diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_xray.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_xray.lua
index 3af06fd3b2..e18006e11c 100644
--- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_xray.lua
+++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_xray.lua
@@ -260,77 +260,12 @@ if node_section then
if node.protocol == "_shunt" then
local rules = {}
- ucursor:foreach(appname, "shunt_rules", function(e)
- local name = e[".name"]
- local _node_id = node[name] or "nil"
- local is_proxy = node[name .. "_proxy"] or "0"
- local outboundTag
- if _node_id == "_direct" then
- outboundTag = "direct"
- elseif _node_id == "_blackhole" then
- outboundTag = "blackhole"
- else
- if _node_id ~= "nil" then
- local has_outbound
- for index, value in ipairs(outbounds) do
- if value["_flag_tag"] == _node_id and value["_flag_is_proxy"] == is_proxy then
- has_outbound = api.clone(value)
- break
- end
- end
- if has_outbound then
- has_outbound["tag"] = name
- table.insert(outbounds, has_outbound)
- outboundTag = name
- else
- local _node = ucursor:get_all(appname, _node_id)
- local _outbound = gen_outbound(_node, name, is_proxy)
- if _outbound then
- if is_proxy == "1" then
- table.insert(rules, 1, {
- type = "field",
- inboundTag = {"proxy_" .. name},
- outboundTag = "default"
- })
- end
- table.insert(outbounds, _outbound)
- outboundTag = name
- end
- end
- end
- end
- if outboundTag then
- if e.domain_list then
- local _domain = {}
- string.gsub(e.domain_list, '[^' .. "\r\n" .. ']+', function(w)
- table.insert(_domain, w)
- end)
- table.insert(rules, {
- type = "field",
- outboundTag = outboundTag,
- domain = _domain
- })
- end
- if e.ip_list then
- local _ip = {}
- string.gsub(e.ip_list, '[^' .. "\r\n" .. ']+', function(w)
- table.insert(_ip, w)
- end)
- table.insert(rules, {
- type = "field",
- outboundTag = outboundTag,
- ip = _ip
- })
- end
- end
- end)
-
local default_node_id = node.default_node or "_direct"
- local outboundTag
+ local default_outboundTag
if default_node_id == "_direct" then
- outboundTag = "direct"
+ default_outboundTag = "direct"
elseif default_node_id == "_blackhole" then
- outboundTag = "blackhole"
+ default_outboundTag = "blackhole"
else
local default_node = ucursor:get_all(appname, default_node_id)
local main_node_id = node.main_node or "nil"
@@ -365,13 +300,85 @@ if node_section then
local default_outbound = gen_outbound(default_node, "default")
if default_outbound then
table.insert(outbounds, default_outbound)
- outboundTag = "default"
+ default_outboundTag = "default"
end
end
- if outboundTag then
+
+ ucursor:foreach(appname, "shunt_rules", function(e)
+ local name = e[".name"]
+ local _node_id = node[name] or "nil"
+ local is_proxy = node[name .. "_proxy"] or "0"
+ local outboundTag
+ if _node_id == "_direct" then
+ outboundTag = "direct"
+ elseif _node_id == "_blackhole" then
+ outboundTag = "blackhole"
+ elseif _node_id == "_default" then
+ outboundTag = "default"
+ else
+ if _node_id ~= "nil" then
+ local has_outbound
+ for index, value in ipairs(outbounds) do
+ if value["_flag_tag"] == _node_id and value["_flag_is_proxy"] == is_proxy then
+ has_outbound = api.clone(value)
+ break
+ end
+ end
+ if has_outbound then
+ has_outbound["tag"] = name
+ table.insert(outbounds, has_outbound)
+ outboundTag = name
+ else
+ local _node = ucursor:get_all(appname, _node_id)
+ local _outbound = gen_outbound(_node, name, is_proxy)
+ if _outbound then
