3.29.1

fix(readme): Update readme for IPTablesProxy options
3.29.0
2025-03-07 14:34:49 +00:00 · 2025-03-07 14:34:49 +00:00 · 2025-03-07 14:30:38 +00:00 · 2025-03-07 14:30:38 +00:00 · 2025-03-07 11:16:45 +00:00 · 2025-03-07 11:16:44 +00:00
10 changed files with 3009 additions and 877 deletions
--- a/changelog.md
+++ b/changelog.md
@ -1,5 +1,68 @@
 # Changelog
 ## 2025-03-07 - 3.29.1 - fix(readme)
 Update readme for IPTablesProxy options
 - Add comprehensive examples for IPTablesProxy usage.
 - Expand IPTablesProxy settings with IPv6, logging, and advanced features.
 - Clarify option defaults and descriptions for IPTablesProxy.
 - Enhance 'Troubleshooting' section with IPTables tips.
 ## 2025-03-07 - 3.29.0 - feat(IPTablesProxy)
 Enhanced IPTablesProxy with multi-port and IPv6 support
 - Added support for specifying multiple ports and port ranges, allowing for more complex network proxy configurations.
 - Introduced IPv6 support to allow handling of IPv6 addressed networks.
 - Implemented more detailed logging and error handling features to improve debugging capabilities.
 - Enhanced integration options with NetworkProxy, allowing for a more seamless routing and termination process.
 - Restructured the initialization and validation process to ensure robust handling of configuration settings.
 ## 2025-03-07 - 3.28.6 - fix(PortProxy)
 Adjust default timeout settings and enhance keep-alive connection handling in PortProxy.
 - Updated default value for maxConnectionLifetime to 24 hours and inactivityTimeout to 4 hours.
 - Introduced enhanced settings for treating keep-alive connections as 'extended' or 'immortal'.
 - Modified logic to avoid closing keep-alive connections unnecessarily by adding inactivity warnings and grace periods.
 ## 2025-03-07 - 3.28.5 - fix(core)
 Ensure proper resource cleanup during server shutdown.
 - Fixed potential hanging of server shutdown due to improper cleanup in promise handling.
 - Corrected potential memory leaks by ensuring all pending and active connections are properly closed during shutdown.
 ## 2025-03-07 - 3.28.4 - fix(router)
 Improve path pattern matching and hostname prioritization in router
 - Enhance path pattern matching capabilities
 - Ensure hostname prioritization in routing logic
 ## 2025-03-06 - 3.28.3 - fix(PortProxy)
 Ensure timeout values are within Node.js safe limits
 - Implemented `ensureSafeTimeout` to keep timeout values under the maximum safe integer for Node.js.
 - Updated timeout configurations in `PortProxy` to include safety checks.
 ## 2025-03-06 - 3.28.2 - fix(portproxy)
 Adjust safe timeout defaults in PortProxy to prevent overflow issues.
 - Adjusted socketTimeout to maximum safe limit (~24.8 days) for PortProxy.
 - Adjusted maxConnectionLifetime to maximum safe limit (~24.8 days) for PortProxy.
 - Ensured enhanced default timeout settings in PortProxy.
 ## 2025-03-06 - 3.28.1 - fix(PortProxy)
 Improved code formatting and readability in PortProxy class by adjusting spacing and comments.
 - Adjusted comment and spacing for better code readability.
 - No functional changes made in the PortProxy class.
 ## 2025-03-06 - 3.28.0 - feat(router)
 Add detailed routing tests and refactor ProxyRouter for improved path matching
 - Implemented a comprehensive test suite for the ProxyRouter class to ensure accurate routing based on hostnames and path patterns.
 - Refactored the ProxyRouter to enhance path matching logic with improvements in wildcard and parameter handling.
 - Improved logging capabilities within the ProxyRouter for enhanced debugging and info level insights.
 - Optimized the data structures for storing and accessing proxy configurations to reduce overhead in routing operations.
 ## 2025-03-06 - 3.27.0 - feat(AcmeCertManager)
 Introduce AcmeCertManager for enhanced ACME certificate management
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "@push.rocks/smartproxy",
-  "version": "3.27.0",
+  "version": "3.29.1",
  "private": false,
  "description": "A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, and dynamic routing with authentication options.",
  "main": "dist_ts/index.js",
@ -28,7 +28,7 @@
    "@push.rocks/smartpromise": "^4.2.3",
    "@push.rocks/smartrequest": "^2.0.23",
    "@push.rocks/smartstring": "^4.0.15",
-    "@tsclass/tsclass": "^4.4.0",
+    "@tsclass/tsclass": "^4.4.3",
    "@types/minimatch": "^5.1.2",
    "@types/ws": "^8.18.0",
    "acme-client": "^5.4.0",
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@ -24,8 +24,8 @@ importers:
        specifier: ^4.0.15
        version: 4.0.15
      '@tsclass/tsclass':
-        specifier: ^4.4.0
+        specifier: ^4.4.3
-        version: 4.4.0
+        version: 4.4.3
      '@types/minimatch':
        specifier: ^5.1.2
        version: 5.1.2
@ -1316,8 +1316,8 @@ packages:
  '@tsclass/tsclass@3.0.48':
    resolution: {integrity: sha512-hC65UvDlp9qvsl6OcIZXz0JNiWZ0gyzsTzbXpg215sGxopgbkOLCr6E0s4qCTnweYm95gt2AdY95uP7M7kExaQ==}
-  '@tsclass/tsclass@4.4.0':
+  '@tsclass/tsclass@4.4.3':
-    resolution: {integrity: sha512-/T3qmxj28yRMM+0x9UtyBmrsJ66flviQEDg3M4kwmWuZQgbrDACa6JXdA0ieqfmuPOXDJRRDKcyKaKvKi2EdwA==}
+    resolution: {integrity: sha512-Vhp+B1UsYlwXLhIeds++CXEeCwFgRzpput4YNM7Qyhr+UQgIMFRFAs2HSI3jEE5r9c1hR9G6MkSxi2U/CLyiaA==}
  '@types/accepts@1.3.7':
    resolution: {integrity: sha512-Pay9fq2lM2wXPWbteBsRAGiWH2hig4ZE2asK+mm7kUzlxRTfL961rj89I6zV/E3PcIkDqyuBEcMxFT7rccugeQ==}
@ -3979,8 +3979,8 @@ packages:
    resolution: {integrity: sha512-RAH822pAdBgcNMAfWnCBU3CFZcfZ/i1eZjwFU/dsLKumyuuP3niueg2UAukXYF0E2AAoc82ZSSf9J0WQBinzHA==}
    engines: {node: '>=12.20'}
-  type-fest@4.33.0:
+  type-fest@4.37.0:
-    resolution: {integrity: sha512-s6zVrxuyKbbAsSAD5ZPTB77q4YIdRctkTbJ2/Dqlinwz+8ooH2gd+YA7VA6Pa93KML9GockVvoxjZ2vHP+mu8g==}
+    resolution: {integrity: sha512-S/5/0kFftkq27FPNye0XM1e2NsnoD/3FS+pBmbjmmtLT6I+i344KoOf7pvXreaFsDamWeaJX55nczA1m5PsBDg==}
    engines: {node: '>=16'}
  type-is@1.6.18:
@ -4286,7 +4286,7 @@ snapshots:
      '@push.rocks/taskbuffer': 3.1.7
      '@push.rocks/webrequest': 3.0.37
      '@push.rocks/webstore': 2.0.20
-      '@tsclass/tsclass': 4.4.0
+      '@tsclass/tsclass': 4.4.3
      '@types/express': 4.17.21
      body-parser: 1.20.3
      cors: 2.8.5
@ -5420,7 +5420,7 @@ snapshots:
      '@push.rocks/smartstring': 4.0.15
      '@push.rocks/smartunique': 3.0.9
      '@push.rocks/taskbuffer': 3.1.7
-      '@tsclass/tsclass': 4.4.0
+      '@tsclass/tsclass': 4.4.3
    transitivePeerDependencies:
      - aws-crt
@ -5442,7 +5442,7 @@ snapshots:
      '@pushrocks/smartjson': 4.0.6
      '@pushrocks/smartpath': 5.0.5
      '@pushrocks/smartpromise': 3.1.10
-      '@tsclass/tsclass': 4.4.0
+      '@tsclass/tsclass': 4.4.3
      mongodb: 4.17.2
    transitivePeerDependencies:
      - aws-crt
@ -5492,7 +5492,7 @@ snapshots:
      '@push.rocks/smartstream': 3.2.5
      '@push.rocks/smartstring': 4.0.15
      '@push.rocks/smartunique': 3.0.9
-      '@tsclass/tsclass': 4.4.0
+      '@tsclass/tsclass': 4.4.3
    transitivePeerDependencies:
      - aws-crt
@ -5542,7 +5542,7 @@ snapshots:
      '@push.rocks/smarttime': 4.1.1
      '@push.rocks/smartunique': 3.0.9
      '@push.rocks/taskbuffer': 3.1.7
-      '@tsclass/tsclass': 4.4.0
+      '@tsclass/tsclass': 4.4.3
      mongodb: 6.13.0(@aws-sdk/credential-providers@3.741.0)(socks@2.8.3)
    transitivePeerDependencies:
      - '@aws-sdk/credential-providers'
@ -5654,7 +5654,7 @@ snapshots:
  '@push.rocks/smartlog-interfaces@3.0.2':
    dependencies:
      '@api.global/typedrequest-interfaces': 2.0.2
-      '@tsclass/tsclass': 4.4.0
+      '@tsclass/tsclass': 4.4.3
  '@push.rocks/smartlog@3.0.7':
    dependencies:
@ -5768,7 +5768,7 @@ snapshots:
      '@push.rocks/smartpromise': 4.2.3
      '@push.rocks/smartpuppeteer': 2.0.2
      '@push.rocks/smartunique': 3.0.9
-      '@tsclass/tsclass': 4.4.0
+      '@tsclass/tsclass': 4.4.3
      '@types/express': 5.0.0
      express: 4.21.2
      pdf-lib: 1.17.1
@ -5817,7 +5817,7 @@ snapshots:
      '@push.rocks/smartbucket': 3.3.7
      '@push.rocks/smartfile': 11.2.0
      '@push.rocks/smartpath': 5.0.18
-      '@tsclass/tsclass': 4.4.0
+      '@tsclass/tsclass': 4.4.3
      '@types/s3rver': 3.7.4
      s3rver: 3.7.1
    transitivePeerDependencies:
@ -5849,7 +5849,7 @@ snapshots:
      '@push.rocks/smartxml': 1.1.1
      '@push.rocks/smartyaml': 2.0.5
      '@push.rocks/webrequest': 3.0.37
-      '@tsclass/tsclass': 4.4.0
+      '@tsclass/tsclass': 4.4.3
  '@push.rocks/smartsocket@2.0.27':
    dependencies:
@ -6008,7 +6008,7 @@ snapshots:
    dependencies:
      '@pushrocks/smartdelay': 3.0.1
      '@pushrocks/smartpromise': 4.0.2
-      '@tsclass/tsclass': 4.4.0
+      '@tsclass/tsclass': 4.4.3
  '@push.rocks/webstore@2.0.20':
    dependencies:
@ -6572,9 +6572,9 @@ snapshots:
    dependencies:
      type-fest: 2.19.0
-  '@tsclass/tsclass@4.4.0':
+  '@tsclass/tsclass@4.4.3':
    dependencies:
-      type-fest: 4.33.0
+      type-fest: 4.37.0
  '@types/accepts@1.3.7':
    dependencies:
@ -9711,7 +9711,7 @@ snapshots:
  type-fest@2.19.0: {}
-  type-fest@4.33.0: {}
+  type-fest@4.37.0: {}
  type-is@1.6.18:
    dependencies:
--- a/readme.md
+++ b/readme.md
@ -320,8 +320,8 @@ portProxy.start();
 ```typescript
 import { IPTablesProxy } from '@push.rocks/smartproxy';
-// Configure IPTables to forward from port 80 to 8080
+// Basic usage - forward single port
-const iptables = new IPTablesProxy({
+const basicProxy = new IPTablesProxy({
  fromPort: 80,
  toPort: 8080,
  toHost: 'localhost',
@ -329,7 +329,38 @@ const iptables = new IPTablesProxy({
  deleteOnExit: true  // Automatically clean up rules on process exit
 });
-iptables.start();
+// Forward port ranges
 const rangeProxy = new IPTablesProxy({
  fromPort: { from: 3000, to: 3010 },  // Forward ports 3000-3010
  toPort: { from: 8000, to: 8010 },    // To ports 8000-8010
  protocol: 'tcp',                     // TCP protocol (default)
  ipv6Support: true,                   // Enable IPv6 support
  enableLogging: true                  // Enable detailed logging
 });
 // Multiple port specifications with IP filtering
 const advancedProxy = new IPTablesProxy({
  fromPort: [80, 443, { from: 8000, to: 8010 }],  // Multiple ports/ranges
  toPort: [8080, 8443, { from: 18000, to: 18010 }],
  allowedSourceIPs: ['10.0.0.0/8', '192.168.1.0/24'],  // Only allow these IPs
  bannedSourceIPs: ['192.168.1.100'],                 // Explicitly block these IPs
  addJumpRule: true,                                  // Use custom chain for better management
  checkExistingRules: true                           // Check for duplicate rules
 });
 // NetworkProxy integration for SSL termination
 const sslProxy = new IPTablesProxy({
  fromPort: 443,
  toPort: 8443,
  netProxyIntegration: {
    enabled: true,
    redirectLocalhost: true,           // Redirect localhost traffic to NetworkProxy
    sslTerminationPort: 8443           // Port where NetworkProxy handles SSL
  }
 });
 // Start any of the proxies
 await basicProxy.start();
 ```
 ### Automatic HTTPS Certificate Management
@ -383,13 +414,30 @@ acmeHandler.addDomain('api.example.com');
 ### IPTablesProxy Settings
-| Option            | Description                                 | Default     |
+| Option                | Description                                       | Default     |
-|-------------------|---------------------------------------------|-------------|
+|-----------------------|---------------------------------------------------|-------------|
