mirror of https://github.com/kenzok8/small.git
update 2024-02-19 19:54:59
This commit is contained in:
github-actions[bot]
parent
0ea2db45b3
commit
6969c54a3d
|
|
@ -6,13 +6,12 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=luci-app-passwall
|
||||
PKG_VERSION:=4.73-3
|
||||
PKG_VERSION:=4.74-1
|
||||
PKG_RELEASE:=
|
||||
|
||||
PKG_CONFIG_DEPENDS:= \
|
||||
CONFIG_PACKAGE_$(PKG_NAME)_Iptables_Transparent_Proxy \
|
||||
CONFIG_PACKAGE_$(PKG_NAME)_Nftables_Transparent_Proxy \
|
||||
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Brook \
|
||||
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Haproxy \
|
||||
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Hysteria \
|
||||
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_NaiveProxy \
|
||||
|
|
@ -24,7 +23,6 @@ PKG_CONFIG_DEPENDS:= \
|
|||
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Libev_Server \
|
||||
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Simple_Obfs \
|
||||
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_SingBox \
|
||||
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Trojan_GO \
|
||||
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Trojan_Plus \
|
||||
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_tuic_client \
|
||||
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_V2ray_Geodata \
|
||||
|
|
@ -67,11 +65,6 @@ config PACKAGE_$(PKG_NAME)_Nftables_Transparent_Proxy
|
|||
depends on PACKAGE_$(PKG_NAME)
|
||||
default y if PACKAGE_firewall4
|
||||
|
||||
config PACKAGE_$(PKG_NAME)_INCLUDE_Brook
|
||||
bool "Include Brook"
|
||||
select PACKAGE_brook
|
||||
default n
|
||||
|
||||
config PACKAGE_$(PKG_NAME)_INCLUDE_Haproxy
|
||||
bool "Include Haproxy"
|
||||
select PACKAGE_haproxy
|
||||
|
|
@ -132,11 +125,6 @@ config PACKAGE_$(PKG_NAME)_INCLUDE_SingBox
|
|||
select PACKAGE_sing-box
|
||||
default y if aarch64||arm||i386||x86_64
|
||||
|
||||
config PACKAGE_$(PKG_NAME)_INCLUDE_Trojan_GO
|
||||
bool "Include Trojan-GO"
|
||||
select PACKAGE_trojan-go
|
||||
default n
|
||||
|
||||
config PACKAGE_$(PKG_NAME)_INCLUDE_Trojan_Plus
|
||||
bool "Include Trojan-Plus"
|
||||
select PACKAGE_trojan-plus
|
||||
|
|
|
|||
|
|
@ -224,35 +224,22 @@ function socks_status()
|
|||
end
|
||||
|
||||
function connect_status()
|
||||
local e = {}
|
||||
e.use_time = ""
|
||||
local url = luci.http.formvalue("url")
|
||||
local hostname = url:match("//([^/]+)")
|
||||
local pingOutput = luci.sys.exec("ping -c 3 " .. hostname .. " | tail -1")
|
||||
if pingOutput and pingOutput:find("min/avg/max") then
|
||||
local avgPingTime = pingOutput:match("/(%d+%.%d+)/")
|
||||
if avgPingTime then
|
||||
e.use_time = string.format("%.2f", tonumber(avgPingTime))
|
||||
e.ping_type = "ping"
|
||||
else
|
||||
e.use_time = "N/A"
|
||||
e.ping_type = "ping"
|
||||
end
|
||||
else
|
||||
local result = luci.sys.exec('curl --connect-timeout 3 -o /dev/null -I -sk -w "%{http_code}:%{time_appconnect}" ' .. url)
|
||||
local code = tonumber(luci.sys.exec("echo -n '" .. result .. "' | awk -F ':' '{print $1}'") or "0")
|
||||
if code ~= 0 then
|
||||
local use_time = luci.sys.exec("echo -n '" .. result .. "' | awk -F ':' '{print $2}'")
|
||||
if use_time:find("%.") then
|
||||
e.use_time = string.format("%.2f", use_time * 1000)
|
||||
else
|
||||
e.use_time = string.format("%.2f", use_time / 1000)
|
||||
end
|
||||
e.ping_type = "curl"
|
||||
local e = {}
|
||||
e.use_time = ""
|
||||
local url = luci.http.formvalue("url")
|
||||
local result = luci.sys.exec('curl --connect-timeout 3 -o /dev/null -I -sk -w "%{http_code}:%{time_starttransfer}" ' .. url)
|
||||
