update 2025-05-05 14:18:31

luci-app-homeproxy/htdocs/luci-static/resources/view/homeproxy/node.js

@@ -63,7 +63,7 @@ function parseShareLink(uri, features) {
 				tls: '1',
 				tls_sni: params.get('peer'),
 				tls_alpn: params.get('alpn'),
-				tls_insecure: params.get('insecure') ? '1' : '0'
+				tls_insecure: (params.get('insecure') === '1') ? '1' : '0'
 			};
 
 			break;

luci-app-homeproxy/root/etc/homeproxy/scripts/firewall_pre.uc

@@ -0,0 +1,54 @@
+#!/usr/bin/ucode
+
+'use strict';
+
+import { writefile } from 'fs';
+import { cursor } from 'uci';
+import { isEmpty, RUN_DIR } from 'homeproxy';
+
+const cfgname = 'homeproxy';
+const uci = cursor();
+uci.load(cfgname);
+
+const routing_mode = uci.get(cfgname, 'config', 'routing_mode') || 'bypass_mainland_china',
+      proxy_mode = uci.get(cfgname, 'config', 'proxy_mode') || 'redirect_tproxy';
+
+let outbound_node, tun_name;
+if (match(proxy_mode, /tun/)) {
+	if (routing_mode === 'custom')
+		outbound_node = uci.get(cfgname, 'routing', 'default_outbound') || 'nil';
+	else
+		outbound_node = uci.get(cfgname, 'config', 'main_node') || 'nil';
+
+	if (outbound_node !== 'nil')
+		tun_name = uci.get(cfgname, 'infra', 'tun_name') || 'singtun0';
+}
+
+const server_enabled = uci.get(cfgname, 'server', 'enabled');
+let auto_firewall = '0';
+if (server_enabled === '1')
+	auto_firewall = uci.get(cfgname, 'server', 'auto_firewall') || '0';
+
+let forward = [],
+    input = [];
+
+if (tun_name) {
+	push(forward, `oifname ${tun_name} counter accept comment "!${cfgname}: accept tun forward"`);
+	push(input ,`iifname ${tun_name} counter accept comment "!${cfgname}: accept tun input"`);
+}
+
+if (auto_firewall === '1') {
+	uci.foreach(cfgname, 'server', (s) => {
+		if (s.enabled !== '1')
+			return;
+
+		let proto = s.network || '{ tcp, udp }';
+		push(input, `meta l4proto ${proto} th dport ${s.port} counter accept comment "!${cfgname}: accept server ${s['.name']}"`);
+	});
+}
+
+if (!isEmpty(forward))
+	writefile(RUN_DIR + '/fw4_forward.nft', join('\n', forward) + '\n');
+
+if (!isEmpty(input))
+	writefile(RUN_DIR + '/fw4_input.nft', join('\n', input) + '\n');

luci-app-homeproxy/root/etc/homeproxy/scripts/firewall_pre.ut

@@ -1,54 +0,0 @@
-#!/usr/bin/utpl -S
-
-{%-
-	import { cursor } from 'uci';
-
-	const cfgname = 'homeproxy';
-	const uci = cursor();
-	uci.load(cfgname);
-
-	const routing_mode = uci.get(cfgname, 'config', 'routing_mode') || 'bypass_mainland_china',
-	      proxy_mode = uci.get(cfgname, 'config', 'proxy_mode') || 'redirect_tproxy';
-
-	let outbound_node, tun_name;
-	if (match(proxy_mode, /tun/)) {
-		if (routing_mode === 'custom')
-			outbound_node = uci.get(cfgname, 'routing', 'default_outbound') || 'nil';
-		else
-			outbound_node = uci.get(cfgname, 'config', 'main_node') || 'nil';
-
-		if (outbound_node !== 'nil')
-			tun_name = uci.get(cfgname, 'infra', 'tun_name') || 'singtun0';
-	}
-
-	const server_enabled = uci.get(cfgname, 'server', 'enabled');
-	let auto_firewall = '0';
-	if (server_enabled === '1')
-		auto_firewall = uci.get(cfgname, 'server', 'auto_firewall') || '0';
-
--%}
-
-{% if (tun_name): %}
-chain forward {
-	oifname {{ tun_name }} counter accept comment "!{{ cfgname }}: accept tun forward"
-}
-{% endif %}
-
-{% if (tun_name || auto_firewall === '1'): %}
-chain input {
-	{% if (tun_name): %}
-	iifname {{ tun_name }} counter accept comment "!{{ cfgname }}: accept tun input"
-	{% endif %}
-{%
-	if (auto_firewall === '1')
-		uci.foreach(cfgname, 'server', (s) => {
-			if (s.enabled !== '1')
-				return;
-
-			let proto = s.network || '{ tcp, udp }';
-			printf('	meta l4proto %s th dport %s counter accept comment "!%s: accept server %s"\n',
-				proto, s.port, cfgname, s['.name']);
-		});
-%}
-}
-{% endif %}