+ if is_proxy == "1" then
+ table.insert(rules, 1, {
+ type = "field",
+ inboundTag = {"proxy_" .. name},
+ outboundTag = "default"
+ })
+ end
+ table.insert(outbounds, _outbound)
+ outboundTag = name
+ end
+ end
+ end
+ end
+ if outboundTag then
+ if outboundTag == "default" then
+ outboundTag = default_outboundTag
+ end
+ if e.domain_list then
+ local _domain = {}
+ string.gsub(e.domain_list, '[^' .. "\r\n" .. ']+', function(w)
+ table.insert(_domain, w)
+ end)
+
+ table.insert(rules, {
+ type = "field",
+ outboundTag = outboundTag,
+ domain = _domain
+ })
+ end
+ if e.ip_list then
+ local _ip = {}
+ string.gsub(e.ip_list, '[^' .. "\r\n" .. ']+', function(w)
+ table.insert(_ip, w)
+ end)
+ table.insert(rules, {
+ type = "field",
+ outboundTag = outboundTag,
+ ip = _ip
+ })
+ end
+ end
+ end)
+
+ if default_outboundTag then
table.insert(rules, {
type = "field",
- outboundTag = outboundTag,
+ outboundTag = default_outboundTag,
network = network
})
end
diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
index 2cfab4bd10..23e3754980 100644
--- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
+++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
@@ -120,7 +120,8 @@ if has_xray and #nodes_table > 0 then
local id = e[".name"]
o = s:taboption("Main", ListValue, v.id .. "." .. id .. "_node", string.format('* %s', api.url("shunt_rules", id), translate(e.remarks)))
o:depends("tcp_node", v.id)
- o:value("nil", translate("Default"))
+ o:value("nil", translate("Close"))
+ o:value("_default", translate("Default"))
o:value("_direct", translate("Direct Connection"))
o:value("_blackhole", translate("Blackhole"))
for k1, v1 in pairs(normal_list) do
@@ -174,26 +175,6 @@ udp_node:value("tcp_", translate("Same as the tcp node"))
s:tab("DNS", translate("DNS"))
-o = s:taboption("DNS", Value, "up_china_dns", translate("Local DNS") .. "(UDP)")
-o.description = translate("IP:Port mode acceptable, multi value split with english comma.") .. "
" .. translate("When the selection is not the default, this DNS is forced to be set to dnsmasq upstream DNS.")
-o.default = "default"
-o:value("default", translate("Default"))
-if has_xray then
- o:value("xray_doh", "Xray DNS(DoH)")
-end
-o:value("223.5.5.5", "223.5.5.5 (" .. translate("Ali") .. "DNS)")
-o:value("114.114.114.114", "114.114.114.114 (114DNS)")
-o:value("119.29.29.29", "119.29.29.29 (DNSPOD DNS)")
-o:value("180.76.76.76", "180.76.76.76 (" .. translate("Baidu") .. "DNS)")
-
----- DoH
-o = s:taboption("DNS", Value, "up_china_dns_doh", translate("DoH request address"))
-o:value("https://dns.alidns.com/dns-query,223.5.5.5", "AliDNS")
-o:value("https://doh.pub/dns-query,119.29.29.29", "DNSPod")
-o.default = "https://dns.alidns.com/dns-query,223.5.5.5"
-o.validate = doh_validate
-o:depends("up_china_dns", "xray_doh")
-
---- DNS Forward Mode
o = s:taboption("DNS", ListValue, "dns_mode", translate("Filter Mode"))
o.rmempty = false
@@ -209,8 +190,8 @@ if has_xray then
o:value("xray_doh", "Xray DNS(DoH)")
end
o:value("udp", translatef("Requery DNS By %s", translate("UDP Node")))
+o:value("custom", translate("Custom DNS") .. "(UDP)")
o:value("nonuse", translate("No Filter"))
-o:value("custom", translate("Custom DNS"))
---- Custom DNS
o = s:taboption("DNS", Value, "custom_dns", translate("Custom DNS"))
diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua
index b8c933e995..783d9a6f33 100644
--- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua
+++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua
@@ -129,7 +129,8 @@ balancing_node:depends("protocol", "_balancing")
-- 分流
uci:foreach(appname, "shunt_rules", function(e)
o = s:option(ListValue, e[".name"], string.format('* %s', api.url("shunt_rules", e[".name"]), translate(e.remarks)))
- o:value("nil", translate("Default"))
+ o:value("nil", translate("Close"))
+ o:value("_default", translate("Default"))
o:value("_direct", translate("Direct Connection"))
o:value("_blackhole", translate("Blackhole"))
o:depends("protocol", "_shunt")
diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh b/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh
index 9cfca3ff48..79ea5f1d66 100755
--- a/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh
+++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh
@@ -324,7 +324,7 @@ load_config() {
DNS_MODE=$(config_t_get global dns_mode pdnsd)
DNS_FORWARD=$(config_t_get global dns_forward 8.8.4.4:53 | sed 's/:/#/g')
DNS_CACHE=$(config_t_get global dns_cache 0)
- LOCAL_DNS=$(config_t_get global up_china_dns default | sed 's/:/#/g')
+ LOCAL_DNS="default"
if [ "${LOCAL_DNS}" = "default" ]; then
DEFAULT_DNS=$(uci show dhcp | grep "@dnsmasq" | grep "\.server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' ',')
if [ -z "${DEFAULT_DNS}" ]; then
@@ -776,19 +776,6 @@ stop_crontab() {
}
start_dns() {
- if [ "${LOCAL_DNS}" = "xray_doh" ]; then
- _doh=$(config_t_get global up_china_dns_doh "https://dns.alidns.com/dns-query,223.5.5.5")
- _doh_url=$(echo $_doh | awk -F ',' '{print $1}')
- _doh_host_port=$(echo $_doh_url | sed "s/https:\/\///g" | awk -F '/' '{print $1}')
- _doh_host=$(echo $_doh_host_port | awk -F ':' '{print $1}')
- _doh_port=$(echo $_doh_host_port | awk -F ':' '{print $2}')
- _doh_bootstrap=$(echo $_doh | cut -d ',' -sf 2-)
- lua $API_GEN_XRAY -dns_listen_port "${LOCAL_DOH_PORT}" -dns_server "${_doh_bootstrap}" -doh_url "${_doh_url}" -doh_host "${_doh_host}" > $TMP_PATH/DNS1.json
- ln_start_bin "$(first_type $(config_t_get global_app xray_file) xray)" xray $TMP_PATH/DNS1.log -config="$TMP_PATH/DNS1.json"
- LOCAL_DNS="127.0.0.1#${LOCAL_DOH_PORT}"
- unset _doh _doh_url _doh_bootstrap
- fi
-
local pdnsd_forward other_port msg
dns_listen_port=${DNS_PORT}
pdnsd_forward=${DNS_FORWARD}
@@ -974,7 +961,7 @@ add_dnsmasq() {
local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
for shunt_id in $shunt_ids; do
local shunt_node_id=$(config_n_get $TCP_NODE ${shunt_id} nil)
- if [ "$shunt_node_id" = "nil" ] || [ "$shunt_node_id" = "_direct" ] || [ "$shunt_node_id" = "_blackhole" ]; then
+ if [ "$shunt_node_id" = "nil" ] || [ "$shunt_node_id" = "_default" ] || [ "$shunt_node_id" = "_direct" ] || [ "$shunt_node_id" = "_blackhole" ]; then
continue
fi
local shunt_node=$(config_n_get $shunt_node_id address nil)
diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh b/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh
index c14fd0826c..ea939ac8d5 100755
--- a/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh
+++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh
@@ -208,6 +208,7 @@ load_acl() {
msg2="${msg2}[$?]除${tcp_no_redir_ports}外的"
}
msg2="${msg2}所有端口"
+ $ipt_tmp -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -d 1.2.3.4 $(REDIRECT $tcp_port $is_tproxy)
$ipt_tmp -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $tcp_port $is_tproxy)
$ipt_tmp -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $tcp_port $is_tproxy)
$ipt_tmp -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $tcp_redir_ports "-m multiport --dport") $(get_redirect_ipt $tcp_proxy_mode $tcp_port $is_tproxy)
@@ -234,6 +235,7 @@ load_acl() {
msg2="${msg2}[$?]除${udp_no_redir_ports}外的"
}
msg2="${msg2}所有端口"
+ $ipt_m -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -d 1.2.3.4 $(REDIRECT $udp_port TPROXY)
$ipt_m -A PSW $(comment "$remarks") -p udp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $udp_redir_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $udp_port TPROXY)
$ipt_m -A PSW $(comment "$remarks") -p udp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $udp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $udp_port TPROXY)
$ipt_m -A PSW $(comment "$remarks") -p udp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $udp_redir_ports "-m multiport --dport") $(get_redirect_ipt $udp_proxy_mode $udp_port TPROXY)
@@ -275,6 +277,7 @@ load_acl() {
fi
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && msg="${msg}除${TCP_NO_REDIR_PORTS}外的"
msg="${msg}所有端口"
+ $ipt_tmp -A PSW $(comment "默认") -p tcp -d 1.2.3.4 $(REDIRECT $TCP_REDIR_PORT $is_tproxy)
$ipt_tmp -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $TCP_REDIR_PORT $is_tproxy)
$ipt_tmp -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $TCP_REDIR_PORT $is_tproxy)
$ipt_tmp -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $TCP_PROXY_MODE $TCP_REDIR_PORT $is_tproxy)
@@ -303,6 +306,7 @@ load_acl() {
msg="UDP默认代理:使用UDP节点 [$(get_action_chain_name $UDP_PROXY_MODE)](TPROXY:${UDP_REDIR_PORT})代理"
[ "$UDP_NO_REDIR_PORTS" != "disable" ] && msg="${msg}除${UDP_NO_REDIR_PORTS}外的"
msg="${msg}所有端口"
+ $ipt_m -A PSW $(comment "默认") -p udp -d 1.2.3.4 $(REDIRECT $UDP_REDIR_PORT TPROXY)
$ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $UDP_REDIR_PORT TPROXY)
$ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $UDP_REDIR_PORT TPROXY)
$ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $UDP_PROXY_MODE $UDP_REDIR_PORT TPROXY)
@@ -638,12 +642,12 @@ add_firewall_rule() {
}
[ "$use_tcp_node_resolve_dns" == 1 ] && hosts_foreach DNS_FORWARD _proxy_tcp_access 53
$ipt_tmp -A OUTPUT -p tcp -j PSW_OUTPUT
- $ipt_tmp -I PSW_OUTPUT -p tcp -d 1.2.3.4 $blist_r
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && {
$ipt_tmp -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
$ip6t_m -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
echolog " - [$?]不代理TCP 端口:$TCP_NO_REDIR_PORTS"
}
+ $ipt_tmp -A PSW_OUTPUT -p tcp -d 1.2.3.4 $blist_r
$ipt_tmp -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $blist_r
$ipt_tmp -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $blist_r
$ipt_tmp -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $p_r
@@ -731,12 +735,12 @@ add_firewall_rule() {
}
[ "$use_udp_node_resolve_dns" == 1 ] && hosts_foreach DNS_FORWARD _proxy_udp_access 53
$ipt_m -A OUTPUT -p udp -j PSW_OUTPUT
- $ipt_m -I PSW_OUTPUT -p udp -d 1.2.3.4 $(REDIRECT 1 MARK)
[ "$UDP_NO_REDIR_PORTS" != "disable" ] && {
$ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN
$ip6t_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN
echolog " - [$?]不代理 UDP 端口:$UDP_NO_REDIR_PORTS"
}
+ $ipt_m -A PSW_OUTPUT -p udp -d 1.2.3.4 $(REDIRECT 1 MARK)
$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT 1 MARK)
$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT 1 MARK)
$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $LOCALHOST_UDP_PROXY_MODE 1 MARK)