Basic support for freebsd ipfw firewall

README.md

@@ -61,6 +61,9 @@ nft add rule nat prerouting tcp dport {80, 443} redirect to 2080
 # or the legacy iptables equivalent
 iptables -t nat -A OUTPUT -p tcp -m multiport --dports 80,443 -j REDIRECT --to-port 2080
 iptables -t nat -A PREROUTING -p tcp -m multiport --dports 80,443 -j REDIRECT --to-port 2080
+
+# or ipfw (FreeBSD)
+ipfw add 100 fwd 127.0.0.1,2080 tcp from me to not me dst-port 80,443
 ```
 
 SOCKSv5 server is also launched alongs with transparent proxy on the same port:

src/client/mod.rs

@@ -134,6 +134,12 @@ async fn accept_socks5(client: &mut TcpStream) -> io::Result<Destination> {
     Ok((addr, port).into())
 }
 
+async fn transparent_dest(client: &mut TcpStream) -> io::Result<Destination> {
+    // Transparent firewall redirection (unmodified destination address)
+    // (for example, ipfw firewall with 'fwd' rule)
+    Ok((client.local_addr()?).into())
+}
+
 impl NewClient {
     #[instrument(name = "retrieve_dest", skip_all)]
     pub async fn from_socket(mut left: TcpStream, list: ServerList) -> io::Result<Self> {
@@ -152,6 +158,9 @@ impl NewClient {
         #[cfg(not(target_os = "linux"))]
         let dest: Option<SocketAddr> = None;
 
+        #[cfg(target_os = "freebsd")]
+        let dest = (transparent_dest(&mut left).await?).into();
+
         let dest = if let Some(dest) = dest {
             debug!(?dest, "Retrived destination via NAT info");
             dest.into()