luci-app-passwall: sync with upstream source
This commit is contained in:
CN_SZTL
parent
412660a746
commit
e7dff51c1c
@ -7,8 +7,8 @@ include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=luci-app-passwall
|
||||
PKG_VERSION:=3.6
|
||||
PKG_RELEASE:=20
|
||||
PKG_DATE:=20200308
|
||||
PKG_RELEASE:=21
|
||||
PKG_DATE:=20200311
|
||||
|
||||
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
|
||||
|
||||
|
||||
@ -88,6 +88,8 @@ function update_luci(url, save)
|
||||
}
|
||||
end
|
||||
|
||||
api.exec("/bin/opkg", {"remove", "luci-app-passwall"})
|
||||
|
||||
local opkg_args = {"--force-downgrade", "--force-reinstall"}
|
||||
|
||||
if save ~= "true" then opkg_args[#opkg_args + 1] = "--force-maintainer" end
|
||||
|
||||
@ -198,7 +198,7 @@ o:value("returnhome", translate("Return Home"))
|
||||
|
||||
---- Localhost Proxy Mode
|
||||
o = s:option(ListValue, "localhost_proxy_mode",
|
||||
translate("Localhost") .. translate("Proxy Mode"))
|
||||
translate("Router Localhost") .. translate("Proxy Mode"))
|
||||
-- o.description = translate("The server client can also use this rule to scientifically surf the Internet.")
|
||||
o:value("default", translate("Default"))
|
||||
o:value("gfwlist", translate("GFW List"))
|
||||
|
||||
@ -250,6 +250,9 @@ msgstr "回国模式"
|
||||
msgid "Localhost"
|
||||
msgstr "本机"
|
||||
|
||||
msgid "Router Localhost"
|
||||
msgstr "路由器自身"
|
||||
|
||||
msgid "Danger"
|
||||
msgstr "危险"
|
||||
|
||||
|
||||
@ -46,9 +46,9 @@ config global_rules
|
||||
option chnlist_update '1'
|
||||
option chnroute_update '1'
|
||||
option gfwlist_update '1'
|
||||
option gfwlist_version '2020-02-27'
|
||||
option chnroute_version '2020-02-27'
|
||||
option chnlist_version '2020-02-27'
|
||||
option gfwlist_version '2020-03-10'
|
||||
option chnroute_version '2020-03-10'
|
||||
option chnlist_version '2020-03-10'
|
||||
|
||||
config global_app
|
||||
option v2ray_file '/usr/bin/v2ray/'
|
||||
|
||||
@ -203,17 +203,17 @@ load_config() {
|
||||
if [ -n "$UP_CHINA_DNS1" ]; then
|
||||
UP_CHINA_DNS=$UP_CHINA_DNS1
|
||||
else
|
||||
UP_CHINA_DNS="223.5.5.5"
|
||||
UP_CHINA_DNS="119.29.29.29"
|
||||
fi
|
||||
local UP_CHINA_DNS2=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | grep -v 0.0.0.0 | grep -v 127.0.0.1 | sed -n '2P')
|
||||
[ -n "$UP_CHINA_DNS1" -a -n "$UP_CHINA_DNS2" ] && UP_CHINA_DNS="$UP_CHINA_DNS1,$UP_CHINA_DNS2"
|
||||
else
|
||||
UP_CHINA_DNS1=$(echo $UP_CHINA_DNS | awk -F ',' '{print $1}')
|
||||
UP_CHINA_DNS1=$(echo $UP_CHINA_DNS | sed "s/:/#/g" | awk -F ',' '{print $1}')
|
||||
if [ -n "$UP_CHINA_DNS1" ]; then
|
||||
UP_CHINA_DNS2=$(echo $UP_CHINA_DNS | awk -F ',' '{print $2}')
|
||||
UP_CHINA_DNS2=$(echo $UP_CHINA_DNS | sed "s/:/#/g" | awk -F ',' '{print $2}')
|
||||
[ -n "$UP_CHINA_DNS2" ] && UP_CHINA_DNS="${UP_CHINA_DNS1},${UP_CHINA_DNS2}"
|
||||
else
|
||||
UP_CHINA_DNS="223.5.5.5"
|
||||
UP_CHINA_DNS="114.114.114.114"
|
||||
fi
|
||||
fi
|
||||
PROXY_IPV6=$(config_t_get global_forwarding proxy_ipv6 0)
|
||||
@ -277,10 +277,10 @@ gen_start_config() {
|
||||
# 判断节点服务器地址是否包含汉字~
|
||||
local tmp=$(echo -n $server_host | awk '{print gensub(/[!-~]/,"","g",$0)}')
|
||||
[ -n "$tmp" ] && {
|
||||
echolog "$redir_type节点,非法的服务器地址,无法启动!"
|
||||
echolog "${redir_type}_${5}节点,非法的服务器地址,无法启动!"
