332 lines
13 KiB
Bash
Executable File
332 lines
13 KiB
Bash
Executable File
#!/bin/sh /etc/rc.common
|
|
|
|
START=99
|
|
STOP=15
|
|
|
|
CLASH="/etc/clash/clash"
|
|
CLASH_CONFIG="/etc/clash"
|
|
CRON_FILE="/etc/crontabs/root"
|
|
|
|
revert_dns() {
|
|
#===========================================================================================================================
|
|
dns_serve1=$(uci get dhcp.@dnsmasq[0].server 2>/dev/null)
|
|
if [ $dns_serve1 ]; then
|
|
uci del dhcp.@dnsmasq[-1].server
|
|
fi
|
|
uci set dhcp.@dnsmasq[0].resolvfile=/tmp/resolv.conf.auto
|
|
uci set dhcp.@dnsmasq[0].noresolv=0
|
|
uci commit dhcp
|
|
#===========================================================================================================================
|
|
}
|
|
|
|
add_cron(){
|
|
#===========================================================================================================================
|
|
sed -i '/clash.log/d' $CRON_FILE
|
|
echo '0 0 * * 0 echo "" > /tmp/clash.log' >> $CRON_FILE
|
|
[ -n "$(grep -w "/usr/share/clash/clash.sh" $CRON_FILE)" ] && sed -i '/\/usr\/share\/clash\/clash.sh/d' $CRON_FILE
|
|
auto=$(uci get clash.config.auto_update 2>/dev/null)
|
|
if [ $auto -eq 1 ]; then
|
|
[ -z "$(grep -w "/usr/share/clash/clash.sh" $CRON_FILE)" ] && echo "0 $(uci get clash.config.auto_update_time 2>/dev/null) * * * /usr/share/clash/clash.sh" >> $CRON_FILE
|
|
[ -z "$(grep -w "/etc/init.d/clash" $CRON_FILE)" ] && echo "05 0 * * * /etc/init.d/clash restart" >> $CRON_FILE
|
|
fi
|
|
crontab $CRON_FILE
|
|
#===========================================================================================================================
|
|
}
|
|
|
|
del_cron(){
|
|
#===========================================================================================================================
|
|
sed -i '/clash/d' $CRON_FILE
|
|
sed -i '/clash.log/d' $CRON_FILE
|
|
/etc/init.d/cron restart
|
|
#===========================================================================================================================
|
|
}
|
|
|
|
|
|
yml_change(){
|
|
#===========================================================================================================================
|
|
mode=$(uci get clash.config.mode 2>/dev/null)
|
|
da_password=$(uci get clash.config.dash_pass 2>/dev/null)
|
|
redir_port=$(uci get clash.config.redir_port 2>/dev/null)
|
|
http_port=$(uci get clash.config.http_port 2>/dev/null)
|
|
socks_port=$(uci get clash.config.socks_port 2>/dev/null)
|
|
dash_port=$(uci get clash.config.dash_port 2>/dev/null)
|
|
log_level=$(uci get clash.config.level 2>/dev/null)
|
|
subtype=$(uci get clash.config.subcri 2>/dev/null)
|
|
if [ $mode -eq 1 ]; then
|
|
|
|
sed -i "/Proxy:/i\#clash-openwrt" /etc/clash/config.yaml
|
|
sed -i "/#clash-openwrt/a\#=============" /etc/clash/config.yaml
|
|
sed -i "/#=============/a\ " /etc/clash/config.yaml
|
|
sed -i '1,/#clash-openwrt/d' /etc/clash/config.yaml
|
|
mv /etc/clash/config.yaml /etc/clash/dns.yaml
|
|
cat /usr/share/clash/dns.yaml /etc/clash/dns.yaml > /etc/clash/config.yaml
|
|
rm -rf /etc/clash/dns.yaml
|
|
sed -i "1i\port: ${http_port}" /etc/clash/config.yaml
|
|
sed -i "2i\socks-port: ${socks_port}" /etc/clash/config.yaml
|
|
sed -i "3i\redir-port: ${redir_port}" /etc/clash/config.yaml
|
|
sed -i "4i\allow-lan: true" /etc/clash/config.yaml
|
|
sed -i "5i\mode: Rule" /etc/clash/config.yaml
|
|
