fish/immortalwrt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

luci-app-passwall: sync with upstream source

Browse Source 
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
This commit is contained in:
xiaorouji 2021-03-10 01:13:41 +08:00 committed by Tianling Shen
parent 33090717bd
commit 5000d4d8c8
No known key found for this signature in database
GPG Key ID: 6850B6345C862176
2 changed files with 107 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

116
package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh
View File

@ -316,7 +316,7 @@ load_config() {
echolog "没有选择节点!"
NO_PROXY=1
}
global=$(echo "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${UDP_PROXY_MODE}${LOCALHOST_UDP_PROXY_MODE}" | grep "global")
returnhome=$(echo "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${UDP_PROXY_MODE}${LOCALHOST_UDP_PROXY_MODE}" | grep "returnhome")
chnlist=$(echo "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${UDP_PROXY_MODE}${LOCALHOST_UDP_PROXY_MODE}" | grep "chnroute")
@ -366,7 +366,7 @@ run_socks() {
else
msg="某种原因,此 Socks 服务的相关配置已失联,启动中止!"
fi
if [ "$type" == "xray" ] && ([ -n "$(config_n_get $node balancing_node)" ] || [ "$(config_n_get $node default_node)" != "_direct" -a "$(config_n_get $node default_node)" != "_blackhole" ]); then
unset msg
fi
@ -403,7 +403,7 @@ run_socks() {
local protocol=$(config_n_get $node protocol client)
local brook_tls=$(config_n_get $node brook_tls 0)
[ "$protocol" == "wsclient" ] && {
[ "$brook_tls" == "1" ] && server_host="wss://${server_host}" || server_host="ws://${server_host}"
[ "$brook_tls" == "1" ] && server_host="wss://${server_host}" || server_host="ws://${server_host}"
}
ln_start_bin "$(first_type $(config_t_get global_app brook_file) brook)" "brook_SOCKS_${flag}" $log_file "$protocol" --socks5 "$bind:$socks_port" -s "$server_host:$port" -p "$(config_n_get $node password)"
;;
@ -412,8 +412,8 @@ run_socks() {
ln_start_bin "$(first_type ${type}-local)" "${type}-local" $log_file -c "$config_file" -b "$bind" -u -v
;;
esac
# socks to http
# http to socks
[ "$type" != "xray" ] && [ "$type" != "socks" ] && [ "$http_port" != "0" ] && [ "$http_config_file" != "nil" ] && {
lua $API_GEN_XRAY_PROTO -local_proto http -local_address "0.0.0.0" -local_port $http_port -server_proto socks -server_address "127.0.0.1" -server_port $socks_port -server_username $_username -server_password $_password > $http_config_file
echo lua $API_GEN_XRAY_PROTO -local_proto http -local_address "0.0.0.0" -local_port $http_port -server_proto socks -server_address "127.0.0.1" -server_port $socks_port -server_username $_username -server_password $_password
@ -448,7 +448,7 @@ run_redir() {
[ "$bind" != "127.0.0.1" ] && echolog "${REDIR_TYPE}节点:$remarks,节点:${server_host}:${port},监听端口:$local_port"
}
eval ${REDIR_TYPE}_NODE_PORT=$port
case "$REDIR_TYPE" in
UDP)
case "$type" in
@ -557,7 +557,7 @@ run_redir() {
local protocol=$(config_n_get $node protocol client)
local brook_tls=$(config_n_get $node brook_tls 0)
if [ "$protocol" == "wsclient" ]; then
