little fix, and update readme

cgroup-tproxy.sh

@@ -138,15 +138,6 @@ ip6tables -t mangle -A TPROXY_OUT -m cgroup --path $cgroup_proxy -j MARK --set-m
 ip6tables -t mangle -A OUTPUT -j TPROXY_OUT
 
 ## allow to disable, order is important
-$enable_dns    	|| iptables  -t mangle -I TPROXY_PRE -p udp --dport 53 -j RETURN
-$enable_dns    	|| ip6tables -t mangle -I TPROXY_PRE -p udp --dport 53 -j RETURN
-$enable_udp 	|| iptables  -t mangle -I TPROXY_PRE -p udp -j RETURN
-$enable_udp 	|| ip6tables -t mangle -I TPROXY_PRE -p udp -j RETURN
-$enable_tcp 	|| iptables  -t mangle -I TPROXY_PRE -p tcp -j RETURN
-$enable_tcp 	|| ip6tables -t mangle -I TPROXY_PRE -p tcp -j RETURN
-$enable_ipv4 	|| iptables  -t mangle -I TPROXY_PRE -j RETURN
-$enable_ipv6 	|| ip6tables -t mangle -I TPROXY_PRE -j RETURN
-
 $enable_dns    	|| iptables  -t mangle -I TPROXY_OUT -p udp --dport 53 -j RETURN
 $enable_dns    	|| ip6tables -t mangle -I TPROXY_OUT -p udp --dport 53 -j RETURN
 $enable_udp 	|| iptables  -t mangle -I TPROXY_OUT -p udp -j RETURN
@@ -156,6 +147,17 @@ $enable_tcp 	|| ip6tables -t mangle -I TPROXY_OUT -p tcp -j RETURN
 $enable_ipv4 	|| iptables  -t mangle -I TPROXY_OUT -j RETURN
 $enable_ipv6 	|| ip6tables -t mangle -I TPROXY_OUT -j RETURN
 
+if $enable_gateway; then
+$enable_dns    	|| iptables  -t mangle -I TPROXY_PRE -p udp --dport 53 -j RETURN
+$enable_dns    	|| ip6tables -t mangle -I TPROXY_PRE -p udp --dport 53 -j RETURN
+$enable_udp 	|| iptables  -t mangle -I TPROXY_PRE -p udp -j RETURN
+$enable_udp 	|| ip6tables -t mangle -I TPROXY_PRE -p udp -j RETURN
+$enable_tcp 	|| iptables  -t mangle -I TPROXY_PRE -p tcp -j RETURN
+$enable_tcp 	|| ip6tables -t mangle -I TPROXY_PRE -p tcp -j RETURN
+$enable_ipv4 	|| iptables  -t mangle -I TPROXY_PRE -j RETURN
+$enable_ipv6 	|| ip6tables -t mangle -I TPROXY_PRE -j RETURN
+fi
+
 
 ## message for user
 cat << DOC
@@ -163,7 +165,7 @@ proxied cgroup: $cgroup_proxy
 DOC
 
 
-if [ $enable_gateway=true ]; then
+if $enable_gateway; then
     iptables  -t nat -A POSTROUTING -m addrtype ! --src-type LOCAL -j MASQUERADE
     ip6tables -t nat -A POSTROUTING -m addrtype ! --src-type LOCAL -j MASQUERADE
     sysctl -w net.ipv4.ip_forward=1

readme.md

@@ -6,16 +6,17 @@
 
 cgproxy will transparent proxy anything running in specific cgroup. It resembles with *proxychains* and *tsock*, but without their disadvantages, and more powerfull.
 
-It aslo supports global transparent proxy. See [Global transparent proxy](#global-transparent-proxy)
-
+It aslo supports global transparent proxy and gateway proxy. See [Global transparent proxy](#global-transparent-proxy) and  [Gateway proxy](#gateway-proxy)
 
 <!--ts-->
+
    * [Transparent Proxy with cgroup v2](#transparent-proxy-with-cgroup-v2)
       * [Introduction](#introduction)
       * [Prerequest](#prerequest)
       * [How to install](#how-to-install)
       * [How to use](#how-to-use)
       * [Global transparent proxy](#global-transparent-proxy)
+      * [Gateway proxy](#gateway-proxy)
       * [Other useful tools provided in this project](#other-useful-tools-provided-in-this-project)
       * [NOTES](#notes)
       * [TIPS](#tips)
@@ -66,7 +67,8 @@ It is alreay in [archlinux AUR](https://aur.archlinux.org/packages/cgproxy/).
   cgproxy curl -vIs https://www.google.com
   ```
 
-More config in `/etc/cgproxy.conf`:
+<details>
+  <summary>More config in `/etc/cgproxy.conf`  (click to expand)</summary>
 
 ```bash
 # see how to configure 
@@ -102,7 +104,7 @@ mark_proxy=0x01
 mark_noproxy=0xff
 mark_newin=0x02
 ```
-
+</details>
 If you changed config, remember to restart service
 
 ```bash
@@ -125,6 +127,11 @@ sudo systemctl restart cgproxy.service
 
 - Finally, restart service `sudo systemctl restart cgproxy.service`, that's all
 
+## Gateway proxy
+
+- set **enable_gateway=true** in `/etc/cgproxy.conf` and restart service
+- other device set this host as gateway, and set public dns if necessary
+
 ## Other useful tools provided in this project
 
 - `cgnoproxy` run program wihout proxy, very useful in global transparent proxy