/**
 * Custom error classes for better error handling
 */
export declare class NftBaseError extends Error {
    constructor(message: string);
}
export declare class NftValidationError extends NftBaseError {
    constructor(message: string);
}
export declare class NftExecutionError extends NftBaseError {
    constructor(message: string);
}
export declare class NftResourceError extends NftBaseError {
    constructor(message: string);
}
/**
 * Represents a port range for forwarding
 */
export interface IPortRange {
    from: number;
    to: number;
}
/**
 * Settings for NfTablesProxy.
 */
export interface INfTableProxySettings {
    fromPort: number | IPortRange | Array<number | IPortRange>;
    toPort: number | IPortRange | Array<number | IPortRange>;
    toHost?: string;
    preserveSourceIP?: boolean;
    deleteOnExit?: boolean;
    protocol?: 'tcp' | 'udp' | 'all';
    enableLogging?: boolean;
    ipv6Support?: boolean;
    logFormat?: 'plain' | 'json';
    allowedSourceIPs?: string[];
    bannedSourceIPs?: string[];
    useIPSets?: boolean;
    forceCleanSlate?: boolean;
    tableName?: string;
    maxRetries?: number;
    retryDelayMs?: number;
    useAdvancedNAT?: boolean;
    qos?: {
        enabled: boolean;
        maxRate?: string;
        priority?: number;
        markConnections?: boolean;
    };
    netProxyIntegration?: {
        enabled: boolean;
        redirectLocalhost?: boolean;
        sslTerminationPort?: number;
    };
}
/**
 * Interface for status reporting
 */
export interface INfTablesStatus {
    active: boolean;
    ruleCount: {
        total: number;
        added: number;
        verified: number;
    };
    tablesConfigured: {
        family: string;
        tableName: string;
    }[];
    metrics: {
        forwardedConnections?: number;
        activeConnections?: number;
        bytesForwarded?: {
            sent: number;
            received: number;
        };
    };
    qosEnabled?: boolean;
    ipSetsConfigured?: {
        name: string;
        elementCount: number;
        type: string;
    }[];
}
/**
 * NfTablesProxy sets up nftables NAT rules to forward TCP traffic.
 * Enhanced with multi-port support, IPv6, connection tracking, metrics,
 * and more advanced features.
 */
export declare class NfTablesProxy {
    settings: INfTableProxySettings;
    private rules;
    private ipSets;
    private ruleTag;
    private tableName;
    private tempFilePath;
    private static NFT_CMD;
    constructor(settings: INfTableProxySettings);
    /**
     * Validates settings to prevent command injection and ensure valid values
     */
    private validateSettings;
    /**
     * Normalizes port specifications into an array of port ranges
     */
    private normalizePortSpec;
    /**
     * Execute a command with retry capability
     */
    private executeWithRetry;
    /**
     * Execute system command synchronously with multiple attempts
     */
    private executeWithRetrySync;
    /**
     * Checks if nftables is available and the required modules are loaded
     */
    private checkNftablesAvailability;
    /**
     * Creates the necessary tables and chains
     */
    private setupTablesAndChains;
    /**
     * Creates IP sets for efficient filtering of large IP lists
     */
    private createIPSet;
    /**
     * Adds source IP filtering rules, potentially using IP sets for efficiency
     */
    private addSourceIPFilters;
    /**
     * Gets a comma-separated list of all ports from a port specification
     */
    private getAllPorts;
    /**
     * Configures advanced NAT with connection tracking
     */
    private setupAdvancedNAT;
    /**
     * Adds port forwarding rules
     */
    private addPortForwardingRules;
    /**
     * Adds port forwarding rules for the case where one toPortRange maps to multiple fromPortRanges
     */
    private addPortMappings;
    /**
     * Adds port forwarding rules for pairs of fromPortRanges and toPortRanges
     */
    private addPortPairMappings;
    /**
     * Setup quality of service rules
     */
    private addTrafficShaping;
    /**
     * Setup NetworkProxy integration rules
     */
    private setupNetworkProxyIntegration;
    /**
     * Verify that a rule was successfully applied
     */
    private verifyRuleApplication;
    /**
     * Rolls back rules in case of error during setup
     */
    private rollbackRules;
    /**
     * Checks if nftables table exists
     */
    private tableExists;
    /**
     * Get system metrics like connection counts
     */
    private getSystemMetrics;
    /**
     * Get status of IP sets
     */
    private getIPSetStatus;
    /**
     * Get detailed status about the current state of the proxy
     */
    getStatus(): Promise<INfTablesStatus>;
    /**
     * Performs a dry run to see what commands would be executed without actually applying them
     */
    dryRun(): Promise<string[]>;
    /**
     * Starts the proxy by setting up all nftables rules
     */
    start(): Promise<void>;
    /**
     * Stops the proxy by removing all added rules
     */
    stop(): Promise<void>;
    /**
     * Synchronous version of stop, for use in exit handlers
     */
    stopSync(): void;
    /**
     * Cleans up empty tables
     */
    private cleanupEmptyTables;
    /**
     * Synchronous version of cleanupEmptyTables
     */
    private cleanupEmptyTablesSync;
    /**
     * Removes all nftables rules created by this module
     */
    static cleanSlate(): Promise<void>;
    /**
     * Synchronous version of cleanSlate
     */
    static cleanSlateSync(): void;
    /**
     * Improved logging with structured output
     */
    private log;
}