local code = tonumber(luci.sys.exec("echo -n '" .. result .. "' | awk -F ':' '{print $1}'") or "0")
|
||||
if code ~= 0 then
|
||||
local use_time = luci.sys.exec("echo -n '" .. result .. "' | awk -F ':' '{print $2}'")
|
||||
if use_time:find("%.") then
|
||||
e.use_time = string.format("%.2f", use_time * 1000)
|
||||
else
|
||||
e.use_time = string.format("%.2f", use_time / 1000)
|
||||
end
|
||||
end
|
||||
luci.http.prepare_content("application/json")
|
||||
luci.http.write_json(e)
|
||||
e.ping_type = "curl"
|
||||
end
|
||||
luci.http.prepare_content("application/json")
|
||||
luci.http.write_json(e)
|
||||
end
|
||||
|
||||
function ping_node()
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
local api = require "luci.passwall.api"
|
||||
local appname = api.appname
|
||||
local sys = api.sys
|
||||
local has_chnlist = api.fs.access("/usr/share/passwall/rules/chnlist")
|
||||
|
||||
m = Map(appname)
|
||||
api.set_apply_on_parse(m)
|
||||
|
|
@ -13,8 +12,6 @@ o = s:option(Flag, "acl_enable", translate("Main switch"))
|
|||
o.rmempty = false
|
||||
o.default = false
|
||||
|
||||
local global_proxy_mode = (m:get("@global[0]", "tcp_proxy_mode") or "") .. (m:get("@global[0]", "udp_proxy_mode") or "")
|
||||
|
||||
-- [[ ACLs Settings ]]--
|
||||
s = m:section(TypedSection, "acl_rule")
|
||||
s.template = "cbi/tblsection"
|
||||
|
|
@ -66,36 +63,6 @@ o.cfgvalue = function(t, n)
|
|||
return e
|
||||
end
|
||||
|
||||
---- TCP Proxy Mode
|
||||
tcp_proxy_mode = s:option(ListValue, "tcp_proxy_mode", "TCP " .. translate("Proxy Mode"))
|
||||
tcp_proxy_mode.default = "default"
|
||||
tcp_proxy_mode.rmempty = false
|
||||
tcp_proxy_mode:value("default", translate("Default"))
|
||||
tcp_proxy_mode:value("disable", translate("No Proxy"))
|
||||
tcp_proxy_mode:value("global", translate("Global Proxy"))
|
||||
if has_chnlist and global_proxy_mode:find("returnhome") then
|
||||
tcp_proxy_mode:value("returnhome", translate("China List"))
|
||||
else
|
||||
tcp_proxy_mode:value("gfwlist", translate("GFW List"))
|
||||
tcp_proxy_mode:value("chnroute", translate("Not China List"))
|
||||
end
|
||||
tcp_proxy_mode:value("direct/proxy", translate("Only use direct/proxy list"))
|
||||
|
||||
---- UDP Proxy Mode
|
||||
udp_proxy_mode = s:option(ListValue, "udp_proxy_mode", "UDP " .. translate("Proxy Mode"))
|
||||
udp_proxy_mode.default = "default"
|
||||
udp_proxy_mode.rmempty = false
|
||||
udp_proxy_mode:value("default", translate("Default"))
|
||||
udp_proxy_mode:value("disable", translate("No Proxy"))
|
||||
udp_proxy_mode:value("global", translate("Global Proxy"))
|
||||
if has_chnlist and global_proxy_mode:find("returnhome") then
|
||||
udp_proxy_mode:value("returnhome", translate("China List"))
|
||||
else
|
||||
udp_proxy_mode:value("gfwlist", translate("GFW List"))
|
||||
udp_proxy_mode:value("chnroute", translate("Not China List"))
|
||||
end
|
||||
udp_proxy_mode:value("direct/proxy", translate("Only use direct/proxy list"))
|
||||
|
||||
--[[
|
||||
---- TCP No Redir Ports
|
||||
o = s:option(Value, "tcp_no_redir_ports", translate("TCP No Redir Ports"))
|
||||
|
|
|
|||
|
|
@ -1,9 +1,12 @@
|
|||
local api = require "luci.passwall.api"
|
||||
local appname = api.appname
|
||||
local uci = api.uci
|
||||
local sys = api.sys
|
||||
local has_singbox = api.finded_com("singbox")
|
||||
local has_xray = api.finded_com("xray")
|
||||
local has_gfwlist = api.fs.access("/usr/share/passwall/rules/gfwlist")
|
||||
local has_chnlist = api.fs.access("/usr/share/passwall/rules/chnlist")
|
||||
local has_chnroute = api.fs.access("/usr/share/passwall/rules/chnroute")
|
||||
|
||||