|
||||
return 1
|
||||
}
|
||||
[ "$bind" == "0.0.0.0" ] && echolog "$redir_type节点:$remarks,节点:${server_host}:${port},监听端口:$local_port"
|
||||
[ "$bind" == "0.0.0.0" ] && echolog "${redir_type}_${5}节点:$remarks,节点:${server_host}:${port},监听端口:$local_port"
|
||||
}
|
||||
|
||||
if [ "$redir_type" == "SOCKS5" ]; then
|
||||
@ -550,7 +550,7 @@ stop_crontab() {
|
||||
sed -i "/$CONFIG/d" /etc/crontabs/root >/dev/null 2>&1 &
|
||||
ps | grep "$APP_PATH/test.sh" | grep -v "grep" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 &
|
||||
/etc/init.d/cron restart
|
||||
echolog "清除定时执行命令。"
|
||||
#echolog "清除定时执行命令。"
|
||||
}
|
||||
|
||||
start_dns() {
|
||||
@ -573,16 +573,23 @@ start_dns() {
|
||||
;;
|
||||
pdnsd)
|
||||
use_tcp_node_resolve_dns=1
|
||||
gen_pdnsd_config $DNS_PORT 10240
|
||||
gen_pdnsd_config $DNS_PORT 4096
|
||||
DNS_FORWARD=$(echo $DNS_FORWARD | sed 's/,/ /g')
|
||||
ln_start_bin $(find_bin pdnsd) pdnsd "--daemon -c $pdnsd_dir/pdnsd.conf -d"
|
||||
echolog "DNS:pdnsd..."
|
||||
;;
|
||||
chinadns-ng)
|
||||
other_port=$(expr $DNS_PORT + 1)
|
||||
cat $RULES_PATH/gfwlist.conf | sort | uniq | sed -e '/127.0.0.1/d' | sed 's/ipset=\/.//g' | sed 's/\/gfwlist//g' > $TMP_PATH/gfwlist.txt
|
||||
[ -f "$TMP_PATH/gfwlist.txt" ] && local gfwlist_param="-g $TMP_PATH/gfwlist.txt"
|
||||
[ -f "$APP_PATH/chnlist" ] && local chnlist_param="-m $APP_PATH/chnlist"
|
||||
[ -f "$RULES_PATH/gfwlist.conf" ] && cat $RULES_PATH/gfwlist.conf | sort | uniq | sed -e '/127.0.0.1/d' | sed 's/ipset=\/.//g' | sed 's/\/gfwlist//g' > $TMP_PATH/gfwlist.txt
|
||||
[ -f "$TMP_PATH/gfwlist.txt" ] && {
|
||||
[ -f "$RULES_PATH/blacklist_host" -a -s "$RULES_PATH/blacklist_host" ] && cat $RULES_PATH/blacklist_host >> $TMP_PATH/gfwlist.txt
|
||||
local gfwlist_param="-g $TMP_PATH/gfwlist.txt"
|
||||
}
|
||||
[ -f "$RULES_PATH/chnlist" ] && cp -a $RULES_PATH/chnlist $TMP_PATH/chnlist
|
||||
[ -f "$TMP_PATH/chnlist" ] && {
|
||||
[ -f "$RULES_PATH/whitelist_host" -a -s "$RULES_PATH/whitelist_host" ] && cat $RULES_PATH/whitelist_host >> $TMP_PATH/chnlist
|
||||
local chnlist_param="-m $TMP_PATH/chnlist -M"
|
||||
}
|
||||
|
||||
up_trust_chinadns_ng_dns=$(config_t_get global up_trust_chinadns_ng_dns "pdnsd")
|
||||
if [ "$up_trust_chinadns_ng_dns" == "pdnsd" ]; then
|
||||
@ -619,15 +626,16 @@ start_dns() {
|
||||
|
||||
add_dnsmasq() {
|
||||
mkdir -p $TMP_DNSMASQ_PATH $DNSMASQ_PATH /var/dnsmasq.d
|
||||
cat $RULES_PATH/whitelist_host | sed -e "/^$/d" | sed "s/^/ipset=&\/./g" | sed "s/$/\/&whitelist/g" | sort | awk '{if ($0!=line) print;line=$0}' > $TMP_DNSMASQ_PATH/whitelist_host.conf
|
||||
|
||||
local adblock=$(config_t_get global_rules adblock 0)
|
||||
[ "$adblock" == "1" ] && {
|
||||
[ -f "$RULES_PATH/adblock.conf" -a -s "$RULES_PATH/adblock.conf" ] && ln -s $RULES_PATH/adblock.conf $TMP_DNSMASQ_PATH/adblock.conf
|
||||
}
|
||||
|
||||
|
||||
[ "$DNS_MODE" != "nonuse" ] && {
|
||||
[ -f "$RULES_PATH/blacklist_host" -a -s "$RULES_PATH/blacklist_host" ] && cat $RULES_PATH/blacklist_host | sed -e "/^$/d" | awk '{print "server=/."$1"/127.0.0.1#'$DNS_PORT'\nipset=/."$1"/blacklist"}' > $TMP_DNSMASQ_PATH/blacklist_host.conf
