luci-app-passwall: sync with upstream source
This commit is contained in:
CN_SZTL
parent
e79887c2cf
commit
0d9831adc1
@ -6,8 +6,8 @@
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=luci-app-passwall
|
||||
PKG_VERSION:=3.5.4
|
||||
PKG_RELEASE:=20200212
|
||||
PKG_VERSION:=3.5.6
|
||||
PKG_RELEASE:=20200213
|
||||
|
||||
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
|
||||
|
||||
|
||||
@ -81,14 +81,27 @@ o:value("disable", translate("No Proxy"))
|
||||
o:value("global", translate("Global Proxy"))
|
||||
o:value("gfwlist", translate("GFW List"))
|
||||
o:value("chnroute", translate("China WhiteList"))
|
||||
--o:value("gamemode", translate("Game Mode"))
|
||||
-- o:value("gamemode", translate("Game Mode"))
|
||||
o:value("returnhome", translate("Return Home"))
|
||||
|
||||
---- TCP No Redir Ports
|
||||
o = s:option(Value, "tcp_no_redir_ports", translate("TCP No Redir Ports"))
|
||||
o.default = "default"
|
||||
o:value("disable", translate("No patterns are used"))
|
||||
o:value("default", translate("Default"))
|
||||
o:value("1:65535", translate("All"))
|
||||
|
||||
---- UDP No Redir Ports
|
||||
o = s:option(Value, "udp_no_redir_ports", translate("UDP No Redir Ports"))
|
||||
o.default = "default"
|
||||
o:value("disable", translate("No patterns are used"))
|
||||
o:value("default", translate("Default"))
|
||||
o:value("1:65535", translate("All"))
|
||||
|
||||
---- TCP Redir Ports
|
||||
o = s:option(Value, "tcp_redir_ports", translate("TCP Redir Ports"))
|
||||
o.default = "default"
|
||||
o:value("default", translate("Default"))
|
||||
o:value("disable", translate("No Proxy"))
|
||||
o:value("1:65535", translate("All"))
|
||||
o:value("80,443", "80,443")
|
||||
o:value("80:", "80 " .. translate("or more"))
|
||||
@ -98,7 +111,6 @@ o:value(":443", "443 " .. translate("or less"))
|
||||
o = s:option(Value, "udp_redir_ports", translate("UDP Redir Ports"))
|
||||
o.default = "default"
|
||||
o:value("default", translate("Default"))
|
||||
o:value("disable", translate("No Proxy"))
|
||||
o:value("1:65535", translate("All"))
|
||||
o:value("53", "53")
|
||||
|
||||
|
||||
@ -186,26 +186,25 @@ o.rmempty = false
|
||||
|
||||
---- Default Proxy Mode
|
||||
o = s:option(ListValue, "proxy_mode",
|
||||
translate("Default") .. translate("Proxy Mode"), translate(
|
||||
"If using GFW mode is not available, try clearing the native cache."))
|
||||
translate("Default") .. translate("Proxy Mode"),
|
||||
translate("If not available, try clearing the cache."))
|
||||
o.default = "chnroute"
|
||||
o.rmempty = false
|
||||
o:value("disable", translate("No Proxy"))
|
||||
o:value("global", translate("Global Proxy"))
|
||||
o:value("gfwlist", translate("GFW List"))
|
||||
o:value("chnroute", translate("China WhiteList"))
|
||||
--o:value("gamemode", translate("Game Mode"))
|
||||
-- o:value("gamemode", translate("Game Mode"))
|
||||
o:value("returnhome", translate("Return Home"))
|
||||
|
||||
---- Localhost Proxy Mode
|
||||
o = s:option(ListValue, "localhost_proxy_mode",
|
||||
translate("Localhost") .. translate("Proxy Mode"), translate(
|
||||
"The server client can also use this rule to scientifically surf the Internet.<br /> Global and continental whitelist are not recommended for non-special cases!"))
|
||||
"The server client can also use this rule to scientifically surf the Internet."))
|
||||
o:value("default", translate("Default"))
|
||||
o:value("global",
|
||||
translate("Global Proxy") .. "(" .. translate("Danger") .. ")")
|
||||
o:value("gfwlist", translate("GFW List"))
|
||||
o:value("chnroute", translate("China WhiteList"))
|
||||
o:value("global", translate("Global Proxy"))
|
||||
o.default = "default"
|
||||
o.rmempty = false
|
||||
|
||||
|
||||
@ -54,10 +54,25 @@ s = m:section(TypedSection, "global_forwarding",
|
||||
s.anonymous = true
|
||||
s.addremove = false
|
||||
|
||||
---- TCP No Redir Ports
|
||||
o = s:option(Value, "tcp_no_redir_ports", translate("TCP No Redir Ports"),
|
||||
translate(
|
||||
"Fill in the ports you don't want to be forwarded by the agent, with the highest priority."))
|
||||
o.default = "disable"
|
||||
o:value("disable", translate("No patterns are used"))
|
||||
o:value("1:65535", translate("All"))
|
||||
|
||||
---- UDP No Redir Ports
|
||||
o = s:option(Value, "udp_no_redir_ports", translate("UDP No Redir Ports"),
|
||||
translate(
|
||||
"Fill in the ports you don't want to be forwarded by the agent, with the highest priority."))
|
||||
o.default = "disable"
|
||||
o:value("disable", translate("No patterns are used"))
|
||||
o:value("1:65535", translate("All"))
|
||||
|
||||
---- TCP Redir Ports
|
||||
o = s:option(Value, "tcp_redir_ports", translate("TCP Redir Ports"))
|
||||
o.default = "80,443"
|
||||
o:value("disable", translate("No Proxy"))
|
||||
o:value("1:65535", translate("All"))
|
||||
o:value("80,443", "80,443")
|
||||
o:value("80:", "80 " .. translate("or more"))
|
||||
@ -66,7 +81,6 @@ o:value(":443", "443 " .. translate("or less"))
|
||||
---- UDP Redir Ports
|
||||
o = s:option(Value, "udp_redir_ports", translate("UDP Redir Ports"))
|
||||
o.default = "1:65535"
|
||||
o:value("disable", translate("No Proxy"))
|
||||
o:value("1:65535", translate("All"))
|
||||
o:value("53", "53")
|
||||
|
||||
|
||||
@ -166,8 +166,8 @@ msgstr "ChinaDNS-NG可信DNS"
|
||||
msgid "You can use other resolving DNS services as trusted DNS, Example: dns2socks, dns-forwarder... 127.0.0.1#5353<br />Only use two at most, english comma separation, If you do not fill in the # and the following port, you are using port 53."