[ "$brook_tls" == "1" ] && server_ip="wss://${server_ip}" || server_ip="ws://${server_ip}"
[ "$brook_tls" == "1" ] && server_ip="wss://${server_ip}" || server_ip="ws://${server_ip}"
socks_port=$(get_new_port 2081 tcp)
ln_start_bin "$(first_type $(config_t_get global_app brook_file) brook)" "brook_tcp" $log_file wsclient --socks5 "127.0.0.1:$socks_port" -s "$server_ip:$port" -p "$(config_n_get $node password)"
_socks_flag=1
@ -590,7 +590,7 @@ run_redir() {
ln_start_bin "$(first_type ipt2socks)" "ipt2socks_tcp" $log_file -l "$local_port" -b 0.0.0.0 -s "$_socks_address" -p "$_socks_port" -R -v $extra_param
fi
unset _socks_flag _socks_address _socks_port _socks_username _socks_password
[ "$type" != "xray" ] && {
[ "$tcp_node_socks" = "1" ] && {
local port=$tcp_node_socks_port
@ -617,7 +617,7 @@ node_switch() {
local log_file=$TMP_PATH/${1}.log
eval current_port=\$${1}_REDIR_PORT
local port=$(cat $TMP_PORT_PATH/${1})
local ids=$(uci show $CONFIG | grep "=socks" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
for id in $ids; do
[ "$(config_n_get $id enabled 0)" == "0" ] && continue
@ -635,10 +635,10 @@ node_switch() {
}
break
done
run_redir $node "0.0.0.0" $port $config_file $1 $log_file
echo $node > $TMP_ID_PATH/${1}
[ "$1" = "TCP" ] && {
[ "$(config_t_get global udp_node nil)" = "tcp_" ] && {
top -bn1 | grep -E "$TMP_PATH" | grep -i "UDP" | grep -v "grep" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1
@ -646,7 +646,7 @@ node_switch() {
start_redir UDP
}
}
#local node_net=$(echo $1 | tr 'A-Z' 'a-z')
#uci set $CONFIG.@global[0].${node_net}_node=$node
#uci commit $CONFIG
@ -759,13 +759,13 @@ start_crontab() {
echo "$t lua $APP_PATH/subscribe.lua start log > /dev/null 2>&1 &" >>/etc/crontabs/root
echolog "配置定时任务:自动更新节点订阅。"
fi
start_daemon=$(config_t_get global_delay start_daemon 0)
[ "$start_daemon" = "1" ] && $APP_PATH/monitor.sh > /dev/null 2>&1 &
AUTO_SWITCH_ENABLE=$(config_t_get auto_switch enable 0)
[ "$AUTO_SWITCH_ENABLE" = "1" ] && $APP_PATH/test.sh > /dev/null 2>&1 &
/etc/init.d/cron restart
}
@ -779,15 +779,15 @@ start_dns() {
local pdnsd_forward other_port msg
dns_listen_port=${DNS_PORT}
pdnsd_forward=${DNS_FORWARD}
china_ng_listen_port=$(expr $dns_listen_port + 1)
china_ng_listen="127.0.0.1#${china_ng_listen_port}"
china_ng_chn=$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",")
china_ng_gfw="127.0.0.1#${dns_listen_port}"
[ -n "${returnhome}" ] && china_ng_chn="${china_ng_gfw}" && china_ng_gfw="${LOCAL_DNS}"
echolog "过滤服务配置:准备接管域名解析..."
case "$DNS_MODE" in
nonuse)
echolog " - 不过滤DNS..."
@ -816,7 +816,7 @@ start_dns() {
_doh_host=$(echo $_doh_host_port | awk -F ':' '{print $1}')
_doh_port=$(echo $_doh_host_port | awk -F ':' '{print $2}')
_doh_bootstrap=$(echo $up_trust_doh | cut -d ',' -sf 2-)
up_trust_doh_dns=$(config_t_get global up_trust_doh_dns "tcp")
if [ "$up_trust_doh_dns" = "socks" ]; then
socks_server=$(echo $(config_t_get global socks_server 127.0.0.1:9050) | sed "s/#/:/g")
@ -858,7 +858,7 @@ start_dns() {
echolog " - 域名解析使用UDP协议自定义DNS$TUN_DNS)解析..."