|
||||
local dns2="$UP_CHINA_DNS2"
|
||||
[ -z "$dns2" ] && dns2="114.114.114.114"
|
||||
[ -f "$RULES_PATH/whitelist_host" -a -s "$RULES_PATH/whitelist_host" ] && cat $RULES_PATH/whitelist_host | sed -e "/^$/d" | sort | awk '{print "server=/."$1"/'$UP_CHINA_DNS1'\nserver=/."$1"/'$dns2'\nipset=/."$1"/whitelist"}' > $TMP_DNSMASQ_PATH/whitelist_host.conf
|
||||
[ -f "$RULES_PATH/blacklist_host" -a -s "$RULES_PATH/blacklist_host" ] && cat $RULES_PATH/blacklist_host | sed -e "/^$/d" | sort | awk '{print "server=/."$1"/127.0.0.1#'$DNS_PORT'\nipset=/."$1"/blacklist"}' > $TMP_DNSMASQ_PATH/blacklist_host.conf
|
||||
[ -f "$RULES_PATH/gfwlist.conf" -a -s "$RULES_PATH/gfwlist.conf" ] && ln -s $RULES_PATH/gfwlist.conf $TMP_DNSMASQ_PATH/gfwlist.conf
|
||||
|
||||
subscribe_proxy=$(config_t_get global_subscribe subscribe_proxy 0)
|
||||
@ -644,11 +652,11 @@ add_dnsmasq() {
|
||||
local url=$(u_get $i url)
|
||||
[ -n "$url" -a "$url" != "" ] && {
|
||||
if [ -n "$(echo -n "$url" | grep "//")" ]; then
|
||||
echo -n "$url" | awk -F'/' '{print $3}' | sed "s/^/server=&\/./g" | sed "s/$/\/127.0.0.1#$DNS_PORT/g" >>$TMP_DNSMASQ_PATH/subscribe.conf
|
||||
echo -n "$url" | awk -F'/' '{print $3}' | sed "s/^/ipset=&\/./g" | sed "s/$/\/blacklist/g" >>$TMP_DNSMASQ_PATH/subscribe.conf
|
||||
echo -n "$url" | awk -F '/' '{print $3}' | sed "s/^/server=&\/./g" | sed "s/$/\/127.0.0.1#$DNS_PORT/g" >>$TMP_DNSMASQ_PATH/subscribe.conf
|
||||
echo -n "$url" | awk -F '/' '{print $3}' | sed "s/^/ipset=&\/./g" | sed "s/$/\/blacklist/g" >>$TMP_DNSMASQ_PATH/subscribe.conf
|
||||
else
|
||||
echo -n "$url" | awk -F'/' '{print $1}' | sed "s/^/server=&\/./g" | sed "s/$/\/127.0.0.1#$DNS_PORT/g" >>$TMP_DNSMASQ_PATH/subscribe.conf
|
||||
echo -n "$url" | awk -F'/' '{print $1}' | sed "s/^/ipset=&\/./g" | sed "s/$/\/blacklist/g" >>$TMP_DNSMASQ_PATH/subscribe.conf
|
||||
echo -n "$url" | awk -F '/' '{print $1}' | sed "s/^/server=&\/./g" | sed "s/$/\/127.0.0.1#$DNS_PORT/g" >>$TMP_DNSMASQ_PATH/subscribe.conf
|
||||
echo -n "$url" | awk -F '/' '{print $1}' | sed "s/^/ipset=&\/./g" | sed "s/$/\/blacklist/g" >>$TMP_DNSMASQ_PATH/subscribe.conf
|
||||
fi
|
||||
}
|
||||
done
|
||||
@ -660,13 +668,13 @@ add_dnsmasq() {
|
||||
server="server=127.0.0.1#$DNS_PORT"
|
||||
[ "$DNS_MODE" != "chinadns-ng" ] && {
|
||||
[ -n "$UP_CHINA_DNS1" ] && server="server=$UP_CHINA_DNS1"
|
||||
[ -n "$UP_CHINA_DNS2" ] && server="${server}\n${UP_CHINA_DNS2}"
|
||||
server="${server}\nno-resolv"
|
||||
[ -n "$UP_CHINA_DNS2" ] && server="${server}\nserver=${UP_CHINA_DNS2}"
|
||||
}
|
||||
cat <<-EOF > /var/dnsmasq.d/dnsmasq-$CONFIG.conf
|
||||
$(echo -e $server)
|
||||
all-servers
|
||||
no-poll
|
||||
no-resolv
|
||||
EOF
|
||||
}
|
||||
|
||||
@ -922,10 +930,11 @@ stop() {
|
||||
ps -w | grep -v "grep" | grep $CONFIG/test.sh | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 &
|
||||
ps -w | grep -v "grep" | grep $CONFIG/monitor.sh | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 &
