tbxark

Notes

1. If your local network use public IP ranges instead of private ones, make sure to add respecive RETURN rules to iptables to prevent looping issue
2. Set clash as DHCP's only DNS server to allow domain-based filter (shunting) rules work
3. Use lsof -i udp:53 to check if clash's DNS module work fine, otherwise you may have to kill systemd-resolved and any other processes occupying the UDP 53 port
4. The given scripts will NOT hangle the traffic of gateway itself since it is not recommend to do so. If you want to redirect the egress traffic of the gateway, the following material may be useful

Reference

• https://www.wogong.net/blog/2020/11/clash-transparent-proxy
• https://github.com/Dreamacro/clash/pull/1049
• https://xtls.github.io/documents/level-2/transparent_proxy/transparent_proxy/