update 04-13 20:35

This commit is contained in:
github-actions[bot] 2022-04-13 20:35:44 +08:00
parent cceca1dd69
commit 83b7bbe8ba
8 changed files with 230 additions and 124 deletions

View File

@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-passwall2
PKG_VERSION:=1.3
PKG_RELEASE:=4
PKG_RELEASE:=5
PKG_CONFIG_DEPENDS:= \
CONFIG_PACKAGE_$(PKG_NAME)_Transparent_Proxy \

View File

@ -26,6 +26,8 @@ local direct_dns_doh_url = var["-direct_dns_doh_url"]
local direct_dns_doh_host = var["-direct_dns_doh_host"]
local remote_dns_server = var["-remote_dns_server"]
local remote_dns_port = var["-remote_dns_port"]
local remote_dns_udp_server = var["-remote_dns_udp_server"]
local remote_dns_udp_local = var["-remote_dns_udp_local"]
local remote_dns_tcp_server = var["-remote_dns_tcp_server"]
local remote_dns_doh_url = var["-remote_dns_doh_url"]
local remote_dns_doh_host = var["-remote_dns_doh_host"]
@ -483,6 +485,7 @@ if true then
end)
end
local rule = {
_flag = e.remarks,
type = "field",
outboundTag = outboundTag,
network = e["network"] or "tcp,udp",
@ -493,11 +496,13 @@ if true then
}
if domains then
local _rule = api.clone(rule)
_rule["_flag"] = _rule["_flag"] .. "_domains"
_rule.domains = domains
table.insert(rules, _rule)
end
if ip then
local _rule = api.clone(rule)
_rule["_flag"] = _rule["_flag"] .. "_ip"
_rule.ip = ip
table.insert(rules, _rule)
end
@ -510,6 +515,7 @@ if true then
if default_outboundTag then
table.insert(rules, {
_flag = "defalut",
type = "field",
outboundTag = default_outboundTag,
network = "tcp,udp"
@ -547,105 +553,153 @@ if true then
domainMatcher = "hybrid",
rules = {}
}
table.insert(routing.rules, {
_flag = "defalut",
type = "field",
outboundTag = node_id,
network = "tcp,udp"
})
end
end
end
if remote_dns_server or remote_dns_fake then
if remote_dns_server or remote_dns_doh_url or remote_dns_fake then
local rules = {}
if not routing then
routing = {
domainStrategy = "IPOnDemand",
rules = {}
}
end
dns = {
tag = "dns-in1",
hosts = {},
disableCache = (dns_cache and dns_cache == "0") and true or false,
disableFallback = true,
disableFallbackIfMatch = true,
servers = {
--remote_dns_server
},
servers = {},
clientIp = (remote_dns_client_ip and remote_dns_client_ip ~= "") and remote_dns_client_ip or nil,
queryStrategy = (dns_query_strategy and dns_query_strategy ~= "") and dns_query_strategy or nil
queryStrategy = (dns_query_strategy and dns_query_strategy ~= "") and dns_query_strategy or "UseIPv4"
}
if remote_dns_doh_url and remote_dns_doh_host then
if remote_dns_doh_host ~= remote_dns_server and not api.is_ip(remote_dns_doh_host) then
table.insert(dns.hosts, {
[remote_dns_doh_host] = remote_dns_server
})
local dns_host = ""
if flag == "global" then
dns_host = uci:get(appname, "@global[0]", "dns_hosts") or ""
else
flag = flag:gsub("acl_", "")
local dns_hosts_mode = uci:get(appname, flag, "dns_hosts_mode") or "default"
if dns_hosts_mode == "default" then
dns_host = uci:get(appname, "@global[0]", "dns_hosts") or ""
elseif dns_hosts_mode == "disable" then
dns_host = ""
elseif dns_hosts_mode == "custom" then
dns_host = uci:get(appname, flag, "dns_hosts") or ""
end
table.insert(dns.servers, {
tag = "remote",
address = remote_dns_doh_url,
port = tonumber(remote_dns_port) or 443,
domains = #dns_remote_domains > 0 and dns_remote_domains or nil,
--expectIPs = #dns_remote_expectIPs > 0 and dns_remote_expectIPs or nil
})
end
if #dns_host > 0 then
string.gsub(dns_host, '[^' .. "\r\n" .. ']+', function(w)
