feat: Refactor Mihomo setup script to improve interface handling and add new rule logic

scripts/warpgates/iptables-mihomo-setup-alpine-mark2.sh

@@ -11,6 +11,7 @@ FW_MARK="0x1"
 ROUTE_TABLE="100"
 
 EXCLUDE_IFACES=("tun0")  
+INCLUDE_IFACES=("wt0" "eth1" "eth2")
 
 # ----------------------------
 # Helpers
@@ -86,7 +87,15 @@ ipt -t nat -A OUTPUT -m owner --uid-owner "${MIHOMO_UID}" -m comment --comment "
 ipt -t nat -A OUTPUT -p tcp -m comment --comment "MIHOMO-JUMP" -j MIHOMO_REDIR
 
 # Apply to PREROUTING (wt0 Ingress) - Force Redir for NetBird (skips exclusions by design)
-ipt -t nat -A PREROUTING -i wt0 -p tcp -m comment --comment "MIHOMO-REDIRECT" -j REDIRECT --to-port "${REDIR_PORT}"
+for IFACE in "${INCLUDE_IFACES[@]}"; do
+  if [ "$IFACE" = "wt0" ]; then
+    # wt0 (Netbird) пропускает исключения локальных подсетей по твоему дизайну
+    ipt -t nat -A PREROUTING -i "$IFACE" -p tcp -m comment --comment "MIHOMO-REDIRECT" -j REDIRECT --to-port "${REDIR_PORT}"
+  else
+    # LAN-трафик (eth1, eth2) должен прыгать в цепочку MIHOMO_REDIR для проверки исключений (192.168.x.x и т.д.)
+    ipt -t nat -A PREROUTING -i "$IFACE" -p tcp -m comment --comment "MIHOMO-JUMP-$IFACE" -j MIHOMO_REDIR
+  fi
+done
 
 # ----------------------------
 # MANGLE (TPROXY) - UDP
@@ -116,6 +125,9 @@ ipt -t mangle -A OUTPUT -p udp -m comment --comment "MIHOMO-MARK" -j MARK --set-
 for IFACE in "${EXCLUDE_IFACES[@]}"; do
   ipt -t mangle -A PREROUTING -i "${IFACE}" -m comment --comment "MIHOMO-EXCLUDE" -j RETURN
 done
-ipt -t mangle -A PREROUTING -i wt0 -m comment --comment "MIHOMO-JUMP" -j MIHOMO_TPROXY
+
+for IFACE in "${INCLUDE_IFACES[@]}"; do
+  ipt -t mangle -A PREROUTING -i "$IFACE" -m comment --comment "MIHOMO-JUMP-$IFACE" -j MIHOMO_TPROXY
+done
 
 echo "Done. Suboptimal hypervisor constraints bypassed successfully."