local port_validate = function(self, value, t)
|
||||
return value:gsub("-", ":")
|
||||
|
|
@ -17,8 +20,6 @@ for k, e in ipairs(api.get_valid_nodes()) do
|
|||
nodes_table[#nodes_table + 1] = e
|
||||
end
|
||||
|
||||
local global_proxy_mode = (m:get("@global[0]", "tcp_proxy_mode") or "") .. (m:get("@global[0]", "udp_proxy_mode") or "")
|
||||
|
||||
local dynamicList_write = function(self, section, value)
|
||||
local t = {}
|
||||
local t2 = {}
|
||||
|
|
@ -140,92 +141,17 @@ sources.validate = function(self, value, t)
|
|||
end
|
||||
sources.write = dynamicList_write
|
||||
|
||||
---- TCP No Redir Ports
|
||||
o = s:option(Value, "tcp_no_redir_ports", translate("TCP No Redir Ports"))
|
||||
o.default = "default"
|
||||
o:value("disable", translate("No patterns are used"))
|
||||
o:value("default", translate("Default"))
|
||||
o:value("1:65535", translate("All"))
|
||||
o.validate = port_validate
|
||||
|
||||
---- UDP No Redir Ports
|
||||
o = s:option(Value, "udp_no_redir_ports", translate("UDP No Redir Ports"))
|
||||
o.default = "default"
|
||||
o:value("disable", translate("No patterns are used"))
|
||||
o:value("default", translate("Default"))
|
||||
o:value("1:65535", translate("All"))
|
||||
o.validate = port_validate
|
||||
|
||||
---- TCP Proxy Drop Ports
|
||||
o = s:option(Value, "tcp_proxy_drop_ports", translate("TCP Proxy Drop Ports"))
|
||||
o.default = "default"
|
||||
o:value("disable", translate("No patterns are used"))
|
||||
o:value("default", translate("Default"))
|
||||
o.validate = port_validate
|
||||
|
||||
---- UDP Proxy Drop Ports
|
||||
o = s:option(Value, "udp_proxy_drop_ports", translate("UDP Proxy Drop Ports"))
|
||||
o.default = "default"
|
||||
o:value("disable", translate("No patterns are used"))
|
||||
o:value("default", translate("Default"))
|
||||
o:value("80,443", translate("QUIC"))
|
||||
o.validate = port_validate
|
||||
|
||||
---- TCP Redir Ports
|
||||
o = s:option(Value, "tcp_redir_ports", translate("TCP Redir Ports"))
|
||||
o.default = "default"
|
||||
o:value("default", translate("Default"))
|
||||
o:value("1:65535", translate("All"))
|
||||
o:value("80,443", "80,443")
|
||||
o:value("80:65535", "80 " .. translate("or more"))
|
||||
o:value("1:443", "443 " .. translate("or less"))
|
||||
o.validate = port_validate
|
||||
|
||||
---- UDP Redir Ports
|
||||
o = s:option(Value, "udp_redir_ports", translate("UDP Redir Ports"))
|
||||
o.default = "default"
|
||||
o:value("default", translate("Default"))
|
||||
o:value("1:65535", translate("All"))
|
||||
o:value("53", "53")
|
||||
o.validate = port_validate
|
||||
|
||||
---- TCP Proxy Mode
|
||||
tcp_proxy_mode = s:option(ListValue, "tcp_proxy_mode", "TCP " .. translate("Proxy Mode"))
|
||||
tcp_proxy_mode.default = "default"
|
||||
tcp_proxy_mode.rmempty = false
|
||||
tcp_proxy_mode:value("default", translate("Default"))
|
||||
tcp_proxy_mode:value("disable", translate("No Proxy"))
|
||||
tcp_proxy_mode:value("global", translate("Global Proxy"))
|
||||
if has_chnlist and global_proxy_mode:find("returnhome") then
|
||||
tcp_proxy_mode:value("returnhome", translate("China List"))
|
||||
else
|
||||
tcp_proxy_mode:value("gfwlist", translate("GFW List"))
|
||||
tcp_proxy_mode:value("chnroute", translate("Not China List"))
|
||||
end
|
||||
tcp_proxy_mode:value("direct/proxy", translate("Only use direct/proxy list"))
|
||||
|
||||
---- UDP Proxy Mode
|
||||
udp_proxy_mode = s:option(ListValue, "udp_proxy_mode", "UDP " .. translate("Proxy Mode"))
|
||||
udp_proxy_mode.default = "default"
|
||||
udp_proxy_mode.rmempty = false
|
||||
udp_proxy_mode:value("default", translate("Default"))
|
||||