local host = sys.exec(string.format("echo -n $(echo %s | awk -F ' ' '{print $1}')", w))
local key = sys.exec(string.format("echo -n $(echo %s | awk -F ' ' '{print $2}')", w))
if host ~= "" and key ~= "" then
dns.hosts[host] = key
end
end)
end
if remote_dns_tcp_server then
table.insert(dns.servers, {
tag = "remote",
address = remote_dns_tcp_server,
port = tonumber(remote_dns_port) or 53,
domains = #dns_remote_domains > 0 and dns_remote_domains or nil,
--expectIPs = #dns_remote_expectIPs > 0 and dns_remote_expectIPs or nil
})
end
if remote_dns_fake then
fakedns = {}
fakedns[#fakedns + 1] = {
ipPool = "198.18.0.0/16",
poolSize = 65535
}
remote_dns_server = "1.1.1.1"
table.insert(dns.servers, {
tag = "remote",
address = "fakedns",
if true then
local _remote_dns = {
_flag = "remote",
domains = #dns_remote_domains > 0 and dns_remote_domains or nil
})
--expectIPs = #dns_remote_expectIPs > 0 and dns_remote_expectIPs or nil
}
if remote_dns_udp_server then
_remote_dns.address = remote_dns_udp_server
_remote_dns.port = tonumber(remote_dns_port) or 53
if remote_dns_udp_local == "1" then
table.insert(routing.rules, 1, {
type = "field",
ip = {
remote_dns_udp_server
},
outboundTag = "direct"
})
end
end
if remote_dns_tcp_server then
_remote_dns.address = remote_dns_tcp_server
_remote_dns.port = tonumber(remote_dns_port) or 53
end
if remote_dns_doh_url and remote_dns_doh_host then
if remote_dns_server and remote_dns_doh_host ~= remote_dns_server and not api.is_ip(remote_dns_doh_host) then
dns.hosts[remote_dns_doh_host] = remote_dns_server
end
_remote_dns.address = remote_dns_doh_url
_remote_dns.port = tonumber(remote_dns_port) or 443
end
if remote_dns_fake then
remote_dns_server = "1.1.1.1"
fakedns = {}
fakedns[#fakedns + 1] = {
ipPool = "198.18.0.0/16",
poolSize = 65535
}
if dns_query_strategy == "UseIP" then
fakedns[#fakedns + 1] = {
ipPool = "fc00::/18",
poolSize = 65535
}
end
_remote_dns.address = "fakedns"
end
table.insert(dns.servers, _remote_dns)
end
local nodes_domain = {}
local nodes_domain_text = sys.exec('uci show passwall2 | grep ".address=" | cut -d "\'" -f 2 | grep "[a-zA-Z]$" | sort -u')
string.gsub(nodes_domain_text, '[^' .. "\r\n" .. ']+', function(w)
table.insert(nodes_domain, w)
table.insert(dns_direct_domains, w)
end)
if true then
local nodes_domain_text = sys.exec('uci show passwall2 | grep ".address=" | cut -d "\'" -f 2 | grep "[a-zA-Z]$" | sort -u')
string.gsub(nodes_domain_text, '[^' .. "\r\n" .. ']+', function(w)
table.insert(dns_direct_domains, "full:" .. w)
end)
if direct_dns_udp_server then
table.insert(dns.servers, {
tag = "direct",
address = direct_dns_udp_server,
port = tonumber(direct_dns_port) or 53,
domains = #dns_direct_domains > 0 and dns_direct_domains or nil,
local _direct_dns = {
_flag = "direct",
domains = #dns_direct_domains > 0 and dns_direct_domains or nil
--expectIPs = #dns_direct_expectIPs > 0 and dns_direct_expectIPs or nil
})
end
}
if direct_dns_tcp_server then
table.insert(dns.servers, {
tag = "direct",
address = direct_dns_tcp_server:gsub("tcp://", "tcp+local://"),
port = tonumber(direct_dns_port) or 53,
domains = #dns_direct_domains > 0 and dns_direct_domains or nil,
--expectIPs = #dns_direct_expectIPs > 0 and dns_direct_expectIPs or nil
})
end
if direct_dns_doh_url and direct_dns_doh_host then
if direct_dns_doh_host ~= direct_dns_server and not api.is_ip(direct_dns_doh_host) then
table.insert(dns.hosts, {
[direct_dns_doh_host] = direct_dns_server
if direct_dns_udp_server then