;;
esac
[ -n "$chnlist" ] && [ "$DNS_MODE" != "custom" ] && [ "$DNS_MODE" != "fake_ip" ] && {
[ -f "${RULES_PATH}/chnlist" ] && cp -a "${RULES_PATH}/chnlist" "${TMP_PATH}/chnlist"
[ -n "$(first_type chinadns-ng)" ] && {
@ -882,17 +882,21 @@ start_dns() {
china_ng_gfw="$(echo ${custom_dns} | sed 's/:/#/g')"
msg="自定义DNS"
fi
local chnlist_param="${TMP_PATH}/chnlist"
[ -f "${RULES_PATH}/direct_host" ] && {
cat "${RULES_PATH}/direct_host" >> "${chnlist_param}"
echolog " | - [$?](chinadns-ng) 域名白名单合并到中国域名表"
}
sed -n 's/^ipset=\/\.\?\([^/]*\).*$/\1/p' "${RULES_PATH}/gfwlist.conf" | sort -u > "${TMP_PATH}/gfwlist.txt"
[ -f "${RULES_PATH}/proxy_host" ] && {
cat "${RULES_PATH}/proxy_host" >> "${TMP_PATH}/gfwlist.txt" && sort -u "${TMP_PATH}/gfwlist.txt" > "${TMP_PATH}/gfwlist2.txt" && mv -f "${TMP_PATH}/gfwlist2.txt" "${TMP_PATH}/gfwlist.txt"
local gfwlist_param="${TMP_PATH}/gfwlist.txt"
echolog " | - [$?](chinadns-ng) 代理域名表合并到防火墙域名表"
for _host in $(cat ${RULES_PATH}/proxy_host); do
sed -i "/$_host/d" "${TMP_PATH}/chnlist"
done
}
local chnlist_param="${TMP_PATH}/chnlist"
[ -f "${RULES_PATH}/direct_host" ] && {
cat "${RULES_PATH}/direct_host" >> "${chnlist_param}"
echolog " | - [$?](chinadns-ng) 域名白名单合并到中国域名表"
}
chnlist_param=${chnlist_param:+-m "${chnlist_param}" -M}
ln_start_bin "$(first_type chinadns-ng)" chinadns-ng "${TMP_PATH}/chinadns-ng.log" -v -b 0.0.0.0 -l "${china_ng_listen_port}" ${china_ng_chn:+-c "${china_ng_chn}"} ${chnlist_param} ${china_ng_gfw:+-t "${china_ng_gfw}"} ${gfwlist_param:+-g "${gfwlist_param}"} -f
@ -900,7 +904,7 @@ start_dns() {
#[ -n "${global}${chnlist}" ] && [ -z "${returnhome}" ] && TUN_DNS="${china_ng_gfw}"
}
}
[ "${use_udp_node_resolve_dns}" = "1" ] && echolog " * 要求代理 DNS 请求,如上游 DNS 非直连地址,确保 UDP 代理打开,并且已经正确转发!"
[ "${use_tcp_node_resolve_dns}" = "1" ] && echolog " * 请确认上游 DNS 支持 TCP 查询,如非直连地址,确保 TCP 代理打开,并且已经正确转发!"
