https://www.haproxy.com/blog/howto-transparent-proxying-and-binding-with-haproxy-and-aloha-load-balancer/
# firewall-cmd --permanent --direct --add-chain ipv4 mangle DIVERT
succcess
# firewall-cmd --permanent --direct --add-rule ipv4 mangle PREROUTING 0 -p tcp -m socket -j DIVERT
success
# firewall-cmd --permanent --direct --add-rule ipv4 mangle DIVERT 0 -j MARK --set-mark 1
success
# firewall-cmd --permanent --direct --add-rule ipv4 mangle DIVERT 1 -j ACCEPT
success
# cat /etc/firewalld/direct.xml
<?xml version="1.0" encoding="utf-8"?>
<direct>
<chain ipv="ipv4" table="mangle" chain="DIVERT"/>
<rule ipv="ipv4" table="mangle" chain="PREROUTING" priority="0">-p tcp -m socket -j DIVERT</rule>
<rule ipv="ipv4" table="mangle" chain="DIVERT" priority="0">-j MARK --set-mark 1</rule>
<rule ipv="ipv4" table="mangle" chain="DIVERT" priority="1">-j ACCEPT</rule>
</direct>
# firewall-cmd --reload
success
# iptables-save
(...)
*mangle
:PREROUTING ACCEPT [4458:699742]
:INPUT ACCEPT [19565:2954906]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [16284:1006161]
:POSTROUTING ACCEPT [16265:1005021]
:DIVERT - [0:0]
-A PREROUTING -p tcp -m socket -j DIVERT
-A DIVERT -j MARK --set-xmark 0x1/0xffffffff
-A DIVERT -j ACCEPT
(...)