_direct_dns.address = direct_dns_udp_server
_direct_dns.port = tonumber(direct_dns_port) or 53
table.insert(routing.rules, 1, {
type = "field",
ip = {
direct_dns_udp_server
},
outboundTag = "direct"
})
end
table.insert(dns.servers, {
tag = "direct",
address = direct_dns_doh_url:gsub("https://", "https+local://"),
port = tonumber(direct_dns_port) or 443,
domains = #dns_direct_domains > 0 and dns_direct_domains or nil,
--expectIPs = #dns_direct_expectIPs > 0 and dns_direct_expectIPs or nil
})
if direct_dns_tcp_server then
_direct_dns.address = direct_dns_tcp_server:gsub("tcp://", "tcp+local://")
_direct_dns.port = tonumber(direct_dns_port) or 53
end
if direct_dns_doh_url and direct_dns_doh_host then
if direct_dns_doh_host ~= direct_dns_server and not api.is_ip(direct_dns_doh_host) then
dns.hosts[remote_dns_doh_host] = direct_dns_server
end
_direct_dns.address = direct_dns_doh_url:gsub("https://", "https+local://")
_direct_dns.port = tonumber(direct_dns_port) or 443
end
table.insert(dns.servers, _direct_dns)
end
if dns_listen_port then
@ -655,20 +709,29 @@ if remote_dns_server or remote_dns_fake then
protocol = "dokodemo-door",
tag = "dns-in",
settings = {
address = remote_dns_server,
address = remote_dns_server or "1.1.1.1",
port = 53,
network = "tcp,udp"
}
})
end
table.insert(rules, {
type = "field",
inboundTag = {
"dns-in"
},
outboundTag = "dns-out"
})
table.insert(outbounds, {
tag = "dns-out",
protocol = "dns",
settings = {
address = remote_dns_server or "1.1.1.1",
network = "tcp"
}
})
table.insert(routing.rules, 1, {
type = "field",
inboundTag = {
"dns-in"
},
outboundTag = "dns-out"
})
end
local default_dns_flag = "remote"
if node_id and redir_port then
@ -691,32 +754,16 @@ if remote_dns_server or remote_dns_fake then
end
end
if nodes_domain and #nodes_domain > 0 then
table.insert(rules, {
type = "field",
domains = nodes_domain,
outboundTag = "direct"
})
end
if direct_dns_udp_server then
table.insert(rules, {
type = "field",
ip = {
direct_dns_udp_server
},
outboundTag = "direct"
})
end
if dns.servers and #dns.servers > 0 then
local dns_servers = nil
for index, value in ipairs(dns.servers) do
if not dns_servers and value.tag == default_dns_flag then
if not dns_servers and value["_flag"] == default_dns_flag then
dns_servers = {
_flag = "default",
address = value.address,
port = value.port
}
break
end
end
if dns_servers then
@ -724,18 +771,24 @@ if remote_dns_server or remote_dns_fake then
end
end
if not routing then
routing = {
domainStrategy = "IPOnDemand",
rules = rules
}
else
for index, value in ipairs(rules) do
table.insert(routing.rules, 1, value)
local default_rule_index = #routing.rules > 0 and #routing.rules or 1
for index, value in ipairs(routing.rules) do
if value["_flag"] == "default" then
default_rule_index = index
break
end
end
for index, value in ipairs(rules) do
local t = rules[#rules + 1 - index]
table.insert(routing.rules, default_rule_index, t)
end
if #dns.hosts == 0 then
local dns_hosts_len = 0
for key, value in pairs(dns.hosts) do
dns_hosts_len = dns_hosts_len + 1
end
if dns_hosts_len == 0 then
dns.hosts = nil
end
end
@ -778,15 +831,11 @@ if inbounds or outbounds then
}
]]--
}
table.insert(outbounds, {
protocol = "dns",
tag = "dns-out"
})
table.insert(outbounds, {
protocol = "freedom",
tag = "direct",
settings = {
domainStrategy = "UseIPv4"
domainStrategy = (dns_query_strategy and dns_query_strategy ~= "") and dns_query_strategy or "UseIPv4"
},
streamSettings = {
sockopt = {

