fish/immortalwrt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package lienol: merge upstream source

Browse Source
This commit is contained in:
CN_SZTL 2020-01-15 01:50:56 +08:00
parent bc67c82b90
commit 5decbd1224
No known key found for this signature in database
GPG Key ID: 6850B6345C862176
44 changed files with 1205 additions and 910 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
package/lienol/luci-app-mia/luasrc/controller/mia.lua
View File

@ -3,10 +3,10 @@ module("luci.controller.mia", package.seeall)
function index()
if not nixio.fs.access("/etc/config/mia") then return end
entry({"admin", "network"}, firstchild(), "Control", 44).dependent = false
entry({"admin", "network", "mia"}, cbi("mia"), _("时间控制"), 10).dependent =
entry({"admin", "control"}, firstchild(), "Control", 44).dependent = false
entry({"admin", "control", "mia"}, cbi("mia"), _("时间控制"), 10).dependent =
true
entry({"admin", "network", "mia", "status"}, call("status")).leaf = true
entry({"admin", "control", "mia", "status"}, call("status")).leaf = true
end
function status()

24
package/lienol/luci-app-passwall/Makefile
View File

@ -6,11 +6,10 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-passwall
PKG_VERSION:=3.1
PKG_RELEASE:=3-20200103
PKG_VERSION:=3.3
PKG_RELEASE:=25-20200114
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
PO2LMO:=./po2lmo
include $(INCLUDE_DIR)/package.mk
@ -19,7 +18,7 @@ menu "Configuration"
config PACKAGE_$(PKG_NAME)_INCLUDE_ipt2socks
bool "Include ipt2socks"
default n
default y
config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks
bool "Include Shadowsocks Redir (ss-redir)"
@ -55,19 +54,19 @@ config PACKAGE_$(PKG_NAME)_INCLUDE_kcptun
config PACKAGE_$(PKG_NAME)_INCLUDE_haproxy
bool "Include haproxy"
default n
default y
config PACKAGE_$(PKG_NAME)_INCLUDE_ChinaDNS_NG
bool "Include ChinaDNS-NG"
default y
config PACKAGE_$(PKG_NAME)_INCLUDE_dns2socks
bool "Include dns2socks"
default y
config PACKAGE_$(PKG_NAME)_INCLUDE_pdnsd
bool "Include pdnsd"
default y
config PACKAGE_$(PKG_NAME)_INCLUDE_dns2socks
bool "Include dns2socks"
default n
endmenu
endef
@ -77,8 +76,8 @@ define Package/$(PKG_NAME)
SUBMENU:=3. Applications
TITLE:=LuCI support for PassWall By Lienol
PKGARCH:=all
DEPENDS:=+curl +wget +libcurl +libmbedtls +ca-bundle +ca-certificates +resolveip +iptables-mod-tproxy +kmod-ipt-tproxy +iptables-mod-ipopt +kmod-ipt-ipopt +ip +ipset +coreutils +coreutils-base64 +coreutils-nohup +luci-lib-jsonc +unzip \
+dnsmasq-full +tcping +bash \
DEPENDS:=+libmbedtls +iptables-mod-tproxy +kmod-ipt-tproxy +iptables-mod-ipopt +kmod-ipt-ipopt +ip +ipset +coreutils +coreutils-base64 +coreutils-nohup +luci-lib-jsonc \
+bash +wget +resolveip +unzip +dnsmasq-full +tcping \
+PACKAGE_$(PKG_NAME)_INCLUDE_ipt2socks:ipt2socks \
+PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks:shadowsocks-libev-ss-redir \
+PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR:shadowsocksr-libev-alt \
@ -124,8 +123,7 @@ define Package/$(PKG_NAME)/install
cp -pR ./luasrc/* $(1)/usr/lib/lua/luci/
$(INSTALL_DIR) $(1)/usr/lib/lua/luci/i18n
chmod 755 $(PO2LMO)
$(PO2LMO) ./po/zh-cn/passwall.po $(1)/usr/lib/lua/luci/i18n/passwall.zh-cn.lmo
po2lmo ./po/zh-cn/passwall.po $(1)/usr/lib/lua/luci/i18n/passwall.zh-cn.lmo
endef
define Package/$(PKG_NAME)/postinst

18
package/lienol/luci-app-passwall/luasrc/controller/passwall.lua
View File

@ -19,13 +19,13 @@ function index()
end
entry({"admin", "vpn", "passwall", "settings"}, cbi("passwall/global"),
_("Basic Settings"), 1).dependent = true
entry({"admin", "vpn", "passwall", "node_list"},
cbi("passwall/node_list", {autoapply = true}), _("Node List"), 2).dependent =
true
entry({"admin", "vpn", "passwall", "node_list"}, cbi("passwall/node_list"),
_("Node List"), 2).dependent = true
-- entry({"admin", "vpn", "passwall", "auto_switch"},
-- cbi("passwall/auto_switch"), _("Auto Switch"), 3).leaf = true
entry({"admin", "vpn", "passwall", "other"}, cbi("passwall/other"),
_("Other Settings"), 94).leaf = true
entry({"admin", "vpn", "passwall", "other"},
cbi("passwall/other", {autoapply = true}), _("Other Settings"), 94).leaf =
true
if nixio.fs.access("/usr/sbin/haproxy") then
entry({"admin", "vpn", "passwall", "balancing"},
cbi("passwall/balancing"), _("Load Balancing"), 95).leaf = true
@ -34,10 +34,12 @@ function index()
_("Rule Update"), 96).leaf = true
entry({"admin", "vpn", "passwall", "acl"}, cbi("passwall/acl"),
_("Access control"), 97).leaf = true
entry({"admin", "vpn", "passwall", "rule_list"}, cbi("passwall/rule_list"),
entry({"admin", "vpn", "passwall", "rule_list"},
cbi("passwall/rule_list", {autoapply = true}),
_("Set Blacklist And Whitelist"), 98).leaf = true
entry({"admin", "vpn", "passwall", "log"}, cbi("passwall/log"),
_("Watch Logs"), 99).leaf = true
entry({"admin", "vpn", "passwall", "log"},
cbi("passwall/log", {autoapply = true}), _("Watch Logs"), 99).leaf =
true
entry({"admin", "vpn", "passwall", "node_config"},
cbi("passwall/node_config")).leaf = true

22
package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/auto_switch.lua
View File

@ -1,10 +1,12 @@
local uci = require"luci.model.uci".cursor()
local api = require "luci.model.cbi.passwall.api.api"
local appname = "passwall"
local n = {}
uci:foreach(appname, "nodes", function(e)
if e.type and e.address and e.remarks then
n[e[".name"]] = "%s[%s] %s" % {e.type, e.remarks, e.address}
if e.type and e.remarks and e.address and e.port then
n[e[".name"]] = "%s[%s] %s:%s" %
{e.type, e.remarks, e.address, e.port}
end
end)
@ -26,12 +28,16 @@ o.rmempty = false
---- Testing Time
o = s:option(Value, "testing_time", translate("How often is a diagnosis made"),
translate("Units:minutes"))
o.default = "10"
o.default = "3"
---- Tcp Redir Server
o = s:option(DynamicList, "tcp_redir_server",
translate("List of alternate TCP forwarding nodes"), translate(
"When there is no server, an automatic reconnect scheme is used"))
for _, key in pairs(key_table) do o:value(key, n[key]) end
---- TCP Node
local tcp_node_num = api.uci_get_type("global_other", "tcp_node_num", 1)
for i = 1, tcp_node_num, 1 do
o = s:option(DynamicList, "tcp_node" .. i,
"TCP " .. i .. " " .. translate("List of backup nodes"),
translate(
"List of backup nodes, the first of which must be the primary node and the others the standby node."))
for _, key in pairs(key_table) do o:value(key, n[key]) end
end
return m

29
package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/balancing.lua
View File

@ -4,22 +4,27 @@ local net = require"luci.model.network".init()
local uci = require"luci.model.uci".cursor()
local ifaces = e.net:devices()
local appname = "passwall"
local nodes_name = {}
local nodes_port = {}
local n = {}
uci:foreach(appname, "nodes", function(e)
if e.address and e.port and e.address ~= "127.0.0.1" then
nodes_name[e[".name"]] = "%s" % {e.address}
nodes_port[e[".name"]] = "%s" % {e.port}
if e.remarks and e.address and e.port and e.address ~= "127.0.0.1" then
e.remark = "[%s] %s:%s" % {e.remarks, e.address, e.port}
n[e[".name"]] = e
end
end)
m = Map("passwall")
local key_table = {}
for key, _ in pairs(n) do table.insert(key_table, key) end
table.sort(key_table)
m = Map(appname)
-- [[ Haproxy Settings ]]--
s = m:section(TypedSection, "global_haproxy", translate("Load Balancing"))
s.anonymous = true
s:append(Template("passwall/haproxy/status"))
---- Balancing Enable
o = s:option(Flag, "balancing_enable", translate("Enable Load Balancing"))
o.rmempty = false
@ -43,15 +48,15 @@ o.default = "1188"
o:depends("balancing_enable", 1)
---- Haproxy Port
o = s:option(Value, "haproxy_port", translate("Haproxy Port"), translate(
"Configure this node with 127.0.0.1: this port"))
o = s:option(Value, "haproxy_port", translate("Haproxy Port"),
translate("Configure this node with 127.0.0.1: this port"))
o.default = "1181"
o:depends("balancing_enable", 1)
-- [[ Balancing Settings ]]--
s = m:section(TypedSection, "balancing", translate("Load Balancing Setting"),
translate(
"Add a node, Export Of Multi WAN Only support Multi Wan. If no effect, please go to mwan3 to set. Load specific gravity range 1-256. Multiple primary servers can be load balanced, standby will only be enabled when the primary server is offline!"))
"Add a node, Export Of Multi WAN Only support Multi Wan. Load specific gravity range 1-256. Multiple primary servers can be load balanced, standby will only be enabled when the primary server is offline!"))
s.template = "cbi/tblsection"
s.sortable = true
s.anonymous = true
@ -59,12 +64,14 @@ s.addremove = true
---- Node Address
o = s:option(Value, "lbss", translate("Node Address"))
for m, s in pairs(nodes_name) do o:value(s) end
for _, key in pairs(key_table) do
o:value(n[key].address .. ":" .. n[key].port, n[key].remark)
end
o.rmempty = false
---- Node Port
o = s:option(Value, "lbort", translate("Node Port"))
for m, s in pairs(nodes_port) do o:value(s) end
o:value("default", translate("Default"))
o.rmempty = false
---- Node Weight

97
package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/global.lua
View File

@ -40,11 +40,15 @@ else
end
-- [[ Global Settings ]]--
s = m:section(TypedSection, "global", translate("Global Settings"),
translate("If you can use it, very stable. If not, GG !!!"))
s = m:section(TypedSection, "global", translate("Global Settings"))
-- s.description = translate("If you can use it, very stable. If not, GG !!!")
s.anonymous = true
s.addremove = false
---- Main switch
o = s:option(Flag, "enabled", translate("Main switch"))
o.rmempty = false
---- TCP Node
local tcp_node_num = api.uci_get_type("global_other", "tcp_node_num", 1)
for i = 1, tcp_node_num, 1 do
@ -81,7 +85,7 @@ local socks5_node_num = api.uci_get_type("global_other", "socks5_node_num", 1)
for i = 1, socks5_node_num, 1 do
if i == 1 then
o = s:option(ListValue, "socks5_node" .. i, translate("Socks5 Node"),
translate("The client can use the router's Socks5 proxy"))
translate("The client can use the router's Socks5 proxy."))
else
o = s:option(ListValue, "socks5_node" .. i,
translate("Socks5 Node") .. " " .. i)
@ -91,8 +95,8 @@ for i = 1, socks5_node_num, 1 do
end
---- DNS Forward Mode
o = s:option(ListValue, "dns_mode", translate("DNS Forward Mode"), translate(
"if you use no patterns are used, DNS of wan will be used by default as upstream of dnsmasq"))
o = s:option(ListValue, "dns_mode", translate("DNS Mode"), translate(
"if has problem, please try another mode.<br />if you use no patterns are used, DNS of wan will be used by default as upstream of dnsmasq."))
o.rmempty = false
o:reset_values()
if is_finded("chinadns-ng") then o:value("chinadns-ng", "ChinaDNS-NG") end
@ -105,15 +109,35 @@ end
o:value("local_7913", translate("Use local port 7913 as DNS"))
o:value("nonuse", translate("No patterns are used"))
---- DNS Forward
o = s:option(Value, "dns_forward", translate("DNS Forward Address"))
o.default = "8.8.4.4"
o:value("8.8.4.4", "8.8.4.4 (Google DNS)")
o:value("8.8.8.8", "8.8.8.8 (Google DNS)")
o:value("208.67.222.222", "208.67.222.222 (OpenDNS DNS)")
o:value("208.67.220.220", "208.67.220.220 (OpenDNS DNS)")
o:depends("dns_mode", "dns2socks")
o:depends("dns_mode", "pdnsd")
---- China DNS Server
o = s:option(Value, "up_china_dns", translate("China DNS Server") .. "(UDP)",
translate(
"Example: 127.0.0.1#6053 ,Represents DNS on using 127.0.0.1 the 6053 port. such as smartdns,AdGuard Home...<br />Only use two at most, english comma separation, If you do not fill in the # and the following port, you are using port 53.<br />If you use custom, unless you know what you're doing, setting it up incorrectly can cause your stuck to crash!"))
o.default = "223.5.5.5"
o:value("dnsbyisp", translate("dnsbyisp"))
o:value("223.5.5.5", "223.5.5.5 (" .. translate("Ali") .. "DNS)")
o:value("223.6.6.6", "223.6.6.6 (" .. translate("Ali") .. "DNS)")
o:value("114.114.114.114", "114.114.114.114 (114DNS)")
o:value("114.114.115.115", "114.114.115.115 (114DNS)")
o:value("119.29.29.29", "119.29.29.29 (DNSPOD DNS)")
o:value("182.254.116.116", "182.254.116.116 (DNSPOD DNS)")
o:value("1.2.4.8", "1.2.4.8 (CNNIC DNS)")
o:value("210.2.4.8", "210.2.4.8 (CNNIC DNS)")
o:value("180.76.76.76", "180.76.76.76 (" .. translate("Baidu") .. "DNS)")
---- Upstream trust DNS Server for ChinaDNS-NG
o = s:option(Value, "up_trust_chinadns_ng_dns",
translate("Upstream trust DNS Server for ChinaDNS-NG") .. "(UDP)",
translate(
"Example: 127.0.0.1#5353 ,such as dns2socks,dns-forwarder...<br />Only use two at most, english comma separation, If you do not fill in the # and the following port, you are using port 53."))
o.default = "8.8.4.4,8.8.8.8"
o:value("8.8.4.4,8.8.8.8", "8.8.4.4, 8.8.8.8 (Google DNS)")
o:value("208.67.222.222,208.67.220.220",
"208.67.222.222, 208.67.220.220 (Open DNS)")
if is_finded("dns2socks") then
o:value("dns2socks", "dns2socks " .. translate("Need Socks5 server"))
end
o:depends("dns_mode", "chinadns-ng")
---- Use TCP Node Resolve DNS
o = s:option(Flag, "use_tcp_node_resolve_dns",
@ -122,28 +146,27 @@ o = s:option(Flag, "use_tcp_node_resolve_dns",
o.default = 1
o:depends("dns_mode", "pdnsd")
---- upstreamm DNS Server for ChinaDNS-NG
o = s:option(ListValue, "up_chinadns_ng_mode",
translate("upstreamm DNS Server for ChinaDNS-NG"), translate(
"Domestic DNS server in advanced Settings is used as domestic DNS by default"))
o.default = "208.67.222.222"
o:value("208.67.222.222", "208.67.222.222 (OpenDNS DNS)")
o:value("208.67.220.220", "208.67.220.220 (OpenDNS DNS)")
if is_finded("dns2socks") then
o:value("dns2socks", "dns2socks " .. translate("Need Socks5 server"))
end
o:value("custom", translate("custom"))
o:depends("dns_mode", "chinadns-ng")
---- DNS Forward
o = s:option(Value, "dns_forward", translate("DNS Address"))
o.default = "8.8.4.4"
o:value("8.8.4.4", "8.8.4.4 (Google DNS)")
o:value("8.8.8.8", "8.8.8.8 (Google DNS)")
o:value("208.67.222.222", "208.67.222.222 (Open DNS)")
o:value("208.67.220.220", "208.67.220.220 (Open DNS)")
o:depends("dns_mode", "dns2socks")
o:depends("dns_mode", "pdnsd")
o:depends("up_trust_chinadns_ng_dns", "dns2socks")
o = s:option(Value, "up_chinadns_ng_custom", translate("DNS Server"), translate(
"example: 127.0.0.1#5335<br>Need at least one,Other DNS services can be used as upstream, such as dns2socks."))
o.default = "208.67.222.222#443"
o:depends("up_chinadns_ng_mode", "custom")
---- DNS Hijack
o = s:option(Flag, "dns_53", translate("DNS Hijack"))
o.default = 1
o.rmempty = false
---- Default Proxy Mode
o = s:option(ListValue, "proxy_mode",
translate("Default") .. translate("Proxy Mode"))
o.default = "gfwlist"
translate("Default") .. translate("Proxy Mode"), translate(
"If using GFW mode is not available, try clearing the native cache."))
o.default = "chnroute"
o.rmempty = false
o:value("disable", translate("No Proxy"))
o:value("global", translate("Global Proxy"))
@ -155,14 +178,18 @@ o:value("returnhome", translate("Return Home"))
---- Localhost Proxy Mode
o = s:option(ListValue, "localhost_proxy_mode",
translate("Localhost") .. translate("Proxy Mode"), translate(
"The server client can also use this rule to scientifically surf the Internet"))
"The server client can also use this rule to scientifically surf the Internet.<br /> Global and continental whitelist are not recommended for non-special cases!"))
o:value("default", translate("Default"))
-- o:value("global", translate("Global Proxy")..""..translate("Danger").."")
o:value("global",
translate("Global Proxy") .. "" .. translate("Danger") .. "")
o:value("gfwlist", translate("GFW List"))
-- o:value("chnroute", translate("China WhiteList"))
o:value("chnroute", translate("China WhiteList"))
o.default = "default"
o.rmempty = false
---- Tips
s:append(Template("passwall/global/tips"))
--[[
local apply = luci.http.formvalue("cbi.apply")
if apply then

12
package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/node_config.lua
View File

@ -3,8 +3,12 @@ local ipkg = require("luci.model.ipkg")
local appname = "passwall"
local function get_customed_path(e)
return luci.model.cbi.passwall.api.api.uci_get_type("global_app", e .. "_file")
end
local function is_finded(e)
return luci.sys.exec("find /usr/*bin -iname " .. e .. " -type f") ~= "" and
return luci.sys.exec("find /usr/*bin %s -iname %s -type f" % {get_customed_path(e), e}) ~= "" and
true or false
end
@ -62,7 +66,9 @@ if ((is_installed("redsocks2") or is_finded("redsocks2")) or
end
if is_finded("ss-redir") then type:value("SS", translate("Shadowsocks")) end
if is_finded("ssr-redir") then type:value("SSR", translate("ShadowsocksR")) end
if is_installed("v2ray") then type:value("V2ray", translate("V2ray")) end
if is_installed("v2ray") or is_finded("v2ray") then
type:value("V2ray", translate("V2ray"))
end
if is_installed("brook") or is_finded("brook") then
type:value("Brook", translate("Brook"))
end
@ -239,7 +245,7 @@ v2ray_tcp_guise_http_path:depends("v2ray_tcp_guise", "http")
v2ray_mkcp_guise = s:option(ListValue, "v2ray_mkcp_guise",
translate("Camouflage Type"), translate(
'<br>none: default, no masquerade, data sent is packets with no characteristics.<br>srtp: disguised as an SRTP packet, it will be recognized as video call data (such as FaceTime).<br>utp: packets disguised as uTP will be recognized as bittorrent downloaded data.<br>wechat-video: packets disguised as WeChat video calls.<br>dtls: disguised as DTLS 1.2 packet.<br>wireguard: disguised as a WireGuard packet. (not really WireGuard protocol)'))
'<br />none: default, no masquerade, data sent is packets with no characteristics.<br />srtp: disguised as an SRTP packet, it will be recognized as video call data (such as FaceTime).<br />utp: packets disguised as uTP will be recognized as bittorrent downloaded data.<br />wechat-video: packets disguised as WeChat video calls.<br />dtls: disguised as DTLS 1.2 packet.<br />wireguard: disguised as a WireGuard packet. (not really WireGuard protocol)'))
for a, t in ipairs(v2ray_header_type_list) do v2ray_mkcp_guise:value(t) end
v2ray_mkcp_guise:depends("v2ray_transport", "mkcp")