}
@ -919,7 +923,7 @@ add_dnsmasq() {
else
#屏蔽列表
sort -u "${RULES_PATH}/block_host" | gen_dnsmasq_fake_items "0.0.0.0" "${TMP_DNSMASQ_PATH}/00-block_host.conf"
#始终用国内DNS解析节点域名
fwd_dns="${LOCAL_DNS}"
servers=$(uci show "${CONFIG}" | grep ".address=" | cut -d "'" -f 2)
@ -932,19 +936,15 @@ add_dnsmasq() {
sort -u "${RULES_PATH}/direct_host" | gen_dnsmasq_items "whitelist,whitelist6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/11-direct_host.conf"
echolog " - [$?]域名白名单(whitelist)${fwd_dns:-默认}"
#始终使用远程DNS解析代理黑名单列表
if [ "${DNS_MODE}" = "fake_ip" ]; then
sort -u "${RULES_PATH}/proxy_host" | gen_dnsmasq_fake_items "11.1.1.1" "${TMP_DNSMASQ_PATH}/90-proxy_host.conf"
if [ "$(config_t_get global_subscribe subscribe_proxy 0)" = "0" ]; then
#如果没有开启通过代理订阅
fwd_dns="${LOCAL_DNS}"
for item in $(get_enabled_anonymous_secs "@subscribe_list"); do
host_from_url "$(config_n_get ${item} url)" | gen_dnsmasq_items "whitelist,whitelist6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/12-subscribe.conf"
done
echolog " - [$?]节点订阅域名(whitelist)${fwd_dns:-默认}"
else
fwd_dns="${TUN_DNS}"
[ -n "$CHINADNS_NG" ] && fwd_dns="${china_ng_gfw}"
[ -n "$CHINADNS_NG" ] && unset fwd_dns
sort -u "${RULES_PATH}/proxy_host" | gen_dnsmasq_items "blacklist,blacklist6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/90-proxy_host.conf"
echolog " - [$?]代理域名表(blacklist)${fwd_dns:-默认}"
fi
#如果开启了通过代理订阅
[ "$(config_t_get global_subscribe subscribe_proxy 0)" = "1" ] && {
#如果开启了通过代理订阅
fwd_dns="${TUN_DNS}"
[ -n "$CHINADNS_NG" ] && fwd_dns="${china_ng_gfw}"
for item in $(get_enabled_anonymous_secs "@subscribe_list"); do
@ -955,8 +955,19 @@ add_dnsmasq() {
fi
done
[ "${DNS_MODE}" != "fake_ip" ] && echolog " - [$?]节点订阅域名(blacklist)${fwd_dns:-默认}"
}
fi
#始终使用远程DNS解析代理黑名单列表
if [ "${DNS_MODE}" = "fake_ip" ]; then
sort -u "${RULES_PATH}/proxy_host" | gen_dnsmasq_fake_items "11.1.1.1" "${TMP_DNSMASQ_PATH}/97-proxy_host.conf"
else
fwd_dns="${TUN_DNS}"
[ -n "$CHINADNS_NG" ] && fwd_dns="${china_ng_gfw}"
[ -n "$CHINADNS_NG" ] && unset fwd_dns
sort -u "${RULES_PATH}/proxy_host" | gen_dnsmasq_items "blacklist,blacklist6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/97-proxy_host.conf"
echolog " - [$?]代理域名表(blacklist)${fwd_dns:-默认}"
fi
#分流规则
[ "$(config_n_get $TCP_NODE protocol)" = "_shunt" ] && {
fwd_dns="${TUN_DNS}"
@ -990,21 +1001,28 @@ add_dnsmasq() {
sort -u "${TMP_PATH}/gfwlist.txt" | gen_dnsmasq_items "gfwlist,gfwlist6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/99-gfwlist.conf"
echolog " - [$?]防火墙域名表(gfwlist)${fwd_dns:-默认}"
fi
# Not China List 模式
[ -n "${chnlist}" ] && {
fwd_dns="${LOCAL_DNS}"
[ -n "$CHINADNS_NG" ] && unset fwd_dns
sort -u "${TMP_PATH}/chnlist" | gen_dnsmasq_items "chnroute,chnroute6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/19-chinalist_host.conf"
echolog " - [$?]中国域名表(chnroute)${fwd_dns:-默认}"
}
else
#回国模式
if [ "${DNS_MODE}" = "fake_ip" ]; then
sort -u "${RULES_PATH}/chnlist" | gen_dnsmasq_fake_items "11.1.1.1" "${TMP_DNSMASQ_PATH}/10-chinalist_host.conf"
sort -u "${RULES_PATH}/chnlist" | gen_dnsmasq_fake_items "11.1.1.1" "${TMP_DNSMASQ_PATH}/99-chinalist_host.conf"