-| `fromPort`        | Source port to forward from                 | -           |
+| `fromPort`            | Source port(s) or range(s) to forward from        | -           |
-| `toPort`          | Destination port to forward to              | -           |
+| `toPort`              | Destination port(s) or range(s) to forward to     | -           |
-| `toHost`          | Destination host to forward to              | 'localhost' |
+| `toHost`              | Destination host to forward to                    | 'localhost' |
-| `preserveSourceIP`| Preserve the original client IP             | false       |
+| `preserveSourceIP`    | Preserve the original client IP                   | false       |
-| `deleteOnExit`    | Remove iptables rules when process exits    | false       |
+| `deleteOnExit`        | Remove iptables rules when process exits          | false       |
 | `protocol`            | Protocol to forward ('tcp', 'udp', or 'all')      | 'tcp'       |
 | `enableLogging`       | Enable detailed logging                           | false       |
 | `ipv6Support`         | Enable IPv6 support with ip6tables                | false       |
 | `allowedSourceIPs`    | Array of IP addresses/CIDR allowed to connect     | -           |
 | `bannedSourceIPs`     | Array of IP addresses/CIDR blocked from connecting | -           |
 | `forceCleanSlate`     | Clear all IPTablesProxy rules before starting     | false       |
 | `addJumpRule`         | Add a custom chain for cleaner rule management    | false       |
 | `checkExistingRules`  | Check if rules already exist before adding        | true        |
 | `netProxyIntegration` | NetworkProxy integration options (object)         | -           |
 #### IPTablesProxy NetworkProxy Integration Options
 | Option               | Description                                       | Default |
 |----------------------|---------------------------------------------------|---------|
 | `enabled`            | Enable NetworkProxy integration                   | false   |
 | `redirectLocalhost`  | Redirect localhost traffic to NetworkProxy        | false   |
 | `sslTerminationPort` | Port where NetworkProxy handles SSL termination   | -       |
 ## Advanced Features
@ -442,6 +490,18 @@ The `PortProxy` class can inspect the SNI (Server Name Indication) field in TLS
 - Domain-specific allowed IP ranges
 - Protection against SNI renegotiation attacks
 ### Enhanced IPTables Management
 The improved `IPTablesProxy` class offers advanced capabilities:
 - Support for multiple port ranges and individual ports
 - IPv6 support with ip6tables
 - Source IP filtering with allow/block lists
 - Custom chain creation for better rule organization
 - NetworkProxy integration for SSL termination
 - Automatic rule existence checking to prevent duplicates
 - Comprehensive cleanup on shutdown
 ## Troubleshooting
 ### Browser Certificate Errors
@ -475,6 +535,16 @@ For improved connection stability in high-traffic environments:
 4. **Monitor Connection Statistics**: Enable detailed logging to track termination reasons
 5. **Fine-tune Inactivity Checks**: Adjust `inactivityCheckInterval` based on your traffic patterns
 ### IPTables Troubleshooting
 If you're experiencing issues with IPTablesProxy:
 1. **Enable Detailed Logging**: Set `enableLogging: true` to see all rule operations
 2. **Force Clean Slate**: Use `forceCleanSlate: true` to remove any lingering rules
 3. **Use Custom Chains**: Enable `addJumpRule: true` for cleaner rule management
 4. **Check Permissions**: Ensure your process has sufficient permissions to modify iptables
 5. **Verify IPv6 Support**: If using `ipv6Support: true`, ensure ip6tables is available
 ## License and Legal Information
 This repository contains open-source code that is licensed under the MIT License. A copy of the MIT License can be found in the [license](license) file within this repository. 
--- a/test/test.router.ts
+++ b/test/test.router.ts
@ -0,0 +1,346 @@
 import { expect, tap } from '@push.rocks/tapbundle';
 import * as tsclass from '@tsclass/tsclass';
 import * as http from 'http';
 import { ProxyRouter, type IRouterResult } from '../ts/classes.router.js';
 // Test proxies and configurations
 let router: ProxyRouter;
 // Sample hostname for testing
 const TEST_DOMAIN = 'example.com';
 const TEST_SUBDOMAIN = 'api.example.com';
 const TEST_WILDCARD = '*.example.com';
 // Helper: Creates a mock HTTP request for testing
 function createMockRequest(host: string, url: string = '/'): http.IncomingMessage {
  const req = {
    headers: { host },
    url,
    socket: {
      remoteAddress: '127.0.0.1'
    }
  } as any;
  return req;
 }
 // Helper: Creates a test proxy configuration
 function createProxyConfig(
  hostname: string, 
  destinationIp: string = '10.0.0.1',
  destinationPort: number = 8080
 ): tsclass.network.IReverseProxyConfig {
  return {
    hostName: hostname,
    destinationIp,
    destinationPort: destinationPort.toString(), // Convert to string for IReverseProxyConfig
    publicKey: 'mock-cert',
    privateKey: 'mock-key'
  } as tsclass.network.IReverseProxyConfig;
 }
 // SETUP: Create a ProxyRouter instance
 tap.test('setup proxy router test environment', async () => {
  router = new ProxyRouter();
  // Initialize with empty config
  router.setNewProxyConfigs([]);
 });
 // Test basic routing by hostname
 tap.test('should route requests by hostname', async () => {
  const config = createProxyConfig(TEST_DOMAIN);
  router.setNewProxyConfigs([config]);
  const req = createMockRequest(TEST_DOMAIN);
  const result = router.routeReq(req);
  expect(result).toBeTruthy();
  expect(result).toEqual(config);
 });
 // Test handling of hostname with port number
 tap.test('should handle hostname with port number', async () => {
  const config = createProxyConfig(TEST_DOMAIN);
  router.setNewProxyConfigs([config]);
  const req = createMockRequest(`${TEST_DOMAIN}:443`);
  const result = router.routeReq(req);
  expect(result).toBeTruthy();
  expect(result).toEqual(config);
 });
 // Test case-insensitive hostname matching
 tap.test('should perform case-insensitive hostname matching', async () => {
  const config = createProxyConfig(TEST_DOMAIN.toLowerCase());
  router.setNewProxyConfigs([config]);
  const req = createMockRequest(TEST_DOMAIN.toUpperCase());
  const result = router.routeReq(req);
  expect(result).toBeTruthy();
  expect(result).toEqual(config);
 });
 // Test handling of unmatched hostnames
 tap.test('should return undefined for unmatched hostnames', async () => {
  const config = createProxyConfig(TEST_DOMAIN);
  router.setNewProxyConfigs([config]);
  const req = createMockRequest('unknown.domain.com');
  const result = router.routeReq(req);
  expect(result).toBeUndefined();
 });
 // Test adding path patterns
 tap.test('should match requests using path patterns', async () => {
  const config = createProxyConfig(TEST_DOMAIN);
  router.setNewProxyConfigs([config]);
  // Add a path pattern to the config
  router.setPathPattern(config, '/api/users');
  // Test that path matches
  const req1 = createMockRequest(TEST_DOMAIN, '/api/users');
  const result1 = router.routeReqWithDetails(req1);
  expect(result1).toBeTruthy();
  expect(result1.config).toEqual(config);
  expect(result1.pathMatch).toEqual('/api/users');
  // Test that non-matching path doesn't match
  const req2 = createMockRequest(TEST_DOMAIN, '/web/users');
  const result2 = router.routeReqWithDetails(req2);
  expect(result2).toBeUndefined();
 });
 // Test handling wildcard patterns
 tap.test('should support wildcard path patterns', async () => {
  const config = createProxyConfig(TEST_DOMAIN);
  router.setNewProxyConfigs([config]);
  router.setPathPattern(config, '/api/*');
  // Test with path that matches the wildcard pattern
  const req = createMockRequest(TEST_DOMAIN, '/api/users/123');
  const result = router.routeReqWithDetails(req);
  expect(result).toBeTruthy();
  expect(result.config).toEqual(config);
  expect(result.pathMatch).toEqual('/api');
  // Print the actual value to diagnose issues
  console.log('Path remainder value:', result.pathRemainder);
  expect(result.pathRemainder).toBeTruthy();
  expect(result.pathRemainder).toEqual('/users/123');
 });
 // Test extracting path parameters
 tap.test('should extract path parameters from URL', async () => {
  const config = createProxyConfig(TEST_DOMAIN);
  router.setNewProxyConfigs([config]);
  router.setPathPattern(config, '/users/:id/profile');
  const req = createMockRequest(TEST_DOMAIN, '/users/123/profile');
  const result = router.routeReqWithDetails(req);
  expect(result).toBeTruthy();
  expect(result.config).toEqual(config);
  expect(result.pathParams).toBeTruthy();
  expect(result.pathParams.id).toEqual('123');
 });
 // Test multiple configs for same hostname with different paths
 tap.test('should support multiple configs for same hostname with different paths', async () => {
  const apiConfig = createProxyConfig(TEST_DOMAIN, '10.0.0.1', 8001);
  const webConfig = createProxyConfig(TEST_DOMAIN, '10.0.0.2', 8002);
  // Add both configs
  router.setNewProxyConfigs([apiConfig, webConfig]);
  // Set different path patterns
  router.setPathPattern(apiConfig, '/api');
  router.setPathPattern(webConfig, '/web');
  // Test API path routes to API config
  const apiReq = createMockRequest(TEST_DOMAIN, '/api/users');
  const apiResult = router.routeReq(apiReq);
  expect(apiResult).toEqual(apiConfig);
  // Test web path routes to web config
  const webReq = createMockRequest(TEST_DOMAIN, '/web/dashboard');
  const webResult = router.routeReq(webReq);
  expect(webResult).toEqual(webConfig);
  // Test unknown path returns undefined
  const unknownReq = createMockRequest(TEST_DOMAIN, '/unknown');
  const unknownResult = router.routeReq(unknownReq);
  expect(unknownResult).toBeUndefined();
 });
 // Test wildcard subdomains
 tap.test('should match wildcard subdomains', async () => {
  const wildcardConfig = createProxyConfig(TEST_WILDCARD);
  router.setNewProxyConfigs([wildcardConfig]);
  // Test that subdomain.example.com matches *.example.com
  const req = createMockRequest('subdomain.example.com');
  const result = router.routeReq(req);
  expect(result).toBeTruthy();
  expect(result).toEqual(wildcardConfig);
 });
 // Test default configuration fallback
 tap.test('should fall back to default configuration', async () => {
  const defaultConfig = createProxyConfig('*');
  const specificConfig = createProxyConfig(TEST_DOMAIN);
  router.setNewProxyConfigs([defaultConfig, specificConfig]);
  // Test specific domain routes to specific config
  const specificReq = createMockRequest(TEST_DOMAIN);
  const specificResult = router.routeReq(specificReq);
  expect(specificResult).toEqual(specificConfig);
  // Test unknown domain falls back to default config
  const unknownReq = createMockRequest('unknown.com');
  const unknownResult = router.routeReq(unknownReq);
  expect(unknownResult).toEqual(defaultConfig);
 });
 // Test priority between exact and wildcard matches
 tap.test('should prioritize exact hostname over wildcard', async () => {
  const wildcardConfig = createProxyConfig(TEST_WILDCARD);
  const exactConfig = createProxyConfig(TEST_SUBDOMAIN);
  router.setNewProxyConfigs([wildcardConfig, exactConfig]);
  // Test that exact match takes priority
  const req = createMockRequest(TEST_SUBDOMAIN);
  const result = router.routeReq(req);
  expect(result).toEqual(exactConfig);
 });
 // Test adding and removing configurations
 tap.test('should manage configurations correctly', async () => {
