher priority)
ipAllowList: ['192.168.1.0/24'], // Only allow this subnet
ipBlockList: ['192.168.1.100'], // Block this specific IP
useIPSets: true, // Use IP sets for more efficient rule processing
useAdvancedNAT: true, // Use connection tracking for stateful NAT
tableName: 'smartproxy_advanced'
})
],
enableDetailedLogging: true
});
// Start the proxy
await proxy.start();
console.log('Advanced NFTables proxy started. Press Ctrl+C to stop.');
// Handle shutdown
process.on('SIGINT', async () => {
console.log('Stopping proxy...');
await proxy.stop();
process.exit(0);
});
}
// Run one of the examples based on the command line argument
async function main() {
const example = process.argv[2] || 'simple';
switch (example) {
case 'simple':
await simpleForwardingExample();
break;
case 'https':
await httpsTerminationExample();
break;
case 'complete':
await completeHttpsServerExample();
break;
case 'lb':
await loadBalancingExample();
break;
case 'advanced':
await advancedExample();
break;
default:
console.error('Unknown example:', example);
console.log('Available examples: simple, https, complete, lb, advanced');
process.exit(1);
}
}
// Check if running as root/sudo
if (process.getuid && process.getuid() !== 0) {
console.error('This example requires root privileges to modify nftables rules.');
console.log('Please run with sudo: sudo tsx examples/nftables-integration.ts');
process.exit(1);
}
main().catch(err => {
console.error('Error running example:', err);
process.exit(1);
});