sed -i "6i\log-level: ${log_level}" /etc/clash/config.yaml
|
|
sed -i "7i\external-controller: 0.0.0.0:${dash_port}" /etc/clash/config.yaml
|
|
sed -i "8i\secret: '${da_password}'" /etc/clash/config.yaml
|
|
sed -i "9i\external-ui: "/usr/share/clash/dashboard"" /etc/clash/config.yaml
|
|
sed -i "10i\ " /etc/clash/config.yaml
|
|
sed -i "11i\ " /etc/clash/config.yaml
|
|
sed -i '/#=============/ d' /etc/clash/config.yaml
|
|
|
|
else
|
|
if [ $subtype=="v2rayn2clash" ] || [ $subtype=="surge2clash" ];then
|
|
sed -i "/Proxy:/i\#clash-openwrt" /etc/clash/config.yaml
|
|
sed -i "/#clash-openwrt/a\#=============" /etc/clash/config.yaml
|
|
sed -i "/#=============/a\ " /etc/clash/config.yaml
|
|
sed -i '1,/#clash-openwrt/d' /etc/clash/config.yaml
|
|
mv /etc/clash/config.yaml /etc/clash/dns.yaml
|
|
cat /usr/share/clash/dns.yaml /etc/clash/dns.yaml > /etc/clash/config.yaml
|
|
rm -rf /etc/clash/dns.yaml
|
|
else
|
|
sed -i "/dns:/i\#clash-openwrt" /etc/clash/config.yaml
|
|
sed -i "/#clash-openwrt/a\#=============" /etc/clash/config.yaml
|
|
sed -i '1,/#clash-openwrt/d' /etc/clash/config.yaml
|
|
fi
|
|
sed -i "1i\port: ${http_port}" /etc/clash/config.yaml
|
|
sed -i "2i\socks-port: ${socks_port}" /etc/clash/config.yaml
|
|
sed -i "3i\redir-port: ${redir_port}" /etc/clash/config.yaml
|
|
sed -i "4i\allow-lan: true" /etc/clash/config.yaml
|
|
sed -i "5i\mode: Rule" /etc/clash/config.yaml
|
|
sed -i "6i\log-level: ${log_level}" /etc/clash/config.yaml
|
|
sed -i "7i\external-controller: 0.0.0.0:${dash_port}" /etc/clash/config.yaml
|
|
sed -i "8i\secret: '${da_password}'" /etc/clash/config.yaml
|
|
sed -i "9i\external-ui: "/usr/share/clash/dashboard"" /etc/clash/config.yaml
|
|
sed -i "10i\ " /etc/clash/config.yaml
|
|
sed -i "11i\ " /etc/clash/config.yaml
|
|
sed -i '/#=============/ d' /etc/clash/config.yaml
|
|
|
|
fi
|
|
#===========================================================================================================================
|
|
}
|
|
|
|
|
|
|
|
|
|
yml_dns_change(){
|
|
#===========================================================================================================================
|
|
dns_port=$(grep listen: /etc/clash/config.yaml |awk -F ':' '{print $3}' |tr -cd "[0-9]")
|
|
dnsforwader=$(uci get clash.config.dnsforwader 2>/dev/null)
|
|
|
|
if [ $dns_port -eq 53 ]; then
|
|
sed -i '/listen:/ d' /etc/clash/config.yaml
|
|
sed -i "/nameserver:/i\ listen: 0.0.0.0:5300" /etc/clash/config.yaml
|
|
fi
|
|
|
|
if [ $dnsforwader -eq 1 ]; then
|
|
if [ $dns_port -eq 53 ]; then
|
|
dns_serve1=$(uci get dhcp.@dnsmasq[0].server 2>/dev/null)
|
|
if [ $dns_serve1 ]; then
|
|
uci del dhcp.@dnsmasq[-1].server
|
|
fi
|
|
uci add_list dhcp.@dnsmasq[0].server=127.0.0.1#5300 >/dev/null 2>&1
|
|
uci delete dhcp.@dnsmasq[0].resolvfile
|
|
uci set dhcp.@dnsmasq[0].noresolv=1
|
|
uci commit dhcp
|
|
else
|
|
dns_serve1=$(uci get dhcp.@dnsmasq[0].server 2>/dev/null)
|
|
if [ $dns_serve1 ]; then
|
|
uci del dhcp.@dnsmasq[-1].server
|
|
fi
|
|
uci add_list dhcp.@dnsmasq[0].server=127.0.0.1#$dns_port >/dev/null 2>&1
|
|
uci delete dhcp.@dnsmasq[0].resolvfile
|
|
uci set dhcp.@dnsmasq[0].noresolv=1
|
|
uci commit dhcp
|
|
fi
|
|
fi
|
|
#===========================================================================================================================
|
|
}
|
|
|
|
|
|
|
|
access() {
|
|
#===========================================================================================================================