|
||||
msgstr "你可以使用其他解决污染DNS服务作为可信DNS,例:dns2socks,dns-forwarder等等。127.0.0.1#5353<br />最多使用2个DNS服务器,英文逗号分隔,如果没有填#和后面的端口,则使用53端口。"
|
||||
|
||||
msgid "The server client can also use this rule to scientifically surf the Internet.<br /> Global and continental whitelist are not recommended for non-special cases!"
|
||||
msgstr "本机服务器的客户端也可以使用这个代理模式上网。<br />非特殊情况不推荐使用全局和大陆白名单!"
|
||||
msgid "The server client can also use this rule to scientifically surf the Internet."
|
||||
msgstr "本机服务器的客户端也可以使用这个代理模式上网。"
|
||||
|
||||
msgid "Tips"
|
||||
msgstr "小提示"
|
||||
@ -226,8 +226,8 @@ msgstr "单进程"
|
||||
msgid "Proxy Mode"
|
||||
msgstr "代理模式"
|
||||
|
||||
msgid "If using GFW mode is not available, try clearing the native cache."
|
||||
msgstr "如果使用GFW模式无法使用,请尝试清除本机缓存。"
|
||||
msgid "If not available, try clearing the cache."
|
||||
msgstr "如果无法使用,请尝试清除缓存。"
|
||||
|
||||
msgid "No Proxy"
|
||||
msgstr "不代理"
|
||||
@ -382,6 +382,15 @@ msgstr "自动重启时间"
|
||||
msgid "Forwarding Settings"
|
||||
msgstr "转发配置"
|
||||
|
||||
msgid "TCP No Redir Ports"
|
||||
msgstr "TCP不转发端口"
|
||||
|
||||
msgid "UDP No Redir Ports"
|
||||
msgstr "UDP不转发端口"
|
||||
|
||||
msgid "Fill in the ports you don't want to be forwarded by the agent, with the highest priority."
|
||||
msgstr "填写你不希望被代理转发的端口,优先级最高。"
|
||||
|
||||
msgid "TCP Redir Ports"
|
||||
msgstr "TCP转发端口"
|
||||
|
||||
|
||||
@ -22,6 +22,8 @@ config global_delay
|
||||
|
||||
config global_forwarding
|
||||
option process '1'
|
||||
option tcp_no_redir_ports 'disable'
|
||||
option udp_no_redir_ports 'disable'
|
||||
option tcp_redir_ports '1:65535'
|
||||
option udp_redir_ports '1:65535'
|
||||
option socks5_proxy_port '1081'
|
||||
|
||||
@ -2,4 +2,9 @@ formyip.com
|
||||
msi.com
|
||||
github.com
|
||||
github.io
|
||||
githubusercontent.com
|
||||
githubusercontent.com
|
||||
github-production-release-asset-2e65be.s3.amazonaws.com
|
||||
openwrt.proxy.ustclug.org
|
||||
easylist-downloads.adblockplus.org
|
||||
adblockplus.org
|
||||
caddyserver.com
|
||||
@ -2,4 +2,6 @@
|
||||
91.108.4.0/22
|
||||
91.108.56.0/24
|
||||
109.239.140.0/24
|
||||
67.198.55.0/24
|
||||
67.198.55.0/24
|
||||
8.8.4.4
|
||||
8.8.8.8
|
||||
@ -1,10 +0,0 @@
|
||||
google.com
|
||||
youtube.com
|
||||
github.com
|
||||
github.io
|
||||
githubusercontent.com
|
||||
github-production-release-asset-2e65be.s3.amazonaws.com
|
||||
openwrt.proxy.ustclug.org
|
||||
easylist-downloads.adblockplus.org
|
||||
adblockplus.org
|
||||
caddyserver.com
|
||||
@ -89,6 +89,18 @@ get_host_ip() {
|
||||
echo $ip
|
||||
}
|
||||
|
||||
get_node_host_ip() {
|
||||
local ip
|
||||
local address=$(config_n_get $1 address)
|
||||
[ -n "$address" ] && {
|
||||
local use_ipv6=$(config_n_get $1 use_ipv6)
|
||||
local network_type="ipv4"
|
||||
[ "$use_ipv6" == "1" ] && network_type="ipv6"
|
||||
ip=$(get_host_ip $network_type $address)
|
||||
}
|
||||
echo $ip
|
||||
}
|
||||
|
||||
check_port_exists() {
|
||||
port=$1
|
||||
protocol=$2
|
||||
@ -178,6 +190,8 @@ BROOK_TCP_CMD=""
|
||||
BROOK_UDP_CMD=""
|
||||
TCP_REDIR_PORTS=$(config_t_get global_forwarding tcp_redir_ports '80,443')
|
||||
UDP_REDIR_PORTS=$(config_t_get global_forwarding udp_redir_ports '1:65535')
|
||||
TCP_NO_REDIR_PORTS=$(config_t_get global_forwarding tcp_no_redir_ports 'disable')
|
||||
UDP_NO_REDIR_PORTS=$(config_t_get global_forwarding udp_no_redir_ports 'disable')
|
||||
KCPTUN_REDIR_PORT=$(config_t_get global_forwarding kcptun_port 12948)
|
||||
PROXY_MODE=$(config_t_get global proxy_mode chnroute)
|
||||
|
||||
@ -198,6 +212,7 @@ load_config() {
|
||||
process=$(config_t_get global_forwarding process)
|
||||
fi
|
||||
LOCALHOST_PROXY_MODE=$(config_t_get global localhost_proxy_mode default)
|
||||
[ "$LOCALHOST_PROXY_MODE" == "default" ] && LOCALHOST_PROXY_MODE=$PROXY_MODE
|
||||