udp_proxy_mode:value("disable", translate("No Proxy"))
|
||||
udp_proxy_mode:value("global", translate("Global Proxy"))
|
||||
if has_chnlist and global_proxy_mode:find("returnhome") then
|
||||
udp_proxy_mode:value("returnhome", translate("China List"))
|
||||
else
|
||||
udp_proxy_mode:value("gfwlist", translate("GFW List"))
|
||||
udp_proxy_mode:value("chnroute", translate("Not China List"))
|
||||
end
|
||||
udp_proxy_mode:value("direct/proxy", translate("Only use direct/proxy list"))
|
||||
|
||||
local TCP_NODE = uci:get(appname, "@global[0]", "tcp_node")
|
||||
tcp_node = s:option(ListValue, "tcp_node", "<a style='color: red'>" .. translate("TCP Node") .. "</a>")
|
||||
tcp_node.default = "default"
|
||||
tcp_node:value("default", translate("Default"))
|
||||
tcp_node:value("nil", translate("Close"))
|
||||
tcp_node:value("default", translate("Use global config") .. "(" .. TCP_NODE .. ")")
|
||||
|
||||
local UDP_NODE = uci:get(appname, "@global[0]", "udp_node")
|
||||
udp_node = s:option(ListValue, "udp_node", "<a style='color: red'>" .. translate("UDP Node") .. "</a>")
|
||||
udp_node.default = "default"
|
||||
udp_node:value("default", translate("Default"))
|
||||
udp_node:value("nil", translate("Close"))
|
||||
udp_node:value("default", translate("Use global config") .. "(" .. UDP_NODE .. ")")
|
||||
udp_node:value("tcp", translate("Same as the tcp node"))
|
||||
|
||||
for k, v in pairs(nodes_table) do
|
||||
|
|
@ -233,13 +159,112 @@ for k, v in pairs(nodes_table) do
|
|||
udp_node:value(v.id, v["remark"])
|
||||
end
|
||||
|
||||
---- TCP No Redir Ports
|
||||
local TCP_NO_REDIR_PORTS = uci:get(appname, "@global_forwarding[0]", "tcp_no_redir_ports")
|
||||
o = s:option(Value, "tcp_no_redir_ports", translate("TCP No Redir Ports"))
|
||||
o.default = "default"
|
||||
o:value("disable", translate("No patterns are used"))
|
||||
o:value("default", translate("Use global config") .. "(" .. TCP_NO_REDIR_PORTS .. ")")
|
||||
o:value("1:65535", translate("All"))
|
||||
o.validate = port_validate
|
||||
o:depends({ tcp_node = "nil", ['!reverse'] = true })
|
||||
|
||||
---- UDP No Redir Ports
|
||||
local UDP_NO_REDIR_PORTS = uci:get(appname, "@global_forwarding[0]", "udp_no_redir_ports")
|
||||
o = s:option(Value, "udp_no_redir_ports", translate("UDP No Redir Ports"))
|
||||
o.default = "default"
|
||||
o:value("disable", translate("No patterns are used"))
|
||||
o:value("default", translate("Use global config") .. "(" .. UDP_NO_REDIR_PORTS .. ")")
|
||||
o:value("1:65535", translate("All"))
|
||||
o.validate = port_validate
|
||||
o:depends({ udp_node = "nil", ['!reverse'] = true })
|
||||
|
||||
---- TCP Proxy Drop Ports
|
||||
local TCP_PROXY_DROP_PORTS = uci:get(appname, "@global_forwarding[0]", "tcp_proxy_drop_ports")
|
||||
o = s:option(Value, "tcp_proxy_drop_ports", translate("TCP Proxy Drop Ports"))
|
||||
o.default = "default"
|
||||
o:value("disable", translate("No patterns are used"))
|
||||
o:value("default", translate("Default"))
|
||||
o.validate = port_validate
|
||||
o:value("default", translate("Use global config") .. "(" .. TCP_PROXY_DROP_PORTS .. ")")
|
||||
o:depends({ tcp_node = "nil", ['!reverse'] = true })
|
||||
|
||||
---- UDP Proxy Drop Ports
|
||||
local UDP_PROXY_DROP_PORTS = uci:get(appname, "@global_forwarding[0]", "udp_proxy_drop_ports")
|
||||
o = s:option(Value, "udp_proxy_drop_ports", translate("UDP Proxy Drop Ports"))
|
||||
o.default = "default"
|
||||
o:value("disable", translate("No patterns are used"))
|
||||
o:value("default", translate("Use global config") .. "(" .. UDP_PROXY_DROP_PORTS .. ")")
|
||||
o:value("80,443", translate("QUIC"))
