Environment:
------------
ENVOY_PORT=
INBOUND_CAPTURE_PORT=
ISTIO_INBOUND_INTERCEPTION_MODE=
ISTIO_INBOUND_TPROXY_MARK=
ISTIO_INBOUND_TPROXY_ROUTE_TABLE=
ISTIO_INBOUND_PORTS=
ISTIO_LOCAL_EXCLUDE_PORTS=
ISTIO_SERVICE_CIDR=
ISTIO_SERVICE_EXCLUDE_CIDR=

Variables:
----------
PROXY_PORT=12345
PROXY_INBOUND_CAPTURE_PORT=15006
PROXY_UID=4321
INBOUND_INTERCEPTION_MODE=TPROXY
INBOUND_TPROXY_MARK=1337
INBOUND_TPROXY_ROUTE_TABLE=133
INBOUND_PORTS_INCLUDE=*
INBOUND_PORTS_EXCLUDE=7777,8888
OUTBOUND_IP_RANGES_INCLUDE=1.1.0.0/16
OUTBOUND_IP_RANGES_EXCLUDE=9.9.0.0/16
OUTBOUND_PORTS_EXCLUDE=
KUBEVIRT_INTERFACES=eth1,eth2
ENABLE_INBOUND_IPV6=

iptables -t nat -N ISTIO_REDIRECT
iptables -t nat -A ISTIO_REDIRECT -p tcp -j REDIRECT --to-port 12345
iptables -t nat -N ISTIO_IN_REDIRECT
iptables -t nat -A ISTIO_IN_REDIRECT -p tcp -j REDIRECT --to-port 15006
iptables -t mangle -N ISTIO_DIVERT
iptables -t mangle -A ISTIO_DIVERT -j MARK --set-mark 1337
iptables -t mangle -A ISTIO_DIVERT -j ACCEPT
ip -f inet rule add fwmark 1337 lookup 133
ip -f inet route add local default dev lo table 133
iptables -t mangle -N ISTIO_TPROXY
iptables -t mangle -A ISTIO_TPROXY ! -d 127.0.0.1/32 -p tcp -j TPROXY --tproxy-mark 1337/0xffffffff --on-port 12345
iptables -t mangle -N ISTIO_INBOUND
iptables -t mangle -A PREROUTING -p tcp -j ISTIO_INBOUND
iptables -t mangle -A ISTIO_INBOUND -p tcp --dport 22 -j RETURN
iptables -t mangle -A ISTIO_INBOUND -p tcp --dport 7777 -j RETURN
iptables -t mangle -A ISTIO_INBOUND -p tcp --dport 8888 -j RETURN
iptables -t mangle -A ISTIO_INBOUND -p tcp -m socket -j ISTIO_DIVERT
iptables -t mangle -A ISTIO_INBOUND -p tcp -j ISTIO_TPROXY
iptables -t nat -N ISTIO_OUTPUT
iptables -t nat -A OUTPUT -p tcp -j ISTIO_OUTPUT
iptables -t nat -A ISTIO_OUTPUT -o lo -s 127.0.0.6/32 -j RETURN
iptables -t nat -A ISTIO_OUTPUT -o lo ! -d 127.0.0.1/32 -j ISTIO_IN_REDIRECT
iptables -t nat -A ISTIO_OUTPUT -m owner --uid-owner 4321 -j RETURN
iptables -t nat -A ISTIO_OUTPUT -m owner --gid-owner 4444 -j RETURN
iptables -t nat -A ISTIO_OUTPUT -d 127.0.0.1/32 -j RETURN
iptables -t nat -A ISTIO_OUTPUT -d 9.9.0.0/16 -j RETURN
iptables -t nat -I PREROUTING 1 -i eth1 -j RETURN
iptables -t nat -I PREROUTING 1 -i eth2 -j RETURN
iptables -t nat -I PREROUTING 1 -i eth1 -d 1.1.0.0/16 -j ISTIO_REDIRECT
iptables -t nat -I PREROUTING 1 -i eth2 -d 1.1.0.0/16 -j ISTIO_REDIRECT
iptables -t nat -A ISTIO_OUTPUT -d 1.1.0.0/16 -j ISTIO_REDIRECT
iptables -t nat -A ISTIO_OUTPUT -j RETURN
ip6tables -F INPUT
ip6tables -A INPUT -m state --state ESTABLISHED -j ACCEPT
ip6tables -A INPUT -i lo -d ::1 -j ACCEPT
ip6tables -A INPUT -j REJECT
iptables-save 
ip6tables-save 