UP_CHINA_DNS=$(config_t_get global up_china_dns dnsbyisp)
|
||||
[ "$UP_CHINA_DNS" == "default" ] && IS_DEFAULT_CHINA_DNS=1
|
||||
[ ! -f "$RESOLVFILE" -o ! -s "$RESOLVFILE" ] && RESOLVFILE=/tmp/resolv.conf.auto
|
||||
@ -621,38 +636,6 @@ clean_log() {
|
||||
fi
|
||||
}
|
||||
|
||||
set_cru() {
|
||||
autoupdate=$(config_t_get global_rules auto_update)
|
||||
weekupdate=$(config_t_get global_rules week_update)
|
||||
dayupdate=$(config_t_get global_rules time_update)
|
||||
autoupdatesubscribe=$(config_t_get global_subscribe auto_update_subscribe)
|
||||
weekupdatesubscribe=$(config_t_get global_subscribe week_update_subscribe)
|
||||
dayupdatesubscribe=$(config_t_get global_subscribe time_update_subscribe)
|
||||
if [ "$autoupdate" = "1" ]; then
|
||||
if [ "$weekupdate" = "7" ]; then
|
||||
echo "0 $dayupdate * * * $APP_PATH/rule_update.sh" >>/etc/crontabs/root
|
||||
echolog "设置自动更新规则在每天 $dayupdate 点。"
|
||||
else
|
||||
echo "0 $dayupdate * * $weekupdate $APP_PATH/rule_update.sh" >>/etc/crontabs/root
|
||||
echolog "设置自动更新规则在星期 $weekupdate 的 $dayupdate 点。"
|
||||
fi
|
||||
else
|
||||
sed -i '/rule_update.sh/d' /etc/crontabs/root >/dev/null 2>&1 &
|
||||
fi
|
||||
|
||||
if [ "$autoupdatesubscribe" = "1" ]; then
|
||||
if [ "$weekupdatesubscribe" = "7" ]; then
|
||||
echo "0 $dayupdatesubscribe * * * $APP_PATH/subscription.sh" >>/etc/crontabs/root
|
||||
echolog "设置节点订阅自动更新规则在每天 $dayupdatesubscribe 点。"
|
||||
else
|
||||
echo "0 $dayupdatesubscribe * * $weekupdate $APP_PATH/subscription.sh" >>/etc/crontabs/root
|
||||
echolog "设置节点订阅自动更新规则在星期 $weekupdate 的 $dayupdatesubscribe 点。"
|
||||
fi
|
||||
else
|
||||
sed -i '/subscription.sh/d' /etc/crontabs/root >/dev/null 2>&1 &
|
||||
fi
|
||||
}
|
||||
|
||||
start_crontab() {
|
||||
sed -i '/$CONFIG/d' /etc/crontabs/root >/dev/null 2>&1 &
|
||||
start_daemon=$(config_t_get global_delay start_daemon)
|
||||
@ -688,6 +671,37 @@ start_crontab() {
|
||||
echolog "设置每$testing_time分钟执行检测脚本。"
|
||||
}
|
||||
}
|
||||
|
||||
autoupdate=$(config_t_get global_rules auto_update)
|
||||
weekupdate=$(config_t_get global_rules week_update)
|
||||
dayupdate=$(config_t_get global_rules time_update)
|
||||
autoupdatesubscribe=$(config_t_get global_subscribe auto_update_subscribe)
|
||||
weekupdatesubscribe=$(config_t_get global_subscribe week_update_subscribe)
|
||||
dayupdatesubscribe=$(config_t_get global_subscribe time_update_subscribe)
|
||||
if [ "$autoupdate" = "1" ]; then
|
||||
if [ "$weekupdate" = "7" ]; then
|
||||
echo "0 $dayupdate * * * $APP_PATH/rule_update.sh" >>/etc/crontabs/root
|
||||
echolog "设置自动更新规则在每天 $dayupdate 点。"
|
||||
else
|
||||
echo "0 $dayupdate * * $weekupdate $APP_PATH/rule_update.sh" >>/etc/crontabs/root
|
||||
echolog "设置自动更新规则在星期 $weekupdate 的 $dayupdate 点。"
|
||||
fi
|
||||
else
|
||||
sed -i '/rule_update.sh/d' /etc/crontabs/root >/dev/null 2>&1 &
|
||||
fi
|
||||
|
||||
if [ "$autoupdatesubscribe" = "1" ]; then
|
||||
if [ "$weekupdatesubscribe" = "7" ]; then
|
||||
echo "0 $dayupdatesubscribe * * * $APP_PATH/subscription.sh" >>/etc/crontabs/root
|
||||
echolog "设置节点订阅自动更新规则在每天 $dayupdatesubscribe 点。"
|
||||
else
|
||||
echo "0 $dayupdatesubscribe * * $weekupdate $APP_PATH/subscription.sh" >>/etc/crontabs/root
|
||||
echolog "设置节点订阅自动更新规则在星期 $weekupdate 的 $dayupdatesubscribe 点。"
|
||||
fi
|
||||
else
|
||||
sed -i '/subscription.sh/d' /etc/crontabs/root >/dev/null 2>&1 &
|
||||
fi
|
||||
|
||||
/etc/init.d/cron restart
|
||||
}
|
||||
|
||||
@ -724,7 +738,7 @@ start_dns() {
|
||||
pdnsd_bin=$(find_bin pdnsd)
|
||||
[ -n "$pdnsd_bin" ] && {
|
||||
use_tcp_node_resolve_dns=1
|
||||
gen_pdnsd_config $DNS_PORT "cache"
|
||||
gen_pdnsd_config $DNS_PORT 10240
|
||||
DNS_FORWARD=$(echo $DNS_FORWARD | sed 's/,/ /g')
|
||||
nohup $pdnsd_bin --daemon -c $pdnsd_dir/pdnsd.conf -d >/dev/null 2>&1 &
|
||||
echolog "DNS:pdnsd..."