|
||||
o.validate = port_validate
|
||||
o:depends({ udp_node = "nil", ['!reverse'] = true })
|
||||
|
||||
---- TCP Redir Ports
|
||||
local TCP_REDIR_PORTS = uci:get(appname, "@global_forwarding[0]", "tcp_redir_ports")
|
||||
o = s:option(Value, "tcp_redir_ports", translate("TCP Redir Ports"))
|
||||
o.default = "default"
|
||||
o:value("default", translate("Use global config") .. "(" .. TCP_REDIR_PORTS .. ")")
|
||||
o:value("1:65535", translate("All"))
|
||||
o:value("80,443", "80,443")
|
||||
o:value("80:65535", "80 " .. translate("or more"))
|
||||
o:value("1:443", "443 " .. translate("or less"))
|
||||
o.validate = port_validate
|
||||
o:depends({ tcp_node = "nil", ['!reverse'] = true })
|
||||
|
||||
---- UDP Redir Ports
|
||||
local UDP_REDIR_PORTS = uci:get(appname, "@global_forwarding[0]", "udp_redir_ports")
|
||||
o = s:option(Value, "udp_redir_ports", translate("UDP Redir Ports"))
|
||||
o.default = "default"
|
||||
o:value("default", translate("Use global config") .. "(" .. UDP_REDIR_PORTS .. ")")
|
||||
o:value("1:65535", translate("All"))
|
||||
o:value("53", "53")
|
||||
o.validate = port_validate
|
||||
o:depends({ udp_node = "nil", ['!reverse'] = true })
|
||||
|
||||
o = s:option(Flag, "use_direct_list", translatef("Use %s", translate("Direct List")))
|
||||
o.default = "1"
|
||||
o:depends({ tcp_node = "nil", ['!reverse'] = true })
|
||||
|
||||
o = s:option(Flag, "use_proxy_list", translatef("Use %s", translate("Proxy List")))
|
||||
o.default = "1"
|
||||
o:depends({ tcp_node = "nil", ['!reverse'] = true })
|
||||
|
||||
o = s:option(Flag, "use_block_list", translatef("Use %s", translate("Block List")))
|
||||
o.default = "1"
|
||||
o:depends({ tcp_node = "nil", ['!reverse'] = true })
|
||||
|
||||
if has_gfwlist then
|
||||
o = s:option(Flag, "use_gfw_list", translatef("Use %s", translate("GFW List")))
|
||||
o.default = "1"
|
||||
o:depends({ tcp_node = "nil", ['!reverse'] = true })
|
||||
end
|
||||
|
||||
if has_chnlist or has_chnroute then
|
||||
o = s:option(ListValue, "chn_list", translate("China List"))
|
||||
o:value("0", translate("Close(Not use)"))
|
||||
o:value("direct", translate("Direct Connection"))
|
||||
o:value("proxy", translate("Proxy"))
|
||||
o.default = "direct"
|
||||
o:depends({ tcp_node = "nil", ['!reverse'] = true })
|
||||
end
|
||||
|
||||
o = s:option(ListValue, "tcp_proxy_mode", "TCP " .. translate("Proxy Mode"))
|
||||
o:value("disable", translate("No Proxy"))
|
||||
o:value("proxy", translate("Proxy"))
|
||||
o:depends({ tcp_node = "nil", ['!reverse'] = true })
|
||||
|
||||
o = s:option(ListValue, "udp_proxy_mode", "UDP " .. translate("Proxy Mode"))
|
||||
o:value("disable", translate("No Proxy"))
|
||||
o:value("proxy", translate("Proxy"))
|
||||
o:depends({ udp_node = "nil", ['!reverse'] = true })
|
||||
|
||||
o = s:option(Flag, "filter_proxy_ipv6", translate("Filter Proxy Host IPv6"), translate("Experimental feature."))
|
||||
o.default = "0"
|
||||
o:depends({ tcp_node = "default", ['!reverse'] = true })
|
||||
o:depends({ tcp_node = "nil", ['!reverse'] = true })
|
||||
|
||||
---- DNS Forward Mode
|
||||
o = s:option(ListValue, "dns_mode", translate("Filter Mode"))
|
||||
o:depends({ tcp_node = "default", ['!reverse'] = true })
|
||||
o:depends({ tcp_node = "nil", ['!reverse'] = true })
|
||||
if api.is_finded("dns2socks") then
|
||||
o:value("dns2socks", "dns2socks")
|
||||
end
|
||||
|
|
@ -338,46 +363,33 @@ end
|
|||
if api.is_finded("chinadns-ng") then
|
||||
o = s:option(Flag, "chinadns_ng", translate("ChinaDNS-NG"), translate("The effect is better, but will increase the memory."))