  router.setNewProxyConfigs([]);
  // Add a config
  const config = createProxyConfig(TEST_DOMAIN);
  router.addProxyConfig(config);
  // Verify routing works
  const req = createMockRequest(TEST_DOMAIN);
  let result = router.routeReq(req);
  expect(result).toEqual(config);
  // Remove the config and verify it no longer routes
  const removed = router.removeProxyConfig(TEST_DOMAIN);
  expect(removed).toBeTrue();
  result = router.routeReq(req);
  expect(result).toBeUndefined();
 });
 // Test path pattern specificity
 tap.test('should prioritize more specific path patterns', async () => {
  const genericConfig = createProxyConfig(TEST_DOMAIN, '10.0.0.1', 8001);
  const specificConfig = createProxyConfig(TEST_DOMAIN, '10.0.0.2', 8002);
  router.setNewProxyConfigs([genericConfig, specificConfig]);
  router.setPathPattern(genericConfig, '/api/*');
  router.setPathPattern(specificConfig, '/api/users');
  // The more specific '/api/users' should match before the '/api/*' wildcard
  const req = createMockRequest(TEST_DOMAIN, '/api/users');
  const result = router.routeReq(req);
  expect(result).toEqual(specificConfig);
 });
 // Test getHostnames method
 tap.test('should retrieve all configured hostnames', async () => {
  router.setNewProxyConfigs([
    createProxyConfig(TEST_DOMAIN),
    createProxyConfig(TEST_SUBDOMAIN)
  ]);
  const hostnames = router.getHostnames();
  expect(hostnames.length).toEqual(2);
  expect(hostnames).toContain(TEST_DOMAIN.toLowerCase());
  expect(hostnames).toContain(TEST_SUBDOMAIN.toLowerCase());
 });
 // Test handling missing host header
 tap.test('should handle missing host header', async () => {
  const defaultConfig = createProxyConfig('*');
  router.setNewProxyConfigs([defaultConfig]);
  const req = createMockRequest('');
  req.headers.host = undefined;
  const result = router.routeReq(req);
  expect(result).toEqual(defaultConfig);
 });
 // Test complex path parameters
 tap.test('should handle complex path parameters', async () => {
  const config = createProxyConfig(TEST_DOMAIN);
  router.setNewProxyConfigs([config]);
  router.setPathPattern(config, '/api/:version/users/:userId/posts/:postId');
  const req = createMockRequest(TEST_DOMAIN, '/api/v1/users/123/posts/456');
  const result = router.routeReqWithDetails(req);
  expect(result).toBeTruthy();
  expect(result.config).toEqual(config);
  expect(result.pathParams).toBeTruthy();
  expect(result.pathParams.version).toEqual('v1');
  expect(result.pathParams.userId).toEqual('123');
  expect(result.pathParams.postId).toEqual('456');
 });
 // Performance test
 tap.test('should handle many configurations efficiently', async () => {
  const configs = [];
  // Create many configs with different hostnames
  for (let i = 0; i < 100; i++) {
    configs.push(createProxyConfig(`host-${i}.example.com`));
  }
  router.setNewProxyConfigs(configs);
  // Test middle of the list to avoid best/worst case
  const req = createMockRequest('host-50.example.com');
  const result = router.routeReq(req);
  expect(result).toEqual(configs[50]);
 });
 // Test cleanup
 tap.test('cleanup proxy router test environment', async () => {
  // Clear all configurations
  router.setNewProxyConfigs([]);
  // Verify empty state
  expect(router.getHostnames().length).toEqual(0);
  expect(router.getProxyConfigs().length).toEqual(0);
 });
 export default tap.start();
--- a/ts/00_commitinfo_data.ts
+++ b/ts/00_commitinfo_data.ts
@ -3,6 +3,6 @@
 */
 export const commitinfo = {
  name: '@push.rocks/smartproxy',
-  version: '3.27.0',
+  version: '3.29.1',
  description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, and dynamic routing with authentication options.'
 }
--- a/ts/classes.iptablesproxy.ts
+++ b/ts/classes.iptablesproxy.ts
@ -3,43 +3,100 @@ import { promisify } from 'util';
 const execAsync = promisify(exec);
 /**
 * Represents a port range for forwarding
 */
 export interface IPortRange {
  from: number;
  to: number;
 }
 /**
 * Settings for IPTablesProxy.
 */
 export interface IIpTableProxySettings {
-  fromPort: number;
+  // Basic settings
-  toPort: number;
+  fromPort: number | IPortRange | Array<number | IPortRange>; // Support single port, port range, or multiple ports/ranges
  toPort: number | IPortRange | Array<number | IPortRange>;
  toHost?: string; // Target host for proxying; defaults to 'localhost'
-  preserveSourceIP?: boolean; // If true, the original source IP is preserved.
+  
-  deleteOnExit?: boolean;   // If true, clean up marked iptables rules before process exit.
+  // Advanced settings
  preserveSourceIP?: boolean; // If true, the original source IP is preserved
  deleteOnExit?: boolean;     // If true, clean up marked iptables rules before process exit
  protocol?: 'tcp' | 'udp' | 'all'; // Protocol to forward, defaults to 'tcp'
  enableLogging?: boolean;    // Enable detailed logging
  ipv6Support?: boolean;      // Enable IPv6 support (ip6tables)
  // Source filtering
  allowedSourceIPs?: string[]; // If provided, only these IPs are allowed
  bannedSourceIPs?: string[];  // If provided, these IPs are blocked
  // Rule management
  forceCleanSlate?: boolean;   // Clear all IPTablesProxy rules before starting
  addJumpRule?: boolean;       // Add a custom chain for cleaner rule management
  checkExistingRules?: boolean; // Check if rules already exist before adding
  // Integration with PortProxy/NetworkProxy
  netProxyIntegration?: {
    enabled: boolean;
    redirectLocalhost?: boolean; // Redirect localhost traffic to NetworkProxy
    sslTerminationPort?: number; // Port where NetworkProxy handles SSL termination
  };
 }
 /**
 * Represents a rule added to iptables
 */
 interface IpTablesRule {
  table: string;
  chain: string;
  command: string;
  tag: string;
  added: boolean;
 }
 /**
 * IPTablesProxy sets up iptables NAT rules to forward TCP traffic.
- * It only supports basic port forwarding and uses iptables comments to tag rules.
+ * Enhanced with multi-port support, IPv6, and integration with PortProxy/NetworkProxy.
 */
 export class IPTablesProxy {
  public settings: IIpTableProxySettings;
-  private rulesInstalled: boolean = false;
+  private rules: IpTablesRule[] = [];
  private ruleTag: string;
  private customChain: string | null = null;
  constructor(settings: IIpTableProxySettings) {
    // Validate inputs to prevent command injection
    this.validateSettings(settings);
    // Set default settings
    this.settings = {
      ...settings,
      toHost: settings.toHost || 'localhost',
      protocol: settings.protocol || 'tcp',
      enableLogging: settings.enableLogging !== undefined ? settings.enableLogging : false,
      ipv6Support: settings.ipv6Support !== undefined ? settings.ipv6Support : false,
      checkExistingRules: settings.checkExistingRules !== undefined ? settings.checkExistingRules : true,
      netProxyIntegration: settings.netProxyIntegration || { enabled: false }
    };
-    // Generate a unique identifier for the rules added by this instance.
+    
    // Generate a unique identifier for the rules added by this instance
    this.ruleTag = `IPTablesProxy:${Date.now()}:${Math.random().toString(36).substr(2, 5)}`;
-    // If deleteOnExit is true, register cleanup handlers.
+    if (this.settings.addJumpRule) {
      this.customChain = `IPTablesProxy_${Math.random().toString(36).substr(2, 5)}`;
    }
    // Register cleanup handlers if deleteOnExit is true
    if (this.settings.deleteOnExit) {
      const cleanup = () => {
        try {
-          IPTablesProxy.cleanSlateSync();
+          this.stopSync();
        } catch (err) {
          console.error('Error cleaning iptables rules on exit:', err);
        }
      };
      process.on('exit', cleanup);
      process.on('SIGINT', () => {
        cleanup();
@ -53,76 +110,591 @@ export class IPTablesProxy {
  }
  /**
-   * Sets up iptables rules for port forwarding.
+   * Validates settings to prevent command injection and ensure valid values
   * The rules are tagged with a unique comment so that they can be identified later.
   */
-  public async start(): Promise<void> {
+  private validateSettings(settings: IIpTableProxySettings): void {
-    const dnatCmd = `iptables -t nat -A PREROUTING -p tcp --dport ${this.settings.fromPort} ` +
+    // Validate port numbers
-      `-j DNAT --to-destination ${this.settings.toHost}:${this.settings.toPort} ` +
+    const validatePorts = (port: number | IPortRange | Array<number | IPortRange>) => {
-      `-m comment --comment "${this.ruleTag}:DNAT"`;
+      if (Array.isArray(port)) {
-    try {
+        port.forEach(p => validatePorts(p));
-      await execAsync(dnatCmd);
+        return;
-      console.log(`Added iptables rule: ${dnatCmd}`);
+      }
      this.rulesInstalled = true;
    } catch (err) {
      console.error(`Failed to add iptables DNAT rule: ${err}`);
      throw err;
    }
-    // If preserveSourceIP is false, add a MASQUERADE rule.
+      if (typeof port === 'number') {
-    if (!this.settings.preserveSourceIP) {
+        if (port < 1 || port > 65535) {
-      const masqueradeCmd = `iptables -t nat -A POSTROUTING -p tcp -d ${this.settings.toHost} ` +
+          throw new Error(`Invalid port number: ${port}`);
        `--dport ${this.settings.toPort} -j MASQUERADE ` +
        `-m comment --comment "${this.ruleTag}:MASQ"`;
      try {
        await execAsync(masqueradeCmd);
        console.log(`Added iptables rule: ${masqueradeCmd}`);
      } catch (err) {
        console.error(`Failed to add iptables MASQUERADE rule: ${err}`);
        // Roll back the DNAT rule if MASQUERADE fails.
        try {
          const rollbackCmd = `iptables -t nat -D PREROUTING -p tcp --dport ${this.settings.fromPort} ` +
            `-j DNAT --to-destination ${this.settings.toHost}:${this.settings.toPort} ` +
            `-m comment --comment "${this.ruleTag}:DNAT"`;
          await execAsync(rollbackCmd);
          this.rulesInstalled = false;
        } catch (rollbackErr) {
          console.error(`Rollback failed: ${rollbackErr}`);
        }
-        throw err;
+      } else if (typeof port === 'object') {
        if (port.from < 1 || port.from > 65535 || port.to < 1 || port.to > 65535 || port.from > port.to) {
          throw new Error(`Invalid port range: ${port.from}-${port.to}`);
        }
      }
    };
    validatePorts(settings.fromPort);
    validatePorts(settings.toPort);
    // Define regex patterns at the method level so they're available throughout
    const ipRegex = /^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))?$/;
    const ipv6Regex = /^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))(\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$/;
    // Validate IP addresses
    const validateIPs = (ips?: string[]) => {
      if (!ips) return;
      for (const ip of ips) {
        if (!ipRegex.test(ip) && !ipv6Regex.test(ip)) {
          throw new Error(`Invalid IP address format: ${ip}`);
        }
      }
    };
    validateIPs(settings.allowedSourceIPs);
    validateIPs(settings.bannedSourceIPs);
    // Validate toHost - only allow hostnames or IPs
    if (settings.toHost) {
      const hostRegex = /^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$/;
      if (!hostRegex.test(settings.toHost) && !ipRegex.test(settings.toHost) && !ipv6Regex.test(settings.toHost)) {
        throw new Error(`Invalid host format: ${settings.toHost}`);
      }
    }
  }
  /**
-   * Removes the iptables rules that were added in start(), by matching the unique comment.