|
||||
@ -734,8 +748,8 @@ start_dns() {
|
||||
chinadns_ng_bin=$(find_bin chinadns-ng)
|
||||
[ -n "$chinadns_ng_bin" ] && {
|
||||
other_port=$(expr $DNS_PORT + 1)
|
||||
cat $RULE_PATH/gfwlist.conf | sort | uniq | sed -e '/127.0.0.1/d' | sed 's/ipset=\/.//g' | sed 's/\/gfwlist//g' > $CONFIG_PATH/gfwlist_chinadns_ng.txt
|
||||
[ -f "$CONFIG_PATH/gfwlist_chinadns_ng.txt" ] && local gfwlist_param="-g $CONFIG_PATH/gfwlist_chinadns_ng.txt"
|
||||
cat $RULE_PATH/gfwlist.conf | sort | uniq | sed -e '/127.0.0.1/d' | sed 's/ipset=\/.//g' | sed 's/\/gfwlist//g' > $CONFIG_PATH/gfwlist.txt
|
||||
[ -f "$CONFIG_PATH/gfwlist.txt" ] && local gfwlist_param="-g $CONFIG_PATH/gfwlist.txt"
|
||||
[ -f "$RULE_PATH/chnlist" ] && local chnlist_param="-m $RULE_PATH/chnlist"
|
||||
|
||||
up_trust_chinadns_ng_dns=$(config_t_get global up_trust_chinadns_ng_dns "pdnsd")
|
||||
@ -745,7 +759,7 @@ start_dns() {
|
||||
force_stop
|
||||
else
|
||||
use_tcp_node_resolve_dns=1
|
||||
gen_pdnsd_config $other_port
|
||||
gen_pdnsd_config $other_port 0
|
||||
pdnsd_bin=$(find_bin pdnsd)
|
||||
[ -n "$pdnsd_bin" ] && {
|
||||
DNS_FORWARD=$(echo $DNS_FORWARD | sed 's/,/ /g')
|
||||
@ -780,51 +794,34 @@ start_dns() {
|
||||
|
||||
add_dnsmasq() {
|
||||
mkdir -p $TMP_DNSMASQ_PATH $DNSMASQ_PATH /var/dnsmasq.d
|
||||
|
||||
# if [ -n "cat /var/state/network |grep pppoe|awk -F '.' '{print $2}'" ]; then
|
||||
# sed -i '/except-interface/d' /etc/dnsmasq.conf >/dev/null 2>&1 &
|
||||
# for wanname in $(cat /var/state/network |grep pppoe|awk -F '.' '{print $2}')
|
||||
# do
|
||||
# echo "except-interface=$(uci -q get network.$wanname.ifname)" >>/etc/dnsmasq.conf
|
||||
# done
|
||||
# fi
|
||||
cat $RULE_PATH/whitelist_host | sed "s/^/ipset=&\/./g" | sed "s/$/\/&whitelist/g" | sort | awk '{if ($0!=line) print;line=$0}' > $TMP_DNSMASQ_PATH/whitelist_host.conf
|
||||
|
||||
subscribe_proxy=$(config_t_get global_subscribe subscribe_proxy 0)
|
||||
[ "$subscribe_proxy" -eq 1 ] && {
|
||||
config_foreach set_subscribe_proxy "subscribe_list"
|
||||
[ "$DNS_MODE" != "nonuse" ] && {
|
||||
[ -f "$RULE_PATH/blacklist_host" -a -s "$RULE_PATH/blacklist_host" ] && cat $RULE_PATH/blacklist_host | awk '{print "server=/."$1"/127.0.0.1#'$DNS_PORT'\nipset=/."$1"/blacklist"}' > $TMP_DNSMASQ_PATH/blacklist_host.conf
|
||||
[ -f "$RULE_PATH/router" -a -s "$RULE_PATH/router" ] && cat $RULE_PATH/router | awk '{print "server=/."$1"/127.0.0.1#'$DNS_PORT'\nipset=/."$1"/router"}' > $TMP_DNSMASQ_PATH/router.conf
|
||||
[ -f "$RULE_PATH/gfwlist.conf" -a -s "$RULE_PATH/gfwlist.conf" ] && ln -s $RULE_PATH/gfwlist.conf $TMP_DNSMASQ_PATH/gfwlist.conf
|
||||
|
||||
subscribe_proxy=$(config_t_get global_subscribe subscribe_proxy 0)
|
||||
[ "$subscribe_proxy" -eq 1 ] && {
|
||||
config_foreach set_subscribe_proxy "subscribe_list"
|
||||
}
|
||||
}
|
||||
|
||||
if [ ! -f "$TMP_DNSMASQ_PATH/gfwlist.conf" -a "$DNS_MODE" != "nonuse" ]; then
|
||||
ln -s $RULE_PATH/gfwlist.conf $TMP_DNSMASQ_PATH/gfwlist.conf
|
||||
fi
|
||||
|
||||
if [ ! -f "$TMP_DNSMASQ_PATH/blacklist_host.conf" -a "$DNS_MODE" != "nonuse" ]; then
|
||||
cat $RULE_PATH/blacklist_host | awk '{print "server=/."$1"/127.0.0.1#'$DNS_PORT'\nipset=/."$1"/blacklist"}' >>$TMP_DNSMASQ_PATH/blacklist_host.conf
|
||||
fi
|
||||
|
||||
if [ ! -f "$TMP_DNSMASQ_PATH/whitelist_host.conf" ]; then
|
||||
cat $RULE_PATH/whitelist_host | sed "s/^/ipset=&\/./g" | sed "s/$/\/&whitelist/g" | sort | awk '{if ($0!=line) print;line=$0}' >$TMP_DNSMASQ_PATH/whitelist_host.conf
|
||||
fi
|
||||
|
||||
if [ ! -f "$TMP_DNSMASQ_PATH/router.conf" -a "$DNS_MODE" != "nonuse" ]; then
|
||||
cat $RULE_PATH/router | awk '{print "server=/."$1"/127.0.0.1#'$DNS_PORT'\nipset=/."$1"/router"}' >>$TMP_DNSMASQ_PATH/router.conf
|
||||
fi
|
||||
|
||||
if [ -z "$IS_DEFAULT_CHINA_DNS" -o "$IS_DEFAULT_CHINA_DNS" == 0 ]; then
|
||||
|
||||
[ -z "$IS_DEFAULT_CHINA_DNS" -o "$IS_DEFAULT_CHINA_DNS" == 0 ] && {
|
||||
server="server=127.0.0.1#$DNS_PORT"
|
||||
[ "$DNS_MODE" != "chinadns-ng" ] && {
|
||||
local china_dns1=$(echo $UP_CHINA_DNS | awk -F "," '{print $1}')
|
||||
local china_dns2=$(echo $UP_CHINA_DNS | awk -F "," '{print $2}')
|
||||
[ -n "$china_dns1" ] && server="server=$china_dns1"
|
||||
[ -n "$china_dns2" ] && server="${server}\n${server_2}"
|
||||
server="${server}\nno-resolv"
|
||||
}
|
||||
cat <<-EOF > /var/dnsmasq.d/dnsmasq-$CONFIG.conf
|
||||
$(echo -e $server)
|
||||
all-servers
|
||||
no-poll
|
||||
no-resolv
|
||||
EOF
|
||||
fi
|
||||
}
|
||||
|
||||
cat <<-EOF >> /var/dnsmasq.d/dnsmasq-$CONFIG.conf
|
||||
conf-dir=$TMP_DNSMASQ_PATH
|
||||
@ -902,11 +899,12 @@ gen_redsocks_config() {
|
||||
gen_pdnsd_config() {
|
||||
pdnsd_dir=$CONFIG_PATH/pdnsd
|
||||
mkdir -p $pdnsd_dir
|
||||
touch $pdnsd_dir/pdnsd.cache
|
||||
chown -R root.nogroup $pdnsd_dir
|
||||
[ "$2" == "cache" ] && cache_param="perm_cache = 1024;\ncache_dir = \"$pdnsd_dir\";"
|
||||
cat > $pdnsd_dir/pdnsd.conf <<-EOF
|
||||
global {
|
||||
$(echo -e $cache_param)
|
||||
perm_cache = $2;
|
||||
cache_dir = "$pdnsd_dir";
|
||||
pid_file = "$RUN_PID_PATH/pdnsd.pid";
|
||||
run_as = "root";
|
||||
server_ip = 127.0.0.1;
|
||||
@ -940,36 +938,34 @@ gen_pdnsd_config() {
|
||||
EOF
|
||||
}
|
||||
|
||||
[ "$DNS_MODE" != "chinadns-ng" ] && {
|
||||
cat >> $pdnsd_dir/pdnsd.conf <<-EOF
