From 9278a7282a6be8ddfa083efeaf74cd4c6b063e39 Mon Sep 17 00:00:00 2001 From: xiaorouji <60100640+xiaorouji@users.noreply.github.com> Date: Mon, 11 Jan 2021 18:21:35 +0800 Subject: [PATCH] luci-app-passwall: bug fixes Signed-off-by: CN_SZTL --- .../model/cbi/passwall/server/api/app.lua | 21 ++++++++++++++--- .../root/usr/share/passwall/app.sh | 23 ++++++++++++------- 2 files changed, 33 insertions(+), 11 deletions(-) diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/app.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/app.lua index a44744fbcf..dd9e62994c 100755 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/app.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/app.lua @@ -35,9 +35,13 @@ end local function gen_include() cmd(string.format("echo '#!/bin/sh' > /var/etc/%s.include", CONFIG)) - local function extract_rules(a) + local function extract_rules(n, a) + local _ipt = "iptables" + if n == "6" then + _ipt = "ip6tables" + end local result = "*" .. a - result = result .. "\n" .. sys.exec('iptables-save -t ' .. a .. ' | grep "PSW-SERVER" | sed -e "s/^-A \\(INPUT\\)/-I \\1 1/"') + result = result .. "\n" .. sys.exec(_ipt .. '-save -t ' .. a .. ' | grep "PSW-SERVER" | sed -e "s/^-A \\(INPUT\\)/-I \\1 1/"') result = result .. "COMMIT" return result end @@ -45,7 +49,11 @@ local function gen_include() if f and err == nil then f:write('iptables-save -c | grep -v "PSW-SERVER" | iptables-restore -c' .. "\n") f:write('iptables-restore -n <<-EOT' .. "\n") - f:write(extract_rules("filter") .. "\n") + f:write(extract_rules("4", "filter") .. "\n") + f:write("EOT" .. "\n") + f:write('ip6tables-save -c | grep -v "PSW-SERVER" | ip6tables-restore -c' .. "\n") + f:write('ip6tables-restore -n <<-EOT' .. "\n") + f:write(extract_rules("6", "filter") .. "\n") f:write("EOT" .. "\n") f:close() end @@ -60,6 +68,8 @@ local function start() cmd(string.format("touch %s", LOG_APP_FILE)) cmd("iptables -N PSW-SERVER") cmd("iptables -I INPUT -j PSW-SERVER") + cmd("ip6tables -N PSW-SERVER") + cmd("ip6tables -I INPUT -j PSW-SERVER") ucic:foreach(CONFIG, "user", function(user) local id = user[".name"] local enable = user.enable @@ -136,8 +146,10 @@ local function start() local bind_local = user.bind_local or 0 if bind_local and tonumber(bind_local) ~= 1 then cmd(string.format('iptables -A PSW-SERVER -p tcp --dport %s -m comment --comment "%s" -j ACCEPT', port, remarks)) + cmd(string.format('ip6tables -A PSW-SERVER -p tcp --dport %s -m comment --comment "%s" -j ACCEPT', port, remarks)) if udp_forward == 1 then cmd(string.format('iptables -A PSW-SERVER -p udp --dport %s -m comment --comment "%s" -j ACCEPT', port, remarks)) + cmd(string.format('ip6tables -A PSW-SERVER -p udp --dport %s -m comment --comment "%s" -j ACCEPT', port, remarks)) end end end @@ -150,6 +162,9 @@ local function stop() cmd("iptables -D INPUT -j PSW-SERVER 2>/dev/null") cmd("iptables -F PSW-SERVER 2>/dev/null") cmd("iptables -X PSW-SERVER 2>/dev/null") + cmd("ip6tables -D INPUT -j PSW-SERVER 2>/dev/null") + cmd("ip6tables -F PSW-SERVER 2>/dev/null") + cmd("ip6tables -X PSW-SERVER 2>/dev/null") cmd(string.format("rm -rf %s %s /var/etc/%s.include", CONFIG_PATH, LOG_APP_FILE, CONFIG)) end diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh b/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh index 24c73b2b7a..3f7cf9b262 100755 --- a/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh +++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh @@ -926,14 +926,21 @@ add_dnsmasq() { } #分流规则 - fwd_dns="${TUN_DNS}" - #如果使用chnlist直接使用默认DNS - [ "${USE_CHNLIST}" = "1" ] && unset fwd_dns - local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}') - for shunt_id in $shunt_ids; do - config_n_get $shunt_id domain_list | tr -s "\r\n" "\n" | gen_dnsmasq_items "shuntlist" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/shunt_host.conf" - echolog " - [$?]$shunt_id分流规则(shuntlist):${fwd_dns:-默认}" - done + [ "$(config_n_get $TCP_NODE protocol)" = "_shunt" ] && { + fwd_dns="${TUN_DNS}" + #如果使用chnlist直接使用默认DNS + [ "${USE_CHNLIST}" = "1" ] && unset fwd_dns + local default_node_id=$(config_n_get $TCP_NODE default_node nil) + local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}') + for shunt_id in $shunt_ids; do + local shunt_node_id=$(config_n_get $TCP_NODE ${shunt_id} nil) + [ "$shunt_node_id" = "nil" ] && continue + local shunt_node=$(config_n_get $shunt_node_id address nil) + [ "$shunt_node" = "nil" ] && continue + config_n_get $shunt_id domain_list | tr -s "\r\n" "\n" | gen_dnsmasq_items "shuntlist" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/shunt_host.conf" + echolog " - [$?]$shunt_id分流规则(shuntlist):${fwd_dns:-默认}" + done + } #始终使用远程DNS解析代理(黑名单)列表 fwd_dns="${TUN_DNS}"