|
||||
o.default = "0"
|
||||
o:depends({ tcp_proxy_mode = "gfwlist", dns_mode = "dns2socks" })
|
||||
o:depends({ tcp_proxy_mode = "gfwlist", dns_mode = "xray" })
|
||||
o:depends({ tcp_proxy_mode = "gfwlist", dns_mode = "sing-box" })
|
||||
o:depends({ tcp_proxy_mode = "chnroute", dns_mode = "dns2socks" })
|
||||
o:depends({ tcp_proxy_mode = "chnroute", dns_mode = "xray" })
|
||||
o:depends({ tcp_proxy_mode = "chnroute", dns_mode = "sing-box" })
|
||||
chinadns_ng_default_tag = s:option(ListValue, "chinadns_ng_default_tag", translate("ChinaDNS-NG Domain Default Tag"))
|
||||
chinadns_ng_default_tag.default = "smart"
|
||||
chinadns_ng_default_tag:value("smart", translate("Smart DNS"))
|
||||
chinadns_ng_default_tag:value("gfw", translate("Remote DNS"))
|
||||
chinadns_ng_default_tag:value("chn", translate("Direct DNS"))
|
||||
chinadns_ng_default_tag.description = "<ul>"
|
||||
o:depends({ use_gfw_list = true })
|
||||
o:depends({ chn_list = "direct" })
|
||||
|
||||
o = s:option(ListValue, "chinadns_ng_default_tag", translate("ChinaDNS-NG Domain Default Tag"))
|
||||
o.default = "smart"
|
||||
o:value("smart", translate("Smart DNS"))
|
||||
o:value("gfw", translate("Remote DNS"))
|
||||
o:value("chn", translate("Direct DNS"))
|
||||
o.description = "<ul>"
|
||||
.. "<li>" .. translate("Forward to both remote and direct DNS, if the direct DNS resolution result is a mainland China ip, then use the direct result, otherwise use the remote result") .. "</li>"
|
||||
.. "<li>" .. translate("Remote DNS can avoid more DNS leaks, but some domestic domain names maybe to proxy!") .. "</li>"
|
||||
.. "<li>" .. translate("Direct DNS Internet experience may be better, but DNS will be leaked!") .. "</li>"
|
||||
.. "</ul>"
|
||||
chinadns_ng_default_tag:depends("chinadns_ng", true)
|
||||
o:depends("chinadns_ng", true)
|
||||
end
|
||||
|
||||
if has_chnlist then
|
||||
when_chnroute_default_dns = s:option(ListValue, "when_chnroute_default_dns", translate("When using the chnroute list the default DNS"))
|
||||
when_chnroute_default_dns.default = "direct"
|
||||
when_chnroute_default_dns:value("remote", translate("Remote DNS"))
|
||||
when_chnroute_default_dns:value("direct", translate("Direct DNS"))
|
||||
when_chnroute_default_dns.description = "<ul>"
|
||||
.. "<li>" .. translate("Remote DNS can avoid more DNS leaks, but some domestic domain names maybe to proxy!") .. "</li>"
|
||||
.. "<li>" .. translate("Direct DNS Internet experience may be better, but DNS will be leaked!") .. "</li>"
|
||||
.. "</ul>"
|
||||
local _depends = {
|
||||
{ dns_mode = "dns2socks" },
|
||||
{ dns_mode = "xray" },
|
||||
{ dns_mode = "sing-box" },
|
||||
}
|
||||
for i, d in ipairs(_depends) do
|
||||
d["tcp_proxy_mode"] = "chnroute"
|
||||
if api.is_finded("chinadns-ng") then
|
||||
d["chinadns_ng"] = false
|
||||
end
|
||||
when_chnroute_default_dns:depends(d)
|
||||
end
|
||||
o = s:option(ListValue, "use_default_dns", translate("Default DNS"))
|
||||
o.default = "direct"
|
||||
o:value("remote", translate("Remote DNS"))
|
||||
o:value("direct", translate("Direct DNS"))
|
||||
o.description = translate("The default DNS used when not in the domain name rules list.")
