feat(nftables):add nftables support for nftables

ts/proxies/smart-proxy/models/interfaces.ts

@@ -142,4 +142,7 @@ export interface IConnectionRecord {
   // Browser connection tracking
   isBrowserConnection?: boolean; // Whether this connection appears to be from a browser
   domainSwitches?: number; // Number of times the domain has been switched on this connection
+  
+  // NFTables tracking
+  nftablesHandled?: boolean; // Whether this connection is being handled by NFTables at kernel level
 }

ts/proxies/smart-proxy/models/route-types.ts

@@ -1,6 +1,7 @@
 import * as plugins from '../../../plugins.js';
 import type { IAcmeOptions } from '../../../certificate/models/certificate-types.js';
 import type { TForwardingType } from '../../../forwarding/config/forwarding-types.js';
+import type { PortRange } from '../../../proxies/nftables-proxy/models/interfaces.js';
 
 /**
  * Supported action types for route configurations
@@ -259,6 +260,12 @@ export interface IRouteAction {
     backendProtocol?: 'http1' | 'http2';
     [key: string]: any;
   };
+
+  // Forwarding engine specification
+  forwardingEngine?: 'node' | 'nftables';
+
+  // NFTables-specific options
+  nftables?: INfTablesOptions;
 }
 
 /**
@@ -275,6 +282,19 @@ export interface IRouteRateLimit {
 
 // IRouteSecurity is defined above - unified definition is used for all routes
 
+/**
+ * NFTables-specific configuration options
+ */
+export interface INfTablesOptions {
+  preserveSourceIP?: boolean;     // Preserve original source IP address
+  protocol?: 'tcp' | 'udp' | 'all'; // Protocol to forward
+  maxRate?: string;               // QoS rate limiting (e.g. "10mbps")
+  priority?: number;              // QoS priority (1-10, lower is higher priority)
+  tableName?: string;             // Optional custom table name
+  useIPSets?: boolean;            // Use IP sets for performance
+  useAdvancedNAT?: boolean;       // Use connection tracking for stateful NAT
+}
+
 /**
  * CORS configuration for a route
  */