fix: pass SQUID_PROXY_HOST/PORT to init container for DNS resolution

setup-iptables.sh reads SQUID_PROXY_HOST (not AWF_SQUID_HOST), but the
init container only passed AWF_SQUID_HOST. Since the init container uses
network_mode: service:agent, it may not have DNS resolution for compose
service names, causing getent hosts to fail and the script to exit before
writing the ready signal. Use the direct IP address to avoid DNS issues.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: Mossaka

src/docker-manager.ts

@@ -1065,8 +1065,11 @@ export function generateDockerCompose(
     ],
     environment: {
       // Pass through environment variables needed by setup-iptables.sh
-      AWF_SQUID_HOST: environment.AWF_SQUID_HOST || `${networkConfig.squidIp}`,
-      AWF_SQUID_PORT: String(SQUID_PORT),
+      // IMPORTANT: setup-iptables.sh reads SQUID_PROXY_HOST/PORT (not AWF_ prefixed).
+      // Use the direct IP address since the init container (network_mode: service:agent)
+      // may not have DNS resolution for compose service names.
+      SQUID_PROXY_HOST: `${networkConfig.squidIp}`,
+      SQUID_PROXY_PORT: String(SQUID_PORT),
       AWF_DNS_SERVERS: environment.AWF_DNS_SERVERS || '',
       AWF_BLOCKED_PORTS: environment.AWF_BLOCKED_PORTS || '',
       AWF_ENABLE_HOST_ACCESS: environment.AWF_ENABLE_HOST_ACCESS || '',