luci-app-passwall: bug fixes

Signed-off-by: CN_SZTL <cnsztl@project-openwrt.eu.org>
2021-01-11 18:21:35 +08:00 · 2021-01-11 18:21:35 +08:00 · 9278a7282a
commit 9278a7282a
parent 44020663f1
2 changed files with 33 additions and 11 deletions
--- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/app.lua
+++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/app.lua
@ -35,9 +35,13 @@ end

 local function gen_include()
    cmd(string.format("echo '#!/bin/sh' > /var/etc/%s.include", CONFIG))
-    local function extract_rules(a)
+    local function extract_rules(n, a)
+        local _ipt = "iptables"
+        if n == "6" then
+            _ipt = "ip6tables"
+        end
        local result = "*" .. a
-        result = result .. "\n" .. sys.exec('iptables-save -t ' .. a .. ' | grep "PSW-SERVER" | sed -e "s/^-A \\(INPUT\\)/-I \\1 1/"')
+        result = result .. "\n" .. sys.exec(_ipt .. '-save -t ' .. a .. ' | grep "PSW-SERVER" | sed -e "s/^-A \\(INPUT\\)/-I \\1 1/"')
        result = result .. "COMMIT"
        return result
    end
@ -45,7 +49,11 @@ local function gen_include()
    if f and err == nil then
        f:write('iptables-save -c | grep -v "PSW-SERVER" | iptables-restore -c' .. "\n")
        f:write('iptables-restore -n <<-EOT' .. "\n")
-        f:write(extract_rules("filter") .. "\n")
+        f:write(extract_rules("4", "filter") .. "\n")
+        f:write("EOT" .. "\n")
+        f:write('ip6tables-save -c | grep -v "PSW-SERVER" | ip6tables-restore -c' .. "\n")
+        f:write('ip6tables-restore -n <<-EOT' .. "\n")
+        f:write(extract_rules("6", "filter") .. "\n")
        f:write("EOT" .. "\n")
        f:close()
    end
@ -60,6 +68,8 @@ local function start()
    cmd(string.format("touch %s", LOG_APP_FILE))
    cmd("iptables -N PSW-SERVER")
    cmd("iptables -I INPUT -j PSW-SERVER")
+    cmd("ip6tables -N PSW-SERVER")
+    cmd("ip6tables -I INPUT -j PSW-SERVER")
    ucic:foreach(CONFIG, "user", function(user)
        local id = user[".name"]
        local enable = user.enable
@ -136,8 +146,10 @@ local function start()
            local bind_local = user.bind_local or 0
            if bind_local and tonumber(bind_local) ~= 1 then
                cmd(string.format('iptables -A PSW-SERVER -p tcp --dport %s -m comment --comment "%s" -j ACCEPT', port, remarks))
+                cmd(string.format('ip6tables -A PSW-SERVER -p tcp --dport %s -m comment --comment "%s" -j ACCEPT', port, remarks))
                if udp_forward == 1 then
                    cmd(string.format('iptables -A PSW-SERVER -p udp --dport %s -m comment --comment "%s" -j ACCEPT', port, remarks))
+                    cmd(string.format('ip6tables -A PSW-SERVER -p udp --dport %s -m comment --comment "%s" -j ACCEPT', port, remarks))
                end 
            end
        end
@ -150,6 +162,9 @@ local function stop()
    cmd("iptables -D INPUT -j PSW-SERVER 2>/dev/null")
    cmd("iptables -F PSW-SERVER 2>/dev/null")
    cmd("iptables -X PSW-SERVER 2>/dev/null")
+    cmd("ip6tables -D INPUT -j PSW-SERVER 2>/dev/null")
+    cmd("ip6tables -F PSW-SERVER 2>/dev/null")
+    cmd("ip6tables -X PSW-SERVER 2>/dev/null")
    cmd(string.format("rm -rf %s %s /var/etc/%s.include", CONFIG_PATH, LOG_APP_FILE, CONFIG))
 end

--- a/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh
+++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh
@ -926,14 +926,21 @@ add_dnsmasq() {
 		}
 		
 		#分流规则
-		fwd_dns="${TUN_DNS}"
-		#如果使用chnlist直接使用默认DNS
-		[ "${USE_CHNLIST}" = "1" ] && unset fwd_dns
-		local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
-		for shunt_id in $shunt_ids; do
-			config_n_get $shunt_id domain_list | tr -s "\r\n" "\n" | gen_dnsmasq_items "shuntlist" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/shunt_host.conf"
-			echolog "  - [$?]$shunt_id分流规则(shuntlist)：${fwd_dns:-默认}"
-		done
+		[ "$(config_n_get $TCP_NODE protocol)" = "_shunt" ] && {
+			fwd_dns="${TUN_DNS}"
+			#如果使用chnlist直接使用默认DNS
+			[ "${USE_CHNLIST}" = "1" ] && unset fwd_dns
+			local default_node_id=$(config_n_get $TCP_NODE default_node nil)
+			local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
+			for shunt_id in $shunt_ids; do
+				local shunt_node_id=$(config_n_get $TCP_NODE ${shunt_id} nil)
+				[ "$shunt_node_id" = "nil" ] && continue
+				local shunt_node=$(config_n_get $shunt_node_id address nil)
+				[ "$shunt_node" = "nil" ] && continue
+				config_n_get $shunt_id domain_list | tr -s "\r\n" "\n" | gen_dnsmasq_items "shuntlist" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/shunt_host.conf"
+				echolog "  - [$?]$shunt_id分流规则(shuntlist)：${fwd_dns:-默认}"
+			done
+		}

 		#始终使用远程DNS解析代理（黑名单）列表
 		fwd_dns="${TUN_DNS}"