|
||||
ps -w | grep -v "grep" | grep -E "$TMP_PATH" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 &
|
||||
ps -w | grep -v "grep" | grep "sleep 1m" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 &
|
||||
rm -rf $TMP_DNSMASQ_PATH $TMP_PATH
|
||||
stop_dnsmasq
|
||||
stop_crontab
|
||||
echolog "关闭相关程序,清理相关文件和缓存完成。"
|
||||
echolog "清空并关闭相关程序和缓存完成。"
|
||||
}
|
||||
|
||||
case $1 in
|
||||
|
||||
@ -46,9 +46,9 @@ config global_rules
|
||||
option chnlist_update '1'
|
||||
option chnroute_update '1'
|
||||
option gfwlist_update '1'
|
||||
option gfwlist_version '2020-02-27'
|
||||
option chnroute_version '2020-02-27'
|
||||
option chnlist_version '2020-02-27'
|
||||
option gfwlist_version '2020-03-10'
|
||||
option chnroute_version '2020-03-10'
|
||||
option chnlist_version '2020-03-10'
|
||||
|
||||
config global_app
|
||||
option v2ray_file '/usr/bin/v2ray/'
|
||||
|
||||
@ -131,10 +131,10 @@ load_acl() {
|
||||
[ -n "$proxy_mode" ] && {
|
||||
if [ -n "$ip" ] || [ -n "$mac" ]; then
|
||||
if [ -n "$ip" -a -n "$mac" ]; then
|
||||
echolog "访问控制:IP:$ip,MAC:$mac,代理模式:$(get_action_chain_name $proxy_mode)"
|
||||
echolog "访问控制:IP:$ip,MAC:$mac,使用TCP_${tcp_node}节点,UDP_${udp_node}节点,$(get_action_chain_name $proxy_mode)"
|
||||
else
|
||||
[ -n "$ip" ] && echolog "访问控制:IP:$ip,代理模式:$(get_action_chain_name $proxy_mode)"
|
||||
[ -n "$mac" ] && echolog "访问控制:MAC:$mac,代理模式:$(get_action_chain_name $proxy_mode)"
|
||||
[ -n "$ip" ] && echolog "访问控制:IP:$ip,使用TCP_${tcp_node}节点,UDP_${udp_node}节点,$(get_action_chain_name $proxy_mode)"
|
||||
[ -n "$mac" ] && echolog "访问控制:MAC:$mac,使用TCP_${tcp_node}节点,UDP_${udp_node}节点,$(get_action_chain_name $proxy_mode)"
|
||||
fi
|
||||
|
||||
if [ "$proxy_mode" == "disable" ]; then
|
||||
@ -169,53 +169,12 @@ load_acl() {
|
||||
}
|
||||
|
||||
filter_vpsip() {
|
||||
local count=$(uci show $CONFIG | grep "@nodes" | sed -n '$p' | cut -d '[' -f 2 | cut -d ']' -f 1)
|
||||
[ -n "$count" -a "$count" -ge 0 ] && {
|
||||
u_get() {
|
||||
local ret=$(uci -q get $CONFIG.@nodes[$1].$2)
|
||||
echo ${ret:=$3}
|
||||
}
|
||||
echolog "开始过滤所有节点到白名单"
|
||||
for i in $(seq 0 $count); do
|
||||
local use_ipv6=$(u_get $i use_ipv6 0)
|
||||
local network_type="ipv4"
|
||||
[ "$use_ipv6" == "1" ] && network_type="ipv6"
|
||||
local server=$(u_get $i address)
|
||||
[ -n "$server" ] && {
|
||||
# 判断节点服务器地址是否URL并去掉~
|
||||
server=$(echo $server | sed 's/^\(http:\/\/\|https:\/\/\)//g' | awk -F '/' '{print $1}')
|
||||
# 判断节点服务器地址是否包含汉字,跳过~
|
||||
local tmp=$(echo -n $server | awk '{print gensub(/[!-~]/,"","g",$0)}')
|
||||
[ -z "$tmp" ] && {
|
||||
[ "$network_type" == "ipv4" ] && {
|
||||
isip=$(echo $server | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}")
|
||||
if [ -n "$isip" ]; then
|
||||
# 判断节点的服务器地址是否是DNS
|
||||
[ -n "$(echo $DNS_FORWARD | grep -w $isip)" ] && continue
|
||||
ipset -! add $IPSET_VPSIPLIST $isip >/dev/null 2>&1 &
|
||||
else
|
||||
# 跳过不合法的域名
|
||||
server=$(echo $server | grep -E '.*\..*$' | grep '[a-zA-Z]$')