|
|
lan_ac_ips=$(uci get clash.config.lan_ac_ips)
|
|
ipset -! -R <<-EOF
|
|
create clash_lan_ac hash:net
|
|
$(for ip in $lan_ac_ips; do echo "add clash_lan_ac $ip"; done)
|
|
EOF
|
|
#===========================================================================================================================
|
|
}
|
|
|
|
|
|
reject_access() {
|
|
#===========================================================================================================================
|
|
lan_ac=$(uci get clash.config.lan_ips)
|
|
ipset -! -R <<-EOF
|
|
create clash_lan hash:net
|
|
$(for ip in $lan_ac; do echo "add clash_lan $ip"; done)
|
|
EOF
|
|
#===========================================================================================================================
|
|
}
|
|
|
|
|
|
rules(){
|
|
#===========================================================================================================================
|
|
lan_ip=$(uci get network.lan.ipaddr 2>/dev/null)
|
|
lanac=$(uci get clash.config.rejectlan 2>/dev/null)
|
|
lan=$(uci get clash.config.proxylan 2>/dev/null)
|
|
dns_port=$(grep listen: /etc/clash/config.yaml |awk -F ':' '{print $3}' |tr -cd "[0-9]")
|
|
redir_port=$(uci get clash.config.redir_port 2>/dev/null)
|
|
|
|
iptables -t nat -N clash_tcp
|
|
iptables -t nat -N clash_udp
|
|
iptables -t nat -A clash_tcp -d 0.0.0.0/8 -j RETURN
|
|
iptables -t nat -A clash_tcp -d 10.0.0.0/8 -j RETURN
|
|
iptables -t nat -A clash_tcp -d 127.0.0.0/8 -j RETURN
|
|
iptables -t nat -A clash_tcp -d 169.254.0.0/16 -j RETURN
|
|
iptables -t nat -A clash_tcp -d 172.16.0.0/12 -j RETURN
|
|
iptables -t nat -A clash_tcp -d 192.168.0.0/16 -j RETURN
|
|
iptables -t nat -A clash_tcp -d 224.0.0.0/4 -j RETURN
|
|
iptables -t nat -A clash_tcp -d 240.0.0.0/4 -j RETURN
|
|
iptables -t nat -A clash_tcp -d $lan_ip -j RETURN
|
|
iptables -t nat -A clash_tcp -p tcp --dport 22 -j ACCEPT
|
|
iptables -t nat -A clash_udp -p udp -j REDIRECT --to-ports $dns_port
|
|
if [ $lanac -eq 1 ]; then
|
|
iptables -t nat -A clash_tcp -p tcp -m set --match-set clash_lan src -j RETURN
|
|
iptables -t nat -A clash_tcp -p tcp -j REDIRECT --to-ports $redir_port
|
|
elif [ $lan -eq 1 ]; then
|
|
iptables -t nat -A clash_tcp -p tcp -m set --match-set clash_lan_ac src -j REDIRECT --to-ports $redir_port
|
|
else
|
|
iptables -t nat -A clash_tcp -p tcp -j REDIRECT --to-ports $redir_port
|
|
fi
|
|
iptables -t nat -I PREROUTING 1 -p udp --dport 53 -j clash_udp
|
|
iptables -t nat -A PREROUTING -p tcp -j clash_tcp
|
|
|
|
|
|
|
|
#===========================================================================================================================
|
|
}
|
|
|
|
yml_yaml(){
|
|
#===========================================================================================================================
|
|
subscribe_url=$(uci get clash.config.subscribe_url 2>/dev/null)
|
|
size=$(ls -l /etc/clash/config.yaml|awk '{print $5}')
|
|
if [ -f /etc/clash/config.yml ] && [ ! -f /etc/clash/config.yaml ] || [ -f /etc/clash/config.yml ] && [ -f /etc/clash/config.yaml ] && [ $size -eq 0 ];then
|
|
mv /etc/clash/config.yml /etc/clash/config.yaml
|
|
elif [ ! -f /etc/clash/config.yaml ] && [ $subscribe_url ];then
|
|
sh /usr/share/clash/clash.sh >>/tmp/clash.log >/dev/null 2>&1
|
|
fi
|
|
#===========================================================================================================================
