sd

backend/modules/nfproxy/firegex.py

@@ -99,6 +99,8 @@ class FiregexInterceptor:
     
     async def _start_binary(self):
         proxy_binary_path = os.path.abspath(os.path.join(os.path.dirname(__file__), "../cpproxy"))
+        # Determine match mode based on protocol
+        match_mode = "stream" if self.srv.proto in ["tcp", "http"] else "block"
         self.process = await asyncio.create_subprocess_exec(
             proxy_binary_path, stdin=asyncio.subprocess.DEVNULL,
             stdout=asyncio.subprocess.PIPE,
@@ -106,7 +108,9 @@ class FiregexInterceptor:
             env={
                 "NTHREADS": os.getenv("NTHREADS","1"),
                 "FIREGEX_NFQUEUE_FAIL_OPEN": "1" if self.srv.fail_open else "0",
-                "FIREGEX_NFPROXY_SOCK": self.sock_path
+                "FIREGEX_NFPROXY_SOCK": self.sock_path,
+                "MATCH_MODE": match_mode,
+                "PROTOCOL": self.srv.proto
             },
         )
         nicenessify(-10, self.process.pid)

backend/modules/nfproxy/nftables.py

@@ -6,6 +6,8 @@ def convert_protocol_to_l4(proto:str):
         return "tcp"
     elif proto == "http":
         return "tcp"
+    elif proto == "udp":
+        return "udp"
     else:
         raise Exception("Invalid protocol")