+   * Normalizes port specifications into an array of port ranges
   */
-  public async stop(): Promise<void> {
+  private normalizePortSpec(portSpec: number | IPortRange | Array<number | IPortRange>): IPortRange[] {
-    if (!this.rulesInstalled) return;
+    const result: IPortRange[] = [];
-    const dnatDelCmd = `iptables -t nat -D PREROUTING -p tcp --dport ${this.settings.fromPort} ` +
+    if (Array.isArray(portSpec)) {
-      `-j DNAT --to-destination ${this.settings.toHost}:${this.settings.toPort} ` +
+      // If it's an array, process each element
-      `-m comment --comment "${this.ruleTag}:DNAT"`;
+      for (const spec of portSpec) {
-    try {
+        result.push(...this.normalizePortSpec(spec));
-      await execAsync(dnatDelCmd);
+      }
-      console.log(`Removed iptables rule: ${dnatDelCmd}`);
+    } else if (typeof portSpec === 'number') {
-    } catch (err) {
+      // Single port becomes a range with the same start and end
-      console.error(`Failed to remove iptables DNAT rule: ${err}`);
+      result.push({ from: portSpec, to: portSpec });
    } else {
      // Already a range
      result.push(portSpec);
    }
-    if (!this.settings.preserveSourceIP) {
+    return result;
-      const masqueradeDelCmd = `iptables -t nat -D POSTROUTING -p tcp -d ${this.settings.toHost} ` +
+  }
-        `--dport ${this.settings.toPort} -j MASQUERADE ` +
+
-        `-m comment --comment "${this.ruleTag}:MASQ"`;
+  /**
-      try {
+   * Gets the appropriate iptables command based on settings
-        await execAsync(masqueradeDelCmd);
+   */
-        console.log(`Removed iptables rule: ${masqueradeDelCmd}`);
+  private getIptablesCommand(isIpv6: boolean = false): string {
-      } catch (err) {
+    return isIpv6 ? 'ip6tables' : 'iptables';
-        console.error(`Failed to remove iptables MASQUERADE rule: ${err}`);
+  }
  /**
   * Checks if a rule already exists in iptables
   */
  private async ruleExists(table: string, command: string, isIpv6: boolean = false): Promise<boolean> {
    try {
      const iptablesCmd = this.getIptablesCommand(isIpv6);
      const { stdout } = await execAsync(`${iptablesCmd}-save -t ${table}`);
      // Convert the command to the format found in iptables-save output
      // (This is a simplification - in reality, you'd need more parsing)
      const rulePattern = command.replace(`${iptablesCmd} -t ${table} -A `, '-A ');
      return stdout.split('\n').some(line => line.trim() === rulePattern);
    } catch (err) {
      this.log('error', `Failed to check if rule exists: ${err}`);
      return false;
    }
  }
  /**
   * Sets up a custom chain for better rule management
   */
  private async setupCustomChain(isIpv6: boolean = false): Promise<boolean> {
    if (!this.customChain) return true;
    const iptablesCmd = this.getIptablesCommand(isIpv6);
    const table = 'nat';
    try {
      // Create the chain
      await execAsync(`${iptablesCmd} -t ${table} -N ${this.customChain}`);
      this.log('info', `Created custom chain: ${this.customChain}`);
      // Add jump rule to PREROUTING chain
      const jumpCommand = `${iptablesCmd} -t ${table} -A PREROUTING -j ${this.customChain} -m comment --comment "${this.ruleTag}:JUMP"`;
      await execAsync(jumpCommand);
      this.log('info', `Added jump rule to ${this.customChain}`);
      // Store the jump rule
      this.rules.push({
        table,
        chain: 'PREROUTING',
        command: jumpCommand,
        tag: `${this.ruleTag}:JUMP`,
        added: true
      });
      return true;
    } catch (err) {
      this.log('error', `Failed to set up custom chain: ${err}`);
      return false;
    }
  }
  /**
   * Add a source IP filter rule
   */
  private async addSourceIPFilter(isIpv6: boolean = false): Promise<boolean> {
    if (!this.settings.allowedSourceIPs && !this.settings.bannedSourceIPs) {
      return true;
    }
    const iptablesCmd = this.getIptablesCommand(isIpv6);
    const table = 'nat';
    const chain = this.customChain || 'PREROUTING';
    try {
      // Add banned IPs first (explicit deny)
      if (this.settings.bannedSourceIPs && this.settings.bannedSourceIPs.length > 0) {
        for (const ip of this.settings.bannedSourceIPs) {
          const command = `${iptablesCmd} -t ${table} -A ${chain} -s ${ip} -j DROP -m comment --comment "${this.ruleTag}:BANNED"`;
          // Check if rule already exists
          if (this.settings.checkExistingRules && await this.ruleExists(table, command, isIpv6)) {
            this.log('info', `Rule already exists, skipping: ${command}`);
            continue;
          }
          await execAsync(command);
          this.log('info', `Added banned IP rule: ${command}`);
          this.rules.push({
            table,
            chain,
            command,
            tag: `${this.ruleTag}:BANNED`,
            added: true
          });
        }
      }
      // Add allowed IPs (explicit allow)
      if (this.settings.allowedSourceIPs && this.settings.allowedSourceIPs.length > 0) {
        // First add a default deny for all
        const denyAllCommand = `${iptablesCmd} -t ${table} -A ${chain} -p ${this.settings.protocol} -j DROP -m comment --comment "${this.ruleTag}:DENY_ALL"`;
        // Add allow rules for specific IPs
        for (const ip of this.settings.allowedSourceIPs) {
          const command = `${iptablesCmd} -t ${table} -A ${chain} -s ${ip} -p ${this.settings.protocol} -j ACCEPT -m comment --comment "${this.ruleTag}:ALLOWED"`;
          // Check if rule already exists
          if (this.settings.checkExistingRules && await this.ruleExists(table, command, isIpv6)) {
            this.log('info', `Rule already exists, skipping: ${command}`);
            continue;
          }
          await execAsync(command);
          this.log('info', `Added allowed IP rule: ${command}`);
          this.rules.push({
            table,
            chain,
            command,
            tag: `${this.ruleTag}:ALLOWED`,
            added: true
          });
        }
        // Now add the default deny after all allows
        if (this.settings.checkExistingRules && await this.ruleExists(table, denyAllCommand, isIpv6)) {
          this.log('info', `Rule already exists, skipping: ${denyAllCommand}`);
        } else {
          await execAsync(denyAllCommand);
          this.log('info', `Added default deny rule: ${denyAllCommand}`);
          this.rules.push({
            table,
            chain,
            command: denyAllCommand,
            tag: `${this.ruleTag}:DENY_ALL`,
            added: true
          });
        }
      }
      return true;
    } catch (err) {
      this.log('error', `Failed to add source IP filter rules: ${err}`);
      return false;
    }
  }
  /**
   * Adds a port forwarding rule
   */
  private async addPortForwardingRule(
    fromPortRange: IPortRange,
    toPortRange: IPortRange,
    isIpv6: boolean = false
  ): Promise<boolean> {
    const iptablesCmd = this.getIptablesCommand(isIpv6);
    const table = 'nat';
    const chain = this.customChain || 'PREROUTING';
    try {
      // Handle single port case
      if (fromPortRange.from === fromPortRange.to && toPortRange.from === toPortRange.to) {
        // Single port forward
        const command = `${iptablesCmd} -t ${table} -A ${chain} -p ${this.settings.protocol} --dport ${fromPortRange.from} ` +
          `-j DNAT --to-destination ${this.settings.toHost}:${toPortRange.from} ` +
          `-m comment --comment "${this.ruleTag}:DNAT"`;
        // Check if rule already exists
        if (this.settings.checkExistingRules && await this.ruleExists(table, command, isIpv6)) {
          this.log('info', `Rule already exists, skipping: ${command}`);
        } else {
          await execAsync(command);
          this.log('info', `Added port forwarding rule: ${command}`);
          this.rules.push({
            table,
            chain,
            command,
            tag: `${this.ruleTag}:DNAT`,
            added: true
          });
        }
      } else if (fromPortRange.to - fromPortRange.from === toPortRange.to - toPortRange.from) {
        // Port range forward with equal ranges
        const command = `${iptablesCmd} -t ${table} -A ${chain} -p ${this.settings.protocol} --dport ${fromPortRange.from}:${fromPortRange.to} ` +
          `-j DNAT --to-destination ${this.settings.toHost}:${toPortRange.from}-${toPortRange.to} ` +
          `-m comment --comment "${this.ruleTag}:DNAT_RANGE"`;
        // Check if rule already exists
        if (this.settings.checkExistingRules && await this.ruleExists(table, command, isIpv6)) {
          this.log('info', `Rule already exists, skipping: ${command}`);
        } else {
          await execAsync(command);
          this.log('info', `Added port range forwarding rule: ${command}`);
          this.rules.push({
            table,
            chain,
            command,
            tag: `${this.ruleTag}:DNAT_RANGE`,
            added: true
          });
        }
      } else {
        // Unequal port ranges need individual rules
        for (let i = 0; i <= fromPortRange.to - fromPortRange.from; i++) {
          const fromPort = fromPortRange.from + i;
          const toPort = toPortRange.from + i % (toPortRange.to - toPortRange.from + 1);
          const command = `${iptablesCmd} -t ${table} -A ${chain} -p ${this.settings.protocol} --dport ${fromPort} ` +
            `-j DNAT --to-destination ${this.settings.toHost}:${toPort} ` +
            `-m comment --comment "${this.ruleTag}:DNAT_INDIVIDUAL"`;
          // Check if rule already exists
          if (this.settings.checkExistingRules && await this.ruleExists(table, command, isIpv6)) {
            this.log('info', `Rule already exists, skipping: ${command}`);
            continue;
          }
          await execAsync(command);
          this.log('info', `Added individual port forwarding rule: ${command}`);
          this.rules.push({
            table,
            chain,
            command,
            tag: `${this.ruleTag}:DNAT_INDIVIDUAL`,
            added: true
          });
        }
      }
      // If preserveSourceIP is false, add a MASQUERADE rule
      if (!this.settings.preserveSourceIP) {
        // For port range
        const masqCommand = `${iptablesCmd} -t nat -A POSTROUTING -p ${this.settings.protocol} -d ${this.settings.toHost} ` +
          `--dport ${toPortRange.from}:${toPortRange.to} -j MASQUERADE ` +
          `-m comment --comment "${this.ruleTag}:MASQ"`;
        // Check if rule already exists
        if (this.settings.checkExistingRules && await this.ruleExists('nat', masqCommand, isIpv6)) {
          this.log('info', `Rule already exists, skipping: ${masqCommand}`);
        } else {
          await execAsync(masqCommand);
          this.log('info', `Added MASQUERADE rule: ${masqCommand}`);
          this.rules.push({
            table: 'nat',
            chain: 'POSTROUTING',
            command: masqCommand,
            tag: `${this.ruleTag}:MASQ`,
            added: true
          });
        }
      }
      return true;
    } catch (err) {
      this.log('error', `Failed to add port forwarding rule: ${err}`);
      // Try to roll back any rules that were already added
      await this.rollbackRules();
      return false;
    }
  }
  /**
   * Special handling for NetworkProxy integration
   */
  private async setupNetworkProxyIntegration(isIpv6: boolean = false): Promise<boolean> {
    if (!this.settings.netProxyIntegration?.enabled) {
      return true;
    }
    const netProxyConfig = this.settings.netProxyIntegration;
    const iptablesCmd = this.getIptablesCommand(isIpv6);
