@push.rocks/smartproxy
Version:
A powerful proxy package with unified route-based configuration for high traffic management. Features include SSL/TLS support, flexible routing patterns, WebSocket handling, advanced security options, and automatic ACME certificate management.
147 lines (146 loc) • 4.3 kB
TypeScript
import type { NfTableProxyOptions, NfTablesStatus } from './models/index.js';
/**
* NfTablesProxy sets up nftables NAT rules to forward TCP traffic.
* Enhanced with multi-port support, IPv6, connection tracking, metrics,
* and more advanced features.
*/
export declare class NfTablesProxy {
settings: NfTableProxyOptions;
private rules;
private ipSets;
private ruleTag;
private tableName;
private tempFilePath;
private static NFT_CMD;
constructor(settings: NfTableProxyOptions);
/**
* Validates settings to prevent command injection and ensure valid values
*/
private validateSettings;
/**
* Normalizes port specifications into an array of port ranges
*/
private normalizePortSpec;
/**
* Execute a command with retry capability
*/
private executeWithRetry;
/**
* Execute system command synchronously with multiple attempts
* @deprecated This method blocks the event loop and should be avoided. Use executeWithRetry instead.
* WARNING: This method contains a busy wait loop that will block the entire Node.js event loop!
*/
private executeWithRetrySync;
/**
* Execute nftables commands with a temporary file
* This helper handles the common pattern of writing rules to a temp file,
* executing nftables with the file, and cleaning up
*/
private executeWithTempFile;
/**
* Checks if nftables is available and the required modules are loaded
*/
private checkNftablesAvailability;
/**
* Creates the necessary tables and chains
*/
private setupTablesAndChains;
/**
* Creates IP sets for efficient filtering of large IP lists
*/
private createIPSet;
/**
* Adds source IP filtering rules, potentially using IP sets for efficiency
*/
private addSourceIPFilters;
/**
* Gets a comma-separated list of all ports from a port specification
*/
private getAllPorts;
/**
* Configures advanced NAT with connection tracking
*/
private setupAdvancedNAT;
/**
* Adds port forwarding rules
*/
private addPortForwardingRules;
/**
* Adds port forwarding rules for the case where one toPortRange maps to multiple fromPortRanges
*/
private addPortMappings;
/**
* Adds port forwarding rules for pairs of fromPortRanges and toPortRanges
*/
private addPortPairMappings;
/**
* Setup quality of service rules
*/
private addTrafficShaping;
/**
* Setup NetworkProxy integration rules
*/
private setupNetworkProxyIntegration;
/**
* Verify that a rule was successfully applied
*/
private verifyRuleApplication;
/**
* Rolls back rules in case of error during setup
*/
private rollbackRules;
/**
* Checks if nftables table exists
*/
private tableExists;
/**
* Get system metrics like connection counts
*/
private getSystemMetrics;
/**
* Get status of IP sets
*/
private getIPSetStatus;
/**
* Get detailed status about the current state of the proxy
*/
getStatus(): Promise<NfTablesStatus>;
/**
* Performs a dry run to see what commands would be executed without actually applying them
*/
dryRun(): Promise<string[]>;
/**
* Starts the proxy by setting up all nftables rules
*/
start(): Promise<void>;
/**
* Stops the proxy by removing all added rules
*/
stop(): Promise<void>;
/**
* Synchronous version of stop, for use in exit handlers
*/
stopSync(): void;
/**
* Cleans up empty tables
*/
private cleanupEmptyTables;
/**
* Synchronous version of cleanupEmptyTables
*/
private cleanupEmptyTablesSync;
/**
* Removes all nftables rules created by this module
*/
static cleanSlate(): Promise<void>;
/**
* Synchronous version of cleanSlate
* @deprecated This method blocks the event loop and should be avoided. Use cleanSlate() instead.
* WARNING: This method uses execSync which blocks the entire Node.js event loop!
*/
static cleanSlateSync(): void;
/**
* Improved logging with structured output
*/
private log;
}