26
package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/node_list.lua
View File

@ -11,16 +11,16 @@ m = Map(appname)
s = m:section(TypedSection, "global_other")
s.anonymous = true
---- Use TCPing
o = s:option(Flag, "use_tcping", translate("Use TCPing"),
translate("This will use tcping replace ping detection of node"))
o.default = 1
---- Auto Ping
o = s:option(Flag, "auto_ping", translate("Auto Ping"),
translate("This will automatically ping the node for latency"))
o.default = 1
---- Use TCP Detection delay
o = s:option(Flag, "use_tcping", translate("Use TCP Detection delay"),
translate("This will use tcping replace ping detection of node"))
o.default = 1
---- Concise display nodes
o = s:option(Flag, "compact_display_nodes", translate("Concise display nodes"))
o.default = 0
@ -37,8 +37,8 @@ o.default = 1
s:append(Template("passwall/node_list/link_add_node"))
-- [[ Node List ]]--
s = m:section(TypedSection, "nodes", translate(""), translate(
"Support for more than 10,000 ping nodes and luci does not crash and not slow."))
s = m:section(TypedSection, "nodes")
-- s.description = translate("Support for more than 10,000 ping nodes and luci does not crash and not slow.")
s.anonymous = true
s.addremove = true
s.template = "cbi/tblsection"
@ -85,9 +85,6 @@ if api.uci_get_type("global_other", "compact_display_nodes", "0") == "1" then
end
else
s.sortable = true
---- Remarks
o = s:option(DummyValue, "remarks", translate("Remarks"))
---- Add Mode
if api.uci_get_type("global_other", "show_add_mode", "1") == "1" then
o = s:option(DummyValue, "add_mode", translate("Add Mode"))
@ -101,6 +98,8 @@ else
return str
end
end
---- Remarks
o = s:option(DummyValue, "remarks", translate("Remarks"))
---- Type
o = s:option(DummyValue, "type", translate("Type"))
@ -129,18 +128,13 @@ end--]]
end
---- Ping
o = s:option(DummyValue, "ping", translate("Ping"))
o.width = "10%"
o = s:option(DummyValue, "ping", translate("Latency"))
if api.uci_get_type("global_other", "auto_ping", "0") == "0" then
o.template = "passwall/node_list/ping"
else
o.template = "passwall/node_list/auto_ping"
end
---- Apply
o = s:option(DummyValue, "apply", translate("Apply"))
o.template = "passwall/node_list/apply"
m:append(Template("passwall/node_list/node_list"))
return m

129
package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/other.lua
View File

@ -46,81 +46,6 @@ o:depends("auto_on", "1")
o:value(nil, translate("Disable"))
for e = 0, 23 do o:value(e, e .. translate("oclock")) end
-- [[ DNS Settings ]]--
s = m:section(TypedSection, "global_dns", translate("DNS Settings"))
s.anonymous = true
s.addremove = false
---- Mainland DNS Sever 1
o = s:option(Value, "dns_1", translate("Mainland DNS Sever 1"))
o.rmempty = false
o.default = "dnsbyisp"
o:value("dnsbyisp", translate("dnsbyisp"))
o:value("223.5.5.5", "223.5.5.5(" .. translate("Ali") .. "DNS1)")
o:value("223.6.6.6", "223.6.6.6(" .. translate("Ali") .. "DNS2)")
o:value("114.114.114.114", "114.114.114.114(114DNS1)")
o:value("114.114.115.115", "114.114.115.115(114DNS2)")
o:value("119.29.29.29", "119.29.29.29(DNSPOD DNS1)")
o:value("182.254.116.116", "182.254.116.116(DNSPOD DNS2)")
o:value("1.2.4.8", "1.2.4.8(CNNIC DNS1)")
o:value("210.2.4.8", "210.2.4.8(CNNIC DNS2)")
o:value("180.76.76.76", "180.76.76.76(" .. translate("Baidu") .. "DNS)")
---- Mainland DNS Sever 2
o = s:option(Value, "dns_2", translate("Mainland DNS Sever 2"))
o.rmempty = false
o.default = "223.5.5.5"
o:value("dnsbyisp", translate("dnsbyisp"))
o:value("223.5.5.5", "223.5.5.5(" .. translate("Ali") .. "DNS1)")
o:value("223.6.6.6", "223.6.6.6(" .. translate("Ali") .. "DNS2)")
o:value("114.114.114.114", "114.114.114.114(114DNS1)")
o:value("114.114.115.115", "114.114.115.115(114DNS2)")
o:value("119.29.29.29", "119.29.29.29(DNSPOD DNS1)")
o:value("182.254.116.116", "182.254.116.116(DNSPOD DNS2)")
o:value("1.2.4.8", "1.2.4.8(CNNIC DNS1)")
o:value("210.2.4.8", "210.2.4.8(CNNIC DNS2)")
o:value("180.76.76.76", "180.76.76.76(" .. translate("Baidu") .. "DNS)")
---- DNS Export Of Multi WAN
o = s:option(ListValue, "dns_port", translate("DNS Export Of Multi WAN"),
translate(
"Only support Multi Wan. If no effect, please go to mwan3 to set."))
o.rmempty = false
o.default = 0
o:value(0, translate("Auto"))
for _, iface in ipairs(ifaces) do
if (iface:match("^pppoe*")) then
local nets = net:get_interface(iface)
nets = nets and nets:get_networks() or {}
for k, v in pairs(nets) do nets[k] = nets[k].sid end
nets = table.concat(nets, ",")
o:value(iface, ((#nets > 0) and "%s (%s)" % {iface, nets} or iface))
end
end
---- Node Export Of Multi WAN
o = s:option(ListValue, "wan_port", translate("Node Export Of Multi WAN"),
translate(
"Only support Multi Wan. If no effect, please go to mwan3 to set."))
o.default = 0
o.rmempty = false
o:value(0, translate("Auto"))
for _, iface in ipairs(ifaces) do
if (iface:match("^pppoe*")) then
local nets = net:get_interface(iface)
nets = nets and nets:get_networks() or {}
for k, v in pairs(nets) do nets[k] = nets[k].sid end
nets = table.concat(nets, ",")
o:value(iface, ((#nets > 0) and "%s (%s)" % {iface, nets} or iface))
end
end
---- DNS Hijack
o = s:option(Flag, "dns_53", translate("DNS Hijack"), translate(
"If the GFW mode cannot be used normally, please enable it"))
o.default = 1
o.rmempty = false
-- [[ Forwarding Settings ]]--
s = m:section(TypedSection, "global_forwarding",
translate("Forwarding Settings"))
@ -142,7 +67,7 @@ o:value("1:65535", translate("All"))
o:value("53", "53")
---- Multi SS/SSR Process Option
o = s:option(Value, "process", translate("Multi Process Option"),
--[[ o = s:option(Value, "process", translate("Multi Process Option"),
translate("you can start SS/SSR with multiple process"))
o.default = "0"
o.rmempty = false
@ -151,6 +76,7 @@ o:value("1", translate("1 Process"))
o:value("2", "2 " .. translate("Process"))
o:value("3", "3 " .. translate("Process"))
o:value("4", "4 " .. translate("Process"))
--]]
-- [[ Proxy Settings ]]--
s = m:section(TypedSection, "global_proxy", translate("Proxy Settings"))
@ -187,15 +113,15 @@ o = s:option(Flag, "proxy_ipv6", translate("Proxy IPv6"),
o.default = 0
-- [[ Other Settings ]]--
s = m:section(TypedSection, "global_other", translate("Other Settings"))
s = m:section(TypedSection, "global_other", translate("Other Settings"),
translatef(
"You can only set up a maximum of %s nodes for the time being",
"3"))
s.anonymous = true
s.addremove = false
---- TCP Node Number Option
o = s:option(ListValue, "tcp_node_num", "TCP" .. translate("Node Number"),
translatef(
"You can only set up a maximum of %s nodes for the time being",
"3"))
o = s:option(ListValue, "tcp_node_num", "TCP" .. translate("Node Number"))
o.default = "1"
o.rmempty = false
o:value("1")
@ -203,10 +129,7 @@ o:value("2")
o:value("3")
---- UDP Node Number Option
o = s:option(ListValue, "udp_node_num", "UDP" .. translate("Node Number"),
translatef(
"You can only set up a maximum of %s nodes for the time being",
"3"))
o = s:option(ListValue, "udp_node_num", "UDP" .. translate("Node Number"))
o.default = "1"
o.rmempty = false
o:value("1")
@ -214,47 +137,35 @@ o:value("2")
o:value("3")
---- Socks5 Node Number Option
o = s:option(ListValue, "socks5_node_num", "Socks5" .. translate("Node Number"),
translatef(
"You can only set up a maximum of %s nodes for the time being",
"5"))
o = s:option(ListValue, "socks5_node_num", "Socks5" .. translate("Node Number"))
o.default = "1"
o.rmempty = false
o:value("1")
o:value("2")
o:value("3")
o:value("4")
o:value("5")
---- 状态使用大图标
o = s:option(Flag, "status_use_big_icon", translate("Status Use Big Icon"))
o.default = "1"
o.rmempty = false
---- 显示节点检测
o = s:option(Flag, "status_show_check_port", translate("Status Show Check Port"))
o.default = "0"
o.rmempty = false
---- 显示IP111
o = s:option(Flag, "status_show_ip111", translate("Status Show IP111"))
o.default = "0"
o.rmempty = false
---- Hide Menu
o = s:option(Button, "hide", translate("Hide Menu"), translate(
"After the hidden to the display, type in the address bar enter the admin/vpn/passwall/show, such as: http://192.168.1.1/cgi-bin/luci/admin/vpn/passwall/show"))
"After the hidden to the display, type in the address bar enter the admin/vpn/passwall/show.<br />such as: http://192.168.1.1/cgi-bin/luci/admin/vpn/passwall/show"))
o.inputstyle = "remove"
function o.write(e, e)
luci.http.redirect(luci.dispatcher.build_url("admin", "vpn", "passwall",
"hide"))
end
-- [[ Custom Dnsmasq Settings ]]--
--[[
s = m:section(TypedSection, "global", translate("Custom Dnsmasq"))
s.anonymous = true
local e = "/usr/share/passwall/dnsmasq.d/user.conf"
o = s:option(TextValue, "userconf")
o.description = translate("Setting a parameter error will cause dnsmasq fail to start.")
o.rows = 15
o.wrap = "off"
o.cfgvalue = function(a, a)
return fs.readfile(e)or""
end
o.write = function(o, o, a)
fs.writefile(e, a:gsub("\r\n", "\n"))
end
]] --
return m

7
package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/rule.lua
View File

@ -58,8 +58,8 @@ for e = 0, 23 do o:value(e, e .. translate("oclock")) end
o.default = 0
o:depends("auto_update_subscribe", 1)
---- Subscribe Manually update
o = s:option(Button, "_update", translate("Manually update"))
---- Manual subscription
o = s:option(Button, "_update", translate("Manual subscription"))
o.inputstyle = "apply"
function o.write(e, e)
luci.sys
@ -72,8 +72,7 @@ end
o = s:option(Button, "_stop", translate("Delete All Subscribe Node"))
o.inputstyle = "remove"
function o.write(e, e)
luci.sys.call(
"nohup /usr/share/passwall/subscription.sh stop > /dev/null 2>&1 &")
luci.sys.call("/usr/share/passwall/subscription.sh stop")
luci.http.redirect(luci.dispatcher.build_url("admin", "vpn", "passwall",
"log"))
end

13
package/lienol/luci-app-passwall/luasrc/view/passwall/global/status.htm
View File

File diff suppressed because one or more lines are too long

7
package/lienol/luci-app-passwall/luasrc/view/passwall/global/status2.htm
View File

@ -14,6 +14,9 @@ end
local tcp_node_num = api.uci_get_type("global_other", "tcp_node_num", 1)
local udp_node_num = api.uci_get_type("global_other", "udp_node_num", 1)
local socks5_node_num = api.uci_get_type("global_other", "socks5_node_num", 1)
local status_show_check_port = api.uci_get_type("global_other", "status_show_check_port", 0)
local status_show_ip111 = api.uci_get_type("global_other", "status_show_ip111", 0)
-%>
<style>
@ -146,6 +149,7 @@ local socks5_node_num = api.uci_get_type("global_other", "socks5_node_num", 1)
<font id="_google_status"></font>
</div>
</div>
<% if tonumber(status_show_check_port) == 1 then %>
<div class="cbi-value">
<label class="cbi-value-title">
<%:Node Check%>
@ -156,12 +160,15 @@ local socks5_node_num = api.uci_get_type("global_other", "socks5_node_num", 1)
<input id="clear_check_port_btn" type="button" class="cbi-button cbi-button-remove" style="display:none" value="<%:Clear%>" onclick="return clear_check_port(this)" />
</div>
</div>
<% end %>
<% if tonumber(status_show_ip111) == 1 then %>
<div class="cbi-value">
<label class="cbi-value-title"></label>
<div class="cbi-value-field">
<input type="button" class="cbi-button cbi-input-reload" value="IP111.cn" onclick="javascript:window.open('http://www.ip111.cn/','target');" />
</div>
</div>
<% end %>
</fieldset>
</fieldset>

6
package/lienol/luci-app-passwall/luasrc/view/passwall/global/tips.htm Normal file
View File

@ -0,0 +1,6 @@
<div class="cbi-value">
<label class="cbi-value-title"></label>
<div class="cbi-value-field">
<%:Tips%><%:You can use load balancing for failover.%>
</div>
</div>

24
package/lienol/luci-app-passwall/luasrc/view/passwall/haproxy/status.htm Normal file
View File

@ -0,0 +1,24 @@
<%
local dsp = require "luci.dispatcher"
-%>
<p id="_status"></p>
<script type="text/javascript">//<![CDATA[
XHR.poll(3,'<%=dsp.build_url("admin/vpn/passwall/status")%>', null,
function(x, json) {
if (x && x.status == 200) {
var _status = document.getElementById('_status');
if (_status) {
if (json.haproxy_status) {
_status.innerHTML = '<input type="button" class="cbi-button cbi-input-apply" value="<%:Enter interface%>" onclick="openwebui()" />';
}
}
}
});
function openwebui(){
var url = window.location.host+":<%=luci.sys.exec("uci -q get passwall.@global_haproxy[0].console_port"):gsub("^%s*(.-)%s*$", "%1")%>";
window.open('http://'+url,'target','');
}
//]]></script>

4
package/lienol/luci-app-passwall/luasrc/view/passwall/log/log.htm
View File

@ -30,6 +30,6 @@ local dsp = require "luci.dispatcher"
<legend>
<%:These is logs.%>
</legend>
<input class="cbi-button cbi-input-remove" type="button" onclick="clearlog()" value="<%:Clear logs%>">
<input class="cbi-button cbi-input-remove" type="button" onclick="clearlog()" value="<%:Clear logs%>" />
<textarea id="log_textarea" class="cbi-input-textarea" style="width: 100%;margin-top: 10px;" data-update="change" rows="40" wrap="off" readonly="readonly"></textarea>
</fieldset>
</fieldset>

3
package/lienol/luci-app-passwall/luasrc/view/passwall/node_list/apply.htm
View File

@ -1,3 +0,0 @@
<%+cbi/valueheader%>
<input class="cbi-button cbi-button-add" type="button" onclick="open_set_node_div('<%=section%>')" value="<%:Use%>">
<%+cbi/valuefooter%>

6
package/lienol/luci-app-passwall/luasrc/view/passwall/node_list/link_add_node.htm
View File

@ -68,7 +68,7 @@ local dsp = require "luci.dispatcher"
<div class="cbi-value">
<label class="cbi-value-title"><%:Add Node%></label>
<div class="cbi-value-field">
<input class="cbi-button cbi-button-add" type="button" onclick="open_add_link_div()" value="<%:Add the node via the link%>">
<input class="cbi-button cbi-button-add" type="button" onclick="open_add_link_div()" value="<%:Add the node via the link%>" />
</div>
</div>
@ -82,8 +82,8 @@ local dsp = require "luci.dispatcher"
<div class="cbi-value">
<label class="cbi-value-title"></label>
<div class="cbi-value-field">
<input class="cbi-button cbi-button-add" type="button" onclick="add_node()" value="<%:Add%>">
<input class="cbi-button cbi-button-remove" type="button" onclick="close_add_link_div()" value="<%:Close%>">
<input class="cbi-button cbi-button-add" type="button" onclick="add_node()" value="<%:Add%>" />
<input class="cbi-button cbi-button-remove" type="button" onclick="close_add_link_div()" value="<%:Close%>" />
</div>
</div>
</div>

142
package/lienol/luci-app-passwall/luasrc/view/passwall/node_list/node_list.htm
View File