    const table = 'nat';
    const chain = this.customChain || 'PREROUTING';
    try {
      // If redirectLocalhost is true, set up special rule to redirect localhost traffic to NetworkProxy
      if (netProxyConfig.redirectLocalhost && netProxyConfig.sslTerminationPort) {
        const redirectCommand = `${iptablesCmd} -t ${table} -A OUTPUT -p tcp -d 127.0.0.1 -j REDIRECT ` +
          `--to-port ${netProxyConfig.sslTerminationPort} ` +
          `-m comment --comment "${this.ruleTag}:NETPROXY_REDIRECT"`;
        // Check if rule already exists
        if (this.settings.checkExistingRules && await this.ruleExists(table, redirectCommand, isIpv6)) {
          this.log('info', `Rule already exists, skipping: ${redirectCommand}`);
        } else {
          await execAsync(redirectCommand);
          this.log('info', `Added NetworkProxy redirection rule: ${redirectCommand}`);
          this.rules.push({
            table,
            chain: 'OUTPUT',
            command: redirectCommand,
            tag: `${this.ruleTag}:NETPROXY_REDIRECT`,
            added: true
          });
        }
      }
      return true;
    } catch (err) {
      this.log('error', `Failed to set up NetworkProxy integration: ${err}`);
      return false;
    }
  }
  /**
   * Rolls back rules that were added in case of error
   */
  private async rollbackRules(): Promise<void> {
    // Process rules in reverse order (LIFO)
    for (let i = this.rules.length - 1; i >= 0; i--) {
      const rule = this.rules[i];
      if (rule.added) {
        try {
          // Convert -A (add) to -D (delete)
          const deleteCommand = rule.command.replace('-A', '-D');
          await execAsync(deleteCommand);
          this.log('info', `Rolled back rule: ${deleteCommand}`);
          rule.added = false;
        } catch (err) {
          this.log('error', `Failed to roll back rule: ${err}`);
        }
      }
    }
  }
  /**
   * Sets up iptables rules for port forwarding with enhanced features
   */
  public async start(): Promise<void> {
    // Optionally clean the slate first
    if (this.settings.forceCleanSlate) {
      await IPTablesProxy.cleanSlate();
    }
    // First set up any custom chains
    if (this.settings.addJumpRule) {
      const chainSetupSuccess = await this.setupCustomChain();
      if (!chainSetupSuccess) {
        throw new Error('Failed to set up custom chain');
      }
      // For IPv6 if enabled
      if (this.settings.ipv6Support) {
        const chainSetupSuccessIpv6 = await this.setupCustomChain(true);
        if (!chainSetupSuccessIpv6) {
          this.log('warn', 'Failed to set up IPv6 custom chain, continuing with IPv4 only');
        }
      }
    }
-    this.rulesInstalled = false;
+    // Add source IP filters
    await this.addSourceIPFilter();
    if (this.settings.ipv6Support) {
      await this.addSourceIPFilter(true);
    }
    // Set up NetworkProxy integration if enabled
    if (this.settings.netProxyIntegration?.enabled) {
      const netProxySetupSuccess = await this.setupNetworkProxyIntegration();
      if (!netProxySetupSuccess) {
        this.log('warn', 'Failed to set up NetworkProxy integration');
      }
      if (this.settings.ipv6Support) {
        await this.setupNetworkProxyIntegration(true);
      }
    }
    // Normalize port specifications
    const fromPortRanges = this.normalizePortSpec(this.settings.fromPort);
    const toPortRanges = this.normalizePortSpec(this.settings.toPort);
    // Handle the case where fromPort and toPort counts don't match
    if (fromPortRanges.length !== toPortRanges.length) {
      if (toPortRanges.length === 1) {
        // If there's only one toPort, use it for all fromPorts
        for (const fromRange of fromPortRanges) {
          await this.addPortForwardingRule(fromRange, toPortRanges[0]);
          if (this.settings.ipv6Support) {
            await this.addPortForwardingRule(fromRange, toPortRanges[0], true);
          }
        }
      } else {
        throw new Error('Mismatched port counts: fromPort and toPort arrays must have equal length or toPort must be a single value');
      }
    } else {
      // Add port forwarding rules for each port specification
      for (let i = 0; i < fromPortRanges.length; i++) {
        await this.addPortForwardingRule(fromPortRanges[i], toPortRanges[i]);
        if (this.settings.ipv6Support) {
          await this.addPortForwardingRule(fromPortRanges[i], toPortRanges[i], true);
        }
      }
    }
    // Final check - ensure we have at least one rule added
    if (this.rules.filter(r => r.added).length === 0) {
      throw new Error('No rules were added');
    }
  }
  /**
   * Removes all added iptables rules
   */
  public async stop(): Promise<void> {
    // Process rules in reverse order (LIFO)
    for (let i = this.rules.length - 1; i >= 0; i--) {
      const rule = this.rules[i];
      if (rule.added) {
        try {
          // Convert -A (add) to -D (delete)
          const deleteCommand = rule.command.replace('-A', '-D');
          await execAsync(deleteCommand);
          this.log('info', `Removed rule: ${deleteCommand}`);
          rule.added = false;
        } catch (err) {
          this.log('error', `Failed to remove rule: ${err}`);
        }
      }
    }
    // If we created a custom chain, we need to clean it up
    if (this.customChain) {
      try {
        // First flush the chain
        await execAsync(`iptables -t nat -F ${this.customChain}`);
        this.log('info', `Flushed custom chain: ${this.customChain}`);
        // Then delete it
        await execAsync(`iptables -t nat -X ${this.customChain}`);
        this.log('info', `Deleted custom chain: ${this.customChain}`);
        // Same for IPv6 if enabled
        if (this.settings.ipv6Support) {
          try {
            await execAsync(`ip6tables -t nat -F ${this.customChain}`);
            await execAsync(`ip6tables -t nat -X ${this.customChain}`);
            this.log('info', `Deleted IPv6 custom chain: ${this.customChain}`);
          } catch (err) {
            this.log('error', `Failed to delete IPv6 custom chain: ${err}`);
          }
        }
      } catch (err) {
        this.log('error', `Failed to delete custom chain: ${err}`);
      }
    }
    // Clear rules array
    this.rules = [];
  }
  /**
   * Synchronous version of stop, for use in exit handlers
   */
  public stopSync(): void {
    // Process rules in reverse order (LIFO)
    for (let i = this.rules.length - 1; i >= 0; i--) {
      const rule = this.rules[i];
      if (rule.added) {
        try {
          // Convert -A (add) to -D (delete)
          const deleteCommand = rule.command.replace('-A', '-D');
          execSync(deleteCommand);
          this.log('info', `Removed rule: ${deleteCommand}`);
          rule.added = false;
        } catch (err) {
          this.log('error', `Failed to remove rule: ${err}`);
        }
      }
    }
    // If we created a custom chain, we need to clean it up
    if (this.customChain) {
      try {
        // First flush the chain
        execSync(`iptables -t nat -F ${this.customChain}`);
        // Then delete it
        execSync(`iptables -t nat -X ${this.customChain}`);
        this.log('info', `Deleted custom chain: ${this.customChain}`);
        // Same for IPv6 if enabled
        if (this.settings.ipv6Support) {
          try {
            execSync(`ip6tables -t nat -F ${this.customChain}`);
            execSync(`ip6tables -t nat -X ${this.customChain}`);
          } catch (err) {
            // IPv6 failures are non-critical
          }
        }
      } catch (err) {
        this.log('error', `Failed to delete custom chain: ${err}`);
      }
    }
    // Clear rules array
    this.rules = [];
  }
  /**
@ -130,26 +702,88 @@ export class IPTablesProxy {
   * It looks for rules with comments containing "IPTablesProxy:".
   */
  public static async cleanSlate(): Promise<void> {
    await IPTablesProxy.cleanSlateInternal();
    // Also clean IPv6 rules
    await IPTablesProxy.cleanSlateInternal(true);
  }
  /**
   * Internal implementation of cleanSlate with IPv6 support
   */
  private static async cleanSlateInternal(isIpv6: boolean = false): Promise<void> {
    const iptablesCmd = isIpv6 ? 'ip6tables' : 'iptables';
    try {
-      const { stdout } = await execAsync('iptables-save -t nat');
+      const { stdout } = await execAsync(`${iptablesCmd}-save -t nat`);
      const lines = stdout.split('\n');
      const proxyLines = lines.filter(line => line.includes('IPTablesProxy:'));
      // First, find and remove any custom chains
      const customChains = new Set<string>();
      const jumpRules: string[] = [];
      for (const line of proxyLines) {
-        const trimmedLine = line.trim();
+        if (line.includes('IPTablesProxy:JUMP')) {
-        if (trimmedLine.startsWith('-A')) {
+          // Extract chain name from jump rule
-          // Replace the "-A" with "-D" to form a deletion command.
+          const match = line.match(/\s+-j\s+(\S+)\s+/);
-          const deleteRule = trimmedLine.replace('-A', '-D');
+          if (match && match[1].startsWith('IPTablesProxy_')) {
-          const cmd = `iptables -t nat ${deleteRule}`;
+            customChains.add(match[1]);
-          try {
+            jumpRules.push(line);
            await execAsync(cmd);
            console.log(`Cleaned up iptables rule: ${cmd}`);
          } catch (err) {
            console.error(`Failed to remove iptables rule: ${cmd}`, err);
          }
        }
      }
      // Remove jump rules first
      for (const line of jumpRules) {
        const trimmedLine = line.trim();
        if (trimmedLine.startsWith('-A')) {
          // Replace the "-A" with "-D" to form a deletion command
          const deleteRule = trimmedLine.replace('-A', '-D');
          const cmd = `${iptablesCmd} -t nat ${deleteRule}`;
          try {
            await execAsync(cmd);
            console.log(`Cleaned up iptables jump rule: ${cmd}`);
          } catch (err) {
            console.error(`Failed to remove iptables jump rule: ${cmd}`, err);
          }
        }
      }
      // Then remove all other rules
      for (const line of proxyLines) {
        if (!line.includes('IPTablesProxy:JUMP')) { // Skip jump rules we already handled
          const trimmedLine = line.trim();
          if (trimmedLine.startsWith('-A')) {
            // Replace the "-A" with "-D" to form a deletion command
            const deleteRule = trimmedLine.replace('-A', '-D');
            const cmd = `${iptablesCmd} -t nat ${deleteRule}`;
            try {
              await execAsync(cmd);
              console.log(`Cleaned up iptables rule: ${cmd}`);
            } catch (err) {
              console.error(`Failed to remove iptables rule: ${cmd}`, err);
            }
          }
        }
      }
      // Finally clean up custom chains
      for (const chain of customChains) {
        try {
          // Flush the chain
          await execAsync(`${iptablesCmd} -t nat -F ${chain}`);
          console.log(`Flushed custom chain: ${chain}`);
          // Delete the chain
          await execAsync(`${iptablesCmd} -t nat -X ${chain}`);
          console.log(`Deleted custom chain: ${chain}`);
        } catch (err) {
          console.error(`Failed to delete custom chain ${chain}:`, err);
        }
      }
    } catch (err) {
-      console.error(`Failed to run iptables-save: ${err}`);
+      console.error(`Failed to run ${iptablesCmd}-save: ${err}`);
    }
  }
@ -159,25 +793,109 @@ export class IPTablesProxy {
   * This method is intended for use in process exit handlers.
