ipset: do not insert to ipset when forwarder is Direct

config/examples/9.transparent_proxy_without_dnsmasq/README.md

@@ -82,7 +82,7 @@ use the linux server's ip as your dns server
 #### When client requesting to access http://example1.com (in office.rule), the whole process:
 DNS Resolving: 
 1. client sends a udp dns request to linux server, and glider will receive the request(as it listen on default dns port :53)
-2. upstream dns server choice: glider will lookup it's rule config and find out the dns server to use for this domain(matched "example1.com" in office.rule, so 208.67.222.222:53 will be choosen)
+2. upstream dns server choice: glider will lookup it's rule config and find out the dns server to use for this domain(matched "example1.com" in office.rule, so 208.67.222.222:53 will be chosen)
 3. glider uses the forwarder in office.rule to ask 208.67.222.222:53 for the resolve answers
 4. glider updates it's office rule config, add the resolved ip address to it
 5. glider adds the resolved ip into ipset "glider", and return the dns answer to client

ipset_linux.go

@@ -106,6 +106,11 @@ func NewIPSetManager(mainSet string, rules []*RuleConf) (*IPSetManager, error) {
 			set = m.mainSet
 		}
 
+		// if dialer is Direct, do not insert to ipset, in order to avoid iptables redirect loop
+		if len(r.Forward) == 0 {
+			continue
+		}
+
 		for _, domain := range r.Domain {
 			m.domainSet.Store(domain, set)
 		}