|
||||
server {
|
||||
label = "opendns";
|
||||
ip = 208.67.222.222, 208.67.220.220;
|
||||
edns_query = on;
|
||||
port = 443;
|
||||
timeout = 4;
|
||||
interval = 60;
|
||||
uptest = none;
|
||||
purge_cache = off;
|
||||
}
|
||||
server {
|
||||
label = "opendns";
|
||||
ip = 208.67.222.222, 208.67.220.220;
|
||||
edns_query = on;
|
||||
port = 5353;
|
||||
timeout = 4;
|
||||
interval = 60;
|
||||
uptest = none;
|
||||
purge_cache = off;
|
||||
}
|
||||
source {
|
||||
ttl = 86400;
|
||||
owner = "localhost.";
|
||||
serve_aliases = on;
|
||||
file = "/etc/hosts";
|
||||
}
|
||||
EOF
|
||||
}
|
||||
cat >> $pdnsd_dir/pdnsd.conf <<-EOF
|
||||
server {
|
||||
label = "opendns";
|
||||
ip = 208.67.222.222, 208.67.220.220;
|
||||
edns_query = on;
|
||||
port = 443;
|
||||
timeout = 4;
|
||||
interval = 60;
|
||||
uptest = none;
|
||||
purge_cache = off;
|
||||
}
|
||||
server {
|
||||
label = "opendns";
|
||||
ip = 208.67.222.222, 208.67.220.220;
|
||||
edns_query = on;
|
||||
port = 5353;
|
||||
timeout = 4;
|
||||
interval = 60;
|
||||
uptest = none;
|
||||
purge_cache = off;
|
||||
}
|
||||
source {
|
||||
ttl = 86400;
|
||||
owner = "localhost.";
|
||||
serve_aliases = on;
|
||||
file = "/etc/hosts";
|
||||
}
|
||||
EOF
|
||||
}
|
||||
|
||||
stop_dnsmasq() {
|
||||
@ -1111,15 +1107,14 @@ start() {
|
||||
! load_config && return 1
|
||||
[ -f "$LOCK_FILE" ] && return 3
|
||||
touch "$LOCK_FILE"
|
||||
start_dns
|
||||
add_dnsmasq
|
||||
start_haproxy
|
||||
start_redir SOCKS5 PROXY tcp
|
||||
start_redir TCP REDIR tcp
|
||||
start_redir UDP REDIR udp
|
||||
start_dns
|
||||
source $APP_PATH/iptables.sh start
|
||||
add_dnsmasq
|
||||
start_crontab
|
||||
set_cru
|
||||
rm -f "$LOCK_FILE"
|
||||
echolog "运行完成!\n"
|
||||
return 0
|
||||
|
||||
@ -22,6 +22,8 @@ config global_delay
|
||||
|
||||
config global_forwarding
|
||||
option process '1'
|
||||
option tcp_no_redir_ports 'disable'
|
||||
option udp_no_redir_ports 'disable'
|
||||
option tcp_redir_ports '1:65535'
|
||||
option udp_redir_ports '1:65535'
|
||||
option socks5_proxy_port '1081'
|
||||
|
||||
@ -122,9 +122,13 @@ load_acl() {
|
||||
config_get proxy_mode $1 proxy_mode
|
||||
config_get tcp_node $1 tcp_node
|
||||
config_get udp_node $1 udp_node
|
||||
config_get tcp_no_redir_ports $1 tcp_no_redir_ports
|
||||
config_get udp_no_redir_ports $1 udp_no_redir_ports
|
||||
config_get tcp_redir_ports $1 tcp_redir_ports
|
||||
config_get udp_redir_ports $1 udp_redir_ports
|
||||
[ -z "$proxy_mode" -o "$proxy_mode" = "default" ] && proxy_mode=$PROXY_MODE
|
||||
[ -z "$tcp_no_redir_ports" -o "$tcp_no_redir_ports" = "default" ] && tcp_no_redir_ports=$TCP_NO_REDIR_PORTS
|
||||
[ -z "$udp_no_redir_ports" -o "$udp_no_redir_ports" = "default" ] && udp_no_redir_ports=$UDP_NO_REDIR_PORTS
|
||||
[ -z "$tcp_redir_ports" -o "$tcp_redir_ports" = "default" ] && tcp_redir_ports=$TCP_REDIR_PORTS
|
||||
[ -z "$udp_redir_ports" -o "$udp_redir_ports" = "default" ] && udp_redir_ports=$UDP_REDIR_PORTS
|
||||
[ -z "$tcp_node" -o "$TCP_NODE_NUM" == "1" ] && tcp_node=1
|
||||
@ -146,24 +150,16 @@ load_acl() {
|
||||
$ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp -m comment --comment "$remarks" -j RETURN
|
||||
else
|
||||
[ "$TCP_NODE" != "nil" ] && {
|
||||
#local TCP_NODE_TYPE=$(echo $(config_get $TCP_NODE type) | tr 'A-Z' 'a-z')
|
||||
if [ "$tcp_redir_ports" != "disable" ]; then
|
||||
eval tcp_redir_port=\$TCP_REDIR_PORT$tcp_node
|
||||
$ipt_n -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp $(dst $IPSET_BLACKLIST) -m comment --comment "$remarks" -j REDIRECT --to-ports $tcp_redir_port
|
||||
$ipt_n -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp $(factor $tcp_redir_ports "-m multiport --dport") -m comment --comment "$remarks" -$(get_jump_mode $proxy_mode) $(get_action_chain $proxy_mode)$tcp_node
|
||||
else
|
||||
$ipt_n -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp -m comment --comment "$remarks" -j RETURN
|
||||
fi
|
||||
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_n -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
|
||||
eval tcp_redir_port=\$TCP_REDIR_PORT$tcp_node
|
||||
$ipt_n -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp $(dst $IPSET_BLACKLIST) -m comment --comment "$remarks" -j REDIRECT --to-ports $tcp_redir_port
|
||||
$ipt_n -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp $(factor $tcp_redir_ports "-m multiport --dport") -m comment --comment "$remarks" -$(get_jump_mode $proxy_mode) $(get_action_chain $proxy_mode)$tcp_node
|
||||
}
|
||||
[ "$UDP_NODE" != "nil" ] && {
|
||||
#local UDP_NODE_TYPE=$(echo $(config_get $UDP_NODE type) | tr 'A-Z' 'a-z')
|
||||
if [ "$udp_redir_ports" != "disable" ]; then
|
||||
eval udp_redir_port=\$UDP_REDIR_PORT$udp_node
|
||||
$ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp $(dst $IPSET_BLACKLIST) -m comment --comment "$remarks" -j TPROXY --on-port $udp_redir_port --tproxy-mark 0x1/0x1
|
||||
$ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp $(factor $udp_redir_ports "-m multiport --dport") -m comment --comment "$remarks" -$(get_jump_mode $proxy_mode) $(get_action_chain $proxy_mode)$udp_node
|
||||
else
|
||||
$ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp -m comment --comment "$remarks" -j RETURN
|
||||
fi
|
||||
