Refactor: iptables auto config, disabled by default

config/config.go

@@ -100,6 +100,12 @@ type Tun struct {
 	AutoRoute bool             `yaml:"auto-route" json:"auto-route"`
 }
 
+// IPTables config
+type IPTables struct {
+	Enable           bool   `yaml:"enable" json:"enable"`
+	InboundInterface string `yaml:"inbound-interface" json:"inbound-interface"`
+}
+
 // Experimental config
 type Experimental struct{}
 
@@ -107,6 +113,7 @@ type Experimental struct{}
 type Config struct {
 	General      *General
 	Tun          *Tun
+	IPTables     *IPTables
 	DNS          *DNS
 	Experimental *Experimental
 	Hosts        *trie.DomainTrie
@@ -170,6 +177,7 @@ type RawConfig struct {
 	Hosts         map[string]string         `yaml:"hosts"`
 	DNS           RawDNS                    `yaml:"dns"`
 	Tun           RawTun                    `yaml:"tun"`
+	IPTables      IPTables                  `yaml:"iptables"`
 	Experimental  Experimental              `yaml:"experimental"`
 	Profile       Profile                   `yaml:"profile"`
 	Proxy         []map[string]any          `yaml:"proxies"`
@@ -206,6 +214,10 @@ func UnmarshalRawConfig(buf []byte) (*RawConfig, error) {
 			DNSHijack: []string{"0.0.0.0:53"}, // default hijack all dns query
 			AutoRoute: true,
 		},
+		IPTables: IPTables{
+			Enable:           false,
+			InboundInterface: "lo",
+		},
 		DNS: RawDNS{
 			Enable:       false,
 			UseHosts:     true,
@@ -243,6 +255,7 @@ func ParseRawConfig(rawCfg *RawConfig) (*Config, error) {
 
 	config.Experimental = &rawCfg.Experimental
 	config.Profile = &rawCfg.Profile
+	config.IPTables = &rawCfg.IPTables
 
 	general, err := parseGeneral(rawCfg)
 	if err != nil {