#!/bin/bash
set -e
set_prefix="cgroup:ip:transparent_proxy cgroup:ip6:transparent_proxy_v6"
while [ -n "$1" ]; do
[ "$1" == '-4' ] && set_prefix="cgroup:ip:transparent_proxy" || act="$1"
shift
done
act="${act:-bp}"
case "$act" in
bp)
nftset="tcp_bypass udp_bypass"
;;
fw)
nftset="tcp_enforce udp_enforce"
;;
bp_tcp)
nftset="tcp_bypass"
;;
bp_udp)
nftset="udp_bypass"
;;
fw_tcp)
nftset="tcp_enforce"
;;
fw_udp)
nftset="udp_enforce"
;;
*)
echo -e 'Usage: ssrun [-4] action\nerror: action should be one of:\n\tbp fw bp_tcp bp_udp fw_tcp fw_udp'
exit 1
;;
esac
nftsets=""
for p in $set_prefix; do
for s in $nftset; do
nftsets="$nftsets $p:$s"
done
done
echo "act=${act} nftsets=${nftsets:1}"
envf="$(mktemp /tmp/envXXXXXXXX)"
env > "$envf"
sudo systemd-run --uid $(id -u) --gid $(id -g) -p NFTSet="${nftsets:1}" --collect -p EnvironmentFile="$envf" -p ExecStartPost="/usr/bin/rm -- $envf" -S