[ "$UDP_NO_REDIR_PORTS" != "disable" ] && $ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
|
||||
eval udp_redir_port=\$UDP_REDIR_PORT$udp_node
|
||||
$ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp $(dst $IPSET_BLACKLIST) -m comment --comment "$remarks" -j TPROXY --on-port $udp_redir_port --tproxy-mark 0x1/0x1
|
||||
$ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp $(factor $udp_redir_ports "-m multiport --dport") -m comment --comment "$remarks" -$(get_jump_mode $proxy_mode) $(get_action_chain $proxy_mode)$udp_node
|
||||
}
|
||||
fi
|
||||
[ -z "$ip" ] && {
|
||||
@ -180,15 +176,13 @@ load_acl() {
|
||||
}
|
||||
|
||||
filter_vpsip() {
|
||||
local address server_ip use_ipv6 network_type
|
||||
address=$(config_get $1 address)
|
||||
local server_ip use_ipv6 network_type
|
||||
use_ipv6=$(config_get $1 use_ipv6)
|
||||
network_type="ipv4"
|
||||
[ "$use_ipv6" == "1" ] && network_type="ipv6"
|
||||
server_ip=$(get_host_ip $network_type $address)
|
||||
|
||||
[ -n "$server_ip" -a "$server_ip" != "$TCP_NODE_IP" ] && {
|
||||
[ "$network_type" == "ipv4" ] && ipset add $IPSET_VPSIPLIST $server_ip >/dev/null 2>&1 &
|
||||
server_ip=$(get_node_host_ip $1)
|
||||
[ -n "$server_ip" ] && {
|
||||
[ "$network_type" == "ipv4" ] && ipset -! add $IPSET_VPSIPLIST $server_ip >/dev/null 2>&1 &
|
||||
}
|
||||
}
|
||||
|
||||
@ -204,18 +198,17 @@ dns_hijack() {
|
||||
add_firewall_rule() {
|
||||
echolog "开始加载防火墙规则..."
|
||||
echolog "默认代理模式:$(get_action_chain_name $PROXY_MODE)"
|
||||
ipset -! create $IPSET_LANIPLIST nethash && ipset flush $IPSET_LANIPLIST
|
||||
ipset -! create $IPSET_VPSIPLIST nethash && ipset flush $IPSET_VPSIPLIST
|
||||
ipset -! create $IPSET_ROUTER nethash && ipset flush $IPSET_ROUTER
|
||||
#ipset -! create $IPSET_GFW nethash && ipset flush $IPSET_GFW
|
||||
ipset -! create $IPSET_LANIPLIST nethash
|
||||
ipset -! create $IPSET_VPSIPLIST nethash
|
||||
ipset -! create $IPSET_ROUTER nethash
|
||||
ipset -! create $IPSET_GFW nethash
|
||||
ipset -! create $IPSET_CHN nethash && ipset flush $IPSET_CHN
|
||||
ipset -! create $IPSET_CHN nethash
|
||||
ipset -! create $IPSET_BLACKLIST nethash && ipset flush $IPSET_BLACKLIST
|
||||
ipset -! create $IPSET_WHITELIST nethash && ipset flush $IPSET_WHITELIST
|
||||
|
||||
sed -e "s/^/add $IPSET_CHN &/g" $RULE_PATH/chnroute | awk '{print $0} END{print "COMMIT"}' | ipset -R
|
||||
sed -e "s/^/add $IPSET_BLACKLIST &/g" $RULE_PATH/blacklist_ip | awk '{print $0} END{print "COMMIT"}' | ipset -R
|
||||
sed -e "s/^/add $IPSET_WHITELIST &/g" $RULE_PATH/whitelist_ip | awk '{print $0} END{print "COMMIT"}' | ipset -R
|
||||
sed -e "s/^/add $IPSET_CHN &/g" $RULE_PATH/chnroute | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
|
||||
sed -e "s/^/add $IPSET_BLACKLIST &/g" $RULE_PATH/blacklist_ip | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
|
||||
sed -e "s/^/add $IPSET_WHITELIST &/g" $RULE_PATH/whitelist_ip | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
|
||||
|
||||
ipset -! -R <<-EOF || return 1
|
||||
$(gen_laniplist | sed -e "s/^/add $IPSET_LANIPLIST /")
|
||||
@ -231,7 +224,7 @@ add_firewall_rule() {
|
||||
# 忽略特殊IP段
|
||||
lan_ip=$(ifconfig br-lan | grep "inet addr" | awk '{print $2}' | awk -F : '{print $2}') #路由器lan IP
|
||||
lan_ipv4=$(ip address show br-lan | grep -w "inet" | awk '{print $2}') #当前LAN IPv4段
|
||||
[ -n "$lan_ipv4" ] && ipset add $IPSET_LANIPLIST $lan_ipv4 >/dev/null 2>&1 &
|
||||
[ -n "$lan_ipv4" ] && ipset -! add $IPSET_LANIPLIST $lan_ipv4 >/dev/null 2>&1 &
|
||||
|
||||
# 过滤所有节点IP
|
||||
config_foreach filter_vpsip "nodes"
|
||||
@ -278,9 +271,8 @@ add_firewall_rule() {
|
||||
local k=$i
|
||||
eval node=\$SOCKS5_NODE$k
|
||||
if [ "$node" != "nil" ]; then
|
||||
local address=$(config_get $node address)
|
||||
local SOCKS5_NODE_PORT=$(config_get $node port)
|
||||
local SOCKS5_NODE_IP=$(get_host_ip "ipv4" $address)
|
||||
local SOCKS5_NODE_IP=$(get_node_host_ip $node)
|
||||
[ -n "$SOCKS5_NODE_IP" -a -n "$SOCKS5_NODE_PORT" ] && $ipt_n -A PSW -p tcp -d $SOCKS5_NODE_IP -m multiport --dports $SOCKS5_NODE_PORT -j RETURN
|
||||
fi
|
||||
done
|
||||
@ -294,9 +286,8 @@ add_firewall_rule() {
|
||||
eval local_port=\$TCP_REDIR_PORT$k
|
||||
# 生成TCP转发规则
|
||||
if [ "$node" != "nil" ]; then
|
||||
local address=$(config_get $node address)
|
||||
local TCP_NODE_PORT=$(config_get $node port)
|
||||
local TCP_NODE_IP=$(get_host_ip "ipv4" $address)
|
||||
local TCP_NODE_IP=$(get_node_host_ip $node)
|
||||
local TCP_NODE_TYPE=$(echo $(config_get $node type) | tr 'A-Z' 'a-z')
|
||||
[ -n "$TCP_NODE_IP" -a -n "$TCP_NODE_PORT" ] && $ipt_n -A PSW -p tcp -d $TCP_NODE_IP -m multiport --dports $TCP_NODE_PORT -j RETURN
|
||||
if [ "$TCP_NODE_TYPE" == "brook" ]; then
|
||||
@ -319,17 +310,15 @@ add_firewall_rule() {
|
||||
# 游戏模式
|
||||
$ipt_m -A PSW_GAME$k -p tcp $(dst $IPSET_CHN) -j RETURN
|
||||
|
||||
# 用于本机流量转发,默认只走router
|
||||
$ipt_m -A PSW -s $lan_ip -p tcp $(dst $IPSET_ROUTER) -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port
|
||||
if [ "$TCP_REDIR_PORTS" != "disable" ]; then
|
||||
$ipt_m -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS $(dst $IPSET_ROUTER) -j MARK --set-mark 1
|
||||
fi
|
||||
# 用于本机流量转发
|
||||
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_m -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