View File

@ -233,4 +233,25 @@ o.datatype = "ipaddr"
o:depends("remote_dns_protocol", "tcp")
o:depends("remote_dns_protocol", "doh")
o = s:option(ListValue, "dns_query_strategy", translate("Query Strategy"))
o.default = "UseIPv4"
o:value("UseIP")
o:value("UseIPv4")
--o:value("UseIPv6")
o:depends("remote_dns_protocol", "tcp")
o:depends("remote_dns_protocol", "doh")
o = s:option(ListValue, "dns_hosts_mode", translate("Domain Override"))
o.default = "default"
o:value("default", translate("Default"))
o:value("disable", translate("Disable"))
o:value("custom", translate("Custom"))
o:depends("remote_dns_protocol", "tcp")
o:depends("remote_dns_protocol", "doh")
hosts = s:option(TextValue, "dns_hosts", translate("Domain Override"))
hosts.rows = 5
hosts.wrap = "off"
hosts:depends("dns_hosts_mode", "custom")
return m

View File

@ -175,6 +175,8 @@ o:depends("direct_dns_protocol", "doh")
o = s:taboption("DNS", ListValue, "remote_dns_protocol", translate("Remote DNS Protocol"))
o:value("tcp", "TCP")
o:value("doh", "DoH")
o:value("udp", "UDP")
o:value("udp+local", "UDP+Local")
o:value("fakedns", "FakeDNS")
---- DNS Forward
@ -189,6 +191,8 @@ o:value("9.9.9.9", "9.9.9.9 (Quad9-Recommended)")
o:value("208.67.220.220", "208.67.220.220 (OpenDNS)")
o:value("208.67.222.222", "208.67.222.222 (OpenDNS)")
o:depends("remote_dns_protocol", "tcp")
o:depends("remote_dns_protocol", "udp")
o:depends("remote_dns_protocol", "udp+local")
---- DoH
o = s:taboption("DNS", Value, "remote_dns_doh", translate("Remote DNS DoH"))
@ -212,6 +216,16 @@ o.datatype = "ipaddr"
o:depends("remote_dns_protocol", "tcp")
o:depends("remote_dns_protocol", "doh")
o = s:taboption("DNS", ListValue, "dns_query_strategy", translate("Query Strategy"))
o.default = "UseIPv4"
o:value("UseIP")
o:value("UseIPv4")
--o:value("UseIPv6")
hosts = s:taboption("DNS", TextValue, "dns_hosts", translate("Domain Override"))
hosts.rows = 5
hosts.wrap = "off"
s:tab("log", translate("Log"))
o = s:taboption("log", Flag, "close_log", translate("Close Node Log"))
o.rmempty = false

View File

@ -124,6 +124,12 @@ msgstr "用于 DNS 查询时通知 DNS 服务器,客户端所在的地理位
msgid "This feature requires the DNS server to support the Edns Client Subnet (RFC7871)."
msgstr "此功能需要 DNS 服务器支持 EDNS Client SubnetRFC7871。"
msgid "Query Strategy"
msgstr "查询策略"
msgid "Domain Override"
msgstr "域名重写"
msgid "About DNS issues:"
msgstr "关于DNS问题"

View File

@ -6,6 +6,9 @@ config global
option direct_dns_protocol 'auto'
option remote_dns_protocol 'tcp'
option remote_dns '1.1.1.1'
option dns_query_strategy 'UseIPv4'
option dns_hosts 'cloudflare-dns.com 1.1.1.1
dns.google.com 8.8.8.8'
option close_log '0'
option loglevel 'error'