else
fwd_dns="${TUN_DNS}"
sort -u "${RULES_PATH}/chnlist" | gen_dnsmasq_items "chnroute,chnroute6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/10-chinalist_host.conf"
sort -u "${RULES_PATH}/chnlist" | gen_dnsmasq_items "chnroute,chnroute6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/99-chinalist_host.conf"
echolog " - [$?]中国域名表(chnroute)${fwd_dns:-默认}"
fi
fi
fi
if [ "${DNS_MODE}" != "nouse" ]; then
echo "conf-dir=${TMP_DNSMASQ_PATH}" > "/var/dnsmasq.d/dnsmasq-${CONFIG}.conf"
if [ -z "${CHINADNS_NG}" ] && [ "${IS_DEFAULT_DNS}" = "1" ]; then
echolog " - 不强制设置默认DNS"
return
@ -1015,12 +1033,12 @@ add_dnsmasq() {
[ -n "${chnlist}" ] && msg="中国列表以外"
[ -n "${returnhome}" ] && msg="中国列表"
[ -n "${global}" ] && msg="全局"
#默认交给Chinadns-ng处理
[ -n "$CHINADNS_NG" ] && {
servers="${china_ng_listen}" && msg="chinadns-ng"
}
cat <<-EOF >> "/var/dnsmasq.d/dnsmasq-${CONFIG}.conf"
$(echo "${servers}" | sed 's/,/\n/g' | gen_dnsmasq_items)
all-servers
@ -1067,7 +1085,7 @@ gen_pdnsd_config() {
proc_limit = 2;
procq_limit = 8;
}
EOF
echolog " + [$?]Pdnsd (127.0.0.1:${listen_port})..."
@ -1223,7 +1241,7 @@ start_haproxy() {
local auth=""
[ -n "$console_user" ] && [ -n "$console_password" ] && auth="stats auth $console_user:$console_password"
cat <<-EOF >> "${haproxy_file}"
listen console
bind 0.0.0.0:$console_port
mode http

119
package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh
View File

@ -24,7 +24,6 @@ FORCE_INDEX=2
ipt_n="iptables -t nat"
ipt_m="iptables -t mangle"
ip6t_n="ip6tables -t nat"
ip6t_m="ip6tables -t mangle"
FWI=$(uci -q get firewall.passwall.path 2>/dev/null)
@ -48,8 +47,10 @@ comment() {
}
destroy_ipset() {
#ipset -q -F $1
ipset -q -X $1
for i in "$@"; do
#ipset -q -F $i
ipset -q -X $i
done
}
RULE_LAST_INDEX() {
@ -549,12 +550,21 @@ add_firewall_rule() {
# 过滤所有节点IP
filter_vpsip > /dev/null 2>&1 &
filter_haproxy > /dev/null 2>&1 &
# 据说能提升性能?
$ipt_m -N PSW_DIVERT
$ipt_m -A PSW_DIVERT -j MARK --set-mark 1
$ipt_m -A PSW_DIVERT -j ACCEPT
$ipt_m -A PREROUTING -p tcp -m socket -j PSW_DIVERT
$ipt_n -N PSW
$ipt_n -A PSW $(dst $IPSET_LANIPLIST) -j RETURN
$ipt_n -A PSW $(dst $IPSET_VPSIPLIST) -j RETURN
$ipt_n -A PSW $(dst $IPSET_WHITELIST) -j RETURN
$ipt_n -A PSW -m mark --mark 0xff -j RETURN
local PR_INDEX=$(RULE_LAST_INDEX "$ipt_n" PREROUTING prerouting_rule)
PR_INDEX=$((PR_INDEX + 1))
$ipt_n -I PREROUTING $PR_INDEX -p tcp -j PSW
$ipt_n -N PSW_OUTPUT
$ipt_n -A PSW_OUTPUT $(dst $IPSET_LANIPLIST) -j RETURN
@ -568,6 +578,7 @@ add_firewall_rule() {
$ipt_m -A PSW $(dst $IPSET_WHITELIST) -j RETURN
$ipt_m -A PSW -m mark --mark 0xff -j RETURN
$ipt_m -A PSW $(dst $IPSET_BLOCKLIST) -j DROP
$ipt_m -A PREROUTING -j PSW
$ipt_m -N PSW_OUTPUT
$ipt_m -A PSW_OUTPUT $(dst $IPSET_LANIPLIST) -j RETURN
@ -582,18 +593,20 @@ add_firewall_rule() {
local NODE_TYPE=$(echo $(config_n_get $TCP_NODE type) | tr 'A-Z' 'a-z')
local ipv6_tproxy=$(config_t_get global_other ipv6_tproxy 0)
if [ $NODE_TYPE == "xray" ] && [ $ipv6_tproxy == "1" ]; then
PROXY_IPV6=1
echolog "节点类型:$NODE_TYPE开启实验性IPv6透明代理(TProxy)..."