|
||||
$ipt_m -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS $(dst $IPSET_ROUTER) -j MARK --set-mark 1
|
||||
$ipt_m -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS $(dst $IPSET_GFW) -j MARK --set-mark 1
|
||||
else
|
||||
# 全局模式
|
||||
$ipt_n -A PSW_GLO$k -p tcp -j REDIRECT --to-ports $local_port
|
||||
|
||||
# GFWLIST模式
|
||||
$ipt_n -A PSW_GFW$k -p tcp $(dst $IPSET_ROUTER) -j REDIRECT --to-ports $local_port
|
||||
$ipt_n -A PSW_GFW$k -p tcp $(dst $IPSET_GFW) -j REDIRECT --to-ports $local_port
|
||||
|
||||
# 大陆白名单模式
|
||||
@ -385,19 +374,13 @@ add_firewall_rule() {
|
||||
$ipt_n -A PSW_OUTPUT $(dst $IPSET_VPSIPLIST) -j RETURN
|
||||
$ipt_n -A PSW_OUTPUT $(dst $IPSET_WHITELIST) -j RETURN
|
||||
|
||||
if [ "$TCP_REDIR_PORTS" != "disable" ]; then
|
||||
$ipt_n -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS $(dst $IPSET_ROUTER) -j REDIRECT --to-ports $TCP_REDIR_PORT1
|
||||
$ipt_n -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS $(dst $IPSET_BLACKLIST) -j REDIRECT --to-ports $TCP_REDIR_PORT1
|
||||
|
||||
[ "$LOCALHOST_PROXY_MODE" == "global" ] && $ipt_n -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS -j REDIRECT --to-ports $TCP_REDIR_PORT1
|
||||
[ "$LOCALHOST_PROXY_MODE" == "gfwlist" ] && $ipt_n -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS $(dst $IPSET_GFW) -j REDIRECT --to-ports $TCP_REDIR_PORT1
|
||||
[ "$LOCALHOST_PROXY_MODE" == "chnroute" ] && {
|
||||
$ipt_n -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS -m set ! --match-set $IPSET_CHN dst -j REDIRECT --to-ports $TCP_REDIR_PORT1
|
||||
}
|
||||
else
|
||||
$ipt_n -A PSW_OUTPUT -p tcp $(dst $IPSET_ROUTER) -j RETURN
|
||||
$ipt_n -A PSW_OUTPUT -p tcp $(dst $IPSET_BLACKLIST) -j RETURN
|
||||
fi
|
||||
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_n -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
|
||||
|
||||
$ipt_n -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS $(dst $IPSET_BLACKLIST) -j REDIRECT --to-ports $TCP_REDIR_PORT1
|
||||
$ipt_n -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS $(dst $IPSET_ROUTER) -j REDIRECT --to-ports $TCP_REDIR_PORT1
|
||||
[ "$LOCALHOST_PROXY_MODE" == "global" ] && $ipt_n -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS -j REDIRECT --to-ports $TCP_REDIR_PORT1
|
||||
[ "$LOCALHOST_PROXY_MODE" == "gfwlist" ] && $ipt_n -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS $(dst $IPSET_GFW) -j REDIRECT --to-ports $TCP_REDIR_PORT1
|
||||
[ "$LOCALHOST_PROXY_MODE" == "chnroute" ] && $ipt_n -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS -m set ! --match-set $IPSET_CHN dst -j REDIRECT --to-ports $TCP_REDIR_PORT1
|
||||
}
|
||||
# 重定所有流量到透明代理端口
|
||||
# $ipt_n -A PSW -p tcp -m ttl --ttl-eq $ttl -j REDIRECT --to $local_port
|
||||
@ -437,9 +420,8 @@ add_firewall_rule() {
|
||||
eval local_port=\$UDP_REDIR_PORT$k
|
||||
# 生成UDP转发规则
|
||||
if [ "$node" != "nil" ]; then
|
||||
local address=$(config_get $node address)
|
||||
local UDP_NODE_PORT=$(config_get $node port)
|
||||
local UDP_NODE_IP=$(get_host_ip "ipv4" $address)
|
||||
local UDP_NODE_IP=$(get_node_host_ip $node)
|
||||
local UDP_NODE_TYPE=$(echo $(config_get $node type) | tr 'A-Z' 'a-z')
|
||||
[ -n "$UDP_NODE_IP" -a -n "$UDP_NODE_PORT" ] && $ipt_m -A PSW -p udp -d $UDP_NODE_IP -m multiport --dports $UDP_NODE_PORT -j RETURN
|
||||
[ "$UDP_NODE_TYPE" == "brook" ] && $ipt_m -A PSW_ACL -p udp -m socket -j MARK --set-mark 1
|
||||
@ -478,18 +460,13 @@ add_firewall_rule() {
|
||||
$ipt_m -A PSW_OUTPUT -p udp $(dst $IPSET_VPSIPLIST) -j RETURN
|
||||
$ipt_m -A PSW_OUTPUT -p udp $(dst $IPSET_WHITELIST) -j RETURN
|
||||
|
||||
if [ "$UDP_REDIR_PORTS" != "disable" ]; then
|
||||
$ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS $(dst $IPSET_ROUTER) -j MARK --set-mark 1
|
||||
$ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS $(dst $IPSET_BLACKLIST) -j MARK --set-mark 1
|
||||
[ "$LOCALHOST_PROXY_MODE" == "global" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS -j MARK --set-mark 1
|
||||
[ "$LOCALHOST_PROXY_MODE" == "gfwlist" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS $(dst $IPSET_GFW) -j MARK --set-mark 1
|
||||
[ "$LOCALHOST_PROXY_MODE" == "chnroute" ] && {
|
||||
$ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS -m set ! --match-set $IPSET_CHN dst -j MARK --set-mark 1
|
||||
}
|
||||
else
|
||||
$ipt_m -A PSW_OUTPUT -p udp $(dst $IPSET_ROUTER) -j RETURN
|
||||
$ipt_m -A PSW_OUTPUT -p udp $(dst $IPSET_BLACKLIST) -j RETURN
|
||||
fi
|
||||
[ "$UDP_NO_REDIR_PORTS" != "disable" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN
|
||||
|
||||
$ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS $(dst $IPSET_BLACKLIST) -j MARK --set-mark 1
|
||||
$ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS $(dst $IPSET_ROUTER) -j MARK --set-mark 1
|
||||
[ "$LOCALHOST_PROXY_MODE" == "global" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS -j MARK --set-mark 1
|
||||
[ "$LOCALHOST_PROXY_MODE" == "gfwlist" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS $(dst $IPSET_GFW) -j MARK --set-mark 1
|
||||
[ "$LOCALHOST_PROXY_MODE" == "chnroute" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS -m set ! --match-set $IPSET_CHN dst -j MARK --set-mark 1
|
||||
}
|
||||
|
||||
echolog "IPv4 防火墙UDP转发规则加载完成!"