|
||||
[ -z "$server" ] && continue
|
||||
# 判断节点的服务器地址是否包含在GFWLIST,比如(某机场)的 www.google.com 导致不走google代理.....
|
||||
local tmp=$server
|
||||
local suffix=$(echo ${server##*.})
|
||||
local top_host=$(echo ${server%.*} | awk -F '.' '{print $NF}')
|
||||
[ "$suffix" == "$top_host" ] && continue
|
||||
[ -n "$suffix" -a -n "$top_host" ] && tmp="$top_host.$suffix"
|
||||
[ "tmp" == "google.com" ] && continue
|
||||
#is_gfwlist=$(cat $TMP_DNSMASQ_PATH/gfwlist.conf | grep -c "$tmp")
|
||||
#[ "$is_gfwlist" == 0 ] && {
|
||||
has=$([ -f "$TMP_DNSMASQ_PATH/vpsiplist_host.conf" ] && cat $TMP_DNSMASQ_PATH/vpsiplist_host.conf | grep "$server")
|
||||
[ -z "$has" ] && echo "$server" | sed -e "/^$/d" | sed "s/^/ipset=&\//g" | sed "s/$/\/&vpsiplist/g" | sort | awk '{if ($0!=line) print;line=$0}' >> $TMP_DNSMASQ_PATH/vpsiplist_host.conf
|
||||
#}
|
||||
fi
|
||||
}
|
||||
}
|
||||
}
|
||||
done
|
||||
echolog "过滤所有节点完成"
|
||||
}
|
||||
echolog "开始过滤所有IPV4节点到白名单"
|
||||
uci show $CONFIG | grep "@nodes" | grep "address" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSIPLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
|
||||
local dns2="$UP_CHINA_DNS2"
|
||||
[ -z "$dns2" ] && dns2="114.114.114.114"
|
||||
uci show $CONFIG | grep "@nodes" | grep "address" | cut -d "'" -f 2 | sed 's/^\(https:\/\/\|http:\/\/\)//g' | awk -F '/' '{print $1}' | grep -E '.*\..*$' | grep '[a-zA-Z]$' | sort | uniq | awk '{print "server=/."$1"/'$UP_CHINA_DNS1'\nserver=/."$1"/'$dns2'\nipset=/."$1"/'$IPSET_VPSIPLIST'"}' > $TMP_DNSMASQ_PATH/vpsiplist_host.conf
|
||||
echolog "过滤所有IPV4节点完成"
|
||||
}
|
||||
|
||||
filter_node() {
|
||||
@ -269,7 +228,6 @@ dns_hijack() {
|
||||
|
||||
add_firewall_rule() {
|
||||
echolog "开始加载防火墙规则..."
|
||||
echolog "默认代理模式:$(get_action_chain_name $PROXY_MODE)"
|
||||
ipset -! create $IPSET_LANIPLIST nethash
|
||||
ipset -! create $IPSET_VPSIPLIST nethash
|
||||
ipset -! create $IPSET_GFW nethash
|
||||
@ -431,24 +389,20 @@ add_firewall_rule() {
|
||||
[ "$use_tcp_node_resolve_dns" == 1 -a -n "$DNS_FORWARD" ] && {
|
||||
for dns in $DNS_FORWARD
|
||||
do
|
||||
local dns_ip=$(echo $dns | awk -F "#" '{print $1}')
|
||||
local dns_port=$(echo $dns | awk -F "#" '{print $2}')
|
||||
local dns_ip=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $1}')
|
||||
local dns_port=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $2}')
|
||||
[ -z "$dns_port" ] && dns_port=53
|
||||
local ADD_INDEX=4
|
||||
local INDEX=$($ipt_n -L PSW --line-numbers | grep "$IPSET_WHITELIST" | sed -n '$p' | awk '{print $1}')
|
||||
[ -n "$INDEX" ] && ADD_INDEX=$(expr $INDEX + 1)
|
||||
local ADD_INDEX=2
|
||||
$ipt_n -I PSW_OUTPUT $ADD_INDEX -p tcp -d $dns_ip --dport $dns_port -j REDIRECT --to-ports $TCP_REDIR_PORT1
|
||||
done
|
||||
}
|
||||
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_n -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
|
||||
$ipt_n -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j $(get_action_chain $LOCALHOST_PROXY_MODE)1
|
||||
fi
|
||||
# 重定所有流量到透明代理端口
|
||||
# $ipt_n -A PSW -p tcp -m ttl --ttl-eq $ttl -j REDIRECT --to $local_port
|
||||
}
|
||||
|
||||
# 重定所有流量到透明代理端口
|
||||
# $ipt_n -A PSW -p tcp -m ttl --ttl-eq $ttl -j REDIRECT --to $local_port
|
||||
echolog "IPv4 防火墙TCP转发规则加载完成!"
|
||||
|
||||
if [ "$PROXY_IPV6" == "1" ]; then
|
||||
[ -n "$lan_ifname" ] && {
|
||||
lan_ipv6=$(ip address show $lan_ifname | grep -w "inet6" | awk '{print $2}') #当前LAN IPv6段
|
||||
@ -469,7 +423,6 @@ add_firewall_rule() {
|
||||
$ip6t_n -A PSW_GLO$k -p tcp -j REDIRECT --to $TCP_REDIR_PORT
|
||||
$ip6t_n -A PSW -j PSW_GLO$k
|
||||
#$ip6t_n -I OUTPUT -p tcp -j PSW
|
||||
echolog "IPv6防火墙规则加载完成!"
|
||||
}
|
||||
}
|
||||
fi
|
||||
@ -478,19 +431,14 @@ add_firewall_rule() {
|
||||
$ipt_n -A PSW -j PSW_ACL
|
||||
|
||||
PRE_INDEX=1
|
||||
KP_INDEX=$($ipt_n -L PREROUTING --line-numbers | grep "KOOLPROXY" | sed -n '$p' | awk '{print $1}')
|
||||
ADBYBY_INDEX=$($ipt_n -L PREROUTING --line-numbers | grep "ADBYBY" | sed -n '$p' | awk '{print $1}')
|
||||
if [ -n "$KP_INDEX" -a -z "$ADBYBY_INDEX" ]; then
|
||||
PRE_INDEX=$(expr $KP_INDEX + 1)
|
||||
elif [ -z "$KP_INDEX" -a -n "$ADBYBY_INDEX" ]; then
|
||||
if [ -n "$ADBYBY_INDEX" ]; then
|
||||
PRE_INDEX=$(expr $ADBYBY_INDEX + 1)
|
||||
elif [ -z "$KP_INDEX" -a -z "$ADBYBY_INDEX" ]; then
|
||||
else
|
||||
PR_INDEX=$($ipt_n -L PREROUTING --line-numbers | grep "prerouting_rule" | sed -n '$p' | awk '{print $1}')
|
||||
[ -n "$PR_INDEX" ] && PRE_INDEX=$(expr $PR_INDEX + 1)
|
||||
fi
|
||||
$ipt_n -I PREROUTING $PRE_INDEX -j PSW
|
||||
else
|
||||
echolog "主节点未选择,无法转发TCP!"
|
||||
fi
|
||||
|
||||
if [ "$UDP_NODE_NUM" -ge 1 ]; then
|
||||
@ -510,7 +458,7 @@ add_firewall_rule() {
|
||||
$ipt_m -A PSW_GFW$k -p udp $(dst $IPSET_BLACKLIST) -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port
|
||||
$ipt_m -A PSW_GFW$k -p udp $(dst $IPSET_GFW) -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port
|
||||
|
||||
# 大陆白名单模式
|
||||
# 大陆白名单模式(游戏模式)
|
||||
$ipt_m -A PSW_CHN$k -p udp $(dst $IPSET_BLACKLIST) -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port
|
||||
$ipt_m -A PSW_CHN$k -p udp $(dst $IPSET_CHN !) -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port
|
||||
|
||||
@ -528,12 +476,10 @@ add_firewall_rule() {
|
||||
[ "$use_udp_node_resolve_dns" == 1 -a -n "$DNS_FORWARD" ] && {
|
||||
for dns in $DNS_FORWARD
|
||||
do
|
||||
local dns_ip=$(echo $dns | awk -F "#" '{print $1}')
|
||||
local dns_port=$(echo $dns | awk -F "#" '{print $2}')
|
||||
local dns_ip=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $1}')
|
||||
local dns_port=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $2}')
|
||||
[ -z "$dns_port" ] && dns_port=53
|
||||
local ADD_INDEX=4
|
||||
local INDEX=$($ipt_m -L PSW --line-numbers | grep "$IPSET_WHITELIST" | sed -n '$p' | awk '{print $1}')
|
||||
[ -n "$INDEX" ] && ADD_INDEX=$(expr $INDEX + 1)
|
||||
local ADD_INDEX=2
|
||||
$ipt_m -I PSW $ADD_INDEX -p udp -d $dns_ip --dport $dns_port -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port
|
||||
$ipt_m -I PSW_OUTPUT $ADD_INDEX -p udp -d $dns_ip --dport $dns_port -j MARK --set-mark 1
|
||||
done
|
||||
@ -545,14 +491,10 @@ add_firewall_rule() {
|
||||
[ "$LOCALHOST_PROXY_MODE" == "gfwlist" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS $(dst $IPSET_GFW) -j MARK --set-mark 1
|
||||
[ "$LOCALHOST_PROXY_MODE" == "chnroute" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS -m set ! --match-set $IPSET_CHN dst -j MARK --set-mark 1
|
||||
}
|
||||
|
||||
echolog "IPv4 防火墙UDP转发规则加载完成!"
|
||||
fi
|
||||
done
|
||||
$ipt_m -A PSW -j PSW_ACL
|
||||
$ipt_m -A PREROUTING -j PSW
|
||||
else
|
||||
echolog "UDP节点未选择,无法转发UDP!"
|
||||
fi
|
||||
|
||||
# 加载ACLS
|
||||
@ -583,10 +525,12 @@ add_firewall_rule() {
|
||||
filter_vpsip
|
||||
|
||||
dns_hijack "force"
|
||||
|
||||
echolog "默认代理模式:$(get_action_chain_name $PROXY_MODE)"
|
||||
echolog "防火墙规则加载完成!"
|
||||
}
|
||||
|
||||
del_firewall_rule() {
|
||||
echolog "删除所有防火墙规则..."
|
||||
ipv6_output_ss_exist=$($ip6t_n -L OUTPUT 2>/dev/null | grep -c "PSW")
|
||||
[ -n "$ipv6_output_ss_exist" ] && {
|
||||
until [ "$ipv6_output_ss_exist" = 0 ]; do
|
||||
@ -618,7 +562,7 @@ del_firewall_rule() {
|
||||
$ip6t_n -F PSW_ACL 2>/dev/null && $ip6t_n -X PSW_ACL 2>/dev/null
|
||||
$ip6t_n -F PSW_OUTPUT 2>/dev/null && $ip6t_n -X PSW_OUTPUT 2>/dev/null
|
||||
|
||||
local max_num=5
|
||||
local max_num=3
|
||||
for i in $(seq 1 $max_num); do
|
||||
local k=$i
|
||||
$ipt_n -F PSW_GLO$k 2>/dev/null && $ipt_n -X PSW_GLO$k 2>/dev/null
|
||||
@ -646,8 +590,9 @@ del_firewall_rule() {
|
||||
ipset -F $IPSET_VPSIPLIST >/dev/null 2>&1 && ipset -X $IPSET_VPSIPLIST >/dev/null 2>&1 &
|
||||
#ipset -F $IPSET_GFW >/dev/null 2>&1 && ipset -X $IPSET_GFW >/dev/null 2>&1 &
|
||||
#ipset -F $IPSET_CHN >/dev/null 2>&1 && ipset -X $IPSET_CHN >/dev/null 2>&1 &
|
||||
#ipset -F $IPSET_BLACKLIST >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST >/dev/null 2>&1 &
|
||||
#ipset -F $IPSET_WHITELIST >/dev/null 2>&1 && ipset -X $IPSET_WHITELIST >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_BLACKLIST >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_WHITELIST >/dev/null 2>&1 && ipset -X $IPSET_WHITELIST >/dev/null 2>&1 &
|
||||
#echolog "删除相关防火墙规则完成。"
|
||||
}
|
||||
|
||||
flush_ipset() {
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -70,11 +70,12 @@
|
||||
1.192.0.0/13
|
||||
1.202.0.0/15
|
||||
1.204.0.0/14
|
||||
2.20.54.23
|
||||
8.128.0.0/10
|
||||
8.209.36.0/22
|
||||
8.209.40.0/21
|
||||
8.209.48.0/20
|
||||
8.209.128.0/17
|
||||
8.209.192.0/18
|
||||
8.210.0.0/15
|
||||
8.212.0.0/14
|
||||
8.216.0.0/13
|
||||
@ -97,6 +98,7 @@
|
||||
14.196.0.0/15
|
||||
14.204.0.0/15
|
||||
14.208.0.0/12
|
||||
20.81.0.0/24
|
||||
20.134.160.0/20
|
||||
20.139.160.0/20
|
||||
20.249.255.0/24
|
||||
@ -938,7 +940,6 @@
|
||||
61.236.0.0/15
|
||||
61.240.0.0/14
|
||||
62.234.0.0/16
|
||||
64.85.27.0/24
|
||||
68.79.0.0/18
|
||||
69.230.192.0/18
|
||||
69.231.128.0/18
|
||||
@ -951,8 +952,11 @@
|
||||
72.163.240.0/23
|
||||
72.163.248.0/22
|
||||
81.68.0.0/14
|
||||
81.161.63.0/24
|
||||
82.156.0.0/15
|
||||
87.254.207.0/24
|
||||
91.223.53.0/24
|
||||
91.239.190.0/24
|
||||
93.183.14.0/24
|
||||
93.183.18.0/24
|
||||
94.191.0.0/17
|
||||
@ -1922,7 +1926,8 @@
|
||||
103.114.68.0/22
|
||||
103.114.100.0/22
|
||||
103.114.148.0/22
|
||||
103.114.156.0/22
|
||||
103.114.156.0/23
|
||||
103.114.159.0/24
|
||||
103.114.212.0/22
|
||||
103.114.236.0/22
|
||||
103.114.240.0/22
|
||||
@ -1955,7 +1960,7 @@
|
||||
103.119.156.0/22
|
||||
103.119.180.0/22
|
||||
103.119.200.0/22
|
||||
103.119.226.0/23
|
||||
103.119.224.0/22
|
||||
103.120.52.0/22
|
||||
103.120.72.0/22
|
||||
103.120.76.0/24
|
||||
@ -2051,7 +2056,6 @@
|
||||
103.139.212.0/23
|
||||
103.140.14.0/23
|
||||
103.140.46.0/23
|
||||
103.140.70.0/23
|
||||
103.140.140.0/23
|
||||
103.140.144.0/23
|
||||
103.140.192.0/23
|
||||
@ -2082,7 +2086,6 @@
|
||||
103.143.132.0/22
|
||||
103.143.174.0/23
|
||||
103.143.228.0/23
|
||||
103.144.40.0/23
|
||||
103.144.66.0/23
|
||||
103.144.70.0/23
|
||||
103.144.72.0/23
|
||||
@ -2091,7 +2094,6 @@
|
||||
103.145.40.0/22
|
||||
103.145.73.0/24
|
||||
103.145.80.0/23
|
||||
103.145.86.0/23
|
||||
103.145.90.0/23
|
||||
103.145.92.0/22
|
||||
103.145.98.0/23
|
||||
@ -2099,14 +2101,15 @@
|
||||
103.145.188.0/23
|
||||
103.146.6.0/23
|
||||
103.146.72.0/23
|
||||
103.146.88.0/22
|
||||
103.146.90.0/23
|
||||
103.146.126.0/23
|
||||
103.146.138.0/23
|
||||
103.146.230.0/23
|
||||
103.146.236.0/23
|
||||
103.146.252.0/23
|
||||
103.147.12.0/23
|
||||
103.147.124.0/23
|
||||
103.147.198.0/23
|
||||
103.147.206.0/23
|
||||
103.148.174.0/23
|
||||
103.192.0.0/19
|
||||
103.192.48.0/21
|
||||
103.192.56.0/22
|
||||
@ -2916,7 +2919,21 @@
|
||||
115.148.0.0/14
|
||||
115.152.0.0/13
|
||||
115.166.64.0/19
|
||||
115.168.0.0/13
|
||||
115.168.0.0/16
|
||||
115.169.0.0/23
|
||||
115.169.3.0/24
|
||||
115.169.6.0/24
|
||||
115.169.9.0/24
|
||||
115.169.14.0/23
|
||||
115.169.16.0/20
|
||||
115.169.39.0/24
|
||||
115.169.42.0/23
|
||||
115.169.44.0/22
|
||||
115.169.48.0/20
|
||||
115.169.64.0/18
|
||||
115.169.128.0/17
|
||||
115.170.0.0/15
|
||||
115.172.0.0/14
|
||||
115.180.0.0/14
|
||||
115.187.0.0/20
|
||||
115.190.0.0/15
|
||||
@ -3498,7 +3515,7 @@
|
||||
124.68.244.0/23
|
||||
124.68.254.0/23
|
||||
124.69.0.0/16
|
||||
124.70.0.0/22
|
||||
124.70.0.0/15
|
||||
124.72.0.0/13
|
||||
124.88.0.0/13
|
||||
124.108.8.0/21
|
||||
@ -3573,6 +3590,7 @@
|
||||
129.211.0.0/16
|
||||
129.223.254.0/24
|
||||
129.227.99.0/24
|
||||
130.36.146.0/23
|
||||
130.214.218.0/23
|
||||
131.228.96.0/24
|
||||
131.253.12.0/29
|
||||
@ -3597,6 +3615,7 @@
|
||||
139.5.244.0/22
|
||||
139.9.0.0/16
|
||||
139.129.0.0/16
|
||||
139.138.238.0/28
|
||||
139.148.0.0/16
|
||||
139.155.0.0/16
|
||||
139.159.0.0/19
|
||||
@ -3739,8 +3758,6 @@
|
||||
150.242.248.0/22
|
||||
150.255.0.0/16
|
||||
152.32.178.0/23
|
||||
152.32.249.0/24
|
||||
152.32.255.0/24
|
||||
152.104.128.0/17
|
||||
152.136.0.0/16
|
||||
153.0.0.0/16
|
||||
@ -3852,6 +3869,7 @@
|
||||
171.104.0.0/13
|
||||
171.112.0.0/12
|
||||
171.208.0.0/12
|
||||
172.60.2.0/24
|
||||
172.81.192.0/18
|
||||
173.39.200.0/23
|
||||
175.0.0.0/12
|
||||
@ -4000,7 +4018,6 @@
|
||||
183.192.0.0/10
|
||||
185.109.236.0/24
|
||||
185.216.118.0/24
|
||||
185.224.116.0/22
|
||||
188.131.128.0/17
|
||||
192.11.23.0/24
|
||||
192.11.26.0/24
|
||||
@ -4024,6 +4041,7 @@
|
||||
192.144.128.0/17
|
||||
192.163.11.0/24
|
||||
192.232.97.0/24
|
||||
193.9.22.0/24
|
||||
193.17.120.0/22
|
||||
193.20.64.0/22
|
||||
193.112.0.0/16
|
||||
@ -4155,7 +4173,6 @@
|
||||
202.27.12.0/24
|
||||
202.27.14.0/24
|
||||
202.27.136.0/23
|
||||
202.30.124.0/24
|
||||
202.36.226.0/24
|
||||
202.38.0.0/22
|
||||
202.38.8.0/21
|
||||
@ -4699,7 +4716,8 @@
|
||||
203.15.156.0/22
|
||||
203.15.174.0/24
|
||||
203.15.227.0/24
|
||||
203.15.232.0/21
|
||||
203.15.232.0/22
|
||||
203.15.238.0/23
|
||||
203.15.240.0/23
|
||||
203.15.246.0/24
|
||||
203.16.10.0/24
|
||||
@ -4800,7 +4818,6 @@
|
||||
203.20.122.0/24
|
||||
203.20.126.0/23
|
||||
203.20.135.0/24
|
||||
203.20.138.0/23
|
||||
203.20.140.0/22
|
||||
203.20.150.0/24
|
||||
203.20.230.0/24
|
||||
@ -5674,8 +5691,8 @@
|
||||
220.242.173.0/24
|
||||
220.242.197.0/24
|
||||
220.242.205.0/24
|
||||
220.242.206.0/23
|
||||
220.242.214.0/23
|
||||
220.242.207.0/24
|
||||
220.242.215.0/24
|
||||
220.242.216.0/21
|
||||
220.242.224.0/19
|
||||
220.243.0.0/17
|
||||
|
||||
@ -1,2 +1,3 @@
|
||||
apple.com
|
||||
microsoft.com
|
||||
microsoft.com
|
||||
dyndns.com
|
||||
Loading…
Reference in New Issue
Block a user