else
[ $enble_ipv6=="1" ] && echolog "节点类型:$NODE_TYPE暂不支持IPv6透明代理(TProxy)..."
if [ $ipv6_tproxy == "1" ]; then
if [ $NODE_TYPE == "xray" ]; then
PROXY_IPV6=1
echolog "节点类型:$NODE_TYPE开启实验性IPv6透明代理(TProxy)..."
else
echolog "节点类型:$NODE_TYPE暂不支持IPv6透明代理(TProxy)..."
fi
fi
#$ip6t_n -N PSW
#$ip6t_n -A PREROUTING -j PSW
#$ip6t_n -N PSW_OUTPUT
#$ip6t_n -A OUTPUT -p tcp -j PSW_OUTPUT
# 据说能提升性能?
$ip6t_m -N PSW_DIVERT
$ip6t_m -A PSW_DIVERT -j MARK --set-mark 1
$ip6t_m -A PSW_DIVERT -j ACCEPT
$ip6t_m -A PREROUTING -p tcp -m socket -j PSW_DIVERT
$ip6t_m -N PSW
$ip6t_m -A PSW $(dst $IPSET_LANIPLIST6) -j RETURN
@ -664,24 +677,6 @@ add_firewall_rule() {
fi
fi
local PR_INDEX=$(RULE_LAST_INDEX "$ipt_n" PREROUTING ADBYBY)
if [ "$PR_INDEX" == "0" ]; then
PR_INDEX=$(RULE_LAST_INDEX "$ipt_n" PREROUTING prerouting_rule)
else
echolog "发现 adbyby 规则链adbyby 规则优先..."
fi
PR_INDEX=$((PR_INDEX + 1))
$ipt_n -I PREROUTING $PR_INDEX -p tcp -j PSW
echolog "使用链表 PREROUTING 排列索引${PR_INDEX}[$?]"