View File

@ -265,7 +265,7 @@ lua_api() {
run_v2ray() {
local flag node redir_port socks_address socks_port socks_username socks_password http_address http_port http_username http_password
local dns_listen_port direct_dns_protocol direct_dns_udp_server direct_dns_tcp_server direct_dns_doh remote_dns_protocol remote_dns_tcp_server remote_dns_doh remote_dns_client_ip dns_query_strategy dns_cache
local dns_listen_port direct_dns_protocol direct_dns_udp_server direct_dns_tcp_server direct_dns_doh remote_dns_protocol remote_dns_udp_server remote_dns_udp_local remote_dns_tcp_server remote_dns_doh remote_dns_client_ip dns_query_strategy dns_cache
local loglevel log_file config_file
local _extra_param=""
eval_set_val $@
@ -327,10 +327,18 @@ run_v2ray() {
[ -z "${_doh_port}" ] && _doh_port=443
local _doh_bootstrap=$(echo $direct_dns_doh | cut -d ',' -sf 2-)
[ "${is_ip}" = "true" ] && _doh_bootstrap=${_doh_host}
_extra_param="${_extra_param} -direct_dns_server ${_doh_bootstrap} -direct_dns_port ${_doh_port} -direct_dns_doh_url ${_doh_url} -direct_dns_doh_host ${_doh_host}"
[ -n "$_doh_bootstrap" ] && _extra_param="${_extra_param} -direct_dns_server ${_doh_bootstrap}"
_extra_param="${_extra_param} -direct_dns_port ${_doh_port} -direct_dns_doh_url ${_doh_url} -direct_dns_doh_host ${_doh_host}"
;;
esac
case "$remote_dns_protocol" in
udp*)
local _dns=$(get_first_dns remote_dns_udp_server 53 | sed 's/#/:/g')
local _dns_address=$(echo ${_dns} | awk -F ':' '{print $1}')
local _dns_port=$(echo ${_dns} | awk -F ':' '{print $2}')
_extra_param="${_extra_param} -remote_dns_server ${_dns_address} -remote_dns_port ${_dns_port} -remote_dns_udp_server ${_dns_address}"
[ "$remote_dns_protocol" = "udp+local" ] && _extra_param="${_extra_param} -remote_dns_udp_local 1"
;;
tcp)
local _dns=$(get_first_dns remote_dns_tcp_server 53 | sed 's/#/:/g')
local _dns_address=$(echo ${_dns} | awk -F ':' '{print $1}')
@ -347,7 +355,8 @@ run_v2ray() {
[ -z "${_doh_port}" ] && _doh_port=443
local _doh_bootstrap=$(echo $remote_dns_doh | cut -d ',' -sf 2-)
[ "${is_ip}" = "true" ] && _doh_bootstrap=${_doh_host}
_extra_param="${_extra_param} -remote_dns_server ${_doh_bootstrap} -remote_dns_port ${_doh_port} -remote_dns_doh_url ${_doh_url} -remote_dns_doh_host ${_doh_host}"
[ -n "$_doh_bootstrap" ] && _extra_param="${_extra_param} -remote_dns_server ${_doh_bootstrap}"
_extra_param="${_extra_param} -remote_dns_port ${_doh_port} -remote_dns_doh_url ${_doh_url} -remote_dns_doh_host ${_doh_host}"
;;
fakedns)
_extra_param="${_extra_param} -remote_dns_fake 1"
@ -559,6 +568,10 @@ run_global() {
[ -n "$REMOTE_DNS_PROTOCOL" ] && {
V2RAY_ARGS="${V2RAY_ARGS} remote_dns_protocol=${REMOTE_DNS_PROTOCOL}"
case "$REMOTE_DNS_PROTOCOL" in
udp*)
V2RAY_ARGS="${V2RAY_ARGS} remote_dns_udp_server=${REMOTE_DNS}"
msg="${msg} 远程DNS${REMOTE_DNS}"
;;
tcp)
V2RAY_ARGS="${V2RAY_ARGS} remote_dns_tcp_server=${REMOTE_DNS}"
msg="${msg} 远程DNS${REMOTE_DNS}"
@ -783,14 +796,13 @@ DIRECT_DNS_PROTOCOL=$(config_t_get global direct_dns_protocol tcp)
DIRECT_DNS=$(config_t_get global direct_dns 119.29.29.29:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')
REMOTE_DNS_PROTOCOL=$(config_t_get global remote_dns_protocol tcp)
REMOTE_DNS=$(config_t_get global remote_dns 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')
DNS_QUERY_STRATEGY=$(config_t_get global dns_query_strategy UseIPv4)
DNS_CACHE=$(config_t_get global dns_cache 1)
DEFAULT_DNS=$(uci show dhcp | grep "@dnsmasq" | grep "\.server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' '\n' | grep -v "\/" | head -2 | sed ':label;N;s/\n/,/;b label')
[ -z "${DEFAULT_DNS}" ] && DEFAULT_DNS=$(echo -n $(sed -n 's/^nameserver[ \t]*\([^ ]*\)$/\1/p' "${RESOLVFILE}" | grep -v -E "0.0.0.0|127.0.0.1|::" | head -2) | tr ' ' ',')
PROXY_IPV6=$(config_t_get global_forwarding ipv6_tproxy 0)
DNS_QUERY_STRATEGY="UseIPv4"
[ "$PROXY_IPV6" = "1" ] && DNS_QUERY_STRATEGY="UseIP"
export V2RAY_LOCATION_ASSET=$(config_t_get global_rules v2ray_location_asset "/usr/share/v2ray/")
export XRAY_LOCATION_ASSET=$V2RAY_LOCATION_ASSET