   */
  public static cleanSlateSync(): void {
    IPTablesProxy.cleanSlateSyncInternal();
    // Also clean IPv6 rules
    IPTablesProxy.cleanSlateSyncInternal(true);
  }
  /**
   * Internal implementation of cleanSlateSync with IPv6 support
   */
  private static cleanSlateSyncInternal(isIpv6: boolean = false): void {
    const iptablesCmd = isIpv6 ? 'ip6tables' : 'iptables';
    try {
-      const stdout = execSync('iptables-save -t nat').toString();
+      const stdout = execSync(`${iptablesCmd}-save -t nat`).toString();
      const lines = stdout.split('\n');
      const proxyLines = lines.filter(line => line.includes('IPTablesProxy:'));
      // First, find and remove any custom chains
      const customChains = new Set<string>();
      const jumpRules: string[] = [];
      for (const line of proxyLines) {
-        const trimmedLine = line.trim();
+        if (line.includes('IPTablesProxy:JUMP')) {
-        if (trimmedLine.startsWith('-A')) {
+          // Extract chain name from jump rule
-          const deleteRule = trimmedLine.replace('-A', '-D');
+          const match = line.match(/\s+-j\s+(\S+)\s+/);
-          const cmd = `iptables -t nat ${deleteRule}`;
+          if (match && match[1].startsWith('IPTablesProxy_')) {
-          try {
+            customChains.add(match[1]);
-            execSync(cmd);
+            jumpRules.push(line);
            console.log(`Cleaned up iptables rule: ${cmd}`);
          } catch (err) {
            console.error(`Failed to remove iptables rule: ${cmd}`, err);
          }
        }
      }
      // Remove jump rules first
      for (const line of jumpRules) {
        const trimmedLine = line.trim();
        if (trimmedLine.startsWith('-A')) {
          // Replace the "-A" with "-D" to form a deletion command
          const deleteRule = trimmedLine.replace('-A', '-D');
          const cmd = `${iptablesCmd} -t nat ${deleteRule}`;
          try {
            execSync(cmd);
            console.log(`Cleaned up iptables jump rule: ${cmd}`);
          } catch (err) {
            console.error(`Failed to remove iptables jump rule: ${cmd}`, err);
          }
        }
      }
      // Then remove all other rules
      for (const line of proxyLines) {
        if (!line.includes('IPTablesProxy:JUMP')) { // Skip jump rules we already handled
          const trimmedLine = line.trim();
          if (trimmedLine.startsWith('-A')) {
            const deleteRule = trimmedLine.replace('-A', '-D');
            const cmd = `${iptablesCmd} -t nat ${deleteRule}`;
            try {
              execSync(cmd);
              console.log(`Cleaned up iptables rule: ${cmd}`);
            } catch (err) {
              console.error(`Failed to remove iptables rule: ${cmd}`, err);
            }
          }
        }
      }
      // Finally clean up custom chains
      for (const chain of customChains) {
        try {
          // Flush the chain
          execSync(`${iptablesCmd} -t nat -F ${chain}`);
          // Delete the chain
          execSync(`${iptablesCmd} -t nat -X ${chain}`);
          console.log(`Deleted custom chain: ${chain}`);
        } catch (err) {
          console.error(`Failed to delete custom chain ${chain}:`, err);
        }
      }
    } catch (err) {
-      console.error(`Failed to run iptables-save: ${err}`);
+      console.error(`Failed to run ${iptablesCmd}-save: ${err}`);
    }
  }
  /**
   * Logging utility that respects the enableLogging setting
   */
  private log(level: 'info' | 'warn' | 'error', message: string): void {
    if (!this.settings.enableLogging && level === 'info') {
      return;
    }
    const timestamp = new Date().toISOString();
    switch (level) {
      case 'info':
        console.log(`[${timestamp}] [INFO] ${message}`);
        break;
      case 'warn':
        console.warn(`[${timestamp}] [WARN] ${message}`);
        break;
      case 'error':
        console.error(`[${timestamp}] [ERROR] ${message}`);
        break;
    }
  }
 }
--- a/ts/classes.networkproxy.ts
+++ b/ts/classes.networkproxy.ts
@ -16,6 +16,10 @@ export interface INetworkProxyOptions {
    allowHeaders?: string;
    maxAge?: number;
  };
  // New settings for PortProxy integration
  connectionPoolSize?: number; // Maximum connections to maintain in the pool to each backend
  portProxyIntegration?: boolean; // Flag to indicate this proxy is used by PortProxy
 }
 interface IWebSocketWithHeartbeat extends plugins.wsDefault {
@ -42,14 +46,26 @@ export class NetworkProxy {
  public requestsServed: number = 0;
  public failedRequests: number = 0;
  // New tracking for PortProxy integration
  private portProxyConnections: number = 0;
  private tlsTerminatedConnections: number = 0;
  // Timers and intervals
  private heartbeatInterval: NodeJS.Timeout;
  private metricsInterval: NodeJS.Timeout;
  private connectionPoolCleanupInterval: NodeJS.Timeout;
  // Certificates
  private defaultCertificates: { key: string; cert: string };
  private certificateCache: Map<string, { key: string; cert: string; expires?: Date }> = new Map();
  // New connection pool for backend connections
  private connectionPool: Map<string, Array<{
    socket: plugins.net.Socket;
    lastUsed: number;
    isIdle: boolean;
  }>> = new Map();
  /**
   * Creates a new NetworkProxy instance
   */
@ -66,7 +82,10 @@ export class NetworkProxy {
        allowMethods: 'GET, POST, PUT, DELETE, OPTIONS',
        allowHeaders: 'Content-Type, Authorization',
        maxAge: 86400
-      }
+      },
      // New defaults for PortProxy integration
      connectionPoolSize: optionsArg.connectionPoolSize || 50,
      portProxyIntegration: optionsArg.portProxyIntegration || false
    };
    this.loadDefaultCertificates();
@ -104,6 +123,213 @@ export class NetworkProxy {
    }
  }
  /**
   * Returns the port number this NetworkProxy is listening on
   * Useful for PortProxy to determine where to forward connections
   */
  public getListeningPort(): number {
    return this.options.port;
  }
  /**
   * Updates the server capacity settings
   * @param maxConnections Maximum number of simultaneous connections
   * @param keepAliveTimeout Keep-alive timeout in milliseconds
   * @param connectionPoolSize Size of the connection pool per backend
   */
  public updateCapacity(maxConnections?: number, keepAliveTimeout?: number, connectionPoolSize?: number): void {
    if (maxConnections !== undefined) {
      this.options.maxConnections = maxConnections;
      this.log('info', `Updated max connections to ${maxConnections}`);
    }
    if (keepAliveTimeout !== undefined) {
      this.options.keepAliveTimeout = keepAliveTimeout;
      if (this.httpsServer) {
        this.httpsServer.keepAliveTimeout = keepAliveTimeout;
        this.log('info', `Updated keep-alive timeout to ${keepAliveTimeout}ms`);
      }
    }
    if (connectionPoolSize !== undefined) {
      this.options.connectionPoolSize = connectionPoolSize;
      this.log('info', `Updated connection pool size to ${connectionPoolSize}`);
      // Cleanup excess connections in the pool if the size was reduced
      this.cleanupConnectionPool();
    }
  }
  /**
   * Returns current server metrics
   * Useful for PortProxy to determine which NetworkProxy to use for load balancing
   */
  public getMetrics(): any {
    return {
      activeConnections: this.connectedClients,
      totalRequests: this.requestsServed,
      failedRequests: this.failedRequests,
      portProxyConnections: this.portProxyConnections,
      tlsTerminatedConnections: this.tlsTerminatedConnections,
      connectionPoolSize: Array.from(this.connectionPool.entries()).reduce((acc, [host, connections]) => {
        acc[host] = connections.length;
        return acc;
      }, {} as Record<string, number>),
      uptime: Math.floor((Date.now() - this.startTime) / 1000),
      memoryUsage: process.memoryUsage(),
      activeWebSockets: this.wsServer?.clients.size || 0
    };
  }
  /**
   * Cleanup the connection pool by removing idle connections
   * or reducing pool size if it exceeds the configured maximum
   */
  private cleanupConnectionPool(): void {
    const now = Date.now();
    const idleTimeout = this.options.keepAliveTimeout || 120000; // 2 minutes default
    for (const [host, connections] of this.connectionPool.entries()) {
      // Sort by last used time (oldest first)
      connections.sort((a, b) => a.lastUsed - b.lastUsed);
      // Remove idle connections older than the idle timeout
      let removed = 0;
      while (connections.length > 0) {
        const connection = connections[0];
        // Remove if idle and exceeds timeout, or if pool is too large
        if ((connection.isIdle && now - connection.lastUsed > idleTimeout) ||
            connections.length > this.options.connectionPoolSize!) {
          try {
            if (!connection.socket.destroyed) {
              connection.socket.end();
              connection.socket.destroy();
            }
          } catch (err) {
            this.log('error', `Error destroying pooled connection to ${host}`, err);
          }
          connections.shift(); // Remove from pool
          removed++;
        } else {
          break; // Stop removing if we've reached active or recent connections
        }
      }
      if (removed > 0) {
        this.log('debug', `Removed ${removed} idle connections from pool for ${host}, ${connections.length} remaining`);
      }
      // Update the pool with the remaining connections
      if (connections.length === 0) {
        this.connectionPool.delete(host);
      } else {
        this.connectionPool.set(host, connections);
      }
    }
  }
  /**
   * Get a connection from the pool or create a new one
   */
  private getConnectionFromPool(host: string, port: number): Promise<plugins.net.Socket> {
    return new Promise((resolve, reject) => {
      const poolKey = `${host}:${port}`;
      const connectionList = this.connectionPool.get(poolKey) || [];
      // Look for an idle connection
      const idleConnectionIndex = connectionList.findIndex(c => c.isIdle);
      if (idleConnectionIndex >= 0) {
        // Get existing connection from pool
        const connection = connectionList[idleConnectionIndex];
        connection.isIdle = false;
        connection.lastUsed = Date.now();
        this.log('debug', `Reusing connection from pool for ${poolKey}`);
        // Update the pool
        this.connectionPool.set(poolKey, connectionList);
        resolve(connection.socket);
        return;
      }
      // No idle connection available, create a new one if pool isn't full
      if (connectionList.length < this.options.connectionPoolSize!) {
        this.log('debug', `Creating new connection to ${host}:${port}`);
        try {
          const socket = plugins.net.connect({
            host,
            port,
            keepAlive: true,
            keepAliveInitialDelay: 30000 // 30 seconds
          });
          socket.once('connect', () => {
            // Add to connection pool
            const connection = {
              socket,
              lastUsed: Date.now(),
              isIdle: false
            };
            connectionList.push(connection);
            this.connectionPool.set(poolKey, connectionList);
            // Setup cleanup when the connection is closed
            socket.once('close', () => {
              const idx = connectionList.findIndex(c => c.socket === socket);
              if (idx >= 0) {
                connectionList.splice(idx, 1);
                this.connectionPool.set(poolKey, connectionList);
                this.log('debug', `Removed closed connection from pool for ${poolKey}`);
              }
            });
            resolve(socket);
          });
          socket.once('error', (err) => {
            this.log('error', `Error creating connection to ${host}:${port}`, err);
            reject(err);
          });
        } catch (err) {
          this.log('error', `Failed to create connection to ${host}:${port}`, err);
          reject(err);
        }
      } else {
        // Pool is full, wait for an idle connection or reject
        this.log('warn', `Connection pool for ${poolKey} is full (${connectionList.length})`);
        reject(new Error(`Connection pool for ${poolKey} is full`));
      }
    });
  }
  /**
   * Return a connection to the pool for reuse
   */
  private returnConnectionToPool(socket: plugins.net.Socket, host: string, port: number): void {
    const poolKey = `${host}:${port}`;
    const connectionList = this.connectionPool.get(poolKey) || [];
    // Find this connection in the pool
    const connectionIndex = connectionList.findIndex(c => c.socket === socket);
    if (connectionIndex >= 0) {
      // Mark as idle and update last used time
      connectionList[connectionIndex].isIdle = true;
      connectionList[connectionIndex].lastUsed = Date.now();
      this.log('debug', `Returned connection to pool for ${poolKey}`);
    } else {
      this.log('warn', `Attempted to return unknown connection to pool for ${poolKey}`);
    }
  }
  /**
   * Starts the proxy server
   */
@ -132,6 +358,9 @@ export class NetworkProxy {
    // Start metrics collection
    this.setupMetricsCollection();
    // Setup connection pool cleanup interval
    this.setupConnectionPoolCleanup();
    // Start the server
    return new Promise((resolve) => {
      this.httpsServer.listen(this.options.port, () => {
@ -156,13 +385,31 @@ export class NetworkProxy {
      // Add connection to tracking
      this.socketMap.add(connection);
      this.connectedClients = this.socketMap.getArray().length;
-      this.log('debug', `New connection. Currently ${this.connectedClients} active connections`);
+      