luci-app-homeproxy/root/etc/homeproxy/scripts/update_subscriptions.uc

@@ -170,7 +170,7 @@ function parse_uri(uri) {
 				hysteria_obfs_type: params.obfs,
 				hysteria_obfs_password: params['obfs-password'],
 				tls: '1',
-				tls_insecure: params.insecure ? '1' : '0',
+				tls_insecure: (params.insecure === '1') ? '1' : '0',
 				tls_sni: params.sni
 			};
 

luci-app-homeproxy/root/etc/init.d/homeproxy

@@ -238,7 +238,7 @@ start_service() {
 	chown -R sing-box:sing-box "$RUN_DIR"
 
 	# Setup firewall
-	utpl -S "$HP_DIR/scripts/firewall_pre.ut" > "$RUN_DIR/fw4_pre.nft"
+	ucode "$HP_DIR/scripts/firewall_pre.uc"
 	[ "$outbound_node" = "nil" ] || utpl -S "$HP_DIR/scripts/firewall_post.ut" > "$RUN_DIR/fw4_post.nft"
 	fw4 reload >"/dev/null" 2>&1
 
@@ -291,7 +291,8 @@ stop_service() {
 		nft flush set inet fw4 "$i"
 		nft delete set inet fw4 "$i"
 	done 2>"/dev/null"
-	echo 2>"/dev/null" > "$RUN_DIR/fw4_pre.nft"
+	echo 2>"/dev/null" > "$RUN_DIR/fw4_forward.nft"
+	echo 2>"/dev/null" > "$RUN_DIR/fw4_input.nft"
 	echo 2>"/dev/null" > "$RUN_DIR/fw4_post.nft"
 	fw4 reload >"/dev/null" 2>&1
 

luci-app-homeproxy/root/etc/uci-defaults/luci-homeproxy

@@ -2,10 +2,20 @@
 
 uci -q batch <<-EOF >"/dev/null"
 	delete firewall.homeproxy_pre
-	set firewall.homeproxy_pre=include
+
-	set firewall.homeproxy_pre.type=nftables
+	delete firewall.homeproxy_forward
-	set firewall.homeproxy_pre.path="/var/run/homeproxy/fw4_pre.nft"
+	set firewall.homeproxy_forward=include
-	set firewall.homeproxy_pre.position="table-pre"
+	set firewall.homeproxy_forward.type=nftables
+	set firewall.homeproxy_forward.path="/var/run/homeproxy/fw4_forward.nft"
+	set firewall.homeproxy_forward.position="chain-pre"
+	set firewall.homeproxy_forward.chain="forward"
+
+	delete firewall.homeproxy_input
+	set firewall.homeproxy_input=include
+	set firewall.homeproxy_input.type=nftables
+	set firewall.homeproxy_input.path="/var/run/homeproxy/fw4_input.nft"
+	set firewall.homeproxy_input.position="chain-pre"
+	set firewall.homeproxy_input.chain="input"
 
 	delete firewall.homeproxy_post
 	set firewall.homeproxy_post=include

luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua

@@ -250,7 +250,7 @@ o.validate = port_validate
 o:depends({ use_global_config = true })
 o:depends({ _udp_node_bool = "1" })
 