|
||||
@ -524,20 +501,14 @@ add_firewall_rule() {
|
||||
[ "$UDP_NODE1" != "nil" ] && $ipt_m -A PSW_ACL -p udp -m comment --comment "Default" -j $(get_action_chain $PROXY_MODE)
|
||||
else
|
||||
[ "$TCP_NODE1" != "nil" ] && {
|
||||
if [ "$UDP_REDIR_PORTS" != "disable" ]; then
|
||||
$ipt_n -A PSW_ACL -p tcp $(dst $IPSET_BLACKLIST) -m comment --comment "Default" -j REDIRECT --to-ports $TCP_REDIR_PORT1
|
||||
$ipt_n -A PSW_ACL -p tcp -m multiport --dport $TCP_REDIR_PORTS -m comment --comment "Default" -j $(get_action_chain $PROXY_MODE)1
|
||||
else
|
||||
$ipt_n -A PSW_ACL -p tcp -m comment --comment "$remarks" -j RETURN
|
||||
fi
|
||||
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_n -A PSW_ACL -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -m comment --comment "Default" -j RETURN
|
||||
$ipt_n -A PSW_ACL -p tcp $(dst $IPSET_BLACKLIST) -m comment --comment "Default" -j REDIRECT --to-ports $TCP_REDIR_PORT1
|
||||
$ipt_n -A PSW_ACL -p tcp -m multiport --dport $TCP_REDIR_PORTS -m comment --comment "Default" -j $(get_action_chain $PROXY_MODE)1
|
||||
}
|
||||
[ "$UDP_NODE1" != "nil" ] && {
|
||||
if [ "$UDP_REDIR_PORTS" != "disable" ]; then
|
||||
$ipt_m -A PSW_ACL -p udp $(dst $IPSET_BLACKLIST) -m comment --comment "Default" -j TPROXY --on-port $UDP_REDIR_PORT1 --tproxy-mark 0x1/0x1
|
||||
$ipt_m -A PSW_ACL -p udp -m multiport --dport $UDP_REDIR_PORTS -m comment --comment "Default" -j $(get_action_chain $PROXY_MODE)1
|
||||
else
|
||||
$ipt_m -A PSW_ACL -p udp -m comment --comment "$remarks" -j RETURN
|
||||
fi
|
||||
[ "$UDP_NO_REDIR_PORTS" != "disable" ] && $ipt_m -A PSW_ACL -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -m comment --comment "Default" -j RETURN
|
||||
$ipt_m -A PSW_ACL -p udp $(dst $IPSET_BLACKLIST) -m comment --comment "Default" -j TPROXY --on-port $UDP_REDIR_PORT1 --tproxy-mark 0x1/0x1
|
||||
$ipt_m -A PSW_ACL -p udp -m multiport --dport $UDP_REDIR_PORTS -m comment --comment "Default" -j $(get_action_chain $PROXY_MODE)1
|
||||
}
|
||||
fi
|
||||
}
|
||||
@ -606,13 +577,23 @@ del_firewall_rule() {
|
||||
done
|
||||
fi
|
||||
|
||||
ipset -F $IPSET_LANIPLIST >/dev/null 2>&1 && ipset -X $IPSET_LANIPLIST >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_VPSIPLIST >/dev/null 2>&1 && ipset -X $IPSET_VPSIPLIST >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_ROUTER >/dev/null 2>&1 && ipset -X $IPSET_ROUTER >/dev/null 2>&1 &
|
||||
#ipset -F $IPSET_GFW >/dev/null 2>&1 && ipset -X $IPSET_GFW >/dev/null 2>&1 &
|
||||
#ipset -F $IPSET_CHN >/dev/null 2>&1 && ipset -X $IPSET_CHN >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_BLACKLIST >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_WHITELIST >/dev/null 2>&1 && ipset -X $IPSET_WHITELIST >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_VPSIPLIST >/dev/null 2>&1 && ipset -X $IPSET_VPSIPLIST >/dev/null 2>&1 &
|
||||
}
|
||||
|
||||
flush_ipset() {
|
||||
ipset -F $IPSET_LANIPLIST >/dev/null 2>&1 && ipset -X $IPSET_LANIPLIST >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_VPSIPLIST >/dev/null 2>&1 && ipset -X $IPSET_VPSIPLIST >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_ROUTER >/dev/null 2>&1 && ipset -X $IPSET_ROUTER >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_GFW >/dev/null 2>&1 && ipset -X $IPSET_GFW >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_CHN >/dev/null 2>&1 && ipset -X $IPSET_CHN >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_BLACKLIST >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_WHITELIST >/dev/null 2>&1 && ipset -X $IPSET_WHITELIST >/dev/null 2>&1 &
|
||||
}
|
||||
|
||||
start() {
|
||||
@ -625,6 +606,9 @@ stop() {
|
||||
}
|
||||
|
||||
case $1 in
|
||||
flush_ipset)
|
||||
flush_ipset
|
||||
;;
|
||||
stop)
|
||||
stop
|
||||
;;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user