      // Check for connection from PortProxy by inspecting the source port
      // This is a heuristic - in a production environment you might use a more robust method
      const localPort = connection.localPort;
      const remotePort = connection.remotePort;
      // If this connection is from a PortProxy (usually indicated by it coming from localhost)
      if (this.options.portProxyIntegration && connection.remoteAddress?.includes('127.0.0.1')) {
        this.portProxyConnections++;
        this.log('debug', `New connection from PortProxy (local: ${localPort}, remote: ${remotePort})`);
      } else {
        this.log('debug', `New direct connection (local: ${localPort}, remote: ${remotePort})`);
      }
      // Setup connection cleanup handlers
      const cleanupConnection = () => {
        if (this.socketMap.checkForObject(connection)) {
          this.socketMap.remove(connection);
          this.connectedClients = this.socketMap.getArray().length;
          // If this was a PortProxy connection, decrement the counter
          if (this.options.portProxyIntegration && connection.remoteAddress?.includes('127.0.0.1')) {
            this.portProxyConnections--;
          }
          this.log('debug', `Connection closed. ${this.connectedClients} connections remaining`);
        }
      };
@ -178,6 +425,12 @@ export class NetworkProxy {
        cleanupConnection();
      });
    });
    // Track TLS handshake completions
    this.httpsServer.on('secureConnection', (tlsSocket) => {
      this.tlsTerminatedConnections++;
      this.log('debug', 'TLS handshake completed, connection secured');
    });
  }
  /**
@ -228,15 +481,36 @@ export class NetworkProxy {
        activeConnections: this.connectedClients,
        totalRequests: this.requestsServed,
        failedRequests: this.failedRequests,
        portProxyConnections: this.portProxyConnections,
        tlsTerminatedConnections: this.tlsTerminatedConnections,
        activeWebSockets: this.wsServer?.clients.size || 0,
        memoryUsage: process.memoryUsage(),
-        activeContexts: Array.from(this.activeContexts)
+        activeContexts: Array.from(this.activeContexts),
        connectionPool: Object.fromEntries(
          Array.from(this.connectionPool.entries()).map(([host, connections]) => [
            host, 
            {
              total: connections.length, 
              idle: connections.filter(c => c.isIdle).length
            }
          ])
        )
      };
      this.log('debug', 'Proxy metrics', metrics);
    }, 60000); // Log metrics every minute
  }
  /**
   * Sets up connection pool cleanup
   */
  private setupConnectionPoolCleanup(): void {
    // Clean up idle connections every minute
    this.connectionPoolCleanupInterval = setInterval(() => {
      this.cleanupConnectionPool();
    }, 60000); // 1 minute
  }
  /**
   * Handles an incoming WebSocket connection
   */
@ -410,12 +684,27 @@ export class NetworkProxy {
        }
      }
      // Determine if we should use connection pooling
      const useConnectionPool = this.options.portProxyIntegration && 
                                originRequest.socket.remoteAddress?.includes('127.0.0.1');
      // Construct destination URL
      const destinationUrl = `http://${destinationConfig.destinationIp}:${destinationConfig.destinationPort}${originRequest.url}`;
      this.log('debug', `[${reqId}] Proxying to ${destinationUrl}`);
-      // Forward the request
+      if (useConnectionPool) {
-      await this.forwardRequest(reqId, originRequest, originResponse, destinationUrl);
+        this.log('debug', `[${reqId}] Proxying to ${destinationUrl} (using connection pool)`);
        await this.forwardRequestUsingConnectionPool(
          reqId, 
          originRequest, 
          originResponse, 
          destinationConfig.destinationIp, 
          destinationConfig.destinationPort,
          originRequest.url
        );
      } else {
        this.log('debug', `[${reqId}] Proxying to ${destinationUrl}`);
        await this.forwardRequest(reqId, originRequest, originResponse, destinationUrl);
      }
      const processingTime = Date.now() - startTime;
      this.log('debug', `[${reqId}] Request completed in ${processingTime}ms`);
@ -488,7 +777,105 @@ export class NetworkProxy {
  }
  /**
-   * Forwards a request to the destination
+   * Forwards a request to the destination using connection pool
   * for optimized connection reuse from PortProxy
   */
  private async forwardRequestUsingConnectionPool(
    reqId: string,
    originRequest: plugins.http.IncomingMessage,
    originResponse: plugins.http.ServerResponse,
    host: string,
    port: number,
    path: string
  ): Promise<void> {
    try {
      // Try to get a connection from the pool
      const socket = await this.getConnectionFromPool(host, port);
      // Create an HTTP client request using the pooled socket
      const reqOptions = {
        createConnection: () => socket,
        host,
        port,
        path,
        method: originRequest.method,
        headers: this.prepareForwardHeaders(originRequest),
        timeout: 30000 // 30 second timeout
      };
      const proxyReq = plugins.http.request(reqOptions);
      // Handle timeouts
      proxyReq.on('timeout', () => {
        this.log('warn', `[${reqId}] Request to ${host}:${port}${path} timed out`);
        proxyReq.destroy();
      });
      // Handle errors
      proxyReq.on('error', (err) => {
        this.log('error', `[${reqId}] Error in proxy request to ${host}:${port}${path}`, err);
        // Check if the client response is still writable
        if (!originResponse.writableEnded) {
          this.sendErrorResponse(originResponse, 502, 'Bad Gateway: Error communicating with upstream server');
        }
        // Don't return the socket to the pool on error
        try {
          if (!socket.destroyed) {
            socket.destroy();
          }
        } catch (socketErr) {
          this.log('error', `[${reqId}] Error destroying socket after request error`, socketErr);
        }
      });
      // Forward request body
      originRequest.pipe(proxyReq);
      // Handle response
      proxyReq.on('response', (proxyRes) => {
        // Copy status and headers
        originResponse.statusCode = proxyRes.statusCode;
        for (const [name, value] of Object.entries(proxyRes.headers)) {
          if (value !== undefined) {
            originResponse.setHeader(name, value);
          }
        }
        // Forward the response body
        proxyRes.pipe(originResponse);
        // Return connection to pool when the response completes
        proxyRes.on('end', () => {
          if (!socket.destroyed) {
            this.returnConnectionToPool(socket, host, port);
          }
        });
        proxyRes.on('error', (err) => {
          this.log('error', `[${reqId}] Error in proxy response from ${host}:${port}${path}`, err);
          // Don't return the socket to the pool on error
          try {
            if (!socket.destroyed) {
              socket.destroy();
            }
          } catch (socketErr) {
            this.log('error', `[${reqId}] Error destroying socket after response error`, socketErr);
          }
        });
      });
    } catch (error) {
      this.log('error', `[${reqId}] Error setting up pooled connection to ${host}:${port}`, error);
      this.sendErrorResponse(originResponse, 502, 'Bad Gateway: Unable to reach upstream server');
      throw error;
    }
  }
  /**
   * Forwards a request to the destination (standard method)
   */
  private async forwardRequest(
    reqId: string,
@ -532,6 +919,11 @@ export class NetworkProxy {
    // Add proxy-specific headers
    safeHeaders['X-Proxy-Id'] = `NetworkProxy-${this.options.port}`;
    // If this is coming from PortProxy, add a header to indicate that
    if (this.options.portProxyIntegration && req.socket.remoteAddress?.includes('127.0.0.1')) {
      safeHeaders['X-PortProxy-Forwarded'] = 'true';
    }
    // Remove sensitive headers we don't want to forward
    const sensitiveHeaders = ['connection', 'upgrade', 'http2-settings'];
    for (const header of sensitiveHeaders) {
@ -778,6 +1170,10 @@ export class NetworkProxy {
      clearInterval(this.metricsInterval);
    }
    if (this.connectionPoolCleanupInterval) {
      clearInterval(this.connectionPoolCleanupInterval);
    }
    // Close WebSocket server if exists
    if (this.wsServer) {
      for (const client of this.wsServer.clients) {
@ -798,6 +1194,20 @@ export class NetworkProxy {
      }
    }
    // Close all connection pool connections
    for (const [host, connections] of this.connectionPool.entries()) {
      for (const connection of connections) {
        try {
          if (!connection.socket.destroyed) {
            connection.socket.destroy();
          }
        } catch (error) {
          this.log('error', `Error destroying pooled connection to ${host}`, error);
        }
      }
    }
    this.connectionPool.clear();
    // Close the HTTPS server
    return new Promise((resolve) => {
      this.httpsServer.close(() => {
--- a/ts/classes.portproxy.ts
+++ b/ts/classes.portproxy.ts
--- a/ts/classes.router.ts
+++ b/ts/classes.router.ts
@ -1,4 +1,6 @@
-import * as plugins from './plugins.js';
+import * as http from 'http';
 import * as url from 'url';
 import * as tsclass from '@tsclass/tsclass';
 /**
 * Optional path pattern configuration that can be added to proxy configs
@ -11,31 +13,37 @@ export interface IPathPatternConfig {
 * Interface for router result with additional metadata
 */
 export interface IRouterResult {
-  config: plugins.tsclass.network.IReverseProxyConfig;
+  config: tsclass.network.IReverseProxyConfig;
  pathMatch?: string;
  pathParams?: Record<string, string>;
  pathRemainder?: string;
 }
 export class ProxyRouter {
  // Using a Map for O(1) hostname lookups instead of array search
  private hostMap: Map<string, plugins.tsclass.network.IReverseProxyConfig[]> = new Map();
  // Store original configs for reference
-  private reverseProxyConfigs: plugins.tsclass.network.IReverseProxyConfig[] = [];
+  private reverseProxyConfigs: tsclass.network.IReverseProxyConfig[] = [];
  // Default config to use when no match is found (optional)
-  private defaultConfig?: plugins.tsclass.network.IReverseProxyConfig;
+  private defaultConfig?: tsclass.network.IReverseProxyConfig;
  // Store path patterns separately since they're not in the original interface
-  private pathPatterns: Map<plugins.tsclass.network.IReverseProxyConfig, string> = new Map();
+  private pathPatterns: Map<tsclass.network.IReverseProxyConfig, string> = new Map();
  // Logger interface
  private logger: { 
    error: (message: string, data?: any) => void;
    warn: (message: string, data?: any) => void;
    info: (message: string, data?: any) => void;
    debug: (message: string, data?: any) => void;
  };
  constructor(
-    configs?: plugins.tsclass.network.IReverseProxyConfig[],
+    configs?: tsclass.network.IReverseProxyConfig[],
-    private readonly logger: { 
+    logger?: { 
      error: (message: string, data?: any) => void;
      warn: (message: string, data?: any) => void;
      info: (message: string, data?: any) => void;
      debug: (message: string, data?: any) => void;
-    } = console
+    }
  ) {
    this.logger = logger || console;
    if (configs) {
      this.setNewProxyConfigs(configs);
    }
@ -45,61 +53,13 @@ export class ProxyRouter {
   * Sets a new set of reverse configs to be routed to
   * @param reverseCandidatesArg Array of reverse proxy configurations
   */
-  public setNewProxyConfigs(reverseCandidatesArg: plugins.tsclass.network.IReverseProxyConfig[]): void {
+  public setNewProxyConfigs(reverseCandidatesArg: tsclass.network.IReverseProxyConfig[]): void {
    this.reverseProxyConfigs = [...reverseCandidatesArg];
    // Reset the host map and path patterns
    this.hostMap.clear();
    this.pathPatterns.clear();
    // Find default config if any (config with "*" as hostname)
    this.defaultConfig = this.reverseProxyConfigs.find(config => config.hostName === '*');
-    // Group configs by hostname for faster lookups
+    this.logger.info(`Router initialized with ${this.reverseProxyConfigs.length} configs (${this.getHostnames().length} unique hosts)`);
    for (const config of this.reverseProxyConfigs) {
      // Skip the default config as it's stored separately
      if (config.hostName === '*') continue;
      const hostname = config.hostName.toLowerCase(); // Case-insensitive hostname lookup
      if (!this.hostMap.has(hostname)) {
        this.hostMap.set(hostname, []);
      }
      // Check for path pattern in extended properties 
      // (using any to access custom properties not in the interface)
      const extendedConfig = config as any;
      if (extendedConfig.pathPattern) {
        this.pathPatterns.set(config, extendedConfig.pathPattern);
      }
      // Add to the list of configs for this hostname
      this.hostMap.get(hostname).push(config);
    }
    // Sort configs for each hostname by specificity
    // More specific path patterns should be checked first
    for (const [hostname, configs] of this.hostMap.entries()) {
      if (configs.length > 1) {
        // Sort by pathPattern - most specific first 
        // (null comes last, exact paths before patterns with wildcards)
        configs.sort((a, b) => {
          const aPattern = this.pathPatterns.get(a);
          const bPattern = this.pathPatterns.get(b);
          // If one has a path and the other doesn't, the one with a path comes first
          if (!aPattern && bPattern) return 1;
          if (aPattern && !bPattern) return -1;
          if (!aPattern && !bPattern) return 0;
