From dd8251468efd75e1061df73a0c8689d73c201acb Mon Sep 17 00:00:00 2001
From: Vladimir Avtsenov <vladimir.lsk.cool@gmail.com>
Date: Tue, 11 Feb 2025 13:22:18 +0300
Subject: [PATCH] masquerade only marked packets

---
 netfilter-helper/interface-to-ipset.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/netfilter-helper/interface-to-ipset.go b/netfilter-helper/interface-to-ipset.go
index bfd5827..aafc187 100644
--- a/netfilter-helper/interface-to-ipset.go
+++ b/netfilter-helper/interface-to-ipset.go
@@ -90,7 +90,7 @@ func (r *IfaceToIPSet) PutIPTable(table string) error {
 			return fmt.Errorf("failed to clear chain: %w", err)
 		}
 
-		err = r.IPTables.AppendUnique("nat", postroutingChainName, "-o", r.IfaceName, "-j", "MASQUERADE")
+		err = r.IPTables.AppendUnique("nat", postroutingChainName, "-m", "mark", "--mark", strconv.Itoa(int(r.mark)), "-j", "MASQUERADE")
 		if err != nil {
 			return fmt.Errorf("failed to create rule: %w", err)
 		}