|
||||
.. "<ul>"
|
||||
.. "<li>" .. translate("Remote DNS can avoid more DNS leaks, but some domestic domain names maybe to proxy!") .. "</li>"
|
||||
.. "<li>" .. translate("Direct DNS Internet experience may be better, but DNS will be leaked!") .. "</li>"
|
||||
.. "</ul>"
|
||||
if api.is_finded("chinadns-ng") then
|
||||
o:depends("chinadns_ng", false)
|
||||
end
|
||||
|
||||
return m
|
||||
|
|
|
|||
|
|
@ -4,7 +4,9 @@ local uci = api.uci
|
|||
local datatypes = api.datatypes
|
||||
local has_singbox = api.finded_com("singbox")
|
||||
local has_xray = api.finded_com("xray")
|
||||
local has_gfwlist = api.fs.access("/usr/share/passwall/rules/gfwlist")
|
||||
local has_chnlist = api.fs.access("/usr/share/passwall/rules/chnlist")
|
||||
local has_chnroute = api.fs.access("/usr/share/passwall/rules/chnroute")
|
||||
|
||||
m = Map(appname)
|
||||
api.set_apply_on_parse(m)
|
||||
|
|
@ -59,20 +61,6 @@ local doh_validate = function(self, value, t)
|
|||
return nil, translate("DoH request address") .. " " .. translate("Format must be:") .. " URL,IP"
|
||||
end
|
||||
|
||||
local redir_mode_validate = function(self, value, t)
|
||||
local tcp_proxy_mode_v = tcp_proxy_mode:formvalue(t) or ""
|
||||
local udp_proxy_mode_v = udp_proxy_mode:formvalue(t) or ""
|
||||
local localhost_tcp_proxy_mode_v = localhost_tcp_proxy_mode:formvalue(t) or ""
|
||||
local localhost_udp_proxy_mode_v = localhost_udp_proxy_mode:formvalue(t) or ""
|
||||
local s = tcp_proxy_mode_v .. udp_proxy_mode_v .. localhost_tcp_proxy_mode_v .. localhost_udp_proxy_mode_v
|
||||
if s:find("returnhome") then
|
||||
if s:find("chnroute") or s:find("gfwlist") then
|
||||
return nil, translate("China list or gfwlist cannot be used together with outside China list!")
|
||||
end
|
||||
end
|
||||
return value
|
||||
end
|
||||
|
||||
m:append(Template(appname .. "/global/status"))
|
||||
|
||||
s = m:section(TypedSection, "global")
|
||||
|
|
@ -400,18 +388,17 @@ if api.is_finded("chinadns-ng") then
|
|||
o:depends({dns_mode = "udp"})
|
||||
end
|
||||
|
||||
if has_chnlist then
|
||||
when_chnroute_default_dns = s:taboption("DNS", ListValue, "when_chnroute_default_dns", translate("When using the chnroute list the default DNS"))
|
||||
when_chnroute_default_dns.default = "direct"
|
||||
when_chnroute_default_dns:value("remote", translate("Remote DNS"))
|
||||
when_chnroute_default_dns:value("direct", translate("Direct DNS"))
|
||||
when_chnroute_default_dns.description = "<ul>"
|
||||
.. "<li>" .. translate("Remote DNS can avoid more DNS leaks, but some domestic domain names maybe to proxy!") .. "</li>"
|
||||
.. "<li>" .. translate("Direct DNS Internet experience may be better, but DNS will be leaked!") .. "</li>"
|
||||
.. "</ul>"
|
||||
if api.is_finded("chinadns-ng") then
|
||||
when_chnroute_default_dns:depends("chinadns_ng", false)
|
||||
end
|
||||
o = s:taboption("DNS", ListValue, "use_default_dns", translate("Default DNS"))
|
||||
o.default = "direct"
|
||||
o:value("remote", translate("Remote DNS"))
|
||||
o:value("direct", translate("Direct DNS"))
|
||||
o.description = translate("The default DNS used when not in the domain name rules list.")
|
||||
.. "<ul>"
|
||||
.. "<li>" .. translate("Remote DNS can avoid more DNS leaks, but some domestic domain names maybe to proxy!") .. "</li>"
|
||||
.. "<li>" .. translate("Direct DNS Internet experience may be better, but DNS will be leaked!") .. "</li>"
|
||||
.. "</ul>"
|
||||
if api.is_finded("chinadns-ng") then
|
||||
o:depends("chinadns_ng", false)
|
||||
end
|
||||
|
||||
o = s:taboption("DNS", Button, "clear_ipset", translate("Clear IPSET"), translate("Try this feature if the rule modification does not take effect."))