@ -121,10 +121,17 @@ table td, .table .td {
},
function(x, result) {
if(x && x.status == 200) {
if (result.ping != null && result.ping != "")
dom.outerHTML = result.ping + " ms";
else
dom.outerHTML = "--";
if (result.ping == null || result.ping.trim() == "") {
dom.outerHTML = "<font style='color:red'><%:Timeout%></font>";
} else {
var ping = parseInt(result.ping);
if (ping < 100)
dom.outerHTML = "<font style='color:green'>" + result.ping + " ms" + "</font>";
else if (ping < 200)
dom.outerHTML = "<font style='color:#fb9a05'>" + result.ping + " ms" + "</font>";
else if (ping >= 200)
dom.outerHTML = "<font style='color:red'>" + result.ping + " ms" + "</font>";
}
}
}
);
@ -135,46 +142,99 @@ table td, .table .td {
var auto_ping_value = document.getElementsByClassName('auto_ping_value');
var index = 0;
function auto_ping() {
if (index >= auto_ping_value.length){
if (index >= auto_ping_value.length) {
return;
}
var cbi_id = auto_ping_value[index].getAttribute("cbiid");
<% if compact_display_nodes and tonumber(compact_display_nodes) == 1 then %>
var remarks = document.getElementById("cbid.passwall." + cbi_id + ".remarks").value;
var address = null;
var port = null;
if (remarks.lastIndexOf("") != -1 && remarks.lastIndexOf("") != -1) {
var address_full = remarks.substring(remarks.lastIndexOf("") + 1, remarks.lastIndexOf(""));
address = address_full.substring(0, address_full.lastIndexOf(":"));
port = address_full.substring(address_full.lastIndexOf(":") + 1);
}
<% else %>
var address = document.getElementById("cbid.passwall." + cbi_id + ".address").value;
var port = document.getElementById("cbid.passwall." + cbi_id + ".port").value;
<% end %>
var json = JSON.stringify(auto_ping_value[index]);
ajax.post('<%=dsp.build_url("admin/vpn/passwall/ping_node")%>', {
index: index,
address: address,
port: port
},
function(x, result) {
if(x && x.status == 200) {
auto_ping_value[result.index].innerHTML = (result.ping ? result.ping : "--") + " ms";
var is_ping = auto_ping_value[index].getAttribute("ping");
if (is_ping == null) {
var cbi_id = auto_ping_value[index].getAttribute("cbiid");
<% if compact_display_nodes and tonumber(compact_display_nodes) == 1 then %>
var remarks = document.getElementById("cbid.passwall." + cbi_id + ".remarks").value;
var address = null;
var port = null;
if (remarks.lastIndexOf("") != -1 && remarks.lastIndexOf("") != -1) {
var address_full = remarks.substring(remarks.lastIndexOf("") + 1, remarks.lastIndexOf(""));
address = address_full.substring(0, address_full.lastIndexOf(":"));
port = address_full.substring(address_full.lastIndexOf(":") + 1);
}
index++;
auto_ping();
},
function(x) {
auto_ping_value[index].innerHTML = "<font style='color:red'><%:Timeout%></font>";
index++;
auto_ping();
},
);
<% else %>
var address = document.getElementById("cbid.passwall." + cbi_id + ".address").value;
var port = document.getElementById("cbid.passwall." + cbi_id + ".port").value;
<% end %>
var json = JSON.stringify(auto_ping_value[index]);
ajax.post('<%=dsp.build_url("admin/vpn/passwall/ping_node")%>', {
index: index,
address: address,
port: port
},
function(x, result) {
if(x && x.status == 200) {
for(var i = 0; i < auto_ping_value.length; i++) {
var obj = auto_ping_value[i];
var obj_cbi_id = obj.getAttribute("cbiid");
<% if compact_display_nodes and tonumber(compact_display_nodes) == 1 then %>
var obj_remarks = document.getElementById("cbid.passwall." + obj_cbi_id + ".remarks").value;
var obj_address = null;
var obj_port = null;
if (obj_remarks.lastIndexOf("") != -1 && obj_remarks.lastIndexOf("") != -1) {
var obj_address_full = obj_remarks.substring(obj_remarks.lastIndexOf("") + 1, obj_remarks.lastIndexOf(""));
obj_address = obj_address_full.substring(0, obj_address_full.lastIndexOf(":"));
obj_port = obj_address_full.substring(obj_address_full.lastIndexOf(":") + 1);
}
<% else %>
var obj_address = document.getElementById("cbid.passwall." + obj_cbi_id + ".address").value;
var obj_port = document.getElementById("cbid.passwall." + obj_cbi_id + ".port").value;
<% end %>
if (address == obj_address && port == obj_port) {
auto_ping_value[i].setAttribute("ping", "1");
if (result.ping == null || result.ping.trim() == "") {
auto_ping_value[i].innerHTML = "<font style='color:red'><%:Timeout%></font>";
} else {
var ping = parseInt(result.ping);
if (ping < 100)
auto_ping_value[i].innerHTML = "<font style='color:green'>" + result.ping + " ms" + "</font>";
else if (ping < 200)
auto_ping_value[i].innerHTML = "<font style='color:#fb9a05'>" + result.ping + " ms" + "</font>";
else if (ping >= 200)
auto_ping_value[i].innerHTML = "<font style='color:red'>" + result.ping + " ms" + "</font>";
}
}
}
}
index++;
auto_ping();
},
function(x) {
auto_ping_value[index].innerHTML = "<font style='color:red'><%:Timeout%></font>";
index++;
auto_ping();
},
);
}
else {
index++;
auto_ping();
}
}
auto_ping();
//添加"应用"按钮到"修改"按钮前
var edit_btn = document.getElementsByClassName("cbi-button cbi-button-edit");
for(var i = 0; i < edit_btn.length; i++) {
try {
var onclick_str = edit_btn[i].getAttribute("onclick");
var id = onclick_str.substring(onclick_str.lastIndexOf('/') + 1, onclick_str.length - 1);
var td = edit_btn[i].parentNode;
var apply = '<input class="cbi-button cbi-button-add" type="button" value="<%:Use%>" onclick="open_set_node_div(\'' + id + '\')" alt="<%:Use%>" title="<%:Use%>" />';
td.innerHTML = apply + "&nbsp;&nbsp;" + td.innerHTML;
}
catch(err) {
console.error(err);
}
}
//]]>
</script>
@ -183,21 +243,21 @@ table td, .table .td {
<div class="cbi-value">
<% if tcp_node_num and tonumber(tcp_node_num) >= 1 then %>
<% for i = 1, tcp_node_num, 1 do %>
<input class="cbi-button cbi-button-edit" type="button" onclick="set_node('tcp',<%=i%>)" value="TCP_<%=i%>">
<input class="cbi-button cbi-button-edit" type="button" onclick="set_node('tcp',<%=i%>)" value="TCP_<%=i%>" />
<% end %>
<% end %>
<% if udp_node_num and tonumber(udp_node_num) >= 1 then %>
<% for i = 1, udp_node_num, 1 do %>
<input class="cbi-button cbi-button-edit" type="button" onclick="set_node('udp',<%=i%>)" value="UDP_<%=i%>">
<input class="cbi-button cbi-button-edit" type="button" onclick="set_node('udp',<%=i%>)" value="UDP_<%=i%>" />
<% end %>
<% end %>
<% if socks5_node_num and tonumber(socks5_node_num) >= 1 then %>
<% for i = 1, socks5_node_num, 1 do %>
<input class="cbi-button cbi-button-edit" type="button" onclick="set_node('socks5',<%=i%>)" value="Socks5_<%=i%>">
<input class="cbi-button cbi-button-edit" type="button" onclick="set_node('socks5',<%=i%>)" value="Socks5_<%=i%>" />
<% end %>
<% end %>
<input class="cbi-button cbi-button-remove" type="button" onclick="close_set_node_div()" value="<%:Close%>">
<input class="cbi-button cbi-button-remove" type="button" onclick="close_set_node_div()" value="<%:Close%>" />
</div>
</div>

2
package/lienol/luci-app-passwall/luasrc/view/passwall/rule/brook_version.htm
View File

@ -152,7 +152,7 @@ local brook_version = luci.sys.exec("[ -f '" .. brook_path .. "' ] && " .. brook
<div class="cbi-value-field">
<div class="cbi-value-description">
<span><%=brook_version%>】</span>
<input class="cbi-button cbi-input-apply" type="submit" id="_brook-check_btn" onclick="onBtnClick_brook(this);" value="<%:Manually update%>">
<input class="cbi-button cbi-input-apply" type="button" id="_brook-check_btn" onclick="onBtnClick_brook(this);" value="<%:Manually update%>" />
<span id="_brook-check_btn-detail"></span>
</div>
</div>

2
package/lienol/luci-app-passwall/luasrc/view/passwall/rule/kcptun_version.htm
View File

@ -168,7 +168,7 @@ local kcptun_version = luci.sys.exec("[ -f '" .. kcptun_path .. "' ] && " .. kcp
<div class="cbi-value-field">
<div class="cbi-value-description">
<span><%=kcptun_version%>】</span>
<input class="cbi-button cbi-input-apply" type="submit" id="_kcptun-check_btn" onclick="onBtnClick_kcptun(this);" value="<%:Manually update%>">
<input class="cbi-button cbi-input-apply" type="button" id="_kcptun-check_btn" onclick="onBtnClick_kcptun(this);" value="<%:Manually update%>" />
<span id="_kcptun-check_btn-detail"></span>
</div>
</div>

3
package/lienol/luci-app-passwall/luasrc/view/passwall/rule/rule_version.htm
View File

@ -39,7 +39,6 @@ local chnlist_update = api.uci_get_type("global_rules", "chnlist_update", "1") =
}
}
);
return false;
}
//]]>
</script>
@ -86,7 +85,7 @@ local chnlist_update = api.uci_get_type("global_rules", "chnlist_update", "1") =
<%:Manually update%>
</label>
<div class="cbi-value-field">
<input class="cbi-button cbi-input-apply" type="submit" id="update_rules_btn" onclick="update_rules(this)" value="<%:Manually update%>">
<input class="cbi-button cbi-input-apply" type="button" id="update_rules_btn" onclick="update_rules(this)" value="<%:Manually update%>" />
</div>
</div>

2
package/lienol/luci-app-passwall/luasrc/view/passwall/rule/v2ray_version.htm
View File

@ -168,7 +168,7 @@ local V2ray_version = luci.sys.exec("[ -f '" .. V2ray_path .. "/v2ray' ] && " ..
<div class="cbi-value-field">
<div class="cbi-value-description">
<span><%=V2ray_version%>】</span>
<input class="cbi-button cbi-input-apply" type="submit" id="_v2ray-check_btn" onclick="onBtnClick_v2ray(this);" value="<%:Manually update%>">
<input class="cbi-button cbi-input-apply" type="button" id="_v2ray-check_btn" onclick="onBtnClick_v2ray(this);" value="<%:Manually update%>" />
<span id="_v2ray-check_btn-detail"></span>
</div>
</div>

169
package/lienol/luci-app-passwall/po/zh-cn/passwall.po
View File

@ -1,5 +1,5 @@
msgid "Pass Wall"
msgstr "科学上网"
msgstr "正确上网姿势 √"
msgid "Shadowsocks Server"
msgstr "ShadowSocks 服务器"
@ -82,6 +82,9 @@ msgstr "高级设置"
msgid "Load Balancing"
msgstr "负载均衡"
msgid "Enter interface"
msgstr "进入界面"
msgid "Rule Update"
msgstr "自动更新"
@ -121,6 +124,9 @@ msgstr "清除"
msgid "If you can use it, very stable. If not, GG !!!"
msgstr "如果你会用稳得一批。否则GG"
msgid "Main switch"
msgstr "总开关"
msgid "TCP Node"
msgstr "TCP节点"
@ -142,11 +148,11 @@ msgstr "用于游戏模式或DNS解析等。"
msgid "The selected server will not use Kcptun."
msgstr "选中的服务器不会使用Kcptun。"
msgid "The client can use the router's Socks5 proxy"
msgstr "客户端可以使用路由器的Socks5代理"
msgid "The client can use the router's Socks5 proxy."
msgstr "客户端可以使用路由器的Socks5代理"
msgid "DNS Forward Mode"
msgstr "DNS转发模式"
msgid "DNS Mode"
msgstr "DNS模式"
msgid "Use local port 7913 as DNS"
msgstr "使用本机7913端口的DNS"
@ -154,8 +160,8 @@ msgstr "使用本机7913端口的DNS"
msgid "No patterns are used"
msgstr "不使用"
msgid "if you use no patterns are used, DNS of wan will be used by default as upstream of dnsmasq"
msgstr "如果您没有使用任何模式则会使用WAN的DNS"
msgid "if has problem, please try another mode.<br />if you use no patterns are used, DNS of wan will be used by default as upstream of dnsmasq."
msgstr "如果有问题,请尝试其他模式。<br />如果您没有使用任何模式则会使用WAN的DNS"
msgid "Use TCP Node Resolve DNS"
msgstr "使用TCP节点解析DNS"
@ -163,14 +169,53 @@ msgstr "使用TCP节点解析DNS"
msgid "If checked, DNS is resolved using the TCP node."
msgstr "如果勾选则使用TCP节点解析DNS解决污染。"
msgid "upstreamm DNS Server for ChinaDNS-NG"
msgstr "ChinaDNS-NG的上游服务器"
msgid "DNS Address"
msgstr "DNS地址"
msgid "Domestic DNS server in advanced Settings is used as domestic DNS by default"
msgstr "默认使用高级设置里的国内DNS服务器作为国内DNS"
msgid "China DNS Server"
msgstr "国内DNS服务器"
msgid "example: 127.0.0.1#5335<br>Need at least one,Other DNS services can be used as upstream, such as dns2socks."
msgstr "例127.0.0.1#5335<br>需要至少一个服务器其他DNS服务可以作为上游使用比如dns2socks。"
msgid "Example: 127.0.0.1#6053 ,Represents DNS on using 127.0.0.1 the 6053 port. such as smartdns,AdGuard Home...<br />Only use two at most, english comma separation, If you do not fill in the # and the following port, you are using port 53.<br />If you use custom, unless you know what you're doing, setting it up incorrectly can cause your stuck to crash!"
msgstr "例127.0.0.1#6053 使用本机的6053端口的DNS服务。例smartdnsAdGuardHome等等。<br />最多使用2个DNS服务器英文逗号分隔如果没有填#和后面的端口则使用53端口。<br />如果你使用自定义,除非你知道你在做什么,否则设置不当会直接导致卡到崩溃!"
msgid "Upstream trust DNS Server for ChinaDNS-NG"
msgstr "ChinaDNS-NG可信DNS"
msgid "Example: 127.0.0.1#5353 ,such as dns2socks,dns-forwarder...<br />Only use two at most, english comma separation, If you do not fill in the # and the following port, you are using port 53."
msgstr "例127.0.0.1#5353 例dns2socksdns-forwarder等等。<br />最多使用2个DNS服务器英文逗号分隔如果没有填#和后面的端口则使用53端口。"
msgid "The server client can also use this rule to scientifically surf the Internet.<br /> Global and continental whitelist are not recommended for non-special cases!"
msgstr "本机服务器的客户端也可以使用这个代理模式上网。<br />非特殊情况不推荐使用全局和大陆白名单!"
msgid "Tips"
msgstr "小提示"
msgid "You can use load balancing for failover."
msgstr "可以使用负载均衡实现故障切换功能。"
msgid "dnsbyisp"
msgstr "运营商DNS(自动分配)"
msgid "Ali"
msgstr "阿里"
msgid "Baidu"
msgstr "百度"
msgid "DNS Export Of Multi WAN"
msgstr "国内DNS指定解析出口"
msgid "Node Export Of Multi WAN"
msgstr "节点指定出口"
msgid "Only support Multi Wan."
msgstr "只有多线接入才有效。"
msgid "Not Specify"
msgstr "不指定"
msgid "DNS Hijack"
msgstr "DNS劫持"
msgid "custom"
msgstr "自定义"
@ -196,6 +241,9 @@ msgstr "单进程"
msgid "Proxy Mode"
msgstr "代理模式"
msgid "If using GFW mode is not available, try clearing the native cache."
msgstr "如果使用GFW模式无法使用请尝试清除本机缓存。"
msgid "No Proxy"
msgstr "不代理"
@ -244,9 +292,6 @@ msgstr "你选择的节点是:"
msgid "Timeout"
msgstr "超时"
msgid "The server client can also use this rule to scientifically surf the Internet"
msgstr "本机服务器的客户端也可以使用这个代理模式上网"
msgid "Node Remarks"
msgstr "节点备注"
@ -274,11 +319,8 @@ msgstr "加密"
msgid "Kcptun Switch"
msgstr "Kcptun开关"
msgid "Ping Latency"
msgstr "Ping延迟"
msgid "Ping Value"
msgstr "Ping值"
msgid "Latency"
msgstr "延迟"
msgid "Show Add Mode"
msgstr "显示添加方式"
@ -289,18 +331,18 @@ msgstr "显示组"
msgid "Group"
msgstr "组"
msgid "Use TCPing"
msgstr "使用TCPing"
msgid "This will use tcping replace ping detection of node"
msgstr "选中后保存应用后即使用tcping替换ping检测节点"
msgid "Auto Ping"
msgstr "自动Ping"
msgid "This will automatically ping the node for latency"
msgstr "选中后保存应用后即自动Ping节点"
msgid "Use TCP Detection delay"
msgstr "使用TCP检测延迟"
msgid "This will use tcping replace ping detection of node"
msgstr "选中后保存应用后即使用tcping替换ping检测节点"
msgid "Concise display nodes"
msgstr "简洁显示节点"
@ -313,45 +355,6 @@ msgstr "应用"
msgid "Use"
msgstr "使用"
msgid "DNS Settings"
msgstr "DNS配置"
msgid "DNS Forward Address"
msgstr "DNS转发地址"
msgid "Mainland DNS Sever 1"
msgstr "国内DNS服务器1"
msgid "Mainland DNS Sever 2"
msgstr "国内DNS服务器2"
msgid "dnsbyisp"
msgstr "运营商DNS(自动分配)"
msgid "Ali"
msgstr "阿里"
msgid "Baidu"
msgstr "百度"
msgid "DNS Export Of Multi WAN"
msgstr "国内DNS指定解析出口"
msgid "Node Export Of Multi WAN"
msgstr "节点指定出口"
msgid "Only support Multi Wan. If no effect, please go to mwan3 to set."
msgstr "只有多线接入才有效如果设置后还是无效请到mwan3设置。"
msgid "Not Specify"
msgstr "不指定"
msgid "DNS Hijack"
msgstr "DNS劫持"
msgid "If the GFW mode cannot be used normally, please enable it"
msgstr "如果GFW模式不能正常使用请启用"
msgid "Delay Settings"
msgstr "定时配置"
@ -436,8 +439,11 @@ msgstr "检测时间"
msgid "Automatic switching cannot be used when this option is checked"
msgstr "当勾选此选项时,不能使用自动切换"
msgid "List of alternate TCP forwarding servers"
msgstr "备用TCP转发服务器的列表"
msgid "List of backup nodes"
msgstr "备用节点的列表"
msgid "List of backup nodes, the first of which must be the primary node and the others the standby node."
msgstr "备用节点的列表,第一个必须是主节点,其他是备用节点。"
msgid "Configure this node with 127.0.0.1: this port"
msgstr "使用127.0.0.1和此端口配置节点"
@ -463,8 +469,8 @@ msgstr "负载均衡端口"
msgid "Load Balancing Setting"
msgstr "负载均衡设置"
msgid "Add a node, Export Of Multi WAN Only support Multi Wan. If no effect, please go to mwan3 to set. Load specific gravity range 1-256. Multiple primary servers can be load balanced, standby will only be enabled when the primary server is offline!"
msgstr "添加节点指定出口功能是为多WAN用户准备的如果设置后还是无效请到mwan3设置。负载比重范围1-256。多个主服务器可以负载均衡备用只有在主服务器离线时才会启用"
msgid "Add a node, Export Of Multi WAN Only support Multi Wan. Load specific gravity range 1-256. Multiple primary servers can be load balanced, standby will only be enabled when the primary server is offline!"
msgstr "添加节点指定出口功能是为多WAN用户准备的。负载比重范围1-256。多个主服务器可以负载均衡备用只有在主服务器离线时才会启用"
msgid "Node Address"
msgstr "节点地址"
@ -583,15 +589,18 @@ msgstr "订阅网址"
msgid "Please input the subscription url first, save and submit before updating. If you subscribe to update, it is recommended to delete all subscriptions and then re-subscribe."
msgstr "请输入订阅网址保存应用后再更新,如果订阅节点更新了,建议删除所有订阅,然后重新订阅。"
msgid "Delete All Subscribe Node"
msgstr "删除所有订阅节点"
msgid "Subscribe via proxy"
msgstr "通过代理订阅"
msgid "Enable auto update subscribe"
msgstr "开启自动更新订阅"
msgid "Manual subscription"
msgstr "手动订阅"
msgid "Delete All Subscribe Node"
msgstr "删除所有订阅节点"
msgid "Add"
msgstr "添加"
@ -739,8 +748,8 @@ msgstr "域名"
msgid "Whether unsafe connections are allowed. When checked, V2Ray does not check the validity of the TLS certificate provided by the remote host."
msgstr "是否允许不安全连接。当勾选时V2Ray 不会检查远端主机所提供的 TLS 证书的有效性。"
msgid "<br>none: default, no masquerade, data sent is packets with no characteristics.<br>srtp: disguised as an SRTP packet, it will be recognized as video call data (such as FaceTime).<br>utp: packets disguised as uTP will be recognized as bittorrent downloaded data.<br>wechat-video: packets disguised as WeChat video calls.<br>dtls: disguised as DTLS 1.2 packet.<br>wireguard: disguised as a WireGuard packet. (not really WireGuard protocol)"
msgstr "<br>none默认值不进行伪装发送的数据是没有特征的数据包。<br>srtp伪装成 SRTP 数据包,会被识别为视频通话数据(如 FaceTime。<br>utp伪装成 uTP 数据包,会被识别为 BT 下载数据。<br>wechat-video伪装成微信视频通话的数据包。<br>dtls伪装成 DTLS 1.2 数据包。<br>wireguard伪装成 WireGuard 数据包。(并不是真正的 WireGuard 协议)"
msgid "<br />none: default, no masquerade, data sent is packets with no characteristics.<br />srtp: disguised as an SRTP packet, it will be recognized as video call data (such as FaceTime).<br />utp: packets disguised as uTP will be recognized as bittorrent downloaded data.<br />wechat-video: packets disguised as WeChat video calls.<br />dtls: disguised as DTLS 1.2 packet.<br />wireguard: disguised as a WireGuard packet. (not really WireGuard protocol)"
msgstr "<br />none默认值不进行伪装发送的数据是没有特征的数据包。<br />srtp伪装成 SRTP 数据包,会被识别为视频通话数据(如 FaceTime。<br />utp伪装成 uTP 数据包,会被识别为 BT 下载数据。<br />wechat-video伪装成微信视频通话的数据包。<br />dtls伪装成 DTLS 1.2 数据包。<br />wireguard伪装成 WireGuard 数据包。(并不是真正的 WireGuard 协议)"
msgid "A legal file path. This file must not exist before running V2Ray."
msgstr "一个合法的文件路径。在运行 V2Ray 之前,这个文件必须不存在。"
@ -775,11 +784,17 @@ msgstr "目前最多只能设置%s个节点"
msgid "Status Use Big Icon"
msgstr "状态信息使用大图标"
msgid "Status Show Check Port"
msgstr "状态信息显示节点检测"
msgid "Status Show IP111"
msgstr "状态信息显示IP111"
msgid "Hide Menu"
msgstr "隐藏菜单"
msgid "After the hidden to the display, type in the address bar enter the admin/vpn/passwall/show, such as: http://192.168.1.1/cgi-bin/luci/admin/vpn/passwall/show"
msgstr "当你隐藏后想再次显示在地址栏后面输入admin/vpn/passwall/show例如:http://192.168.1.1/cgi-bin/luci/admin/vpn/passwall/show"
msgid "After the hidden to the display, type in the address bar enter the admin/vpn/passwall/show.<br />such as: http://192.168.1.1/cgi-bin/luci/admin/vpn/passwall/show"
msgstr "当你隐藏后想再次显示在地址栏后面输入admin/vpn/passwall/show<br />例如:http://192.168.1.1/cgi-bin/luci/admin/vpn/passwall/show"
msgid "Can't determine ARCH, or ARCH not supported."
msgstr "无法确认ARCH架构或是不支持。"

BIN
package/lienol/luci-app-passwall/po2lmo
View File

Binary file not shown.