View File

@ -176,7 +176,7 @@ load_acl() {
dnsmasq_port=11400
echolog "访问控制:"
for item in $items; do
local enabled sid remarks sources tcp_no_redir_ports udp_no_redir_ports node direct_dns_protocol direct_dns direct_dns_doh remote_dns_protocol remote_dns remote_dns_doh remote_dns_client_ip
local enabled sid remarks sources tcp_no_redir_ports udp_no_redir_ports node direct_dns_protocol direct_dns direct_dns_doh remote_dns_protocol remote_dns remote_dns_doh remote_dns_client_ip dns_query_strategy
local _ip _mac _iprange _ipset _ip_or_mac rule_list node_remark config_file
sid=$(uci -q show "${CONFIG}.${item}" | grep "=acl_rule" | awk -F '=' '{print $1}' | awk -F '.' '{print $2}')
eval $(uci -q show "${CONFIG}.${item}" | cut -d'.' -sf 3-)
@ -205,6 +205,7 @@ load_acl() {
tcp_proxy_mode="global"
udp_proxy_mode="global"
node=${node:-default}
dns_query_strategy=${dns_query_strategy:-UseIPv4}
direct_dns_protocol=${direct_dns_protocol:-auto}
direct_dns=${direct_dns:-119.29.29.29}
[ "$direct_dns_protocol" = "doh" ] && direct_dns=${direct_dns_doh:-https://223.5.5.5/dns-query}
@ -231,7 +232,7 @@ load_acl() {
if [ -n "${type}" ] && ([ "${type}" = "v2ray" ] || [ "${type}" = "xray" ]); then
config_file=$TMP_ACL_PATH/${node}_TCP_UDP_DNS_${redir_port}.json
dns_port=$(get_new_port $(expr $dns_port + 1))
run_v2ray flag=acl_$sid node=$node redir_port=$redir_port dns_listen_port=${dns_port} direct_dns_protocol=${direct_dns_protocol} direct_dns_udp_server=${direct_dns} direct_dns_tcp_server=${direct_dns} direct_dns_doh="${direct_dns}" remote_dns_protocol=${remote_dns_protocol} remote_dns_tcp_server=${remote_dns} remote_dns_doh="${remote_dns}" remote_dns_client_ip=${remote_dns_client_ip} dns_query_strategy=${DNS_QUERY_STRATEGY} config_file=${config_file}
run_v2ray flag=acl_$sid node=$node redir_port=$redir_port dns_listen_port=${dns_port} direct_dns_protocol=${direct_dns_protocol} direct_dns_udp_server=${direct_dns} direct_dns_tcp_server=${direct_dns} direct_dns_doh="${direct_dns}" remote_dns_protocol=${remote_dns_protocol} remote_dns_tcp_server=${remote_dns} remote_dns_doh="${remote_dns}" remote_dns_client_ip=${remote_dns_client_ip} dns_query_strategy=${dns_query_strategy} config_file=${config_file}
fi
dnsmasq_port=$(get_new_port $(expr $dnsmasq_port + 1))
redirect_dns_port=$dnsmasq_port
@ -340,7 +341,7 @@ load_acl() {
$ipt_m -A PSW2 $(comment "$remarks") ${_ipt_source} -p udp -j RETURN
$ip6t_m -A PSW2 $(comment "$remarks") ${_ipt_source} -p udp -j RETURN 2>/dev/null
done
unset enabled sid remarks sources tcp_no_redir_ports udp_no_redir_ports node direct_dns_protocol direct_dns direct_dns_doh remote_dns_protocol remote_dns remote_dns_doh remote_dns_client_ip
unset enabled sid remarks sources tcp_no_redir_ports udp_no_redir_ports node direct_dns_protocol direct_dns direct_dns_doh remote_dns_protocol remote_dns remote_dns_doh remote_dns_client_ip dns_query_strategy
unset _ip _mac _iprange _ipset _ip_or_mac rule_list node_remark config_file
unset ipt_tmp msg msg2
unset redirect_dns_port