          // Both have path patterns - more specific (longer) first
          // This is a simple heuristic; we could use a more sophisticated approach
          return bPattern.length - aPattern.length;
        });
      }
    }
    this.logger.info(`Router initialized with ${this.reverseProxyConfigs.length} configs (${this.hostMap.size} unique hosts)`);
  }
  /**
@ -107,7 +67,7 @@ export class ProxyRouter {
   * @param req The incoming HTTP request
   * @returns The matching proxy config or undefined if no match found
   */
-  public routeReq(req: plugins.http.IncomingMessage): plugins.tsclass.network.IReverseProxyConfig {
+  public routeReq(req: http.IncomingMessage): tsclass.network.IReverseProxyConfig {
    const result = this.routeReqWithDetails(req);
    return result ? result.config : undefined;
  }
@ -117,7 +77,7 @@ export class ProxyRouter {
   * @param req The incoming HTTP request
   * @returns Detailed routing result including matched config and path information
   */
-  public routeReqWithDetails(req: plugins.http.IncomingMessage): IRouterResult | undefined {
+  public routeReqWithDetails(req: http.IncomingMessage): IRouterResult | undefined {
    // Extract and validate host header
    const originalHost = req.headers.host;
    if (!originalHost) {
@ -126,52 +86,27 @@ export class ProxyRouter {
    }
    // Parse URL for path matching
-    const urlPath = new URL(
+    const parsedUrl = url.parse(req.url || '/');
-      req.url || '/', 
+    const urlPath = parsedUrl.pathname || '/';
      `http://${originalHost}`
    ).pathname;
    // Extract hostname without port
    const hostWithoutPort = originalHost.split(':')[0].toLowerCase();
-    // Find configs for this hostname
+    // First try exact hostname match
-    const configs = this.hostMap.get(hostWithoutPort);
+    const exactConfig = this.findConfigForHost(hostWithoutPort, urlPath);
-    
+    if (exactConfig) {
-    if (configs && configs.length > 0) {
+      return exactConfig;
      // Check each config for path matching
      for (const config of configs) {
        // Get the path pattern if any
        const pathPattern = this.pathPatterns.get(config);
        // If no path pattern specified, this config matches all paths
        if (!pathPattern) {
          return { config };
        }
        // Check if path matches the pattern
        const pathMatch = this.matchPath(urlPath, pathPattern);
        if (pathMatch) {
          return {
            config,
            pathMatch: pathMatch.matched,
            pathParams: pathMatch.params,
            pathRemainder: pathMatch.remainder
          };
        }
      }
    }
-    // Try wildcard subdomains if no direct match found
+    // Try wildcard subdomain
-    // For example, if request is for sub.example.com, try *.example.com
+    if (hostWithoutPort.includes('.')) {
-    const domainParts = hostWithoutPort.split('.');
+      const domainParts = hostWithoutPort.split('.');
-    if (domainParts.length > 2) {
+      if (domainParts.length > 2) {
-      const wildcardDomain = `*.${domainParts.slice(1).join('.')}`;
+        const wildcardDomain = `*.${domainParts.slice(1).join('.')}`;
-      const wildcardConfigs = this.hostMap.get(wildcardDomain);
+        const wildcardConfig = this.findConfigForHost(wildcardDomain, urlPath);
-      
+        if (wildcardConfig) {
-      if (wildcardConfigs && wildcardConfigs.length > 0) {
+          return wildcardConfig;
-        // Use the first matching wildcard config
+        }
        // Could add path matching logic here as well
        return { config: wildcardConfigs[0] };
      }
    }
@ -186,21 +121,60 @@ export class ProxyRouter {
  }
  /**
-   * Sets a path pattern for an existing config
+   * Find a config for a specific host and path
   * @param config The existing configuration
   * @param pathPattern The path pattern to set
   * @returns Boolean indicating if the config was found and updated
   */
-  public setPathPattern(
+  private findConfigForHost(hostname: string, path: string): IRouterResult | undefined {
-    config: plugins.tsclass.network.IReverseProxyConfig, 
+    // Find all configs for this hostname
-    pathPattern: string
+    const configs = this.reverseProxyConfigs.filter(
-  ): boolean {
+      config => config.hostName.toLowerCase() === hostname.toLowerCase()
-    const exists = this.reverseProxyConfigs.includes(config);
+    );
-    if (exists) {
+    
-      this.pathPatterns.set(config, pathPattern);
+    if (configs.length === 0) {
-      return true;
+      return undefined;
    }
-    return false;
+    
    // First try configs with path patterns
    const configsWithPaths = configs.filter(config => this.pathPatterns.has(config));
    // Sort by path pattern specificity - more specific first
    configsWithPaths.sort((a, b) => {
      const aPattern = this.pathPatterns.get(a) || '';
      const bPattern = this.pathPatterns.get(b) || '';
      // Exact patterns come before wildcard patterns
      const aHasWildcard = aPattern.includes('*');
      const bHasWildcard = bPattern.includes('*');
      if (aHasWildcard && !bHasWildcard) return 1;
      if (!aHasWildcard && bHasWildcard) return -1;
      // Longer patterns are considered more specific
      return bPattern.length - aPattern.length;
    });
    // Check each config with path pattern
    for (const config of configsWithPaths) {
      const pathPattern = this.pathPatterns.get(config);
      if (pathPattern) {
        const pathMatch = this.matchPath(path, pathPattern);
        if (pathMatch) {
          return {
            config,
            pathMatch: pathMatch.matched,
            pathParams: pathMatch.params,
            pathRemainder: pathMatch.remainder
          };
        }
      }
    }
    // If no path pattern matched, use the first config without a path pattern
    const configWithoutPath = configs.find(config => !this.pathPatterns.has(config));
    if (configWithoutPath) {
      return { config: configWithoutPath };
    }
    return undefined;
  }
  /**
@ -242,62 +216,51 @@ export class ProxyRouter {
    }
    // Handle path parameters
-    const patternParts = pattern.split('/');
+    const patternParts = pattern.split('/').filter(p => p);
-    const pathParts = path.split('/');
+    const pathParts = path.split('/').filter(p => p);
-    // Check if paths are compatible length
+    // Too few path parts to match
-    if (
+    if (pathParts.length < patternParts.length) {
      // If pattern doesn't end with wildcard, paths must have the same number of parts
      (!pattern.endsWith('/*') && patternParts.length !== pathParts.length) ||
      // If pattern ends with wildcard, path must have at least as many parts as the pattern
      (pattern.endsWith('/*') && pathParts.length < patternParts.length - 1)
    ) {
      return null;
    }
    const params: Record<string, string> = {};
    const matchedParts: string[] = [];
-    // Compare path parts
+    // Compare each part
    for (let i = 0; i < patternParts.length; i++) {
      const patternPart = patternParts[i];
      // Handle wildcard at the end
      if (patternPart === '*' && i === patternParts.length - 1) {
        break;
      }
      // If pathParts[i] doesn't exist, we've reached the end of the path
      if (i >= pathParts.length) {
        return null;
      }
      const pathPart = pathParts[i];
      // Handle parameter
      if (patternPart.startsWith(':')) {
        const paramName = patternPart.slice(1);
        params[paramName] = pathPart;
        matchedParts.push(pathPart);
        continue;
      }
      // Handle wildcard at the end
      if (patternPart === '*' && i === patternParts.length - 1) {
        break;
      }
      // Handle exact match for this part
      if (patternPart !== pathPart) {
        return null;
      }
      matchedParts.push(pathPart);
    }
-    // Calculate the remainder
+    // Calculate the remainder - the unmatched path parts
-    let remainder = '';
+    const remainderParts = pathParts.slice(patternParts.length);
-    if (pattern.endsWith('/*')) {
+    const remainder = remainderParts.length ? '/' + remainderParts.join('/') : '';
-      remainder = '/' + pathParts.slice(patternParts.length - 1).join('/');
+    
-    }
+    // Calculate the matched path
    const matchedParts = patternParts.map((part, i) => {
      return part.startsWith(':') ? pathParts[i] : part;
    });
    const matched = '/' + matchedParts.join('/');
    return {
-      matched: matchedParts.join('/'),
+      matched,
      params,
      remainder
    };
@ -307,7 +270,7 @@ export class ProxyRouter {
   * Gets all currently active proxy configurations
   * @returns Array of all active configurations
   */
-  public getProxyConfigs(): plugins.tsclass.network.IReverseProxyConfig[] {
+  public getProxyConfigs(): tsclass.network.IReverseProxyConfig[] {
    return [...this.reverseProxyConfigs];
  }
@ -316,7 +279,13 @@ export class ProxyRouter {
   * @returns Array of hostnames
   */
  public getHostnames(): string[] {
-    return Array.from(this.hostMap.keys());
+    const hostnames = new Set<string>();
    for (const config of this.reverseProxyConfigs) {
      if (config.hostName !== '*') {
        hostnames.add(config.hostName.toLowerCase());
      }
    }
    return Array.from(hostnames);
  }
  /**
@ -325,7 +294,7 @@ export class ProxyRouter {
   * @param pathPattern Optional path pattern for route matching
   */
  public addProxyConfig(
-    config: plugins.tsclass.network.IReverseProxyConfig, 
+    config: tsclass.network.IReverseProxyConfig, 
    pathPattern?: string
  ): void {
    this.reverseProxyConfigs.push(config);
@ -334,8 +303,24 @@ export class ProxyRouter {
    if (pathPattern) {
      this.pathPatterns.set(config, pathPattern);
    }
  }
-    this.setNewProxyConfigs(this.reverseProxyConfigs);
+  /**
   * Sets a path pattern for an existing config
   * @param config The existing configuration
   * @param pathPattern The path pattern to set
   * @returns Boolean indicating if the config was found and updated
   */
  public setPathPattern(
    config: tsclass.network.IReverseProxyConfig, 
    pathPattern: string
  ): boolean {
    const exists = this.reverseProxyConfigs.includes(config);
    if (exists) {
      this.pathPatterns.set(config, pathPattern);
      return true;
    }
    return false;
  }
  /**
@ -345,15 +330,22 @@ export class ProxyRouter {
   */
  public removeProxyConfig(hostname: string): boolean {
    const initialCount = this.reverseProxyConfigs.length;
    // Find configs to remove
    const configsToRemove = this.reverseProxyConfigs.filter(
      config => config.hostName === hostname
    );
    // Remove them from the patterns map
    for (const config of configsToRemove) {
      this.pathPatterns.delete(config);
    }
    // Filter them out of the configs array
    this.reverseProxyConfigs = this.reverseProxyConfigs.filter(
      config => config.hostName !== hostname
    );
-    if (initialCount !== this.reverseProxyConfigs.length) {
+    return this.reverseProxyConfigs.length !== initialCount;
      this.setNewProxyConfigs(this.reverseProxyConfigs);
      return true;
    }
    return false;
  }
 }
Author	SHA1	Message	Date
Philipp Kunz	499aed19f6	3.29.1 Some checks failed Default (tags) / security (push) Successful in 29s Details Default (tags) / test (push) Failing after 50s Details Default (tags) / release (push) Has been skipped Details Default (tags) / metadata (push) Has been skipped Details	2025-03-07 14:34:49 +00:00
Philipp Kunz	618b6fe2d1	fix(readme): Update readme for IPTablesProxy options	2025-03-07 14:34:49 +00:00
Philipp Kunz	d6027c11c1	3.29.0 Some checks failed Default (tags) / security (push) Successful in 39s Details Default (tags) / test (push) Failing after 49s Details Default (tags) / release (push) Has been skipped Details Default (tags) / metadata (push) Has been skipped Details	2025-03-07 14:30:38 +00:00
Philipp Kunz	bbdea52677	feat(IPTablesProxy): Enhanced IPTablesProxy with multi-port and IPv6 support	2025-03-07 14:30:38 +00:00
Philipp Kunz	d8585975a8	3.28.6 Some checks failed Default (tags) / security (push) Successful in 39s Details Default (tags) / test (push) Failing after 49s Details Default (tags) / release (push) Has been skipped Details Default (tags) / metadata (push) Has been skipped Details	2025-03-07 11:16:45 +00:00
Philipp Kunz	98c61cccbb	fix(PortProxy): Adjust default timeout settings and enhance keep-alive connection handling in PortProxy.	2025-03-07 11:16:44 +00:00
Philipp Kunz	b3dcc0ae22	3.28.5	2025-03-07 02:55:19 +00:00
Philipp Kunz	b96d7dec98	fix(core): Ensure proper resource cleanup during server shutdown.	2025-03-07 02:55:19 +00:00
Philipp Kunz	0d0a1c740b	3.28.4	2025-03-07 02:54:34 +00:00
Philipp Kunz	9bd87b8437	fix(router): Improve path pattern matching and hostname prioritization in router	2025-03-07 02:54:34 +00:00
Philipp Kunz	0e281b3243	3.28.3	2025-03-06 23:08:57 +00:00
Philipp Kunz	a14b7802c4	fix(PortProxy): Ensure timeout values are within Node.js safe limits	2025-03-06 23:08:57 +00:00
Philipp Kunz	138900ca8b	3.28.2	2025-03-06 23:00:24 +00:00
Philipp Kunz	cb6c2503e2	fix(portproxy): Adjust safe timeout defaults in PortProxy to prevent overflow issues.	2025-03-06 23:00:24 +00:00
Philipp Kunz	f3fd903231	3.28.1	2025-03-06 22:56:19 +00:00
Philipp Kunz	0e605d9a9d	fix(PortProxy): Improved code formatting and readability in PortProxy class by adjusting spacing and comments.	2025-03-06 22:56:18 +00:00
Philipp Kunz	1718a3b2f2	3.28.0	2025-03-06 08:36:19 +00:00
Philipp Kunz	568f77e65b	feat(router): Add detailed routing tests and refactor ProxyRouter for improved path matching	2025-03-06 08:36:19 +00:00