16
package/lienol/luci-app-passwall/root/etc/config/passwall
View File

@ -1,11 +1,14 @@
config global
option enabled '0'
option tcp_node1 'nil'
option udp_node1 'nil'
option socks5_node1 'nil'
option dns_mode 'pdnsd'
option up_china_dns '114.114.114.114'
option dns_forward '8.8.4.4'
option use_tcp_node_resolve_dns '1'
option dns_53 '1'
option proxy_mode 'chnroute'
option localhost_proxy_mode 'gfwlist'
@ -17,13 +20,6 @@ config global_delay
option start_daemon '0'
option start_delay '20'
config global_dns
option dns_port '0'
option wan_port '0'
option dns_53 '1'
option dns_1 '114.114.114.114'
option dns_2 '119.29.29.29'
config global_forwarding
option udp_redir_ports '1:65535'
option tcp_redir_ports '80,443'
@ -43,6 +39,8 @@ config global_other
option udp_node_num '1'
option socks5_node_num '1'
option status_use_big_icon '1'
option status_show_check_port '0'
option status_show_ip111 '0'
option compact_display_nodes '0'
option show_group '0'
option show_add_mode '0'
@ -54,7 +52,7 @@ config global_rules
option chnlist_update '1'
option gfwlist_version '2019-12-10'
option chnroute_version '2019-12-05'
option chnlist_version '2019-12-31'
option chnlist_version '2020-01-06'
config global_app
option v2ray_file '/usr/bin/v2ray/'
@ -66,5 +64,5 @@ config global_subscribe
option auto_update_subscribe '0'
config auto_switch
option testing_time '50'
option testing_time '3'
option enable '0'

379
package/lienol/luci-app-passwall/root/etc/config/passwall_rule/chnlist
View File

File diff suppressed because it is too large Load Diff

2
package/lienol/luci-app-passwall/root/etc/config/passwall_rule/whitelist_ip
View File

@ -6,4 +6,4 @@
114.215.126.16
1.2.4.8
210.2.4.8
119.29.29.29
119.29.29.29

1
package/lienol/luci-app-passwall/root/etc/init.d/passwall
View File

@ -17,6 +17,5 @@ stop() {
restart() {
stop
sleep 3
start
}

305
package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh
View File

@ -7,6 +7,8 @@
CONFIG=passwall
CONFIG_PATH=/var/etc/$CONFIG
RUN_PID_PATH=$CONFIG_PATH/pid
RUN_ID_PATH=$CONFIG_PATH/id
RUN_IP_PATH=$CONFIG_PATH/ip
RUN_PORT_PATH=$CONFIG_PATH/port
HAPROXY_FILE=$CONFIG_PATH/haproxy.cfg
REDSOCKS_CONFIG_TCP_FILE=$CONFIG_PATH/redsocks_TCP.conf
@ -135,6 +137,8 @@ set_subscribe_proxy() {
}
}
ENABLED=$(config_t_get global enabled 0)
TCP_NODE_NUM=$(config_t_get global_other tcp_node_num 1)
for i in $(seq 1 $TCP_NODE_NUM); do
eval TCP_NODE$i=$(config_t_get global tcp_node$i nil)
@ -175,6 +179,9 @@ KCPTUN_REDIR_PORT=$(config_t_get global_proxy kcptun_port 11183)
PROXY_MODE=$(config_t_get global proxy_mode gfwlist)
load_config() {
[ "$ENABLED" != 1 ] && {
return 1
}
[ "$TCP_NODE1" == "nil" -a "$UDP_NODE1" == "nil" -a "$SOCKS5_NODE1" == "nil" ] && {
echolog "没有选择节点!"
return 1
@ -182,6 +189,7 @@ load_config() {
DNS_MODE=$(config_t_get global dns_mode pdnsd)
DNS_FORWARD=$(config_t_get global dns_forward 8.8.4.4)
use_tcp_node_resolve_dns=$(config_t_get global use_tcp_node_resolve_dns 0)
use_udp_node_resolve_dns=0
process=1
if [ "$(config_t_get global_forwarding process 0)" = "0" ]; then
process=$(cat /proc/cpuinfo | grep 'processor' | wc -l)
@ -189,8 +197,17 @@ load_config() {
process=$(config_t_get global_forwarding process)
fi
LOCALHOST_PROXY_MODE=$(config_t_get global localhost_proxy_mode default)
DNS1=$(config_t_get global_dns dns_1)
DNS2=$(config_t_get global_dns dns_2)
UP_CHINA_DNS=$(config_t_get global up_china_dns 223.5.5.5,114.114.114.114)
[ "$UP_CHINA_DNS" == "dnsbyisp" ] && {
local dns1=$(cat /tmp/resolv.conf.auto 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | grep -v 0.0.0.0 | grep -v 127.0.0.1 | sed -n '1P')
if [ -n "$dns1" ]; then
UP_CHINA_DNS=$dns1
else
UP_CHINA_DNS="223.5.5.5,114.114.114.114"
fi
local dns2=$(cat /tmp/resolv.conf.auto 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | grep -v 0.0.0.0 | grep -v 127.0.0.1 | sed -n '2P')
[ -n "$dns1" -a -n "$dns2" ] && UP_CHINA_DNS="$dns1,$dns2"
}
TCP_REDIR_PORT1=$(config_t_get global_proxy tcp_redir_port 1041)
TCP_REDIR_PORT2=$(expr $TCP_REDIR_PORT1 + 1)
TCP_REDIR_PORT3=$(expr $TCP_REDIR_PORT2 + 1)
@ -201,7 +218,7 @@ load_config() {
SOCKS5_PROXY_PORT2=$(expr $SOCKS5_PROXY_PORT1 + 1)
SOCKS5_PROXY_PORT3=$(expr $SOCKS5_PROXY_PORT2 + 1)
PROXY_IPV6=$(config_t_get global_proxy proxy_ipv6 0)
mkdir -p /var/etc $CONFIG_PATH $RUN_PID_PATH $RUN_PORT_PATH
mkdir -p /var/etc $CONFIG_PATH $RUN_PID_PATH $RUN_ID_PATH $RUN_IP_PATH $RUN_PORT_PATH
config_load $CONFIG
return 0
}
@ -264,11 +281,11 @@ gen_config_file() {
if [ "$redir_type" == "Socks5" ]; then
if [ "$network_type" == "ipv6" ]; then
SOCKS5_NODE1_IPV6=$server_ip
eval SOCKS5_NODE${5}_IPV6=$server_ip
else
SOCKS5_NODE1_IP=$server_ip
eval SOCKS5_NODE${5}_IP=$server_ip
fi
SOCKS5_NODE1_PORT=$port
eval SOCKS5_NODE${5}_PORT=$port
if [ "$type" == "ss" -o "$type" == "ssr" ]; then
gen_ss_ssr_config_file $type $local_port 0 $node $config_file_path
elif [ "$type" == "v2ray" ]; then
@ -282,11 +299,11 @@ gen_config_file() {
if [ "$redir_type" == "UDP" ]; then
if [ "$network_type" == "ipv6" ]; then
UDP_NODE1_IPV6=$server_ip
eval UDP_NODE${5}_IPV6=$server_ip
else
UDP_NODE1_IP=$server_ip
eval UDP_NODE${5}_IP=$server_ip
fi
UDP_NODE1_PORT=$port
eval UDP_NODE${5}_PORT=$port
if [ "$type" == "ss" -o "$type" == "ssr" ]; then
gen_ss_ssr_config_file $type $local_port 0 $node $config_file_path
elif [ "$type" == "v2ray" ]; then
@ -303,11 +320,12 @@ gen_config_file() {
if [ "$redir_type" == "TCP" ]; then
if [ "$network_type" == "ipv6" ]; then
TCP_NODE1_IPV6=$server_ip
eval TCP_NODE${5}_IPV6=$server_ip
else
TCP_NODE1_IP=$server_ip
eval TCP_NODE${5}_IP=$server_ip
fi
TCP_NODE1_PORT=$port
eval TCP_NODE${5}_PORT=$port
if [ "$type" == "v2ray" ]; then
lua /usr/lib/lua/luci/model/cbi/passwall/api/gen_v2ray_client_config_file.lua $node tcp $local_port nil >$config_file_path
elif [ "$type" == "trojan" ]; then
@ -384,7 +402,7 @@ start_tcp_redir() {
eval current_port=\$TCP_REDIR_PORT$i
local port=$(echo $(get_not_exists_port_after $current_port tcp))
eval TCP_REDIR_PORT$i=$port
gen_config_file $temp_server $port TCP $config_file
gen_config_file $temp_server $port TCP $config_file $i
if [ "$TYPE" == "v2ray" ]; then
v2ray_path=$(config_t_get global_app v2ray_file)
if [ -f "${v2ray_path}/v2ray" ]; then
@ -434,7 +452,7 @@ start_tcp_redir() {
if [ "$plugin" != "none" ]; then
[ "$plugin" == "v2ray-plugin" ] && {
local opts=$(config_n_get $temp_server ss_plugin_v2ray_opts)
plugin_params="--plugin v2ray-plugin --plugin-opts \"$opts\""
plugin_params="--plugin v2ray-plugin --plugin-opts $opts"
}
fi
for k in $(seq 1 $process); do
@ -442,7 +460,10 @@ start_tcp_redir() {
done
}
fi
echo $port > $CONFIG_PATH/port/TCP_${i}
echo $port > $RUN_PORT_PATH/TCP_${i}
eval ip=\$TCP_NODE${i}_IP
echo $ip > $RUN_IP_PATH/TCP_${i}
echo $temp_server > $RUN_ID_PATH/TCP_${i}
}
done
}
@ -456,7 +477,7 @@ start_udp_redir() {
eval current_port=\$UDP_REDIR_PORT$i
local port=$(echo $(get_not_exists_port_after $current_port udp))
eval UDP_REDIR_PORT$i=$port
gen_config_file $temp_server $port UDP $config_file
gen_config_file $temp_server $port UDP $config_file $i
if [ "$TYPE" == "v2ray" ]; then
v2ray_path=$(config_t_get global_app v2ray_file)
if [ -f "${v2ray_path}/v2ray" ]; then
@ -518,13 +539,16 @@ start_udp_redir() {
if [ "$plugin" != "none" ]; then
[ "$plugin" == "v2ray-plugin" ] && {
local opts=$(config_n_get $temp_server ss_plugin_v2ray_opts)
plugin_params="--plugin v2ray-plugin --plugin-opts \"$opts\""
plugin_params="--plugin v2ray-plugin --plugin-opts $opts"
}
fi
$ss_bin -c $config_file -f $RUN_PID_PATH/udp_${TYPE}_1_$i -U $plugin_params >/dev/null 2>&1 &
}
fi
echo $port > $CONFIG_PATH/port/UDP_${i}
echo $port > $RUN_PORT_PATH/UDP_${i}
eval ip=\$UDP_NODE${i}_IP
echo $ip > $RUN_IP_PATH/UDP_${i}
echo $temp_server > $RUN_ID_PATH/UDP_${i}
}
done
}
@ -538,7 +562,7 @@ start_socks5_proxy() {
eval current_port=\$SOCKS5_PROXY_PORT$i
local port=$(get_not_exists_port_after $current_port tcp)
eval SOCKS5_PROXY_PORT$i=$port
gen_config_file $temp_server $port Socks5 $config_file
gen_config_file $temp_server $port Socks5 $config_file $i
if [ "$TYPE" == "v2ray" ]; then
v2ray_path=$(config_t_get global_app v2ray_file)
if [ -f "${v2ray_path}/v2ray" ]; then
@ -571,13 +595,16 @@ start_socks5_proxy() {
if [ "$plugin" != "none" ]; then
[ "$plugin" == "v2ray-plugin" ] && {
local opts=$(config_n_get $temp_server ss_plugin_v2ray_opts)
plugin_params="--plugin v2ray-plugin --plugin-opts \"$opts\""
plugin_params="--plugin v2ray-plugin --plugin-opts $opts"
}
fi
$ss_bin -c $config_file -b 0.0.0.0 -u $plugin_params >/dev/null 2>&1 &
}
fi
echo $port > $CONFIG_PATH/port/Socks5_${i}
echo $port > $RUN_PORT_PATH/Socks5_${i}
eval ip=\$SOCKS5_NODE${i}_IP
echo $ip > $RUN_IP_PATH/SOCKS5_${i}
echo $temp_server > $RUN_ID_PATH/SOCKS5_${i}
fi
done
}
@ -691,146 +718,49 @@ start_dns() {
[ -n "$pdnsd_bin" ] && {
gen_pdnsd_config
nohup $pdnsd_bin --daemon -c $pdnsd_dir/pdnsd.conf -d >/dev/null 2>&1 &
echolog "运行DNS转发模式Pdnsd..."
echolog "运行DNS转发模式pdnsd..."
}
;;
chinadns-ng)
chinadns_ng_bin=$(find_bin chinadns-ng)
[ -n "$chinadns_ng_bin" ] && {
local dns1=$DNS1
[ "$DNS1" = "dnsbyisp" ] && dns1=$(cat /tmp/resolv.conf.auto 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | grep -v 0.0.0.0 | grep -v 127.0.0.1 | sed -n '1P')
local dns2=$DNS2
[ "$DNS2" = "dnsbyisp" ] && dns2=$(cat /tmp/resolv.conf.auto 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | grep -v 0.0.0.0 | grep -v 127.0.0.1 | sed -n '2P')
other_port=$(expr $DNS_PORT + 1)
cat $RULE_PATH/gfwlist.conf | sort | uniq | sed -e '/127.0.0.1/d' | sed 's/ipset=\/.//g' | sed 's/\/gfwlist//g' > $CONFIG_PATH/gfwlist_chinadns_ng.txt
[ -f "$CONFIG_PATH/gfwlist_chinadns_ng.txt" ] && local gfwlist_param="-g $CONFIG_PATH/gfwlist_chinadns_ng.txt"
[ -f "$RULE_PATH/chnlist" ] && local chnlist_param="-m $RULE_PATH/chnlist -M"
up_chinadns_ng_mode=$(config_t_get global up_chinadns_ng_mode "208.67.222.222")
case "$up_chinadns_ng_mode" in
208.67.222.222)
DNS_FORWARD=$up_chinadns_ng_mode
nohup $chinadns_ng_bin -l $DNS_PORT -c $dns1,$dns2 -t 208.67.222.222#443,208.67.222.222#5353 $gfwlist_param $chnlist_param >/dev/null 2>&1 &
echolog "运行DNS转发模式ChinaDNS-NG国内DNS$dns1, $dns2可信DNS208.67.222.222"
;;
208.67.220.220)
DNS_FORWARD=$up_chinadns_ng_mode
nohup $chinadns_ng_bin -l $DNS_PORT -c $dns1,$dns2 -t 208.67.220.220#443,208.67.220.220#5353 $gfwlist_param $chnlist_param >/dev/null 2>&1 &
echolog "运行DNS转发模式ChinaDNS-NG国内DNS$dns1, $dns2可信DNS208.67.220.220"
;;
dns2socks)
up_trust_chinadns_ng_dns=$(config_t_get global up_trust_chinadns_ng_dns "8.8.4.4,8.8.8.8")
if [ "$up_trust_chinadns_ng_dns" == "dns2socks" ]; then
if [ -n "$SOCKS5_NODE1" -a "$SOCKS5_NODE1" != "nil" ]; then
dns2socks_bin=$(find_bin dns2socks)
[ -n "$dns2socks_bin" ] && {
nohup $dns2socks_bin 127.0.0.1:$SOCKS5_PROXY_PORT1 ${DNS_FORWARD}:53 127.0.0.1:$other_port >/dev/null 2>&1 &
nohup $chinadns_ng_bin -l $DNS_PORT -c $dns1,$dns2 -t 127.0.0.1#$other_port $gfwlist_param $chnlist_param >/dev/null 2>&1 &
echolog "运行DNS转发模式ChinaDNS-NG + dns2socks国内DNS$dns1, $dns2"
nohup $chinadns_ng_bin -l $DNS_PORT -c $UP_CHINA_DNS -t 127.0.0.1#$other_port $gfwlist_param $chnlist_param >/dev/null 2>&1 &
echolog "运行DNS转发模式ChinaDNS-NG + dns2socks(${DNS_FORWARD}:53)国内DNS$UP_CHINA_DNS"
}
else
echolog "dns2socks模式需要使用Socks5代理节点请开启"
force_stop
fi
;;
custom)
up_chinadns_ng_custom=$(config_t_get global up_chinadns_ng_custom '208.67.222.222#443,208.67.222.222#5353')
nohup $chinadns_ng_bin -l $DNS_PORT -c $dns1,$dns2 -t $up_chinadns_ng_custom $gfwlist_param $chnlist_param >/dev/null 2>&1 &
echolog "运行DNS转发模式ChinaDNS-NG国内DNS$dns1, $dns2可信DNS$up_chinadns_ng_custom"
;;
esac
else
if [ -z "$UDP_NODE1" -o "$UDP_NODE1" == "nil" ]; then
nohup $chinadns_ng_bin -l $DNS_PORT -c $UP_CHINA_DNS -t 208.67.222.222#443,208.67.222.222#5353 $gfwlist_param $chnlist_param >/dev/null 2>&1 &
echolog "运行DNS转发模式ChinaDNS-NG国内DNS$UP_CHINA_DNS因为你没有使用UDP节点将使用OpenDNS 443端口或5353端口作为可信DNS。"
else
use_udp_node_resolve_dns=1
DNS_FORWARD=$(echo $up_trust_chinadns_ng_dns | sed 's/,/ /g')
nohup $chinadns_ng_bin -l $DNS_PORT -c $UP_CHINA_DNS -t $up_trust_chinadns_ng_dns $gfwlist_param $chnlist_param >/dev/null 2>&1 &
echolog "运行DNS转发模式ChinaDNS-NG国内DNS$UP_CHINA_DNS可信DNS$up_trust_chinadns_ng_dns"
fi
fi
}
;;
esac
echolog "若不正常,请尝试其他模式!"
}
add_dnsmasq() {
mkdir -p $TMP_DNSMASQ_PATH $DNSMASQ_PATH /var/dnsmasq.d
local wirteconf dnsconf dnsport isp_dns isp_ip
dnsport=$(config_t_get global_dns dns_port)
[ -z "$dnsport" ] && dnsport=0
if [ "$DNS1" = "dnsbyisp" -o "$DNS2" = "dnsbyisp" ]; then
cat >/etc/dnsmasq.conf <<EOF
all-servers
no-poll
no-resolv
cache-size=2048
local-ttl=60
neg-ttl=3600
max-cache-ttl=1200
EOF
echolog "生成Dnsmasq配置文件。"
if [ "$dnsport" != "0" ]; then
failcount=0
while [ "$failcount" -lt "10" ]; do
interface=$(ifconfig | grep "$dnsport" | awk '{print $1}')
if [ -z "$interface" ]; then
echolog "找不到出口接口:$dnsport1分钟后再重试"
let "failcount++"
[ "$failcount" -ge 10 ] && exit 0
sleep 1m
else
[ "$DNS1" != "dnsbyisp" ] && {
route add -host ${DNS1} dev ${dnsport}
echolog "添加DNS1出口路由表$dnsport"
echo server=$DNS1 >>/etc/dnsmasq.conf
}
[ "$DNS2" != "dnsbyisp" ] && {
route add -host ${DNS2} dev ${dnsport}
echolog "添加DNS2出口路由表$dnsport"
echo server=$DNS2 >>/etc/dnsmasq.conf
}
break
fi
done
else
isp_dnss=$(cat /tmp/resolv.conf.auto 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | sort -u | grep -v 0.0.0.0 | grep -v 127.0.0.1)
[ -n "$isp_dnss" ] && {
for isp_dns in $isp_dnss; do
echo server=$isp_dns >>/etc/dnsmasq.conf
done
}
[ "$DNS1" != "dnsbyisp" ] && {
echo server=$DNS1 >>/etc/dnsmasq.conf
}
[ "$DNS2" != "dnsbyisp" ] && {
echo server=$DNS2 >>/etc/dnsmasq.conf
}
fi
else
wirteconf=$(cat /etc/dnsmasq.conf 2>/dev/null | grep "server=$DNS1")
dnsconf=$(cat /etc/dnsmasq.conf 2>/dev/null | grep "server=$DNS2")
if [ "$dnsport" != "0" ]; then
failcount=0
while [ "$failcount" -lt "10" ]; do
interface=$(ifconfig | grep "$dnsport" | awk '{print $1}')
if [ -z "$interface" ]; then
echolog "找不到出口接口:$dnsport1分钟后再重试"
let "failcount++"
[ "$failcount" -ge 10 ] && exit 0
sleep 1m
else
route add -host ${DNS1} dev ${dnsport}
echolog "添加DNS1出口路由表$dnsport"
route add -host ${DNS2} dev ${dnsport}
echolog "添加DNS2出口路由表$dnsport"
break
fi
done
fi
if [ -z "$wirteconf" ] || [ -z "$dnsconf" ]; then
cat >/etc/dnsmasq.conf <<EOF
all-servers
no-poll
no-resolv
server=$DNS1
server=$DNS2
cache-size=2048
local-ttl=60
neg-ttl=3600
max-cache-ttl=1200
EOF
echolog "生成Dnsmasq配置文件。"
fi
fi
# if [ -n "cat /var/state/network |grep pppoe|awk -F '.' '{print $2}'" ]; then
# sed -i '/except-interface/d' /etc/dnsmasq.conf >/dev/null 2>&1 &
# for wanname in $(cat /var/state/network |grep pppoe|awk -F '.' '{print $2}')
@ -877,13 +807,24 @@ EOF
rm -rf $TMP_DNSMASQ_PATH/blacklist_host.conf
rm -rf $TMP_DNSMASQ_PATH/whitelist_host.conf
restdns=1
echolog "生成回国模式Dnsmasq配置文件。"
fi
echo "conf-dir=$TMP_DNSMASQ_PATH" >/var/dnsmasq.d/dnsmasq-$CONFIG.conf
echo "conf-dir=$TMP_DNSMASQ_PATH" >$DNSMASQ_PATH/dnsmasq-$CONFIG.conf
echo "" > /etc/dnsmasq.conf
server="server=127.0.0.1#$DNS_PORT"
local china_dns1=$(echo $UP_CHINA_DNS | awk -F "," '{print $1}')
local china_dns2=$(echo $UP_CHINA_DNS | awk -F "," '{print $2}')
[ -n "$china_dns1" ] && server="server=$china_dns1"
[ -n "$china_dns2" ] && server="${server}\n${server_2}"
cat <<-EOF > /var/dnsmasq.d/dnsmasq-$CONFIG.conf
$(echo -e $server)
all-servers
no-poll
no-resolv
conf-dir=$TMP_DNSMASQ_PATH
EOF
cp -rf /var/dnsmasq.d/dnsmasq-$CONFIG.conf $DNSMASQ_PATH/dnsmasq-$CONFIG.conf
if [ "$restdns" == 1 ]; then
echolog "重启Dnsmasq。。。"
echolog "dnsmasq生成配置文件并重启服务。"
/etc/init.d/dnsmasq restart 2>/dev/null
fi
}
@ -1073,7 +1014,7 @@ start_haproxy() {
bind 0.0.0.0:$bport
mode tcp
EOF
for i in $(seq 0 100); do
for i in $(seq 0 50); do
bips=$(config_t_get balancing lbss '' $i)
bports=$(config_t_get balancing lbort '' $i)
bweight=$(config_t_get balancing lbweight '' $i)
@ -1082,35 +1023,39 @@ start_haproxy() {
if [ -z "$bips" ] || [ -z "$bports" ]; then
break
fi
local bip=$(echo $bips | awk -F ":" '{print $1}')
local bport=$(echo $bips | awk -F ":" '{print $2}')
[ "$bports" != "default" ] && bport=$bports
[ -z "$bport" ] && break
if [ "$bbackup" = "1" ]; then
bbackup=" backup"
echolog "添加故障转移备节点:$bips"
echolog "负载均衡:添加故障转移备节点:$bip"
else
bbackup=""
echolog "添加负载均衡主节点:$bips"
echolog "负载均衡:添加负载均衡主节点:$bip"
fi
#si=$(echo $bips | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}")
#si=$(echo $bip | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}")
#if [ -z "$si" ]; then
# bips=$(resolveip -4 -t 2 $bips | awk 'NR==1{print}')
# if [ -z "$bips" ]; then
# bips=$(nslookup $bips localhost | sed '1,4d' | awk '{print $3}' | grep -v : | awk 'NR==1{print}')
# bip=$(resolveip -4 -t 2 $bip | awk 'NR==1{print}')
# if [ -z "$bip" ]; then
# bip=$(nslookup $bip localhost | sed '1,4d' | awk '{print $3}' | grep -v : | awk 'NR==1{print}')
# fi
# echolog "负载均衡${i} IP为$bips"
# echolog "负载均衡${i} IP为$bip"
#fi
echo " server server_$i $bips:$bports weight $bweight check inter 1500 rise 1 fall 3 $bbackup" >>$HAPROXY_FILE
echo " server $bip:$bport $bip:$bport weight $bweight check inter 1500 rise 1 fall 3 $bbackup" >> $HAPROXY_FILE
if [ "$exports" != "0" ]; then
failcount=0
while [ "$failcount" -lt "10" ]; do
while [ "$failcount" -lt "3" ]; do
interface=$(ifconfig | grep "$exports" | awk '{print $1}')
if [ -z "$interface" ]; then
echolog "找不到出口接口:$exports1分钟后再重试"
let "failcount++"
[ "$failcount" -ge 10 ] && exit 0
[ "$failcount" -ge 3 ] && exit 0
sleep 1m
else
route add -host ${bips} dev ${exports}
route add -host ${bip} dev ${exports}
echolog "添加SS出口路由表$exports"
echo "$bips" >>/tmp/balancing_ip
echo "$bip" >>/tmp/balancing_ip
break
fi
done
@ -1120,7 +1065,7 @@ start_haproxy() {
console_port=$(config_t_get global_haproxy console_port)
console_user=$(config_t_get global_haproxy console_user)
console_password=$(config_t_get global_haproxy console_password)
cat <<-EOF >>$HAPROXY_FILE
cat <<-EOF >> $HAPROXY_FILE
listen status
bind 0.0.0.0:$console_port
@ -1131,46 +1076,21 @@ start_haproxy() {
#stats hide-version
stats admin if TRUE
EOF
nohup $haproxy_bin -f $HAPROXY_FILE 2>&1
echolog "负载均衡运行成功!"
nohup $haproxy_bin -f $HAPROXY_FILE >/dev/null 2>&1 &
[ "$?" == 0 ] && echolog "负载均衡运行成功!" || echolog "负载均衡:运行失败!"
}
}
}
add_vps_port() {
multiwan=$(config_t_get global_dns wan_port 0)
if [ "$multiwan" != "0" ]; then
failcount=0
while [ "$failcount" -lt "10" ]; do
interface=$(ifconfig | grep "$multiwan" | awk '{print $1}')
if [ -z "$interface" ]; then
echolog "找不到出口接口:$multiwan1分钟后再重试"
let "failcount++"
[ "$failcount" -ge 10 ] && exit 0
sleep 1m
else
route add -host ${TCP_NODE1_IP} dev ${multiwan}
route add -host ${UDP_NODE1_IP} dev ${multiwan}
echolog "添加SS出口路由表$multiwan"
echo "$TCP_NODE1_IP" >$CONFIG_PATH/tcp_ip
echo "$UDP_NODE1_IP" >$CONFIG_PATH/udp_ip
break
fi
done
fi
}
del_vps_port() {
tcp_ip=$(cat $CONFIG_PATH/tcp_ip 2>/dev/null)
udp_ip=$(cat $CONFIG_PATH/udp_ip 2>/dev/null)
[ -n "$tcp_ip" ] && route del -host ${tcp_ip}
[ -n "$udp_ip" ] && route del -host ${udp_ip}
}
kill_all() {
kill -9 $(pidof $@) >/dev/null 2>&1 &
}
force_stop() {
rm -f "$LOCK_FILE"
exit 0
}
boot() {
local delay=$(config_t_get global_delay start_delay 0)
if [ "$delay" -gt 0 ]; then
@ -1188,19 +1108,18 @@ start() {
! load_config && return 1
[ -f "$LOCK_FILE" ] && return 3
touch "$LOCK_FILE"
add_vps_port
start_dns
add_dnsmasq
start_haproxy
start_socks5_proxy
start_tcp_redir
start_udp_redir
start_dns
add_dnsmasq
source $APP_PATH/iptables.sh start
/etc/init.d/dnsmasq restart >/dev/null 2>&1 &
start_crontab
set_cru
rm -f "$LOCK_FILE"
echolog "运行完成!"
echolog "运行完成!\n"
return 0
}
@ -1210,7 +1129,6 @@ stop() {
done
clean_log
source $APP_PATH/iptables.sh stop
del_vps_port
kill_all brook dns2socks haproxy chinadns-ng ipt2socks v2ray-plugin
ps -w | grep -E "$CONFIG_TCP_FILE|$CONFIG_UDP_FILE|$CONFIG_SOCKS5_FILE" | grep -v "grep" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 &
ps -w | grep -E "$CONFIG_PATH" | grep -v "grep" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 &
@ -1220,12 +1138,13 @@ stop() {
rm -rf $CONFIG_PATH
stop_dnsmasq
stop_crontab
echolog "关闭相关程序,清理相关文件和缓存完成。\n"
echolog "关闭相关程序,清理相关文件和缓存完成。"
sleep 1s
}
case $1 in
stop)
[ -n "$2" -a "$2" == "force" ] && force_stop
stop
;;
start)

321
package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh
View File

@ -11,6 +11,7 @@ IPSET_WHITELIST="whitelist"
iptables_nat="iptables -t nat"
iptables_mangle="iptables -t mangle"
ip6tables_nat="ip6tables -t nat"
iptables_comment="-m comment --comment PassWall"
factor() {
if [ -z "$1" ] || [ -z "$2" ]; then
@ -39,25 +40,30 @@ get_ip_mark() {
fi
}
get_dst_list() {
echo "-m set --match-set $1 dst"
}
get_action_chain() {
case "$1" in
disable)
echo "RETURN"
;;
global)
echo "SS_GLO"
echo "PSW_GLO"
;;
gfwlist)
echo "SS_GFW"
echo "PSW_GFW"
;;
chnroute)
echo "SS_CHN"
echo "PSW_CHN"
;;
gamemode)
echo "SS_GAME"
echo "PSW_GAME"
;;
returnhome)
echo "SS_HOME"
echo "PSW_HOME"
;;
esac
}
@ -132,17 +138,24 @@ load_acl() {
[ -n "$ip" ] && echolog "访问控制IP$ip,代理模式:$(get_action_chain_name $proxy_mode)"
[ -n "$mac" ] && echolog "访问控制MAC$mac,代理模式:$(get_action_chain_name $proxy_mode)"
fi
[ "$TCP_NODE" != "nil" ] && {
#local TCP_NODE_TYPE=$(echo $(config_get $TCP_NODE type) | tr 'A-Z' 'a-z')
$iptables_mangle -A SS_ACL $(factor $ip "-s") -p tcp -m set --match-set $IPSET_BLACKLIST dst -m comment --comment "$remarks" -j TTL --ttl-set 14$tcp_node
$iptables_mangle -A SS_ACL $(factor $ip "-s") -p tcp $(factor $mac "-m mac --mac-source") $(factor $tcp_redir_ports "-m multiport --dport") -m comment --comment "$remarks" -$(get_jump_mode $proxy_mode) $(get_action_chain $proxy_mode)$tcp_node
}
[ "$UDP_NODE" != "nil" ] && {
#local UDP_NODE_TYPE=$(echo $(config_get $UDP_NODE type) | tr 'A-Z' 'a-z')
eval udp_redir_port=\$UDP_REDIR_PORT$udp_node
$iptables_mangle -A SS_ACL $(factor $ip "-s") -p udp -m set --match-set $IPSET_BLACKLIST dst -m comment --comment "$remarks" -j TPROXY --on-port $udp_redir_port --tproxy-mark 0x1/0x1
$iptables_mangle -A SS_ACL $(factor $ip "-s") -p udp $(factor $mac "-m mac --mac-source") $(factor $udp_redir_ports "-m multiport --dport") -m comment --comment "$remarks" -$(get_jump_mode $proxy_mode) $(get_action_chain $proxy_mode)$udp_node
}
if [ "$proxy_mode" == "disable" ]; then
$iptables_nat -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp -m comment --comment "$remarks" -j RETURN
$iptables_mangle -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp -m comment --comment "$remarks" -j RETURN
else
[ "$TCP_NODE" != "nil" ] && {
#local TCP_NODE_TYPE=$(echo $(config_get $TCP_NODE type) | tr 'A-Z' 'a-z')
eval tcp_redir_port=\$TCP_REDIR_PORT$tcp_node
$iptables_nat -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp $(get_dst_list $IPSET_BLACKLIST) -m comment --comment "$remarks" -j REDIRECT --to-ports $tcp_redir_port
$iptables_nat -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp $(factor $tcp_redir_ports "-m multiport --dport") -m comment --comment "$remarks" -$(get_jump_mode $proxy_mode) $(get_action_chain $proxy_mode)$tcp_node
}
[ "$UDP_NODE" != "nil" ] && {
#local UDP_NODE_TYPE=$(echo $(config_get $UDP_NODE type) | tr 'A-Z' 'a-z')
eval udp_redir_port=\$UDP_REDIR_PORT$udp_node
$iptables_mangle -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp $(get_dst_list $IPSET_BLACKLIST) -m comment --comment "$remarks" -j TPROXY --on-port $udp_redir_port --tproxy-mark 0x1/0x1
$iptables_mangle -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp $(factor $udp_redir_ports "-m multiport --dport") -m comment --comment "$remarks" -$(get_jump_mode $proxy_mode) $(get_action_chain $proxy_mode)$udp_node
}
fi
[ -z "$ip" ] && {
lower_mac=$(echo $mac | tr '[A-Z]' '[a-z]')
ip=$(ip neigh show | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | grep $lower_mac | awk '{print $1}')
@ -170,20 +183,20 @@ filter_vpsip() {
}
dns_hijack() {
dnshijack=$(config_t_get global_dns dns_53)
dnshijack=$(config_t_get global dns_53)
if [ "$dnshijack" = "1" -o "$1" = "force" ]; then
chromecast_nu=$($iptables_nat -L SS -v -n --line-numbers | grep "dpt:53" | awk '{print $1}')
is_right_lanip=$($iptables_nat -L SS -v -n --line-numbers | grep "dpt:53" | grep "$lanip")
chromecast_nu=$($iptables_nat -L PSW -v -n --line-numbers | grep "dpt:53" | awk '{print $1}')
is_right_lanip=$($iptables_nat -L PSW -v -n --line-numbers | grep "dpt:53" | grep "$lanip")
if [ -z "$chromecast_nu" ]; then
echolog "添加接管局域网DNS解析规则..."
$iptables_nat -I SS -i br-lan -p udp --dport 53 -j DNAT --to $lanip 2>/dev/null
echolog "添加DNS劫持规则..."
$iptables_nat -I PSW -i br-lan -p udp --dport 53 -j DNAT --to $lanip 2>/dev/null
else
if [ -z "$is_right_lanip" ]; then
echolog "添加接管局域网DNS解析规则..."
$iptables_nat -D SS $chromecast_nu >/dev/null 2>&1 &
$iptables_nat -I SS -i br-lan -p udp --dport 53 -j DNAT --to $lanip 2>/dev/null
echolog "添加DNS劫持规则..."
$iptables_nat -D PSW $chromecast_nu >/dev/null 2>&1 &
$iptables_nat -I PSW -i br-lan -p udp --dport 53 -j DNAT --to $lanip 2>/dev/null
else
echolog " DNS劫持规则已经添加跳过~" >>$LOG_FILE
echolog "DNS劫持规则已经添加跳过~" >>$LOG_FILE
fi
fi
fi
@ -195,7 +208,8 @@ add_firewall_rule() {
ipset -! create $IPSET_LANIPLIST nethash && ipset flush $IPSET_LANIPLIST
ipset -! create $IPSET_VPSIPLIST nethash && ipset flush $IPSET_VPSIPLIST
ipset -! create $IPSET_ROUTER nethash && ipset flush $IPSET_ROUTER
ipset -! create $IPSET_GFW nethash && ipset flush $IPSET_GFW
#ipset -! create $IPSET_GFW nethash && ipset flush $IPSET_GFW
ipset -! create $IPSET_GFW nethash
ipset -! create $IPSET_CHN nethash && ipset flush $IPSET_CHN
ipset -! create $IPSET_BLACKLIST nethash && ipset flush $IPSET_BLACKLIST
ipset -! create $IPSET_WHITELIST nethash && ipset flush $IPSET_WHITELIST
@ -211,7 +225,7 @@ add_firewall_rule() {
ISP_DNS=$(cat /tmp/resolv.conf.auto 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | sort -u | grep -v 0.0.0.0 | grep -v 127.0.0.1)
[ -n "$ISP_DNS" ] && {
for ispip in $ISP_DNS; do
ipset -! add $IPSET_WHITELIST $ispip >/dev/null 2>&1 &
ipset -! add $IPSET_LANIPLIST $ispip >/dev/null 2>&1 &
done
}
@ -222,23 +236,35 @@ add_firewall_rule() {
# 过滤所有节点IP
config_foreach filter_vpsip "nodes"
$iptables_nat -N PSW
$iptables_nat -A PSW $(get_dst_list $IPSET_LANIPLIST) -j RETURN
$iptables_nat -A PSW $(get_dst_list $IPSET_VPSIPLIST) -j RETURN
$iptables_nat -A PSW $(get_dst_list $IPSET_WHITELIST) -j RETURN
$iptables_nat -N PSW_ACL
$iptables_mangle -N SS
$iptables_mangle -A SS -m set --match-set $IPSET_LANIPLIST dst -j RETURN
$iptables_mangle -A SS -m set --match-set $IPSET_VPSIPLIST dst -j RETURN
$iptables_mangle -A SS -m set --match-set $IPSET_WHITELIST dst -j RETURN
$iptables_mangle -N SS_ACL
$iptables_mangle -N PSW
$iptables_mangle -A PSW $(get_dst_list $IPSET_LANIPLIST) -j RETURN
$iptables_mangle -A PSW $(get_dst_list $IPSET_VPSIPLIST) -j RETURN
$iptables_mangle -A PSW $(get_dst_list $IPSET_WHITELIST) -j RETURN
$iptables_mangle -N PSW_ACL
if [[ "$TCP_NODE_NUM" -ge 1 ]] || [[ "$UDP_NODE_NUM" -ge 1 ]]; then
local max_num=1
[ "$TCP_NODE_NUM" -ge "$UDP_NODE_NUM" ] && max_num=$TCP_NODE_NUM
if [ "$max_num" -ge 1 ]; then
for i in $(seq 1 $max_num); do
$iptables_mangle -N SS_GLO$i
$iptables_mangle -N SS_GFW$i
$iptables_mangle -N SS_CHN$i
$iptables_mangle -N SS_HOME$i
$iptables_mangle -N SS_GAME$i
$iptables_nat -N PSW_GLO$i
$iptables_nat -N PSW_GFW$i
$iptables_nat -N PSW_CHN$i
$iptables_nat -N PSW_HOME$i
$iptables_nat -N PSW_GAME$i
$iptables_mangle -N PSW_GLO$i
$iptables_mangle -N PSW_GFW$i
$iptables_mangle -N PSW_CHN$i
$iptables_mangle -N PSW_HOME$i
$iptables_mangle -N PSW_GAME$i
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
@ -254,7 +280,7 @@ add_firewall_rule() {
local address=$(config_get $temp_server address)
local SOCKS5_NODE_PORT=$(config_get $temp_server port)
local SOCKS5_NODE_IP=$(get_host_ip "ipv4" $address)
[ -n "$SOCKS5_NODE_IP" -a -n "$SOCKS5_NODE_PORT" ] && $iptables_mangle -A SS -p tcp -d $SOCKS5_NODE_IP -m multiport --dports $SOCKS5_NODE_PORT -j RETURN
[ -n "$SOCKS5_NODE_IP" -a -n "$SOCKS5_NODE_PORT" ] && $iptables_nat -A PSW -p tcp -d $SOCKS5_NODE_IP -m multiport --dports $SOCKS5_NODE_PORT -j RETURN
fi
done
fi
@ -272,53 +298,52 @@ add_firewall_rule() {
local TCP_NODE_PORT=$(config_get $temp_server port)
local TCP_NODE_IP=$(get_host_ip "ipv4" $address)
local TCP_NODE_TYPE=$(echo $(config_get $temp_server type) | tr 'A-Z' 'a-z')
[ -n "$TCP_NODE_IP" -a -n "$TCP_NODE_PORT" ] && $iptables_mangle -A SS -p tcp -d $TCP_NODE_IP -m multiport --dports $TCP_NODE_PORT -j RETURN
[ -n "$TCP_NODE_IP" -a -n "$TCP_NODE_PORT" ] && $iptables_nat -A PSW -p tcp -d $TCP_NODE_IP -m multiport --dports $TCP_NODE_PORT -j RETURN
if [ "$TCP_NODE_TYPE" == "brook" ]; then
$iptables_mangle -A SS_ACL -p tcp -m socket -j MARK --set-mark 1
$iptables_mangle -A PSW_ACL -p tcp -m socket -j MARK --set-mark 1
# $iptables_mangle -A SS$k -p tcp -m set --match-set $IPSET_BLACKLIST dst -j TPROXY --on-port $local_port --tproxy-mark 0x1/0x1
# $iptables_mangle -A PSW$k -p tcp $(get_dst_list $IPSET_BLACKLIST) -j TPROXY --on-port $local_port --tproxy-mark 0x1/0x1
# 全局模式
$iptables_mangle -A SS_GLO$k -p tcp -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port
$iptables_mangle -A PSW_GLO$k -p tcp -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port
# GFWLIST模式
$iptables_mangle -A SS_GFW$k -p tcp -m set --match-set $IPSET_GFW dst -j TPROXY --on-port $local_port --tproxy-mark 0x1/0x1
$iptables_mangle -A SS_GFW$k -p tcp -m set --match-set $IPSET_ROUTER dst -j TPROXY --on-port $local_port --tproxy-mark 0x1/0x1
$iptables_mangle -A PSW_GFW$k -p tcp $(get_dst_list $IPSET_GFW) -j TPROXY --on-port $local_port --tproxy-mark 0x1/0x1
# 大陆白名单模式
$iptables_mangle -A SS_CHN$k -p tcp -m set --match-set $IPSET_CHN dst -j RETURN
$iptables_mangle -A SS_CHN$k -p tcp -j TPROXY --on-port $local_port --tproxy-mark 0x1/0x1
$iptables_mangle -A PSW_CHN$k -p tcp $(get_dst_list $IPSET_CHN) -j RETURN
$iptables_mangle -A PSW_CHN$k -p tcp -j TPROXY --on-port $local_port --tproxy-mark 0x1/0x1
# 回国模式
$iptables_mangle -A SS_HOME$k -p tcp -m set --match-set $IPSET_CHN dst -j TPROXY --on-port $local_port --tproxy-mark 0x1/0x1
$iptables_mangle -A PSW_HOME$k -p tcp $(get_dst_list $IPSET_CHN) -j TPROXY --on-port $local_port --tproxy-mark 0x1/0x1
# 游戏模式
$iptables_mangle -A SS_GAME$k -p tcp -m set --match-set $IPSET_CHN dst -j RETURN
$iptables_mangle -A PSW_GAME$k -p tcp $(get_dst_list $IPSET_CHN) -j RETURN
# 用于本机流量转发默认只走router
$iptables_mangle -A SS -s $lan_ip -p tcp -m set --match-set $IPSET_ROUTER dst -j TPROXY --on-port $local_port --tproxy-mark 0x1/0x1
$iptables_mangle -A OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS -m set --match-set $IPSET_ROUTER dst -j MARK --set-mark 1
$iptables_mangle -A PSW -s $lan_ip -p tcp $(get_dst_list $IPSET_ROUTER) -j TPROXY --on-port $local_port --tproxy-mark 0x1/0x1
$iptables_mangle -A OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS $(get_dst_list $IPSET_ROUTER) $iptables_comment -j MARK --set-mark 1
else
# 全局模式
$iptables_mangle -A SS_GLO$k -p tcp -j TTL --ttl-set $ttl
$iptables_nat -A PSW_GLO$k -p tcp -j REDIRECT --to-ports $local_port
# GFWLIST模式
$iptables_mangle -A SS_GFW$k -p tcp -m set --match-set $IPSET_GFW dst -j TTL --ttl-set $ttl
$iptables_mangle -A SS_GFW$k -p tcp -m set --match-set $IPSET_ROUTER dst -j TTL --ttl-set $ttl
$iptables_nat -A PSW_GFW$k -p tcp $(get_dst_list $IPSET_ROUTER) -j REDIRECT --to-ports $local_port
$iptables_nat -A PSW_GFW$k -p tcp $(get_dst_list $IPSET_GFW) -j REDIRECT --to-ports $local_port
# 大陆白名单模式
$iptables_mangle -A SS_CHN$k -p tcp -m set --match-set $IPSET_CHN dst -j RETURN
#$iptables_mangle -A SS_CHN$k -p tcp -m geoip ! --destination-country CN -j TTL --ttl-set $ttl
$iptables_mangle -A SS_CHN$k -p tcp -j TTL --ttl-set $ttl
$iptables_nat -A PSW_CHN$k -p tcp $(get_dst_list $IPSET_CHN) -j RETURN
#$iptables_nat -A PSW_CHN$k -p tcp -m geoip ! --destination-country CN -j REDIRECT --to-ports $local_port
$iptables_nat -A PSW_CHN$k -p tcp -j REDIRECT --to-ports $local_port
# 回国模式
#$iptables_mangle -A SS_HOME$k -p tcp -m geoip --destination-country CN -j TTL --ttl-set $ttl
$iptables_mangle -A SS_HOME$k -p tcp -m set --match-set $IPSET_CHN dst -j TTL --ttl-set $ttl
#$iptables_nat -A PSW_HOME$k -p tcp -m geoip --destination-country CN -j REDIRECT --to-ports $local_port
$iptables_nat -A PSW_HOME$k -p tcp $(get_dst_list $IPSET_CHN) -j REDIRECT --to-ports $local_port
# 游戏模式
$iptables_mangle -A SS_GAME$k -p tcp -m set --match-set $IPSET_CHN dst -j RETURN
$iptables_nat -A PSW_GAME$k -p tcp $(get_dst_list $IPSET_CHN) -j RETURN
[ "$k" == 1 ] && {
$iptables_nat -N SS
[ "$use_tcp_node_resolve_dns" == 1 -a -n "$DNS_FORWARD" ] && $iptables_nat -I PSW 2 -p tcp -d $DNS_FORWARD -m multiport --dport 1:65535 -j REDIRECT --to-ports $local_port
is_add_prerouting=0
@ -326,7 +351,7 @@ add_firewall_rule() {
if [ -n "$KP_INDEX" ]; then
let KP_INDEX+=1
#确保添加到KOOLPROXY规则之后
$iptables_nat -I PREROUTING $KP_INDEX -j SS
$iptables_nat -I PREROUTING $KP_INDEX -j PSW
is_add_prerouting=1
fi
@ -334,7 +359,7 @@ add_firewall_rule() {
if [ -n "$ADBYBY_INDEX" ]; then
let ADBYBY_INDEX+=1
#确保添加到ADBYBY规则之后
$iptables_nat -I PREROUTING $ADBYBY_INDEX -j SS
$iptables_nat -I PREROUTING $ADBYBY_INDEX -j PSW
is_add_prerouting=1
fi
@ -346,49 +371,50 @@ add_firewall_rule() {
else
let PR_INDEX+=1
fi
$iptables_nat -I PREROUTING $PR_INDEX -j SS
$iptables_nat -I PREROUTING $PR_INDEX -j PSW
fi
# 用于本机流量转发默认只走router
#$iptables_nat -I OUTPUT -j SS
$iptables_nat -A OUTPUT -m set --match-set $IPSET_LANIPLIST dst -m comment --comment "PassWall" -j RETURN
[ "$use_tcp_node_resolve_dns" == 1 -a -n "$DNS_FORWARD" ] && $iptables_nat -A OUTPUT -p tcp -d $DNS_FORWARD -m multiport --dport 1:65535 -m comment --comment "PassWall" -j REDIRECT --to-ports $TCP_REDIR_PORT1
$iptables_nat -A OUTPUT -m set --match-set $IPSET_VPSIPLIST dst -m comment --comment "PassWall" -j RETURN
$iptables_nat -A OUTPUT -m set --match-set $IPSET_WHITELIST dst -m comment --comment "PassWall" -j RETURN
$iptables_nat -A OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS -m set --match-set $IPSET_ROUTER dst -m comment --comment "PassWall" -j REDIRECT --to-ports $TCP_REDIR_PORT1
$iptables_nat -A OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS -m set --match-set $IPSET_BLACKLIST dst -m comment --comment "PassWall" -j REDIRECT --to-ports $TCP_REDIR_PORT1
#$iptables_nat -I OUTPUT -j PSW
$iptables_nat -A OUTPUT $(get_dst_list $IPSET_LANIPLIST) $iptables_comment -j RETURN
[ "$use_tcp_node_resolve_dns" == 1 -a -n "$DNS_FORWARD" ] && $iptables_nat -A OUTPUT -p tcp -d $DNS_FORWARD -m multiport --dport 1:65535 $iptables_comment -j REDIRECT --to-ports $TCP_REDIR_PORT1
$iptables_nat -A OUTPUT $(get_dst_list $IPSET_VPSIPLIST) $iptables_comment -j RETURN
$iptables_nat -A OUTPUT $(get_dst_list $IPSET_WHITELIST) $iptables_comment -j RETURN
$iptables_nat -A OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS $(get_dst_list $IPSET_ROUTER) $iptables_comment -j REDIRECT --to-ports $TCP_REDIR_PORT1
$iptables_nat -A OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS $(get_dst_list $IPSET_BLACKLIST) $iptables_comment -j REDIRECT --to-ports $TCP_REDIR_PORT1
[ "$LOCALHOST_PROXY_MODE" == "global" ] && $iptables_nat -A OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS -m comment --comment "PassWall" -j REDIRECT --to-ports $TCP_REDIR_PORT1
[ "$LOCALHOST_PROXY_MODE" == "gfwlist" ] && $iptables_nat -A OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS -m set --match-set $IPSET_GFW dst -m comment --comment "PassWall" -j REDIRECT --to-ports $TCP_REDIR_PORT1
[ "$LOCALHOST_PROXY_MODE" == "global" ] && $iptables_nat -A OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS $iptables_comment -j REDIRECT --to-ports $TCP_REDIR_PORT1
[ "$LOCALHOST_PROXY_MODE" == "gfwlist" ] && $iptables_nat -A OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS $(get_dst_list $IPSET_GFW) $iptables_comment -j REDIRECT --to-ports $TCP_REDIR_PORT1
[ "$LOCALHOST_PROXY_MODE" == "chnroute" ] && {
$iptables_nat -A OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS -m set ! --match-set $IPSET_CHN dst -m comment --comment "PassWall" -j REDIRECT --to-ports $TCP_REDIR_PORT1
$iptables_nat -A OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS -m set ! --match-set $IPSET_CHN dst $iptables_comment -j REDIRECT --to-ports $TCP_REDIR_PORT1
}
}
# 重定所有流量到透明代理端口
$iptables_nat -A SS -p tcp -m ttl --ttl-eq $ttl -j REDIRECT --to $local_port
# $iptables_nat -A PSW -p tcp -m ttl --ttl-eq $ttl -j REDIRECT --to $local_port
echolog "IPv4 防火墙TCP转发规则加载完成"
fi
if [ "$PROXY_IPV6" == "1" ]; then
lan_ipv6=$(ip address show br-lan | grep -w "inet6" | awk '{print $2}') #当前LAN IPv6段
$ip6tables_nat -N SS
$ip6tables_nat -N SS_ACL
$ip6tables_nat -A PREROUTING -j SS
$ip6tables_nat -N PSW
$ip6tables_nat -N PSW_ACL
$ip6tables_nat -A PREROUTING -j PSW
[ -n "$lan_ipv6" ] && {
for ip in $lan_ipv6; do
$ip6tables_nat -A SS -d $ip -j RETURN
$ip6tables_nat -A PSW -d $ip -j RETURN
done
}
[ "$use_ipv6" == "1" -a -n "$server_ip" ] && $ip6tables_nat -A SS -d $server_ip -j RETURN
$ip6tables_nat -N SS_GLO$k
$ip6tables_nat -N SS_GFW$k
$ip6tables_nat -N SS_CHN$k
$ip6tables_nat -N SS_HOME$k
$ip6tables_nat -A SS_GLO$k -p tcp -j REDIRECT --to $TCP_REDIR_PORT
$ip6tables_nat -A SS -j SS_GLO$k
#$ip6tables_nat -I OUTPUT -p tcp -j SS
[ "$use_ipv6" == "1" -a -n "$server_ip" ] && $ip6tables_nat -A PSW -d $server_ip -j RETURN
$ip6tables_nat -N PSW_GLO$k
$ip6tables_nat -N PSW_GFW$k
$ip6tables_nat -N PSW_CHN$k
$ip6tables_nat -N PSW_HOME$k
$ip6tables_nat -A PSW_GLO$k -p tcp -j REDIRECT --to $TCP_REDIR_PORT
$ip6tables_nat -A PSW -j PSW_GLO$k
#$ip6tables_nat -I OUTPUT -p tcp -j PSW
echolog "IPv6防火墙规则加载完成"
fi
fi
done
$iptables_nat -A PSW -j PSW_ACL
else
echolog "主节点未选择无法转发TCP"
fi
@ -405,51 +431,72 @@ add_firewall_rule() {
local UDP_NODE_PORT=$(config_get $temp_server port)
local UDP_NODE_IP=$(get_host_ip "ipv4" $address)
local UDP_NODE_TYPE=$(echo $(config_get $temp_server type) | tr 'A-Z' 'a-z')
[ -n "$UDP_NODE_IP" -a -n "$UDP_NODE_PORT" ] && $iptables_mangle -A SS -p udp -d $UDP_NODE_IP -m multiport --dports $UDP_NODE_PORT -j RETURN
[ "$UDP_NODE_TYPE" == "brook" ] && $iptables_mangle -A SS_ACL -p udp -m socket -j MARK --set-mark 1
[ -n "$UDP_NODE_IP" -a -n "$UDP_NODE_PORT" ] && $iptables_mangle -A PSW -p udp -d $UDP_NODE_IP -m multiport --dports $UDP_NODE_PORT -j RETURN
[ "$UDP_NODE_TYPE" == "brook" ] && $iptables_mangle -A PSW_ACL -p udp -m socket -j MARK --set-mark 1
# 全局模式
$iptables_mangle -A SS_GLO$k -p udp -j TPROXY --on-port $local_port --tproxy-mark 0x1/0x1
$iptables_mangle -A PSW_GLO$k -p udp -j TPROXY --on-port $local_port --tproxy-mark 0x1/0x1
# GFWLIST模式
$iptables_mangle -A SS_GFW$k -p udp -m set --match-set $IPSET_GFW dst -j TPROXY --on-port $local_port --tproxy-mark 0x1/0x1
$iptables_mangle -A SS_GFW$k -p udp -m set --match-set $IPSET_ROUTER dst -j TPROXY --on-port $local_port --tproxy-mark 0x1/0x1
$iptables_mangle -A PSW_GFW$k -p udp $(get_dst_list $IPSET_ROUTER) -j TPROXY --on-port $local_port --tproxy-mark 0x1/0x1
$iptables_mangle -A PSW_GFW$k -p udp $(get_dst_list $IPSET_GFW) -j TPROXY --on-port $local_port --tproxy-mark 0x1/0x1
# 大陆白名单模式
$iptables_mangle -A SS_CHN$k -p udp -m set --match-set $IPSET_CHN dst -j RETURN
$iptables_mangle -A SS_CHN$k -p udp -j TPROXY --on-port $local_port --tproxy-mark 0x1/0x1
$iptables_mangle -A PSW_CHN$k -p udp $(get_dst_list $IPSET_CHN) -j RETURN
$iptables_mangle -A PSW_CHN$k -p udp -j TPROXY --on-port $local_port --tproxy-mark 0x1/0x1
# 回国模式
$iptables_mangle -A SS_HOME$k -p udp -m set --match-set $IPSET_CHN dst -j TPROXY --on-port $local_port --tproxy-mark 0x1/0x1
$iptables_mangle -A PSW_HOME$k -p udp $(get_dst_list $IPSET_CHN) -j TPROXY --on-port $local_port --tproxy-mark 0x1/0x1
# 游戏模式
$iptables_mangle -A SS_GAME$k -p udp -m set --match-set $IPSET_CHN dst -j RETURN
$iptables_mangle -A SS_GAME$k -p udp -j TPROXY --on-port $local_port --tproxy-mark 0x1/0x1
$iptables_mangle -A PSW_GAME$k -p udp $(get_dst_list $IPSET_CHN) -j RETURN
$iptables_mangle -A PSW_GAME$k -p udp -j TPROXY --on-port $local_port --tproxy-mark 0x1/0x1
# 用于本机流量转发默认只走router
#$iptables_mangle -I OUTPUT -j PSW
$iptables_mangle -A OUTPUT -p udp $(get_dst_list $IPSET_LANIPLIST) $iptables_comment -j RETURN
[ "$use_udp_node_resolve_dns" == 1 -a -n "$DNS_FORWARD" ] && {
for dns in $DNS_FORWARD
do
$iptables_mangle -A OUTPUT -p udp -d $dns -m multiport --dport 1:65535 $iptables_comment -j MARK --set-mark 1
$iptables_mangle -I PSW 2 -p udp -d $dns -m multiport --dport 1:65535 $iptables_comment -j TPROXY --on-port $local_port --tproxy-mark 0x1/0x1
done
}
$iptables_mangle -A OUTPUT -p udp $(get_dst_list $IPSET_VPSIPLIST) $iptables_comment -j RETURN
$iptables_mangle -A OUTPUT -p udp $(get_dst_list $IPSET_WHITELIST) $iptables_comment -j RETURN
$iptables_mangle -A OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS $(get_dst_list $IPSET_ROUTER) $iptables_comment -j MARK --set-mark 1
$iptables_mangle -A OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS $(get_dst_list $IPSET_BLACKLIST) $iptables_comment -j MARK --set-mark 1
[ "$LOCALHOST_PROXY_MODE" == "global" ] && $iptables_mangle -A OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS $iptables_comment -j MARK --set-mark 1
[ "$LOCALHOST_PROXY_MODE" == "gfwlist" ] && $iptables_mangle -A OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS $(get_dst_list $IPSET_GFW) $iptables_comment -j MARK --set-mark 1
[ "$LOCALHOST_PROXY_MODE" == "chnroute" ] && {
$iptables_mangle -A OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS -m set ! --match-set $IPSET_CHN dst $iptables_comment -j MARK --set-mark 1
}
echolog "IPv4 防火墙UDP转发规则加载完成"
fi
done
$iptables_mangle -A PSW -j PSW_ACL
else
echolog "UDP节点未选择无法转发UDP"
fi
$iptables_mangle -A PREROUTING -j SS
$iptables_mangle -A SS -j SS_ACL
$iptables_mangle -A PREROUTING -j PSW
# 加载ACLS
config_foreach load_acl "acl_rule"
# 加载默认代理模式
if [ "$PROXY_MODE" == "disable" ]; then
[ "$TCP_NODE1" != "nil" ] && $iptables_mangle -A SS_ACL -p tcp -m comment --comment "Default" -j $(get_action_chain $PROXY_MODE)
[ "$UDP_NODE1" != "nil" ] && $iptables_mangle -A SS_ACL -p udp -m comment --comment "Default" -j $(get_action_chain $PROXY_MODE)
[ "$TCP_NODE1" != "nil" ] && $iptables_nat -A PSW_ACL -p tcp -m comment --comment "Default" -j $(get_action_chain $PROXY_MODE)
[ "$UDP_NODE1" != "nil" ] && $iptables_mangle -A PSW_ACL -p udp -m comment --comment "Default" -j $(get_action_chain $PROXY_MODE)
else
[ "$TCP_NODE1" != "nil" ] && {
$iptables_mangle -A SS_ACL -p tcp -m set --match-set $IPSET_BLACKLIST dst -m comment --comment "Default" -j TTL --ttl-set 141
$iptables_mangle -A SS_ACL -p tcp -m multiport --dport $TCP_REDIR_PORTS -m comment --comment "Default" -j $(get_action_chain $PROXY_MODE)1
$iptables_nat -A PSW_ACL -p tcp $(get_dst_list $IPSET_BLACKLIST) -m comment --comment "Default" -j REDIRECT --to-ports $TCP_REDIR_PORT1
$iptables_nat -A PSW_ACL -p tcp -m multiport --dport $TCP_REDIR_PORTS -m comment --comment "Default" -j $(get_action_chain $PROXY_MODE)1
}
[ "$UDP_NODE1" != "nil" ] && {
$iptables_mangle -A SS_ACL -p udp -m set --match-set $IPSET_BLACKLIST dst -m comment --comment "Default" -j TPROXY --on-port $UDP_REDIR_PORT1 --tproxy-mark 0x1/0x1
$iptables_mangle -A SS_ACL -p udp -m multiport --dport $UDP_REDIR_PORTS -m comment --comment "Default" -j $(get_action_chain $PROXY_MODE)1
$iptables_mangle -A PSW_ACL -p udp $(get_dst_list $IPSET_BLACKLIST) -m comment --comment "Default" -j TPROXY --on-port $UDP_REDIR_PORT1 --tproxy-mark 0x1/0x1
$iptables_mangle -A PSW_ACL -p udp -m multiport --dport $UDP_REDIR_PORTS -m comment --comment "Default" -j $(get_action_chain $PROXY_MODE)1
}
fi
}
@ -467,11 +514,23 @@ del_firewall_rule() {
ipv4_output_exist=$(expr $ipv4_output_exist - 1)
done
}
ipv4_output_exist=$($iptables_mangle -L OUTPUT 2>/dev/null | grep -c -E "PassWall")
[ -n "$ipv4_output_exist" ] && {
until [ "$ipv4_output_exist" = 0 ]; do
rules=$($iptables_mangle -L OUTPUT --line-numbers | grep -E "PassWall" | awk '{print $1}')
for rule in $rules; do
$iptables_mangle -D OUTPUT $rule 2>/dev/null
break
done
ipv4_output_exist=$(expr $ipv4_output_exist - 1)
done
}
ipv6_output_ss_exist=$($ip6tables_nat -L OUTPUT 2>/dev/null | grep -c "SS")
ipv6_output_ss_exist=$($ip6tables_nat -L OUTPUT 2>/dev/null | grep -c "PSW")
[ -n "$ipv6_output_ss_exist" ] && {
until [ "$ipv6_output_ss_exist" = 0 ]; do
rules=$($ip6tables_nat -L OUTPUT --line-numbers | grep "SS" | awk '{print $1}')
rules=$($ip6tables_nat -L OUTPUT --line-numbers | grep "PSW" | awk '{print $1}')
for rule in $rules; do
$ip6tables_nat -D OUTPUT $rule 2>/dev/null
break
@ -480,36 +539,38 @@ del_firewall_rule() {
done
}
$iptables_mangle -D PREROUTING -p tcp -m socket -j MARK --set-mark 1 2>/dev/null
$iptables_mangle -D PREROUTING -p udp -m socket -j MARK --set-mark 1 2>/dev/null
$iptables_mangle -D OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS -m set --match-set $IPSET_ROUTER dst -j MARK --set-mark 1 2>/dev/null
$iptables_mangle -D OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS -m set --match-set $IPSET_GFW dst -j MARK --set-mark 1 2>/dev/null
$iptables_mangle -D OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS -j MARK --set-mark 1 2>/dev/null
$iptables_nat -D PREROUTING -j PSW 2>/dev/null
$iptables_nat -F PSW 2>/dev/null && $iptables_nat -X PSW 2>/dev/null
$iptables_nat -F PSW_ACL 2>/dev/null && $iptables_nat -X PSW_ACL 2>/dev/null
$iptables_mangle -D PREROUTING -j PSW$k 2>/dev/null
$iptables_mangle -F PSW 2>/dev/null && $iptables_mangle -X PSW 2>/dev/null
$iptables_mangle -F PSW_ACL 2>/dev/null && $iptables_mangle -X PSW_ACL 2>/dev/null
$iptables_nat -D PREROUTING -j SS 2>/dev/null
$iptables_nat -F SS 2>/dev/null && $iptables_nat -X SS 2>/dev/null
$iptables_mangle -D PREROUTING -j SS$k 2>/dev/null
$iptables_mangle -F SS 2>/dev/null && $iptables_mangle -X SS 2>/dev/null
$iptables_mangle -F SS_ACL 2>/dev/null && $iptables_mangle -X SS_ACL 2>/dev/null
$ip6tables_nat -D PREROUTING -j SS 2>/dev/null
$ip6tables_nat -F SS 2>/dev/null && $ip6tables_nat -X SS 2>/dev/null
$ip6tables_nat -F SS_ACL 2>/dev/null && $ip6tables_nat -X SS_ACL 2>/dev/null
$ip6tables_nat -D PREROUTING -j PSW 2>/dev/null
$ip6tables_nat -F PSW 2>/dev/null && $ip6tables_nat -X PSW 2>/dev/null
$ip6tables_nat -F PSW_ACL 2>/dev/null && $ip6tables_nat -X PSW_ACL 2>/dev/null
local max_num=5
if [ "$max_num" -ge 1 ]; then
for i in $(seq 1 $max_num); do
local k=$i
$iptables_mangle -F SS_GLO$k 2>/dev/null && $iptables_mangle -X SS_GLO$k 2>/dev/null
$iptables_mangle -F SS_GFW$k 2>/dev/null && $iptables_mangle -X SS_GFW$k 2>/dev/null
$iptables_mangle -F SS_CHN$k 2>/dev/null && $iptables_mangle -X SS_CHN$k 2>/dev/null
$iptables_mangle -F SS_GAME$k 2>/dev/null && $iptables_mangle -X SS_GAME$k 2>/dev/null
$iptables_mangle -F SS_HOME$k 2>/dev/null && $iptables_mangle -X SS_HOME$k 2>/dev/null
$iptables_nat -F PSW_GLO$k 2>/dev/null && $iptables_nat -X PSW_GLO$k 2>/dev/null
$iptables_nat -F PSW_GFW$k 2>/dev/null && $iptables_nat -X PSW_GFW$k 2>/dev/null
$iptables_nat -F PSW_CHN$k 2>/dev/null && $iptables_nat -X PSW_CHN$k 2>/dev/null
$iptables_nat -F PSW_GAME$k 2>/dev/null && $iptables_nat -X PSW_GAME$k 2>/dev/null
$iptables_nat -F PSW_HOME$k 2>/dev/null && $iptables_nat -X PSW_HOME$k 2>/dev/null
$iptables_mangle -F PSW_GLO$k 2>/dev/null && $iptables_mangle -X PSW_GLO$k 2>/dev/null
$iptables_mangle -F PSW_GFW$k 2>/dev/null && $iptables_mangle -X PSW_GFW$k 2>/dev/null
$iptables_mangle -F PSW_CHN$k 2>/dev/null && $iptables_mangle -X PSW_CHN$k 2>/dev/null
$iptables_mangle -F PSW_GAME$k 2>/dev/null && $iptables_mangle -X PSW_GAME$k 2>/dev/null
$iptables_mangle -F PSW_HOME$k 2>/dev/null && $iptables_mangle -X PSW_HOME$k 2>/dev/null
$ip6tables_nat -F SS_GLO$k 2>/dev/null && $ip6tables_nat -X SS_GLO$k 2>/dev/null
$ip6tables_nat -F SS_GFW$k 2>/dev/null && $ip6tables_nat -X SS_GFW$k 2>/dev/null
$ip6tables_nat -F SS_CHN$k 2>/dev/null && $ip6tables_nat -X SS_CHN$k 2>/dev/null
$ip6tables_nat -F SS_HOME$k 2>/dev/null && $ip6tables_nat -X SS_HOME$k 2>/dev/null
$ip6tables_nat -F PSW_GLO$k 2>/dev/null && $ip6tables_nat -X PSW_GLO$k 2>/dev/null
$ip6tables_nat -F PSW_GFW$k 2>/dev/null && $ip6tables_nat -X PSW_GFW$k 2>/dev/null
$ip6tables_nat -F PSW_CHN$k 2>/dev/null && $ip6tables_nat -X PSW_CHN$k 2>/dev/null
$ip6tables_nat -F PSW_HOME$k 2>/dev/null && $ip6tables_nat -X PSW_HOME$k 2>/dev/null
ip_rule_exist=$(ip rule show | grep "from all fwmark 0x1 lookup 100" | grep -c 100)
if [ ! -z "$ip_rule_exist" ]; then
@ -523,7 +584,7 @@ del_firewall_rule() {
fi
ipset -F $IPSET_ROUTER >/dev/null 2>&1 && ipset -X $IPSET_ROUTER >/dev/null 2>&1 &
ipset -F $IPSET_GFW >/dev/null 2>&1 && ipset -X $IPSET_GFW >/dev/null 2>&1 &
#ipset -F $IPSET_GFW >/dev/null 2>&1 && ipset -X $IPSET_GFW >/dev/null 2>&1 &
#ipset -F $IPSET_CHN >/dev/null 2>&1 && ipset -X $IPSET_CHN >/dev/null 2>&1 &
ipset -F $IPSET_BLACKLIST >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST >/dev/null 2>&1 &
ipset -F $IPSET_WHITELIST >/dev/null 2>&1 && ipset -X $IPSET_WHITELIST >/dev/null 2>&1 &

4
package/lienol/luci-app-passwall/root/usr/share/passwall/rule_update.sh
View File

@ -36,9 +36,9 @@ uci_get_by_type() {
get_url() {
local url=$1
local save_path=$2
status=$(/usr/bin/curl -w %{http_code} --connect-timeout 10 $url --silent -o $save_path)
status=$(/usr/bin/curl -w %{http_code} --connect-timeout 5 --retry 1 $url --silent -o $save_path)
[ "$?" != 0 ] && {
status=$(/usr/bin/wget -q --no-check-certificate --timeout=15 $url -O $save_path)
status=$(/usr/bin/wget -q --no-check-certificate --timeout=5 --tries 1 $url -O $save_path)
[ "$?" == 0 ] && status=200
}
echo $status

182
package/lienol/luci-app-passwall/root/usr/share/passwall/subscription.sh
View File

@ -54,9 +54,9 @@ start_subscribe() {
config_get subscrib_remark $1 remark
let index+=1
echo "$Date: 正在订阅:$url" >> $LOG_FILE
result=$(/usr/bin/curl --connect-timeout 10 -sL $url)
result=$(/usr/bin/curl --connect-timeout 5 --retry 1 -sL $url)
[ "$?" != 0 ] || [ -z "$result" ] && {
result=$(/usr/bin/wget --no-check-certificate --timeout=8 -t 1 -O- $url)
result=$(/usr/bin/wget --no-check-certificate --timeout=5 -t 1 -O- $url)
[ "$?" != 0 ] || [ -z "$result" ] && echo "$Date: 订阅失败:$url,请检测订阅链接是否正常或使用代理尝试!" >> $LOG_FILE && continue
}
file="/var/${CONFIG}_sub/$index"
@ -64,36 +64,42 @@ start_subscribe() {
get_local_nodes
[ -z "$(du -sh $file 2> /dev/null)" ] && echo "$Date: 订阅失败:$url,解密失败!" >> $LOG_FILE && continue
decode_link=$(cat "$file" | base64 -d 2> /dev/null)
maxnum=$(echo -n "$decode_link" | grep "MAX=" | awk -F"=" '{print $2}')
if [ -n "$maxnum" ]; then
decode_link=$(echo -n "$decode_link" | sed '/MAX=/d' | shuf -n${maxnum})
else
decode_link=$(echo -n "$decode_link")
fi
[ -z "$decode_link" ] && continue
for link in $decode_link
do
if expr "$link" : "ss://";then
link_type="ss"
new_link=$(echo -n "$link" | sed 's/ss:\/\///g')
elif expr "$link" : "ssr://";then
link_type="ssr"
new_link=$(echo -n "$link" | sed 's/ssr:\/\///g')
elif expr "$link" : "vmess://";then
link_type="v2ray"
new_link=$(echo -n "$link" | sed 's/vmess:\/\///g')
elif expr "$link" : "trojan://";then
link_type="trojan"
new_link=$(echo -n "$link" | sed 's/trojan:\/\///g')
if [ $(expr "$result" : "ssd://") == 0 ];then
[ -z "$(du -sh $file 2> /dev/null)" ] && echo "$Date: 订阅失败:$url,解密失败!" >> $LOG_FILE && continue
decode_link=$(cat "$file" | base64 -d 2> /dev/null)
maxnum=$(echo -n "$decode_link" | grep "MAX=" | awk -F"=" '{print $2}')
if [ -n "$maxnum" ]; then
decode_link=$(echo -n "$decode_link" | sed '/MAX=/d' | shuf -n${maxnum})
else
decode_link=$(echo -n "$decode_link")
fi
[ -z "$decode_link" ] && continue
for link in $decode_link
do
if expr "$link" : "ss://";then
link_type="ss"
new_link=$(echo -n "$link" | sed 's/ss:\/\///g')
elif expr "$link" : "ssr://";then
link_type="ssr"
new_link=$(echo -n "$link" | sed 's/ssr:\/\///g')
elif expr "$link" : "vmess://";then
link_type="v2ray"
new_link=$(echo -n "$link" | sed 's/vmess:\/\///g')
elif expr "$link" : "trojan://";then
link_type="trojan"
new_link=$(echo -n "$link" | sed 's/trojan:\/\///g')
fi
[ -z "$link_type" ] && continue
get_remote_config "$link_type" "$new_link"
done
else
link=$result
link_type="ssd"
new_link=$(echo -n "$link" | sed 's/ssd:\/\///g')
[ -z "$link_type" ] && continue
get_remote_config "$link_type" "$new_link"
update_config
done
fi
[ "$addnum_ss" -gt 0 ] || [ "$updatenum_ss" -gt 0 ] || [ "$delnum_ss" -gt 0 ] && echo "$Date: $subscrib_remark SS节点新增 $addnum_ss 个,修改 $updatenum_ss 个,删除 $delnum_ss 个。" >> $LOG_FILE
[ "$addnum_ssr" -gt 0 ] || [ "$updatenum_ssr" -gt 0 ] || [ "$delnum_ssr" -gt 0 ] && echo "$Date: $subscrib_remark SSR节点新增 $addnum_ssr 个,修改 $updatenum_ssr 个,删除 $delnum_ssr 个。" >> $LOG_FILE
[ "$addnum_v2ray" -gt 0 ] || [ "$updatenum_v2ray" -gt 0 ] || [ "$delnum_v2ray" -gt 0 ] && echo "$Date: $subscrib_remark V2ray节点新增 $addnum_v2ray 个,修改 $updatenum_v2ray 个,删除 $delnum_v2ray 个。" >> $LOG_FILE
@ -141,11 +147,11 @@ get_local_nodes(){
}
get_remote_config(){
isAdd=1
add_mode="$subscrib_remark"
[ -n "$3" ] && add_mode="导入"
new_node_type=$(echo $1 | tr '[a-z]' '[A-Z]')
decode_link="$2"
if [ "$1" == "ss" ]; then
decode_link="$2"
decode_link=$(ss_decode $decode_link)
ss_encrypt_method=$(echo "$decode_link" | awk -F ':' '{print $1}')
password=$(echo "$decode_link" | awk -F ':' '{print $2}' | awk -F '@' '{print $1}')
@ -153,7 +159,6 @@ get_remote_config(){
node_port=$(echo "$decode_link" | awk -F '@' '{print $2}' | awk -F '#' '{print $1}' | awk -F ':' '{print $2}')
remarks=$(urldecode $(echo "$decode_link" | awk -F '#' '{print $2}'))
elif [ "$1" == "ssr" ]; then
decode_link="$2"
decode_link=$(decode_url_link $decode_link 1)
node_address=$(echo "$decode_link" | awk -F ':' '{print $1}')
node_port=$(echo "$decode_link" | awk -F ':' '{print $2}')
@ -195,16 +200,80 @@ get_remote_config(){
remarks="${json_ps}"
node_address=$json_node_address
node_port=$json_node_port
elif [ "$1" == "trojan" ]; then
link="$2"
node_password=$(echo "$link" | sed 's/trojan:\/\///g' | awk -F '@' '{print $1}')
node_address=$(echo "$link" | sed 's/trojan:\/\///g' | awk -F '@' '{print $2}' | awk -F ':' '{print $1}')
node_port=$(echo "$link" | sed 's/trojan:\/\///g' | awk -F '@' '{print $2}' | awk -F ':' '{print $2}')
remarks="${node_address}:${node_port}"
elif [ "$1" == "ssd" ]; then
link_type="ss"
new_node_type=$(echo $link_type | tr '[a-z]' '[A-Z]')
decode_link=$(decode_url_link $2 1)
json_load "$decode_link"
json_get_var json_airport airport
json_get_var json_port port
json_get_var json_encryption encryption
json_get_var json_password password
json_get_var json_traffic_used traffic_used
json_get_var json_traffic_total traffic_total
json_get_var json_expiry expiry
json_get_var json_url url
json_get_var json_plugin plugin
json_get_var json_plugin_options plugin_options
ss_encrypt_method=$json_encryption
password=$json_password
plugin=$json_plugin
plugin_options=$json_plugin_options
[ -n "$plugin" -a "$plugin" == "simple-obfs" ] && echo "$Date: 不支持simple-obfs插件导入失败" >> $LOG_FILE && return
if json_get_type Type servers && [ "$Type" == array ]
then
json_select servers
idx=1
while json_get_type Type "$idx" && [ "$Type" == object ]
do
json_select $idx
json_get_var json_server server
json_get_var json_server_id id
json_get_var json_server_ratio ratio
json_get_var json_server_remarks remarks
remarks="${json_server_remarks}"
node_address=$json_server
node_port=$json_port
idx=$(expr $idx + 1)
json_select ..
node_address=$(echo -n $node_address | awk '{print gensub(/[^!-~]/,"","g",$0)}')
node_address=$(echo -n $node_address | grep -F ".")
[ -z "$node_address" -o "$node_address" == "" ] && return
[ -z "$remarks" -o "$remarks" == "" ] && remarks="${node_address}:${node_port}"
# 把全部节点节点写入文件 /usr/share/${CONFIG}/sub/all_onlinenodes
if [ ! -f "/usr/share/${CONFIG}/sub/all_onlinenodes" ]; then
echo $node_address > /usr/share/${CONFIG}/sub/all_onlinenodes
else
echo $node_address >> /usr/share/${CONFIG}/sub/all_onlinenodes
fi
update_config
done
return
fi
fi
node_address=$(echo $node_address |awk '{print gensub(/[^!-~]/,"","g",$0)}')
#[ -z "$node_address" -o "$node_address" == "" ] && isAdd=0
node_address=$(echo -n $node_address | awk '{print gensub(/[^!-~]/,"","g",$0)}')
node_address=$(echo -n $node_address | grep -F ".")
[ -z "$node_address" -o "$node_address" == "" ] && return
[ -z "$remarks" -o "$remarks" == "" ] && remarks="${node_address}:${node_port}"
# 把全部节点节点写入文件 /usr/share/${CONFIG}/sub/all_onlinenodes
if [ ! -f "/usr/share/${CONFIG}/sub/all_onlinenodes" ]; then
@ -213,13 +282,18 @@ get_remote_config(){
echo $node_address >> /usr/share/${CONFIG}/sub/all_onlinenodes
fi
update_config
}
add_nodes(){
get_node_index
if [ "$1" == "add" ]; then
get_node_index
uci add $CONFIG nodes
elif [ "$1" == "update" ]; then
nodes_index=$update_index
fi
uci_set="uci set $CONFIG.@nodes[$nodes_index]."
uci add $CONFIG nodes > /dev/null
[ -z "$3" ] && ${uci_set}is_sub="is_sub"
[ "$add_mode" != "导入" ] && ${uci_set}is_sub="is_sub"
if [ "$2" == "ss" ]; then
${uci_set}add_mode="$add_mode"
${uci_set}remarks="$remarks"
@ -231,6 +305,8 @@ add_nodes(){
${uci_set}ss_encrypt_method="$ss_encrypt_method"
${uci_set}timeout=300
${uci_set}tcp_fast_open=false
[ -n "$plugin" ] && ${uci_set}ss_plugin="$plugin"
[ -n "$plugin_options" ] && ${uci_set}ss_plugin_v2ray_opts="$plugin_options"
if [ "$1" == "add" ]; then
let addnum_ss+=1
@ -306,18 +382,29 @@ add_nodes(){
}
update_config(){
[ "$isAdd" == 1 ] && {
isadded_remarks=$(uci show $CONFIG | grep "@nodes" | grep "remarks" | grep -c -F "$remarks")
if [ "$isadded_remarks" -eq 0 ]; then
[ -z "$remarks" -o "$remarks" == "" ] && return
indexs=$(uci show $CONFIG | grep "@nodes" | grep "remarks=" | grep -F "$remarks" | cut -d '[' -f2|cut -d ']' -f1)
if [ -z "$indexs" ]; then
add_nodes add "$link_type"
else
action="add"
for index in $indexs
do
local is_sub=$(uci -q get $CONFIG.@nodes[$index].is_sub)
[ -z "$is_sub" -o "$is_sub" == "" ] && return
local old_node_type=$(uci -q get $CONFIG.@nodes[$index].type | tr '[a-z]' '[A-Z]')
if [ -n "$old_node_type" -a "$old_node_type" == "$new_node_type" ]; then
action="update"
update_index=$index
break
fi
done
if [ "$action" == "add" ]; then
add_nodes add "$link_type"
else
index=$(uci show $CONFIG | grep "@nodes" | grep "remarks" | grep -w -F "$remarks" | cut -d '[' -f2|cut -d ']' -f1)
[ "$?" == 0 ] && {
uci delete $CONFIG.@nodes[$index]
add_nodes update "$link_type"
}
elif [ "$action" == "update" ]; then
add_nodes update "$link_type"
fi
}
fi
}
del_config(){
@ -433,7 +520,6 @@ add() {
fi
[ -z "$link_type" ] && continue
get_remote_config "$link_type" "$new_link" 1
update_config
done
[ -f "/usr/share/${CONFIG}/sub/all_onlinenodes" ] && rm -f /usr/share/${CONFIG}/sub/all_onlinenodes
}

49
package/lienol/luci-app-passwall/root/usr/share/passwall/test.sh
View File

@ -1,16 +1,21 @@
#!/bin/sh
CONFIG=passwall
LOCK_FILE=/var/lock/passwall_test.lock
LOCK_FILE=/var/lock/${CONFIG}_test.lock
LOG_FILE=/var/log/$CONFIG.log
get_date() {
echo "$(date "+%Y-%m-%d %H:%M:%S")"
}
echolog() {
echo -e "$(get_date): $1" >> $LOG_FILE
}
test_url() {
status=$(/usr/bin/curl -I -o /dev/null -s --connect-timeout 2 -w %{http_code} "$1" | grep 200)
status=$(/usr/bin/curl -I -o /dev/null -s --connect-timeout 2 --retry 1 -w %{http_code} "$1" | grep 200)
[ "$?" != 0 ] && {
status=$(/usr/bin/wget --no-check-certificate --spider --timeout=2 "$1")
status=$(/usr/bin/wget --no-check-certificate --spider --timeout=2 --tries 1 "$1")
[ "$?" == 0 ] && status=200
}
echo $status
@ -33,25 +38,25 @@ test_proxy() {
}
test_auto_switch() {
if [ -f "/var/etc/passwall/tcp_server_id" ]; then
TCP_NODES1=$(cat /var/etc/passwall/tcp_server_id)
if [ -f "/var/etc/$CONFIG/tcp_server_id" ]; then
TCP_NODES1=$(cat /var/etc/$CONFIG/tcp_server_id)
else
rm -f $LOCK_FILE
exit 1
fi
failcount=1
while [ "$failcount" -lt "6" ]; do
while [ "$failcount" -le 5 ]; do
status=$(test_proxy)
if [ "$status" == 2 ]; then
echo "$(get_date): 自动切换检测:无法连接到网络,请检查网络是否正常!" >>/var/log/passwall.log
echolog "自动切换检测:无法连接到网络,请检查网络是否正常!"
break
elif [ "$status" == 1 ]; then
echo "$(get_date): 自动切换检测:第$failcount次检测异常" >>/var/log/passwall.log
echolog "自动切换检测:第$failcount次检测异常"
let "failcount++"
[ "$failcount" -ge 6 ] && {
echo "$(get_date): 自动切换检测:检测异常,切换节点" >>/var/log/passwall.log
TCP_NODES=$(uci get passwall.@auto_switch[0].tcp_node)
[ "$failcount" -ge 5 ] && {
echolog "自动切换检测:检测异常,切换节点"
TCP_NODES=$(uci get $CONFIG.@auto_switch[0].tcp_node)
has_backup_server=$(echo $TCP_NODES | grep $TCP_NODES1)
setserver=
if [ -z "$has_backup_server" ]; then
@ -77,14 +82,14 @@ test_auto_switch() {
done
fi
rm -f $LOCK_FILE
uci set passwall.@global[0].tcp_node=$setserver
uci commit passwall
/etc/init.d/passwall restart
uci set $CONFIG.@global[0].tcp_node=$setserver
uci commit $CONFIG
/etc/init.d/$CONFIG restart
exit 1
}
sleep 5s
elif [ "$status" == 0 ]; then
echo "$(get_date): 自动切换检测:检测正常" >>/var/log/passwall.log
echolog "自动切换检测:检测正常"
break
fi
done
@ -92,23 +97,23 @@ test_auto_switch() {
test_reconnection() {
failcount=1
while [ "$failcount" -lt "6" ]; do
while [ "$failcount" -le 5 ]; do
status=$(test_proxy)
if [ "$status" == 2 ]; then
echo "$(get_date): 掉线重连检测:无法连接到网络,请检查网络是否正常!" >>/var/log/passwall.log
echolog "掉线重连检测:无法连接到网络,请检查网络是否正常!"
break
elif [ "$status" == 1 ]; then
echo "$(get_date): 掉线重连检测:第$failcount次检测异常" >>/var/log/passwall.log
echolog "掉线重连检测:第$failcount次检测异常"
let "failcount++"
[ "$failcount" -ge 6 ] && {
echo "$(get_date): 掉线重连检测:检测异常,重启程序" >>/var/log/passwall.log
[ "$failcount" -ge 5 ] && {
echolog "掉线重连检测:检测异常,重启程序"
rm -f $LOCK_FILE
/etc/init.d/passwall restart
/etc/init.d/$CONFIG restart
exit 1
}
sleep 5s
elif [ "$status" == 0 ]; then
echo "$(get_date): 掉线重连检测:检测正常" >>/var/log/passwall.log
echolog "掉线重连检测:检测正常"
break
fi
done

11
package/lienol/luci-app-timewol/luasrc/controller/timewol.lua
View File

@ -3,17 +3,14 @@ module("luci.controller.timewol", package.seeall)
function index()
if not nixio.fs.access("/etc/config/timewol") then return end
entry({"admin", "network"}, firstchild(), "Control", 44).dependent = false
entry({"admin", "network", "timewol"}, cbi("timewol"), _("定时唤醒"), 95).dependent =
true
entry({"admin", "network", "timewol", "status"}, call("status")).leaf = true
entry({"admin", "control"}, firstchild(), "Control", 44).dependent = false
entry({"admin", "control", "timewol"}, cbi("timewol"), _("定时唤醒"), 95).dependent = true
entry({"admin", "control", "timewol", "status"}, call("status")).leaf = true
end
function status()
local e = {}
e.status = luci.sys
.call("cat /etc/crontabs/root |grep etherwake >/dev/null") ==
0
e.status = luci.sys.call("cat /etc/crontabs/root |grep etherwake >/dev/null") == 0
luci.http.prepare_content("application/json")
luci.http.write_json(e)
end

12
package/lienol/luci-app-trojan-server/Makefile
View File

@ -1,6 +1,6 @@
# Copyright (C) 2019-2020 Lienol
# Copyright (C) 2019-2020 Lienol <lawlienol@gmail.com>
#
# This is free software, licensed under the Apache License, Version 2.0 .
# This is free software, licensed under the GNU General Public License v3.
#
include $(TOPDIR)/rules.mk
@ -9,11 +9,9 @@ PKG_NAME:=luci-app-trojan-server
LUCI_TITLE:=LuCI support for Trojan Server
LUCI_DEPENDS:=+luci-lib-jsonc +trojan
LUCI_PKGARCH:=all
PKG_VERSION:=1.0
PKG_RELEASE:=3-20191220
PKG_VERSION:=1.1
PKG_RELEASE:=2-20200112
include $(TOPDIR)/feeds/luci/luci.mk
# call BuildPackage - OpenWrt buildroot signature
# call BuildPackage - OpenWrt buildroot signature

6
package/lienol/luci-app-trojan-server/luasrc/model/cbi/trojan_server/api/gen_trojan_config_file.lua
View File

@ -7,8 +7,10 @@ local trojan = {
run_type = "server",
local_addr = "0.0.0.0",
local_port = tonumber(server.port),
--remote_addr = "127.0.0.1",
--remote_port = 80,
remote_addr = (server.remote_enable == "1" and server.remote_address) and
server.remote_address or nil,
remote_port = (server.remote_enable == "1" and server.remote_port) and
server.remote_port or nil,
password = server.password,
log_level = 1,
ssl = {

20
package/lienol/luci-app-trojan-server/luasrc/model/cbi/trojan_server/config.lua
View File

@ -28,13 +28,27 @@ tcp_fast_open = t:option(ListValue, "tcp_fast_open", translate("TCP Fast Open"),
tcp_fast_open:value("false")
tcp_fast_open:value("true")
-- [[ SSL部分 ]] --
remote_enable = t:option(Flag, "remote_enable", translate("Enable Remote"),
translate(
"You can forward to Nginx/Caddy/V2ray WebSocket and more."))
remote_enable.default = "1"
remote_enable.rmempty = false
remote_address = t:option(Value, "remote_address", translate("Remote Address"))
remote_address.default = "127.0.0.1"
remote_address:depends("remote_enable", 1)
remote_port = t:option(Value, "remote_port", translate("Remote Port"))
remote_port.datatype = "port"
remote_port.default = "80"
remote_port:depends("remote_enable", 1)
tls_certFile = t:option(Value, "ssl_certFile",
translate("Public key absolute path"),
"HTTPS" .. translate("Public key absolute path"),
translate("as:") .. "/etc/ssl/fullchain.pem")
tls_keyFile = t:option(Value, "ssl_keyFile",
translate("Private key absolute path"),
"HTTPS" .. translate("Private key absolute path"),
translate("as:") .. "/etc/ssl/private.key")
return map

12
package/lienol/luci-app-trojan-server/po/zh-cn/trojan_server.po
View File

@ -25,6 +25,18 @@ msgstr "TCP快速打开"
msgid "Enable TCP fast open (kernel support required)"
msgstr "是否启用TCP快速打开需要内核支持"
msgid "Enable Remote"
msgstr "启用转发"
msgid "You can forward to Nginx/Caddy/V2ray WebSocket and more."
msgstr "您可以转发到Nginx/Caddy/V2ray WebSocket等。"
msgid "Remote Address"
msgstr "远程地址"
msgid "Remote Port"
msgstr "远程端口"
msgid "as:"
msgstr "如:"

4
package/lienol/luci-app-trojan-server/root/etc/init.d/trojan_server
View File

@ -17,6 +17,10 @@ gen_trojan_config_file() {
[ "$enable" = "0" ] && return 0
config_get remarks $1 remarks
config_get port $1 port
config_get ssl_certFile $1 ssl_certFile
config_get ssl_keyFile $1 ssl_keyFile
[ ! -f "$ssl_certFile" ] && echolog "$remarks $port 找不到HTTPS公钥文件运行失败" && exit
[ ! -f "$ssl_keyFile" ] && echolog "$remarks $port 找不到HTTPS私钥文件运行失败" && exit
lua /usr/lib/lua/luci/model/cbi/trojan_server/api/gen_trojan_config_file.lua $1 > $CONFIG_PATH/$1.json
echolog "$remarks $port 生成并运行 Trojan 配置文件 - $CONFIG_PATH/$1.json"
trojan -c $CONFIG_PATH/$1.json >/dev/null 2>&1 &

11
package/lienol/luci-app-webrestriction/luasrc/controller/webrestriction.lua
View File

@ -3,17 +3,14 @@ module("luci.controller.webrestriction", package.seeall)
function index()
if not nixio.fs.access("/etc/config/webrestriction") then return end
entry({"admin", "network"}, firstchild(), "Control", 44).dependent = false
entry({"admin", "network", "webrestriction"}, cbi("webrestriction"),
_("访问限制"), 11).dependent = true
entry({"admin", "network", "webrestriction", "status"}, call("status")).leaf =
true
entry({"admin", "control"}, firstchild(), "Control", 44).dependent = false
entry({"admin", "control", "webrestriction"}, cbi("webrestriction"),_("访问限制"), 11).dependent = true
entry({"admin", "control", "webrestriction", "status"}, call("status")).leaf = true
end
function status()
local e = {}
e.status = luci.sys.call(
"iptables -L FORWARD |grep WEB_RESTRICTION >/dev/null") == 0
e.status = luci.sys.call("iptables -L FORWARD |grep WEB_RESTRICTION >/dev/null") == 0
luci.http.prepare_content("application/json")
luci.http.write_json(e)
end

7
package/lienol/luci-app-weburl/luasrc/controller/weburl.lua
View File

@ -3,10 +3,9 @@ module("luci.controller.weburl", package.seeall)
function index()
if not nixio.fs.access("/etc/config/weburl") then return end
entry({"admin", "network"}, firstchild(), "Control", 44).dependent = false
entry({"admin", "network", "weburl"}, cbi("weburl"), _("网址过滤"), 12).dependent =
true
entry({"admin", "network", "weburl", "status"}, call("status")).leaf = true
entry({"admin", "control"}, firstchild(), "Control", 44).dependent = false
entry({"admin", "control", "weburl"}, cbi("weburl"), _("网址过滤"), 12).dependent = true
entry({"admin", "control", "weburl", "status"}, call("status")).leaf = true
end
function status()

4
package/lienol/luci-theme-bootstrap-mod/Makefile
View File

@ -7,8 +7,8 @@ include $(TOPDIR)/rules.mk
LUCI_TITLE:=Bootstrap Mod Theme By Lienol
LUCI_DEPENDS:=
PKG_VERSION:=1.0
PKG_RELEASE:=43-20191221
PKG_VERSION:=1.1
PKG_RELEASE:=1-20200104
include $(TOPDIR)/feeds/luci/luci.mk

8
package/lienol/luci-theme-bootstrap-mod/htdocs/luci-static/bootstrap_blue/cascade.css
View File

@ -906,12 +906,12 @@ button {
border-radius: 6px !important;
display: inline-block;
background: #fff;
border: 2px solid #99d;
border: 2px solid #118af3;
border-radius: 2px;
box-shadow: 0 2px 2px rgba(0, 0, 0, .05);
color: #333;
line-height: 16px;
padding: 4px 8px;
padding: 0.5em;
cursor: pointer;
margin-left: 0.2em;
}
@ -1499,6 +1499,8 @@ body.modal-overlay-active #modal_overlay>.modal {
.cbi-page-actions .cbi-button-apply,
.cbi-section-actions .cbi-button-edit {
color: #fff;
background: #118af3;
border: 1px solid #118af3;
}
.cbi-dropdown {
@ -1538,4 +1540,4 @@ body.modal-overlay-active #modal_overlay>.modal {
white-space: pre;
overflow: hidden;
text-overflow: ellipsis;
}
}

8
package/lienol/luci-theme-bootstrap-mod/htdocs/luci-static/bootstrap_purple/cascade.css
View File

@ -906,12 +906,12 @@ button {
border-radius: 6px !important;
display: inline-block;
background: #fff;
border: 2px solid #99d;
border: 2px solid #726bda;
border-radius: 2px;
box-shadow: 0 2px 2px rgba(0, 0, 0, .05);
color: #333;
line-height: 16px;
padding: 4px 8px;
padding: 0.5em;
cursor: pointer;
margin-left: 0.2em;
}
@ -1503,6 +1503,8 @@ body.modal-overlay-active #modal_overlay>.modal {
.cbi-page-actions .cbi-button-apply,
.cbi-section-actions .cbi-button-edit {
color: #fff;
background: #726bda;
border: 1px solid #726bda;
}
.cbi-dropdown {
@ -1542,4 +1544,4 @@ body.modal-overlay-active #modal_overlay>.modal {
white-space: pre;
overflow: hidden;
text-overflow: ellipsis;
}
}