From a244b325cb6c7ce86e1c4a78eed6a80b9357dbf1 Mon Sep 17 00:00:00 2001
From: Avery Pennarun <apenwarr@gmail.com>
Date: Sun, 2 May 2010 02:00:19 -0400
Subject: [PATCH] iptables: add a PREROUTING rule so we can proxy for other
 machines too.

If you run sshuttle on a router, it can handle vpn'ing for all the boxes on
your network.
---
 iptables.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/iptables.py b/iptables.py
index 5bb6133..096844e 100644
--- a/iptables.py
+++ b/iptables.py
@@ -44,6 +44,7 @@ def main(port, subnets):
     # basic cleanup/setup of chains
     if chain_exists(chain):
         ipt('-D', 'OUTPUT', '-j', chain)
+        ipt('-D', 'PREROUTING', '-j', chain)
         ipt('-F', chain)
         ipt('-X', chain)
 
@@ -51,6 +52,7 @@ def main(port, subnets):
         ipt('-N', chain)
         ipt('-F', chain)
         ipt('-I', 'OUTPUT', '1', '-j', chain)
+        ipt('-I', 'PREROUTING', '1', '-j', chain)
 
         # create new subnet entries
         for snet,swidth in subnets: