From 8147a1c5cfdf528861fe5fec6fcb0e4f68bc0953 Mon Sep 17 00:00:00 2001 From: CN_SZTL Date: Mon, 23 Mar 2020 01:33:29 +0800 Subject: [PATCH] luci-app-passwall: sync with upstream source --- package/lienol/luci-app-passwall/Makefile | 4 +- .../luasrc/controller/passwall.lua | 12 +- .../luasrc/model/cbi/passwall/acl.lua | 16 +- .../luasrc/model/cbi/passwall/global.lua | 59 ++++-- .../passwall/{balancing.lua => haproxy.lua} | 15 +- .../model/cbi/passwall/node_subscribe.lua | 75 ++++++++ .../luasrc/model/cbi/passwall/rule.lua | 69 ------- .../luci-app-passwall/po/zh_Hans/passwall.po | 4 +- .../root/etc/config/passwall | 6 +- .../root/usr/share/passwall/app.sh | 102 +++++----- .../root/usr/share/passwall/config.default | 6 +- .../root/usr/share/passwall/iptables.sh | 182 ++++++++---------- .../root/usr/share/passwall/rules/chnlist | 2 +- 13 files changed, 283 insertions(+), 269 deletions(-) rename package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/{balancing.lua => haproxy.lua} (85%) create mode 100644 package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/node_subscribe.lua diff --git a/package/lienol/luci-app-passwall/Makefile b/package/lienol/luci-app-passwall/Makefile index 16ad0c5803..c297180aed 100644 --- a/package/lienol/luci-app-passwall/Makefile +++ b/package/lienol/luci-app-passwall/Makefile @@ -7,8 +7,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luci-app-passwall PKG_VERSION:=3.6 -PKG_RELEASE:=25 -PKG_DATE:=20200315 +PKG_RELEASE:=28 +PKG_DATE:=20200316 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) diff --git a/package/lienol/luci-app-passwall/luasrc/controller/passwall.lua b/package/lienol/luci-app-passwall/luasrc/controller/passwall.lua index d50c6ce61e..a0bffc6778 100644 --- a/package/lienol/luci-app-passwall/luasrc/controller/passwall.lua +++ b/package/lienol/luci-app-passwall/luasrc/controller/passwall.lua @@ -27,15 +27,17 @@ function index() entry({"admin", "vpn", "passwall", "auto_switch"}, cbi("passwall/auto_switch"), _("Auto Switch"), 3).leaf = true entry({"admin", "vpn", "passwall", "other"}, - cbi("passwall/other", {autoapply = true}), _("Other Settings"), 94).leaf = + cbi("passwall/other", {autoapply = true}), _("Other Settings"), 93).leaf = true if nixio.fs.access("/usr/sbin/haproxy") then - entry({"admin", "vpn", "passwall", "balancing"}, - cbi("passwall/balancing"), _("Load Balancing"), 95).leaf = true + entry({"admin", "vpn", "passwall", "haproxy"}, + cbi("passwall/haproxy"), _("Load Balancing"), 94).leaf = true end - entry({"admin", "vpn", "passwall", "rule"}, - cbi("passwall/rule"), _("Rule Update"), 96).leaf = + entry({"admin", "vpn", "passwall", "node_subscribe"}, + cbi("passwall/node_subscribe"), _("Node Subscribe"), 95).dependent = true + entry({"admin", "vpn", "passwall", "rule"}, cbi("passwall/rule"), + _("Rule Update"), 96).leaf = true entry({"admin", "vpn", "passwall", "acl"}, cbi("passwall/acl"), _("Access control"), 97).leaf = true entry({"admin", "vpn", "passwall", "log"}, form("passwall/log"), diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/acl.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/acl.lua index b53124e72f..b1279402af 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/acl.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/acl.lua @@ -124,8 +124,8 @@ if tonumber(udp_node_num) > 1 then for i = 1, udp_node_num, 1 do o:value(i, "UDP_" .. i) end end ----- Proxy Mode -o = s:option(ListValue, "proxy_mode", translate("Proxy Mode")) +---- TCP Proxy Mode +o = s:option(ListValue, "tcp_proxy_mode", "TCP" .. translate("Proxy Mode")) o.default = "default" o.rmempty = false o:value("default", translate("Default")) @@ -133,7 +133,17 @@ o:value("disable", translate("No Proxy")) o:value("global", translate("Global Proxy")) o:value("gfwlist", translate("GFW List")) o:value("chnroute", translate("China WhiteList")) --- o:value("gamemode", translate("Game Mode")) +o:value("returnhome", translate("Return Home")) + +---- UDP Proxy Mode +o = s:option(ListValue, "udp_proxy_mode", "UDP" .. translate("Proxy Mode")) +o.default = "default" +o.rmempty = false +o:value("default", translate("Default")) +o:value("disable", translate("No Proxy")) +o:value("global", translate("Global Proxy")) +o:value("gfwlist", translate("GFW List")) +o:value("chnroute", translate("Game Mode") .. "(" .. translate("China WhiteList") .. ")") o:value("returnhome", translate("Return Home")) ---- TCP No Redir Ports diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/global.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/global.lua index 954a5ae7c0..78ab289c89 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/global.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/global.lua @@ -20,19 +20,17 @@ uci:foreach(appname, "nodes", function(e) if type == nil then type = "" end local address = e.address if address == nil then address = "" end - --if (type == "V2ray_balancing" or type == "V2ray_shunt") or (address:match("[\u4e00-\u9fa5]") and address:find("%.") and address:sub(#address) ~= ".") then - if type and address and e.remarks then - if e.use_kcp and e.use_kcp == "1" then - n[e[".name"]] = "%s+%s:[%s] %s" % - { - translate(type), "Kcptun", e.remarks, address - } - else - n[e[".name"]] = "%s:[%s] %s" % - {translate(type), e.remarks, address} - end + -- if (type == "V2ray_balancing" or type == "V2ray_shunt") or (address:match("[\u4e00-\u9fa5]") and address:find("%.") and address:sub(#address) ~= ".") then + if type and address and e.remarks then + if e.use_kcp and e.use_kcp == "1" then + n[e[".name"]] = "%s+%s:[%s] %s" % + {translate(type), "Kcptun", e.remarks, address} + else + n[e[".name"]] = "%s:[%s] %s" % + {translate(type), e.remarks, address} end - --end + end + -- end end) local key_table = {} @@ -110,7 +108,7 @@ end o = s:option(Value, "up_china_dns", translate("China DNS Server") .. "(UDP)") -- o.description = translate("If you want to work with other DNS acceleration services, use the default.
Only use two at most, english comma separation, If you do not fill in the # and the following port, you are using port 53.") o.default = "default" -o:value("default", translate("default")) +o:value("default", translate("Default")) o:value("dnsbyisp", translate("dnsbyisp")) o:value("223.5.5.5", "223.5.5.5 (" .. translate("Ali") .. "DNS)") o:value("223.6.6.6", "223.6.6.6 (" .. translate("Ali") .. "DNS)") @@ -183,9 +181,9 @@ o:value("208.67.220.220", "208.67.220.220 (Open DNS)") o:depends("dns_mode", "pdnsd") o:depends("up_trust_chinadns_ng_dns", "pdnsd") ----- Default Proxy Mode -o = s:option(ListValue, "proxy_mode", - translate("Default") .. translate("Proxy Mode")) +---- TCP Default Proxy Mode +o = s:option(ListValue, "tcp_proxy_mode", + "TCP" .. translate("Default") .. translate("Proxy Mode")) -- o.description = translate("If not available, try clearing the cache.") o.default = "chnroute" o.rmempty = false @@ -193,12 +191,22 @@ o:value("disable", translate("No Proxy")) o:value("global", translate("Global Proxy")) o:value("gfwlist", translate("GFW List")) o:value("chnroute", translate("China WhiteList")) --- o:value("gamemode", translate("Game Mode")) o:value("returnhome", translate("Return Home")) ----- Localhost Proxy Mode -o = s:option(ListValue, "localhost_proxy_mode", - translate("Router Localhost") .. translate("Proxy Mode")) +---- UDP Default Proxy Mode +o = s:option(ListValue, "udp_proxy_mode", + "UDP" .. translate("Default") .. translate("Proxy Mode")) +o.default = "chnroute" +o.rmempty = false +o:value("disable", translate("No Proxy")) +o:value("global", translate("Global Proxy")) +o:value("gfwlist", translate("GFW List")) +o:value("chnroute", translate("Game Mode") .. "(" .. translate("China WhiteList") .. ")") +o:value("returnhome", translate("Return Home")) + +---- Localhost TCP Proxy Mode +o = s:option(ListValue, "localhost_tcp_proxy_mode", + translate("Router Localhost") .. "TCP" .. translate("Proxy Mode")) -- o.description = translate("The server client can also use this rule to scientifically surf the Internet.") o:value("default", translate("Default")) o:value("gfwlist", translate("GFW List")) @@ -207,6 +215,17 @@ o:value("global", translate("Global Proxy")) o.default = "default" o.rmempty = false +---- Localhost UDP Proxy Mode +o = s:option(ListValue, "localhost_udp_proxy_mode", + translate("Router Localhost") .. "UDP" .. translate("Proxy Mode")) +o:value("disable", translate("No Proxy")) +o:value("default", translate("Default")) +o:value("gfwlist", translate("GFW List")) +o:value("chnroute", translate("Game Mode") .. "(" .. translate("China WhiteList") .. ")") +o:value("global", translate("Global Proxy")) +o.default = "default" +o.rmempty = false + ---- Tips s:append(Template("passwall/global/tips")) diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/balancing.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/haproxy.lua similarity index 85% rename from package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/balancing.lua rename to package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/haproxy.lua index 2921cd133b..6475598b6f 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/balancing.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/haproxy.lua @@ -48,16 +48,9 @@ o = s:option(Value, "console_port", translate("Console Port"), translate( o.default = "1188" o:depends("balancing_enable", 1) ----- Haproxy Port -o = s:option(Value, "haproxy_port", translate("Haproxy Port"), - translate("Configure this node with 127.0.0.1: this port")) -o.default = "1181" -o:depends("balancing_enable", 1) - -- [[ Balancing Settings ]]-- -s = m:section(TypedSection, "balancing", translate("Load Balancing Setting"), - translate( - "Add a node, Export Of Multi WAN Only support Multi Wan. Load specific gravity range 1-256. Multiple primary servers can be load balanced, standby will only be enabled when the primary server is offline!")) +s = m:section(TypedSection, "haproxy_config", translate("Load Balancing Setting"), + "" .. translate("Add a node, Export Of Multi WAN Only support Multi Wan. Load specific gravity range 1-256. Multiple primary servers can be load balanced, standby will only be enabled when the primary server is offline! Multiple groups can be set, Haproxy port same one for each group.").."") s.template = "cbi/tblsection" s.sortable = true s.anonymous = true @@ -81,6 +74,10 @@ o:value("default", translate("Default")) o.default = "default" o.rmempty = false +---- Haproxy Port +o = s:option(Value, "haproxy_port", translate("Haproxy Port")) +o.rmempty = false + ---- Node Weight o = s:option(Value, "lbweight", translate("Node Weight")) o.default = "5" diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/node_subscribe.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/node_subscribe.lua new file mode 100644 index 0000000000..3fd2713e1a --- /dev/null +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/node_subscribe.lua @@ -0,0 +1,75 @@ +local e = require "nixio.fs" +local e = require "luci.sys" + +m = Map("passwall") + +-- [[ Subscribe Settings ]]-- +s = m:section(TypedSection, "global_subscribe", "") +s.anonymous = true + +---- Subscribe via proxy +o = s:option(Flag, "subscribe_proxy", translate("Subscribe via proxy")) +o.default = 0 +o.rmempty = false + +---- Enable auto update subscribe +o = s:option(Flag, "auto_update_subscribe", + translate("Enable auto update subscribe")) +o.default = 0 +o.rmempty = false + +---- Week update rules +o = s:option(ListValue, "week_update_subscribe", translate("Week update rules")) +o:value(7, translate("Every day")) +for e = 1, 6 do o:value(e, translate("Week") .. e) end +o:value(0, translate("Week") .. translate("day")) +o.default = 0 +o:depends("auto_update_subscribe", 1) + +---- Day update rules +o = s:option(ListValue, "time_update_subscribe", translate("Day update rules")) +for e = 0, 23 do o:value(e, e .. translate("oclock")) end +o.default = 0 +o:depends("auto_update_subscribe", 1) + +---- Manual subscription +o = s:option(Button, "_update", translate("Manual subscription")) +o.inputstyle = "apply" +function o.write(e, e) + luci.sys.call( + "lua /usr/share/passwall/subscribe.lua start log > /dev/null 2>&1 &") + luci.http.redirect(luci.dispatcher.build_url("admin", "vpn", "passwall", + "log")) +end + +---- Subscribe Delete All +o = s:option(Button, "_stop", translate("Delete All Subscribe Node")) +o.inputstyle = "remove" +function o.write(e, e) + luci.sys.call( + "lua /usr/share/passwall/subscribe.lua truncate log > /dev/null 2>&1 &") + luci.http.redirect(luci.dispatcher.build_url("admin", "vpn", "passwall", + "log")) +end + +s = m:section(TypedSection, "subscribe_list", "", + "" .. translate( + "Please input the subscription url first, save and submit before updating. If you subscribe to update, it is recommended to delete all subscriptions and then re-subscribe.") .. + "") +s.addremove = true +s.anonymous = true +s.sortable = true +s.template = "cbi/tblsection" + +o = s:option(Flag, "enabled", translate("Enabled")) +o.rmempty = false + +o = s:option(Value, "remark", translate("Subscribe Remark")) +o.width = "auto" +o.rmempty = false + +o = s:option(Value, "url", translate("Subscribe URL")) +o.width = "auto" +o.rmempty = false + +return m diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/rule.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/rule.lua index c0cfe54aa9..b58df3cb65 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/rule.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/rule.lua @@ -31,75 +31,6 @@ for e = 0, 23 do o:value(e, e .. translate("oclock")) end o.default = 0 o:depends("auto_update", 1) --- [[ Subscribe Settings ]]-- -s = m:section(TypedSection, "global_subscribe", translate("Node Subscribe"), - "" .. translate( - "Please input the subscription url first, save and submit before updating. If you subscribe to update, it is recommended to delete all subscriptions and then re-subscribe.") .. - "") -s.anonymous = true - ----- Subscribe via proxy -o = s:option(Flag, "subscribe_proxy", translate("Subscribe via proxy")) -o.default = 0 -o.rmempty = false - ----- Enable auto update subscribe -o = s:option(Flag, "auto_update_subscribe", - translate("Enable auto update subscribe")) -o.default = 0 -o.rmempty = false - ----- Week update rules -o = s:option(ListValue, "week_update_subscribe", translate("Week update rules")) -o:value(7, translate("Every day")) -for e = 1, 6 do o:value(e, translate("Week") .. e) end -o:value(0, translate("Week") .. translate("day")) -o.default = 0 -o:depends("auto_update_subscribe", 1) - ----- Day update rules -o = s:option(ListValue, "time_update_subscribe", translate("Day update rules")) -for e = 0, 23 do o:value(e, e .. translate("oclock")) end -o.default = 0 -o:depends("auto_update_subscribe", 1) - ----- Manual subscription -o = s:option(Button, "_update", translate("Manual subscription")) -o.inputstyle = "apply" -function o.write(e, e) - luci.sys.call( - "lua /usr/share/passwall/subscribe.lua start log > /dev/null 2>&1 &") - luci.http.redirect(luci.dispatcher.build_url("admin", "vpn", "passwall", - "log")) -end - ----- Subscribe Delete All -o = s:option(Button, "_stop", translate("Delete All Subscribe Node")) -o.inputstyle = "remove" -function o.write(e, e) - luci.sys.call( - "lua /usr/share/passwall/subscribe.lua truncate log > /dev/null 2>&1 &") - luci.http.redirect(luci.dispatcher.build_url("admin", "vpn", "passwall", - "log")) -end - -s = m:section(TypedSection, "subscribe_list") -s.addremove = true -s.anonymous = true -s.sortable = true -s.template = "cbi/tblsection" - -o = s:option(Flag, "enabled", translate("Enabled")) -o.rmempty = false - -o = s:option(Value, "remark", translate("Subscribe Remark")) -o.width = "auto" -o.rmempty = false - -o = s:option(Value, "url", translate("Subscribe URL")) -o.width = "auto" -o.rmempty = false - -- [[ App Settings ]]-- s = m:section(TypedSection, "global_app", translate("App Update"), "" .. diff --git a/package/lienol/luci-app-passwall/po/zh_Hans/passwall.po b/package/lienol/luci-app-passwall/po/zh_Hans/passwall.po index 18b2be91e5..b68895a402 100644 --- a/package/lienol/luci-app-passwall/po/zh_Hans/passwall.po +++ b/package/lienol/luci-app-passwall/po/zh_Hans/passwall.po @@ -490,8 +490,8 @@ msgstr "负载均衡端口" msgid "Load Balancing Setting" msgstr "负载均衡设置" -msgid "Add a node, Export Of Multi WAN Only support Multi Wan. Load specific gravity range 1-256. Multiple primary servers can be load balanced, standby will only be enabled when the primary server is offline!" -msgstr "添加节点,指定出口功能是为多WAN用户准备的。负载比重范围1-256。多个主服务器可以负载均衡,备用只有在主服务器离线时才会启用!" +msgid "Add a node, Export Of Multi WAN Only support Multi Wan. Load specific gravity range 1-256. Multiple primary servers can be load balanced, standby will only be enabled when the primary server is offline! Multiple groups can be set, Haproxy port same one for each group." +msgstr "添加节点,指定出口功能是为多WAN用户准备的。负载比重范围1-256。多个主服务器可以负载均衡,备用只有在主服务器离线时才会启用!可以设置多个组,负载均衡端口相同则为一组。" msgid "Node" msgstr "节点" diff --git a/package/lienol/luci-app-passwall/root/etc/config/passwall b/package/lienol/luci-app-passwall/root/etc/config/passwall index bab4f7bff8..4cfdff8b6b 100644 --- a/package/lienol/luci-app-passwall/root/etc/config/passwall +++ b/package/lienol/luci-app-passwall/root/etc/config/passwall @@ -8,8 +8,10 @@ config global option up_china_dns 'default' option dns_forward '8.8.4.4' option use_tcp_node_resolve_dns '1' - option proxy_mode 'chnroute' - option localhost_proxy_mode 'gfwlist' + option tcp_proxy_mode 'chnroute' + option udp_proxy_mode 'chnroute' + option localhost_tcp_proxy_mode 'gfwlist' + option localhost_udp_proxy_mode 'gfwlist' config global_haproxy option balancing_enable '0' diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh b/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh index 349a8c4150..43a6d62c66 100755 --- a/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh +++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh @@ -145,23 +145,22 @@ TCP_NODE_NUM=$(config_t_get global_other tcp_node_num 1) for i in $(seq 1 $TCP_NODE_NUM); do eval TCP_NODE$i=$(config_t_get global tcp_node$i nil) done +TCP_REDIR_PORT1=$(config_t_get global_forwarding tcp_redir_port 1041) +TCP_REDIR_PORT2=$(expr $TCP_REDIR_PORT1 + 1) +TCP_REDIR_PORT3=$(expr $TCP_REDIR_PORT2 + 1) UDP_NODE_NUM=$(config_t_get global_other udp_node_num 1) for i in $(seq 1 $UDP_NODE_NUM); do eval UDP_NODE$i=$(config_t_get global udp_node$i nil) done +UDP_REDIR_PORT1=$(config_t_get global_forwarding udp_redir_port 1051) +UDP_REDIR_PORT2=$(expr $UDP_REDIR_PORT1 + 1) +UDP_REDIR_PORT3=$(expr $UDP_REDIR_PORT2 + 1) SOCKS5_NODE_NUM=$(config_t_get global_other socks5_node_num 1) for i in $(seq 1 $SOCKS5_NODE_NUM); do eval SOCKS5_NODE$i=$(config_t_get global socks5_node$i nil) done - -TCP_REDIR_PORT1=$(config_t_get global_forwarding tcp_redir_port 1041) -TCP_REDIR_PORT2=$(expr $TCP_REDIR_PORT1 + 1) -TCP_REDIR_PORT3=$(expr $TCP_REDIR_PORT2 + 1) -UDP_REDIR_PORT1=$(config_t_get global_forwarding udp_redir_port 1051) -UDP_REDIR_PORT2=$(expr $UDP_REDIR_PORT1 + 1) -UDP_REDIR_PORT3=$(expr $UDP_REDIR_PORT2 + 1) SOCKS5_PROXY_PORT1=$(config_t_get global_forwarding socks5_proxy_port 1081) SOCKS5_PROXY_PORT2=$(expr $SOCKS5_PROXY_PORT1 + 1) SOCKS5_PROXY_PORT3=$(expr $SOCKS5_PROXY_PORT2 + 1) @@ -177,7 +176,12 @@ UDP_REDIR_PORTS=$(config_t_get global_forwarding udp_redir_ports '1:65535') TCP_NO_REDIR_PORTS=$(config_t_get global_forwarding tcp_no_redir_ports 'disable') UDP_NO_REDIR_PORTS=$(config_t_get global_forwarding udp_no_redir_ports 'disable') KCPTUN_REDIR_PORT=$(config_t_get global_forwarding kcptun_port 12948) -PROXY_MODE=$(config_t_get global proxy_mode chnroute) +TCP_PROXY_MODE=$(config_t_get global tcp_proxy_mode chnroute) +UDP_PROXY_MODE=$(config_t_get global udp_proxy_mode chnroute) +LOCALHOST_TCP_PROXY_MODE=$(config_t_get global localhost_tcp_proxy_mode default) +LOCALHOST_UDP_PROXY_MODE=$(config_t_get global localhost_udp_proxy_mode default) +[ "$LOCALHOST_TCP_PROXY_MODE" == "default" ] && LOCALHOST_TCP_PROXY_MODE=$TCP_PROXY_MODE +[ "$LOCALHOST_UDP_PROXY_MODE" == "default" ] && LOCALHOST_UDP_PROXY_MODE=$UDP_PROXY_MODE load_config() { [ "$ENABLED" != 1 ] && return 1 @@ -196,8 +200,6 @@ load_config() { else process=$(config_t_get global_forwarding process) fi - LOCALHOST_PROXY_MODE=$(config_t_get global localhost_proxy_mode default) - [ "$LOCALHOST_PROXY_MODE" == "default" ] && LOCALHOST_PROXY_MODE=$PROXY_MODE UP_CHINA_DNS=$(config_t_get global up_china_dns dnsbyisp) [ "$UP_CHINA_DNS" == "default" ] && IS_DEFAULT_CHINA_DNS=1 [ ! -f "$RESOLVFILE" -o ! -s "$RESOLVFILE" ] && RESOLVFILE=/tmp/resolv.conf.auto @@ -794,7 +796,7 @@ start_haproxy() { mkdir -p $HAPROXY_PATH local HAPROXY_FILE=$HAPROXY_PATH/config.cfg bport=$(config_t_get global_haproxy haproxy_port) - cat <<-EOF >$HAPROXY_FILE + cat <<-EOF > $HAPROXY_FILE global log 127.0.0.1 local2 chroot /usr/bin @@ -821,48 +823,51 @@ start_haproxy() { timeout check 10s maxconn 3000 - listen passwall - bind 0.0.0.0:$bport - mode tcp EOF - local count=$(uci show $CONFIG | grep "@balancing" | sed -n '$p' | cut -d '[' -f 2 | cut -d ']' -f 1) + + local ports=$(uci show $CONFIG | grep "@haproxy_config" | grep haproxy_port | cut -d "'" -f 2 | sort -u) + for p in $ports; do + cat <<-EOF >> $HAPROXY_FILE + listen $p + mode tcp + bind 0.0.0.0:$p + + EOF + done + + local count=$(uci show $CONFIG | grep "@haproxy_config" | sed -n '$p' | cut -d '[' -f 2 | cut -d ']' -f 1) [ -n "$count" ] && [ "$count" -ge 0 ] && { u_get() { - local ret=$(uci -q get $CONFIG.@balancing[$1].$2) + local ret=$(uci -q get $CONFIG.@haproxy_config[$1].$2) echo ${ret:=$3} } for i in $(seq 0 $count); do - enabled=$(u_get $i enabled 0) - [ "$enabled" == "0" ] && continue - bips=$(u_get $i lbss) - bports=$(u_get $i lbort) + local enabled=$(u_get $i enabled 0) + [ -z "$enabled" -o "$enabled" == "0" ] && continue + + local haproxy_port=$(u_get $i haproxy_port) + [ -z "$haproxy_port" ] && continue + + local bips=$(u_get $i lbss) + local bports=$(u_get $i lbort) if [ -z "$bips" ] || [ -z "$bports" ]; then - break + continue fi + local bip=$(echo $bips | awk -F ":" '{print $1}') local bport=$(echo $bips | awk -F ":" '{print $2}') [ "$bports" != "default" ] && bport=$bports - [ -z "$bport" ] && break + [ -z "$bport" ] && continue - bweight=$(u_get $i lbweight) - exports=$(u_get $i export) - bbackup=$(u_get $i backup) - if [ "$bbackup" = "1" ]; then - bbackup=" backup" - echolog "负载均衡:添加故障转移备节点:$bip" - else - bbackup="" - echolog "负载均衡:添加负载均衡主节点:$bip" - fi - #si=$(echo $bip | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}") - #if [ -z "$si" ]; then - # bip=$(resolveip -4 -t 2 $bip | awk 'NR==1{print}') - # if [ -z "$bip" ]; then - # bip=$(nslookup $bip localhost | sed '1,4d' | awk '{print $3}' | grep -v : | awk 'NR==1{print}') - # fi - # echolog "负载均衡${i} IP为:$bip" - #fi - echo " server $bip:$bport $bip:$bport weight $bweight check inter 1500 rise 1 fall 3 $bbackup" >> $HAPROXY_FILE + local line=$(cat $HAPROXY_FILE | grep -n "bind 0.0.0.0:$haproxy_port" | awk -F ":" '{print $1}') + [ -z "$line" ] && continue + + local bweight=$(u_get $i lbweight) + local exports=$(u_get $i export) + local backup=$(u_get $i backup) + local bbackup="" + [ "$backup" = "1" ] && bbackup="backup" + sed -i "${line}i \ \ \ \ server $bip:$bport $bip:$bport weight $bweight check inter 1500 rise 1 fall 3 $bbackup" $HAPROXY_FILE if [ "$exports" != "0" ]; then failcount=0 while [ "$failcount" -lt "3" ]; do @@ -881,22 +886,23 @@ start_haproxy() { fi done } - #生成负载均衡控制台 - console_port=$(config_t_get global_haproxy console_port) - console_user=$(config_t_get global_haproxy console_user) - console_password=$(config_t_get global_haproxy console_password) + + # 控制台配置 + local console_port=$(config_t_get global_haproxy console_port) + local console_user=$(config_t_get global_haproxy console_user) + local console_password=$(config_t_get global_haproxy console_password) local auth="" [ -n "$console_user" -a -n "console_password" ] && auth="stats auth $console_user:$console_password" cat <<-EOF >> $HAPROXY_FILE - - listen status + listen console bind 0.0.0.0:$console_port mode http stats refresh 30s stats uri / stats admin if TRUE - $auth + $auth EOF + ln_start_bin $haproxy_bin haproxy "-f $HAPROXY_FILE" } } diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/config.default b/package/lienol/luci-app-passwall/root/usr/share/passwall/config.default index 76afb424a9..48bb43f40d 100644 --- a/package/lienol/luci-app-passwall/root/usr/share/passwall/config.default +++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/config.default @@ -8,8 +8,10 @@ config global option up_china_dns 'default' option dns_forward '8.8.4.4' option use_tcp_node_resolve_dns '1' - option proxy_mode 'chnroute' - option localhost_proxy_mode 'gfwlist' + option tcp_proxy_mode 'chnroute' + option udp_proxy_mode 'chnroute' + option localhost_tcp_proxy_mode 'gfwlist' + option localhost_udp_proxy_mode 'gfwlist' config global_haproxy option balancing_enable '0' diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh b/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh index 0e64e1be87..b0e266f68c 100755 --- a/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh +++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh @@ -15,6 +15,8 @@ FWI=$(uci -q get firewall.passwall.path 2>/dev/null) factor() { if [ -z "$1" ] || [ -z "$2" ]; then echo "" + elif [ "$1" == "1:65535" ]; then + echo "" else echo "$2 $1" fi @@ -53,9 +55,6 @@ get_action_chain() { chnroute) echo "PSW_CHN" ;; - gamemode) - echo "PSW_GAME" - ;; returnhome) echo "PSW_HOME" ;; @@ -76,9 +75,6 @@ get_action_chain_name() { chnroute) echo "大陆白名单" ;; - gamemode) - echo "游戏" - ;; returnhome) echo "回国" ;; @@ -112,14 +108,16 @@ load_acl() { local remarks=$(u_get $i remarks) local ip=$(u_get $i ip) local mac=$(u_get $i mac) - local proxy_mode=$(u_get $i proxy_mode default) + local tcp_proxy_mode=$(u_get $i tcp_proxy_mode default) + local udp_proxy_mode=$(u_get $i udp_proxy_mode default) local tcp_node=$(u_get $i tcp_node 1) local udp_node=$(u_get $i udp_node 1) local tcp_no_redir_ports=$(u_get $i tcp_no_redir_ports default) local udp_no_redir_ports=$(u_get $i udp_no_redir_ports default) local tcp_redir_ports=$(u_get $i tcp_redir_ports default) local udp_redir_ports=$(u_get $i udp_redir_ports default) - [ "$proxy_mode" = "default" ] && proxy_mode=$PROXY_MODE + [ "$tcp_proxy_mode" = "default" ] && tcp_proxy_mode=$TCP_PROXY_MODE + [ "$udp_proxy_mode" = "default" ] && udp_proxy_mode=$UDP_PROXY_MODE [ "$TCP_NODE_NUM" == "1" ] && tcp_node=1 [ "$UDP_NODE_NUM" == "1" ] && udp_node=1 [ "$tcp_no_redir_ports" = "default" ] && tcp_no_redir_ports=$TCP_NO_REDIR_PORTS @@ -128,42 +126,35 @@ load_acl() { [ "$udp_redir_ports" = "default" ] && udp_redir_ports=$UDP_REDIR_PORTS eval TCP_NODE=\$TCP_NODE$tcp_node eval UDP_NODE=\$UDP_NODE$udp_node - [ -n "$proxy_mode" ] && { - if [ -n "$ip" ] || [ -n "$mac" ]; then - if [ -n "$ip" -a -n "$mac" ]; then - echolog "访问控制:IP:$ip,MAC:$mac,使用TCP_${tcp_node}节点,UDP_${udp_node}节点,$(get_action_chain_name $proxy_mode)" - else - [ -n "$ip" ] && echolog "访问控制:IP:$ip,使用TCP_${tcp_node}节点,UDP_${udp_node}节点,$(get_action_chain_name $proxy_mode)" - [ -n "$mac" ] && echolog "访问控制:MAC:$mac,使用TCP_${tcp_node}节点,UDP_${udp_node}节点,$(get_action_chain_name $proxy_mode)" - fi - - if [ "$proxy_mode" == "disable" ]; then - $ipt_n -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp $(comment "$remarks") -j RETURN - $ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp $(comment "$remarks") -j RETURN - else - [ "$TCP_NODE" != "nil" ] && { - eval TCP_NODE_TYPE=$(echo $(config_n_get $TCP_NODE type) | tr 'A-Z' 'a-z') - if [ "$TCP_NODE_TYPE" == "brook" -a "$(config_n_get $TCP_NODE brook_protocol client)" == "client" ]; then - [ "$tcp_no_redir_ports" != "disable" ] && $ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp -m multiport --dport $tcp_no_redir_ports -j RETURN - eval tcp_redir_port=\$TCP_REDIR_PORT$tcp_node - $ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp $(factor $tcp_redir_ports "-m multiport --dport") $(comment "$remarks") -$(get_jump_mode $proxy_mode) $(get_action_chain $proxy_mode)$tcp_node - $ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp $(comment "$remarks") -j RETURN - else - [ "$tcp_no_redir_ports" != "disable" ] && $ipt_n -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp -m multiport --dport $tcp_no_redir_ports -j RETURN - eval tcp_redir_port=\$TCP_REDIR_PORT$tcp_node - $ipt_n -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp $(factor $tcp_redir_ports "-m multiport --dport") $(comment "$remarks") -$(get_jump_mode $proxy_mode) $(get_action_chain $proxy_mode)$tcp_node - $ipt_n -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp $(comment "$remarks") -j RETURN - fi - } - [ "$UDP_NODE" != "nil" ] && { - [ "$udp_no_redir_ports" != "disable" ] && $ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp -m multiport --dport $udp_no_redir_ports -j RETURN - eval udp_redir_port=\$UDP_REDIR_PORT$udp_node - $ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp $(factor $udp_redir_ports "-m multiport --dport") $(comment "$remarks") -$(get_jump_mode $proxy_mode) $(get_action_chain $proxy_mode)$udp_node - $ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp $(comment "$remarks") -j RETURN - } - fi + if [ -n "$ip" ] || [ -n "$mac" ]; then + if [ -n "$ip" -a -n "$mac" ]; then + echolog "访问控制:IP:$ip,MAC:$mac,使用TCP_${tcp_node}节点,UDP_${udp_node}节点,TCP模式:$(get_action_chain_name $tcp_proxy_mode),UDP模式:$(get_action_chain_name $udp_proxy_mode)" + else + [ -n "$ip" ] && echolog "访问控制:IP:$ip,使用TCP_${tcp_node}节点,UDP_${udp_node}节点,TCP模式:$(get_action_chain_name $tcp_proxy_mode),UDP模式:$(get_action_chain_name $udp_proxy_mode)" + [ -n "$mac" ] && echolog "访问控制:MAC:$mac,使用TCP_${tcp_node}节点,UDP_${udp_node}节点,TCP模式:$(get_action_chain_name $tcp_proxy_mode),UDP模式:$(get_action_chain_name $udp_proxy_mode)" fi - } + + [ "$tcp_proxy_mode" != "disable" ] && { + [ "$TCP_NODE" != "nil" ] && { + local ipt_tmp=$ipt_n + eval TCP_NODE_TYPE=$(echo $(config_n_get $TCP_NODE type) | tr 'A-Z' 'a-z') + [ "$TCP_NODE_TYPE" == "brook" -a "$(config_n_get $TCP_NODE brook_protocol client)" == "client" ] && ipt_tmp=$ipt_m + [ "$tcp_no_redir_ports" != "disable" ] && $ipt_tmp -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp -m multiport --dport $tcp_no_redir_ports -j RETURN + #eval tcp_redir_port=\$TCP_REDIR_PORT$tcp_node + $ipt_tmp -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp $(factor $tcp_redir_ports "-m multiport --dport") $(comment "$remarks") -$(get_jump_mode $tcp_proxy_mode) $(get_action_chain $tcp_proxy_mode)$tcp_node + } + } + $ipt_n -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp $(comment "$remarks") -j RETURN + + [ "$udp_proxy_mode" != "disable" ] && { + [ "$UDP_NODE" != "nil" ] && { + [ "$udp_no_redir_ports" != "disable" ] && $ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp -m multiport --dport $udp_no_redir_ports -j RETURN + #eval udp_redir_port=\$UDP_REDIR_PORT$udp_node + $ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp $(factor $udp_redir_ports "-m multiport --dport") $(comment "$remarks") -$(get_jump_mode $udp_proxy_mode) $(get_action_chain $udp_proxy_mode)$udp_node + } + } + $ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp $(comment "$remarks") -j RETURN + fi done } } @@ -285,26 +276,23 @@ add_firewall_rule() { $ipt_n -N PSW_GFW$i $ipt_n -N PSW_CHN$i $ipt_n -N PSW_HOME$i - #$ipt_n -N PSW_GAME$i $ipt_m -N PSW_GLO$i $ipt_m -N PSW_GFW$i $ipt_m -N PSW_CHN$i $ipt_m -N PSW_HOME$i - #$ipt_m -N PSW_GAME$i done ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 fi fi - if [ "$SOCKS5_NODE_NUM" -ge 1 ]; then - for k in $(seq 1 $SOCKS5_NODE_NUM); do - eval node=\$SOCKS5_NODE$k - [ "$node" != "nil" ] && filter_node $node - done - fi + for k in $(seq 1 $SOCKS5_NODE_NUM); do + eval node=\$SOCKS5_NODE$k + [ "$node" != "nil" ] && filter_node $node + done + # 加载TCP防火墙 if [ "$TCP_NODE_NUM" -ge 1 ]; then for k in $(seq 1 $TCP_NODE_NUM); do eval node=\$TCP_NODE$k @@ -336,9 +324,6 @@ add_firewall_rule() { # 回国模式 $ipt_m -A PSW_HOME$k -p tcp $(dst $IPSET_BLACKLIST) -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port $ipt_m -A PSW_HOME$k -p tcp $(dst $IPSET_CHN) -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port - - # 游戏模式 - # $ipt_m -A PSW_GAME$k -p tcp $(dst $IPSET_CHN) -j RETURN else # 全局模式 $ipt_n -A PSW_GLO$k -p tcp $(dst $IPSET_BLACKLIST) -j