-o = s:option(DummyValue, "tips", " ")
+o = s:option(DummyValue, "tips", "　")
 o.rawhtml = true
 o.cfgvalue = function(t, n)
 	return string.format('<font color="red">%s</font>',

luci-app-passwall/luasrc/model/cbi/passwall/client/app_update.lua

@@ -23,7 +23,7 @@ for _, k in ipairs(com.order) do
 	end
 end
 
-o = s:option(DummyValue, "tips", " ")
+o = s:option(DummyValue, "tips", "　")
 o.rawhtml = true
 o.cfgvalue = function(t, n)
 	return string.format('<font color="red">%s</font>', translate("if you want to run from memory, change the path, /tmp beginning then save the application and update it manually."))

luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua

@@ -284,7 +284,7 @@ if (has_singbox or has_xray) and #nodes_table > 0 then
 			end
 		end
 	else
-		local tips = s:taboption("Main", DummyValue, "tips", " ")
+		local tips = s:taboption("Main", DummyValue, "tips", "　")
 		tips.rawhtml = true
 		tips.cfgvalue = function(t, n)
 			return string.format('<a style="color: red">%s</a>', translate("There are no available nodes, please add or subscribe nodes first."))
@@ -680,7 +680,7 @@ o = s:taboption("Proxy", Flag, "client_proxy", translate("Client Proxy"), transl
 o.default = "1"
 o.rmempty = false
 
-o = s:taboption("Proxy", DummyValue, "_proxy_tips", " ")
+o = s:taboption("Proxy", DummyValue, "_proxy_tips", "　")
 o.rawhtml = true
 o.cfgvalue = function(t, n)
 	return string.format('<a style="color: red" href="%s">%s</a>', api.url("acl"), translate("Want different devices to use different proxy modes/ports/nodes? Please use access control."))
@@ -726,7 +726,7 @@ o = s:taboption("log", Flag, "log_chinadns_ng", translate("Enable") .. " ChinaDN
 o.default = "0"
 o.rmempty = false
 
-o = s:taboption("log", DummyValue, "_log_tips", " ")
+o = s:taboption("log", DummyValue, "_log_tips", "　")
 o.rawhtml = true
 o.cfgvalue = function(t, n)
 	return string.format('<font color="red">%s</font>', translate("It is recommended to disable logging during regular use to reduce system overhead."))

luci-app-passwall/luasrc/model/cbi/passwall/client/haproxy.lua

@@ -78,7 +78,7 @@ o = s:option(Value, "health_check_inter", translate("Health Check Inter"), trans
 o.default = "60"
 o:depends("balancing_enable", true)
 
-o = s:option(DummyValue, "health_check_tips", " ")
+o = s:option(DummyValue, "health_check_tips", "　")
 o.rawhtml = true
 o.cfgvalue = function(t, n)
 	return string.format('<span style="color: red">%s</span>', translate("When the URL test is used, the load balancing node will be converted into a Socks node. when node list set customizing, must be a Socks node, otherwise the health check will be invalid."))

luci-app-passwall/luasrc/model/cbi/passwall/client/other.lua

@@ -107,7 +107,7 @@ o:value("1:65535", translate("All"))
 o:value("53", "DNS")
 o.validate = port_validate
 
-o = s:option(DummyValue, "tips", " ")
+o = s:option(DummyValue, "tips", "　")
 o.rawhtml = true
 o.cfgvalue = function(t, n)
 	return string.format('<font color="red">%s</font>',

luci-app-passwall/luasrc/model/cbi/passwall/client/type/ray.lua

@@ -219,7 +219,7 @@ m.uci:foreach(appname, "shunt_rules", function(e)
 	end
 end)
 
-o = s:option(DummyValue, _n("shunt_tips"), " ")
+o = s:option(DummyValue, _n("shunt_tips"), "　")
 o.not_rewrite = true
 o.rawhtml = true
 o.cfgvalue = function(t, n)

luci-app-passwall/luasrc/model/cbi/passwall/client/type/sing-box.lua

@@ -193,7 +193,7 @@ m.uci:foreach(appname, "shunt_rules", function(e)
 	end
 end)
 
-o = s:option(DummyValue, _n("shunt_tips"), " ")
+o = s:option(DummyValue, _n("shunt_tips"), "　")
 o.not_rewrite = true
 o.rawhtml = true
 o.cfgvalue = function(t, n)