# if [ "$PROXY_IPV6" == "1" ]; then
# local msg="IPv6 配置不当,无法代理"
# $ip6t_n -A PSW -p tcp $(REDIRECT $TCP_REDIR_PORT)
# $ip6t_n -A PSW_OUTPUT -p tcp $(REDIRECT $TCP_REDIR_PORT)
# msg="${msg},转发 IPv6 TCP 流量到节点[$?]"
# echolog "$msg"
# fi
# 过滤Socks节点
[ "$SOCKS_ENABLED" = "1" ] && {
local ids=$(uci show $CONFIG | grep "=socks" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
@ -759,8 +754,6 @@ add_firewall_rule() {
fi
fi
$ipt_m -A PREROUTING -j PSW
# 加载ACLS
load_acl
@ -770,35 +763,18 @@ add_firewall_rule() {
}
del_firewall_rule() {
ib_nat_exist=$($ipt_n -nL PREROUTING | grep -c PSW)
if [ ! -z "$ib_nat_exist" ];then
until [ "$ib_nat_exist" = 0 ]
do
$ipt_n -D PREROUTING -p tcp -j PSW 2>/dev/null
$ipt_n -D OUTPUT -p tcp -j PSW_OUTPUT 2>/dev/null
$ipt_m -D PREROUTING -j PSW 2>/dev/null
$ipt_m -D OUTPUT -p tcp -j PSW_OUTPUT 2>/dev/null
$ipt_m -D OUTPUT -p udp -j PSW_OUTPUT 2>/dev/null
#$ip6t_n -D PREROUTING -j PSW 2>/dev/null
#$ip6t_n -D OUTPUT -p tcp -j PSW_OUTPUT 2>/dev/null
$ip6t_m -D PREROUTING -j PSW 2>/dev/null
$ip6t_m -D OUTPUT -j PSW_OUTPUT 2>/dev/null
ib_nat_exist=$(expr $ib_nat_exist - 1)
for ipt in "$ipt_n" "$ipt_m" "$ip6t_m"; do
for chain in "PREROUTING" "OUTPUT"; do
for i in $(seq 1 $($ipt -nL $chain | grep -c PSW)); do
local index=$($ipt --line-number -nL $chain | grep PSW | head -1 | awk '{print $1}')
$ipt -D $chain $index 2>/dev/null
done
done
for chain in "PSW" "PSW_OUTPUT" "PSW_DIVERT"; do
$ipt -F $chain 2>/dev/null
$ipt -X $chain 2>/dev/null
done
done
fi
$ipt_n -F PSW 2>/dev/null && $ipt_n -X PSW 2>/dev/null
$ipt_n -F PSW_OUTPUT 2>/dev/null && $ipt_n -X PSW_OUTPUT 2>/dev/null
$ipt_m -F PSW 2>/dev/null && $ipt_m -X PSW 2>/dev/null
$ipt_m -F PSW_OUTPUT 2>/dev/null && $ipt_m -X PSW_OUTPUT 2>/dev/null
#$ip6t_n -F PSW 2>/dev/null && $ip6t_n -X PSW 2>/dev/null
#$ip6t_n -F PSW_OUTPUT 2>/dev/null && $ip6t_n -X PSW_OUTPUT 2>/dev/null
$ip6t_m -F PSW 2>/dev/null && $ip6t_m -X PSW 2>/dev/null
$ip6t_m -F PSW_OUTPUT 2>/dev/null && $ip6t_m -X PSW_OUTPUT 2>/dev/null
ip rule del fwmark 1 lookup 100 2>/dev/null
ip route del local 0.0.0.0/0 dev lo table 100 2>/dev/null
@ -828,23 +804,8 @@ del_firewall_rule() {
}
flush_ipset() {
destroy_ipset $IPSET_LANIPLIST
destroy_ipset $IPSET_VPSIPLIST
destroy_ipset $IPSET_SHUNTLIST
destroy_ipset $IPSET_GFW
destroy_ipset $IPSET_CHN
destroy_ipset $IPSET_BLACKLIST
destroy_ipset $IPSET_BLOCKLIST
destroy_ipset $IPSET_WHITELIST
destroy_ipset $IPSET_LANIPLIST6
destroy_ipset $IPSET_VPSIPLIST6
destroy_ipset $IPSET_SHUNTLIST6
destroy_ipset $IPSET_GFW6
destroy_ipset $IPSET_CHN6
destroy_ipset $IPSET_BLACKLIST6
destroy_ipset $IPSET_BLOCKLIST6
destroy_ipset $IPSET_WHITELIST6
destroy_ipset $IPSET_LANIPLIST $IPSET_VPSIPLIST $IPSET_SHUNTLIST $IPSET_GFW $IPSET_CHN $IPSET_BLACKLIST $IPSET_BLOCKLIST $IPSET_WHITELIST
destroy_ipset $IPSET_LANIPLIST6 $IPSET_VPSIPLIST6 $IPSET_SHUNTLIST6 $IPSET_GFW6 $IPSET_CHN6 $IPSET_BLACKLIST6 $IPSET_BLOCKLIST6 $IPSET_WHITELIST6
/etc/init.d/passwall reload
}