|
|
}
|
|
|
|
start(){
|
|
#===========================================================================================================================
|
|
if pidof clash >/dev/null; then
|
|
kill $(pidof clash) >/dev/null 2>&1 || kill -9 $(ps | grep clash | grep -v grep | awk '{print $1}') >/dev/null 2>&1
|
|
fi
|
|
enable=$(uci get clash.config.enable 2>/dev/null)
|
|
yml_yaml
|
|
size=$(ls -l /etc/clash/config.yaml|awk '{print $5}')
|
|
lan=$(uci get clash.config.proxylan 2>/dev/null)
|
|
lanac=$(uci get clash.config.rejectlan 2>/dev/null)
|
|
|
|
if [ $enable -eq 1 ]; then
|
|
|
|
if [ $size -ne 0 ]; then
|
|
|
|
|
|
if [ $lan ]; then
|
|
access >/dev/null 2>&1
|
|
fi
|
|
|
|
if [ $lanac ]; then
|
|
reject_access >/dev/null 2>&1
|
|
fi
|
|
|
|
yml_change
|
|
|
|
yml_dns_change
|
|
|
|
nohup $CLASH -d "$CLASH_CONFIG" > /tmp/clash.log 2>&1 &
|
|
|
|
ln -s /usr/share/clash/web /www/clash
|
|
|
|
uci set firewall.@defaults[0].flow_offloading=1
|
|
uci commit firewall
|
|
/etc/init.d/firewall restart >/dev/null 2>&1
|
|
|
|
rules >/dev/null 2>&1
|
|
|
|
killall -1 dnsmasq
|
|
|
|
/etc/init.d/dnsmasq restart >/dev/null 2>&1
|
|
|
|
|
|
if pidof clash >/dev/null; then
|
|
add_cron
|
|
nohup /usr/share/clash/clash-watchdog.sh >/dev/null 2>&1
|
|
|
|
fi
|
|
else
|
|
echo "===============================$(date "+%Y-%m-%d %H:%M:%S") problem with config.yaml, config.yaml is either empty or not found =====================================" >> /tmp/clash.log
|
|
|
|
|
|
fi
|
|
|
|
else
|
|
echo "===============================$(date "+%Y-%m-%d %H:%M:%S") CLIENT IS DISABLED =====================================" >> /tmp/clash.log
|
|
fi
|
|
|
|
|
|
#===========================================================================================================================
|
|
}
|
|
|
|
|
|
|
|
stop(){
|
|
#===========================================================================================================================
|
|
iptables -t nat -F clash_tcp >/dev/null 2>&1
|
|
iptables -t nat -X clash_tcp >/dev/null 2>&1
|
|
iptables -t nat -F clash_udp >/dev/null 2>&1
|
|
iptables -t nat -X clash_udp >/dev/null 2>&1
|
|
iptables -t nat -D PREROUTING -p tcp -j clash_tcp >/dev/null 2>&1
|
|
iptables -t nat -D PREROUTING -p udp -j clash_udp >/dev/null 2>&1
|
|
|
|
ipset -! flush clash_lan_ac >/dev/null 2>&1
|
|
ipset -! flush clash_lan >/dev/null 2>&1
|
|
|
|
kill -9 $(ps | grep clash-watchdog.sh | grep -v grep | awk '{print $1}') >/dev/null 2>&1
|
|
|
|
kill -9 `pidof clash|sed "s/$//g"` 2>/dev/null
|
|
|
|
revert_dns
|
|
|
|
uci set firewall.@defaults[0].flow_offloading=1
|
|
uci commit firewall
|
|
/etc/init.d/firewall restart >/dev/null 2>&1
|
|
|
|
/etc/init.d/dnsmasq restart >/dev/null 2>&1
|
|
|
|
rm -rf /www/clash 2> /dev/null
|
|
|
|
del_cron
|
|
|
|
rm -rf /tmp/clash.log
|
|
|
|
|
|
#===========================================================================================================================
|
|
}
|
|
|
|
|
|
restart(){
|
|
#===========================================================================================================================
|
|
|
|
if pidof clash >/dev/null; then
|
|
stop
|
|
sleep 2
|
|
start
|
|
else
|
|
start
|
|
fi
|
|
|
|
#===========================================================================================================================
|
|
}
|
|
|
|
|