REDIRECT --to-ports $local_port @@ -357,9 +342,6 @@ add_firewall_rule() { $ipt_n -A PSW_HOME$k -p tcp $(dst $IPSET_BLACKLIST) -j REDIRECT --to-ports $local_port $ipt_n -A PSW_HOME$k -p tcp $(dst $IPSET_CHN) -j REDIRECT --to-ports $local_port #$ipt_n -A PSW_HOME$k -p tcp -m geoip --destination-country CN -j REDIRECT --to-ports $local_port - - # 游戏模式 - # $ipt_n -A PSW_GAME$k -p tcp $(dst $IPSET_CHN) -j RETURN fi [ "$k" == 1 ] && { @@ -367,8 +349,10 @@ add_firewall_rule() { [ "$use_tcp_node_resolve_dns" == 1 -a -n "$DNS_FORWARD" ] && { for dns in $DNS_FORWARD do - local dns_ip=$(echo $dns | awk -F "#" '{print $1}') - local dns_port=$(echo $dns | awk -F "#" '{print $2}') + local dns_ip=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $1}') + ipset test $IPSET_LANIPLIST $dns_ip 2>/dev/null + [ $? == 0 ] && continue + local dns_port=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $2}') [ -z "$dns_port" ] && dns_port=53 $ipt_m -I PSW 2 -p tcp -d $dns_ip --dport $dns_port -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port done @@ -377,9 +361,9 @@ add_firewall_rule() { $ipt_m -A OUTPUT -p tcp -j PSW_OUTPUT [ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_m -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN $ipt_m -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS $(dst $IPSET_BLACKLIST) $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j MARK --set-mark 1 - [ "$LOCALHOST_PROXY_MODE" == "global" ] && $ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j MARK --set-mark 1 - [ "$LOCALHOST_PROXY_MODE" == "gfwlist" ] && $ipt_m -A PSW_OUTPUT -p tcp $(dst $IPSET_GFW) $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j MARK --set-mark 1 - [ "$LOCALHOST_PROXY_MODE" == "chnroute" ] && $ipt_m -A PSW_OUTPUT -p tcp -m set ! --match-set $IPSET_CHN dst $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j MARK --set-mark 1 + [ "$LOCALHOST_TCP_PROXY_MODE" == "global" ] && $ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j MARK --set-mark 1 + [ "$LOCALHOST_TCP_PROXY_MODE" == "gfwlist" ] && $ipt_m -A PSW_OUTPUT -p tcp $(dst $IPSET_GFW) $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j MARK --set-mark 1 + [ "$LOCALHOST_TCP_PROXY_MODE" == "chnroute" ] && $ipt_m -A PSW_OUTPUT -p tcp -m set ! --match-set $IPSET_CHN dst $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j MARK --set-mark 1 else # 用于本机流量转发 $ipt_n -A OUTPUT -p tcp -j PSW_OUTPUT @@ -387,6 +371,8 @@ add_firewall_rule() { for dns in $DNS_FORWARD do local dns_ip=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $1}') + ipset test $IPSET_LANIPLIST $dns_ip 2>/dev/null + [ $? == 0 ] && continue local dns_port=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $2}') [ -z "$dns_port" ] && dns_port=53 local ADD_INDEX=2 @@ -394,7 +380,7 @@ add_firewall_rule() { done } [ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_n -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN - $ipt_n -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j $(get_action_chain $LOCALHOST_PROXY_MODE)1 + $ipt_n -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j $(get_action_chain $LOCALHOST_TCP_PROXY_MODE)1 fi # 重定所有流量到透明代理端口 # $ipt_n -A PSW -p tcp -m ttl --ttl-eq $ttl -j REDIRECT --to $local_port @@ -435,9 +421,10 @@ add_firewall_rule() { PR_INDEX=$($ipt_n -L PREROUTING --line-numbers | grep "prerouting_rule" | sed -n '$p' | awk '{print $1}') [ -n "$PR_INDEX" ] && PRE_INDEX=$(expr $PR_INDEX + 1) fi - $ipt_n -I PREROUTING $PRE_INDEX -j PSW + $ipt_n -I PREROUTING $PRE_INDEX -p tcp -j PSW fi + # 加载UDP防火墙 if [ "$UDP_NODE_NUM" -ge 1 ]; then for k in $(seq 1 $UDP_NODE_NUM); do eval node=\$UDP_NODE$k @@ -462,10 +449,6 @@ add_firewall_rule() { # 回国模式 $ipt_m -A PSW_HOME$k -p udp $(dst $IPSET_BLACKLIST) -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port $ipt_m -A PSW_HOME$k -p udp $(dst $IPSET_CHN) -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port - - # 游戏模式 - # $ipt_m -A PSW_GAME$k -p udp $(dst $IPSET_BLACKLIST) -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port - # $ipt_m -A PSW_GAME$k -p udp $(dst $IPSET_CHN !) -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port [ "$k" == 1 ] && { # 用于本机流量转发 @@ -474,6 +457,8 @@ add_firewall_rule() { for dns in $DNS_FORWARD do local dns_ip=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $1}') + ipset test $IPSET_LANIPLIST $dns_ip 2>/dev/null + [ $? == 0 ] && continue local dns_port=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $2}') [ -z "$dns_port" ] && dns_port=53 local ADD_INDEX=2 @@ -484,9 +469,9 @@ add_firewall_rule() { [ "$UDP_NO_REDIR_PORTS" != "disable" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS $(dst $IPSET_BLACKLIST) -j MARK --set-mark 1 - [ "$LOCALHOST_PROXY_MODE" == "global" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS -j MARK --set-mark 1 - [ "$LOCALHOST_PROXY_MODE" == "gfwlist" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS $(dst $IPSET_GFW) -j MARK --set-mark 1 - [ "$LOCALHOST_PROXY_MODE" == "chnroute" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS -m set ! --match-set $IPSET_CHN dst -j MARK --set-mark 1 + [ "$LOCALHOST_UDP_PROXY_MODE" == "global" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS -j MARK --set-mark 1 + [ "$LOCALHOST_UDP_PROXY_MODE" == "gfwlist" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS $(dst $IPSET_GFW) -j MARK --set-mark 1 + [ "$LOCALHOST_UDP_PROXY_MODE" == "chnroute" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS -m set ! --match-set $IPSET_CHN dst -j MARK --set-mark 1 } fi done @@ -497,50 +482,39 @@ add_firewall_rule() { # 加载ACLS load_acl - # 加载默认代理模式 - if [ "$PROXY_MODE" == "disable" ]; then - [ "$TCP_NODE1" != "nil" ] && $ipt_n -A PSW_ACL -p tcp $(comment "Default") -j $(get_action_chain $PROXY_MODE) - [ "$UDP_NODE1" != "nil" ] && $ipt_m -A PSW_ACL -p udp $(comment "Default") -j $(get_action_chain $PROXY_MODE) - else + # 加载TCP默认代理模式 + [ "$TCP_PROXY_MODE" != "disable" ] && { [ "$TCP_NODE1" != "nil" ] && { + local ipt_tmp=$ipt_n local TCP_NODE_TYPE1=$(echo $(config_n_get $TCP_NODE1 type) | tr 'A-Z' 'a-z') - if [ "$TCP_NODE_TYPE1" == "brook" -a "$(config_n_get $TCP_NODE1 brook_protocol client)" == "client" ]; then - [ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_m -A PSW_ACL -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS $(comment "Default") -j RETURN - $ipt_m -A PSW_ACL -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(comment "Default") -j $(get_action_chain $PROXY_MODE)1 - else - [ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_n -A PSW_ACL -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS $(comment "Default") -j RETURN - $ipt_n -A PSW_ACL -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(comment "Default") -j $(get_action_chain $PROXY_MODE)1 - fi + [ "$TCP_NODE_TYPE1" == "brook" -a "$(config_n_get $TCP_NODE1 brook_protocol client)" == "client" ] && ipt_tmp=$ipt_m + [ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_tmp -A PSW_ACL -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS $(comment "Default") -j RETURN + $ipt_tmp -A PSW_ACL -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(comment "Default") -j $(get_action_chain $TCP_PROXY_MODE)1 } + } + $ipt_n -A PSW_ACL -p tcp $(comment "Default") -j RETURN + echolog "TCP默认代理模式:$(get_action_chain_name $TCP_PROXY_MODE)" + + # 加载UDP默认代理模式 + [ "$UDP_PROXY_MODE" == "disable" ] && { [ "$UDP_NODE1" != "nil" ] && { [ "$UDP_NO_REDIR_PORTS" != "disable" ] && $ipt_m -A PSW_ACL -p udp -m multiport --dport $UDP_NO_REDIR_PORTS $(comment "Default") -j RETURN - $ipt_m -A PSW_ACL -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(comment "Default") -j $(get_action_chain $PROXY_MODE)1 + $ipt_m -A PSW_ACL -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(comment "Default") -j $(get_action_chain $UDP_PROXY_MODE)1 } - fi + } + $ipt_m -A PSW_ACL -p udp $(comment "Default") -j RETURN + echolog "UDP默认代理模式:$(get_action_chain_name $UDP_PROXY_MODE)" # 过滤所有节点IP filter_vpsip - dns_hijack "force" + # dns_hijack "force" - echolog "默认代理模式:$(get_action_chain_name $PROXY_MODE)" echolog "防火墙规则加载完成!" } del_firewall_rule() { - ipv6_output_ss_exist=$($ip6t_n -n -L OUTPUT 2>/dev/null | grep -c "PSW") - [ -n "$ipv6_output_ss_exist" ] && { - until [ "$ipv6_output_ss_exist" = 0 ]; do - rules=$($ip6t_n -n -L OUTPUT --line-numbers | grep "PSW" | awk '{print $1}') - for rule in $rules; do - $ip6t_n -D OUTPUT $rule 2>/dev/null - break - done - ipv6_output_ss_exist=$(expr $ipv6_output_ss_exist - 1) - done - } - - $ipt_n -D PREROUTING -j PSW 2>/dev/null + $ipt_n -D PREROUTING -p tcp -j PSW 2>/dev/null $ipt_n -D OUTPUT -p tcp -j PSW_OUTPUT 2>/dev/null $ipt_n -F PSW 2>/dev/null && $ipt_n -X PSW 2>/dev/null $ipt_n -F PSW_ACL 2>/dev/null && $ipt_n -X PSW_ACL 2>/dev/null @@ -559,19 +533,15 @@ del_firewall_rule() { $ip6t_n -F PSW_ACL 2>/dev/null && $ip6t_n -X PSW_ACL 2>/dev/null $ip6t_n -F PSW_OUTPUT 2>/dev/null && $ip6t_n -X PSW_OUTPUT 2>/dev/null - local max_num=3 - for i in $(seq 1 $max_num); do - local k=$i + for k in $(seq 1 3); do $ipt_n -F PSW_GLO$k 2>/dev/null && $ipt_n -X PSW_GLO$k 2>/dev/null $ipt_n -F PSW_GFW$k 2>/dev/null && $ipt_n -X PSW_GFW$k 2>/dev/null $ipt_n -F PSW_CHN$k 2>/dev/null && $ipt_n -X PSW_CHN$k 2>/dev/null - $ipt_n -F PSW_GAME$k 2>/dev/null && $ipt_n -X PSW_GAME$k 2>/dev/null $ipt_n -F PSW_HOME$k 2>/dev/null && $ipt_n -X PSW_HOME$k 2>/dev/null $ipt_m -F PSW_GLO$k 2>/dev/null && $ipt_m -X PSW_GLO$k 2>/dev/null $ipt_m -F PSW_GFW$k 2>/dev/null && $ipt_m -X PSW_GFW$k 2>/dev/null $ipt_m -F PSW_CHN$k 2>/dev/null && $ipt_m -X PSW_CHN$k 2>/dev/null - $ipt_m -F PSW_GAME$k 2>/dev/null && $ipt_m -X PSW_GAME$k 2>/dev/null $ipt_m -F PSW_HOME$k 2>/dev/null && $ipt_m -X PSW_HOME$k 2>/dev/null $ip6t_n -F PSW_GLO$k 2>/dev/null && $ip6t_n -X PSW_GLO$k 2>/dev/null @@ -587,7 +557,7 @@ del_firewall_rule() { ipset -F $IPSET_VPSIPLIST >/dev/null 2>&1 && ipset -X $IPSET_VPSIPLIST >/dev/null 2>&1 & #ipset -F $IPSET_GFW >/dev/null 2>&1 && ipset -X $IPSET_GFW >/dev/null 2>&1 & #ipset -F $IPSET_CHN >/dev/null 2>&1 && ipset -X $IPSET_CHN >/dev/null 2>&1 & - ipset -F $IPSET_BLACKLIST >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST >/dev/null 2>&1 & + #ipset -F $IPSET_BLACKLIST >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST >/dev/null 2>&1 & ipset -F $IPSET_WHITELIST >/dev/null 2>&1 && ipset -X $IPSET_WHITELIST >/dev/null 2>&1 & #echolog "删除相关防火墙规则完成。" } diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/rules/chnlist b/package/lienol/luci-app-passwall/root/usr/share/passwall/rules/chnlist index 121ae0a882..693e49f783 100644 --- a/package/lienol/luci-app-passwall/root/usr/share/passwall/rules/chnlist +++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/rules/chnlist @@ -72558,4 +72558,4 @@ zzzyk.com zzzzaaaa.com zzzzhong.com zzzzllee.com -zzzzmall.com \ No newline at end of file +zzzzmall.com