|
||||
|
|
@ -423,59 +410,53 @@ end
|
|||
|
||||
s:tab("Proxy", translate("Mode"))
|
||||
|
||||
o = s:taboption("Proxy", Flag, "use_direct_list", translatef("Use %s", translate("Direct List")))
|
||||
o.default = "1"
|
||||
|
||||
o = s:taboption("Proxy", Flag, "use_proxy_list", translatef("Use %s", translate("Proxy List")))
|
||||
o.default = "1"
|
||||
|
||||
o = s:taboption("Proxy", Flag, "use_block_list", translatef("Use %s", translate("Block List")))
|
||||
o.default = "1"
|
||||
|
||||
if has_gfwlist then
|
||||
o = s:taboption("Proxy", Flag, "use_gfw_list", translatef("Use %s", translate("GFW List")))
|
||||
o.default = "1"
|
||||
end
|
||||
|
||||
if has_chnlist or has_chnroute then
|
||||
o = s:taboption("Proxy", ListValue, "chn_list", translate("China List"))
|
||||
o:value("0", translate("Close(Not use)"))
|
||||
o:value("direct", translate("Direct Connection"))
|
||||
o:value("proxy", translate("Proxy"))
|
||||
o.default = "direct"
|
||||
end
|
||||
|
||||
---- TCP Default Proxy Mode
|
||||
tcp_proxy_mode = s:taboption("Proxy", ListValue, "tcp_proxy_mode", "TCP " .. translate("Default Proxy Mode"))
|
||||
tcp_proxy_mode:value("disable", translate("No Proxy"))
|
||||
tcp_proxy_mode:value("global", translate("Global Proxy"))
|
||||
tcp_proxy_mode:value("gfwlist", translate("GFW List"))
|
||||
tcp_proxy_mode:value("chnroute", translate("Not China List"))
|
||||
if has_chnlist then
|
||||
tcp_proxy_mode:value("returnhome", translate("China List"))
|
||||
end
|
||||
tcp_proxy_mode:value("direct/proxy", translate("Only use direct/proxy list"))
|
||||
tcp_proxy_mode.default = "chnroute"
|
||||
--tcp_proxy_mode.validate = redir_mode_validate
|
||||
tcp_proxy_mode:value("proxy", translate("Proxy"))
|
||||
tcp_proxy_mode.default = "proxy"
|
||||
|
||||
---- UDP Default Proxy Mode
|
||||
udp_proxy_mode = s:taboption("Proxy", ListValue, "udp_proxy_mode", "UDP " .. translate("Default Proxy Mode"))
|
||||
udp_proxy_mode:value("disable", translate("No Proxy"))
|
||||
udp_proxy_mode:value("global", translate("Global Proxy"))
|
||||
udp_proxy_mode:value("gfwlist", translate("GFW List"))
|
||||
udp_proxy_mode:value("chnroute", translate("Not China List"))
|
||||
if has_chnlist then
|
||||
udp_proxy_mode:value("returnhome", translate("China List"))
|
||||
end
|
||||
udp_proxy_mode:value("direct/proxy", translate("Only use direct/proxy list"))
|
||||
udp_proxy_mode.default = "chnroute"
|
||||
--udp_proxy_mode.validate = redir_mode_validate
|
||||
udp_proxy_mode:value("proxy", translate("Proxy"))
|
||||
udp_proxy_mode.default = "proxy"
|
||||
|
||||
---- Localhost TCP Proxy Mode
|
||||
localhost_tcp_proxy_mode = s:taboption("Proxy", ListValue, "localhost_tcp_proxy_mode", translate("Router Localhost") .. " TCP " .. translate("Proxy Mode"))
|
||||
localhost_tcp_proxy_mode:value("default", translatef("Same as the %s default proxy mode", "TCP"))
|
||||
localhost_tcp_proxy_mode:value("global", translate("Global Proxy"))
|
||||
localhost_tcp_proxy_mode:value("gfwlist", translate("GFW List"))
|
||||
localhost_tcp_proxy_mode:value("chnroute", translate("Not China List"))
|
||||
if has_chnlist then
|
||||
localhost_tcp_proxy_mode:value("returnhome", translate("China List"))
|
||||
end
|
||||
localhost_tcp_proxy_mode:value("disable", translate("No Proxy"))
|
||||
localhost_tcp_proxy_mode:value("direct/proxy", translate("Only use direct/proxy list"))
|
||||
localhost_tcp_proxy_mode:value("proxy", translate("Proxy"))
|
||||
localhost_tcp_proxy_mode.default = "default"
|
||||
--localhost_tcp_proxy_mode.validate = redir_mode_validate
|
||||
|
||||
---- Localhost UDP Proxy Mode
|
||||
localhost_udp_proxy_mode = s:taboption("Proxy", ListValue, "localhost_udp_proxy_mode", translate("Router Localhost") .. " UDP " .. translate("Proxy Mode"))
|
||||
localhost_udp_proxy_mode:value("default", translatef("Same as the %s default proxy mode", "UDP"))
|
||||
localhost_udp_proxy_mode:value("global", translate("Global Proxy"))
|
||||
localhost_udp_proxy_mode:value("gfwlist", translate("GFW List"))
|
||||
localhost_udp_proxy_mode:value("chnroute", translate("Not China List"))
|
||||
if has_chnlist then
|
||||
localhost_udp_proxy_mode:value("returnhome", translate("China List"))
|
||||
end
|
||||
localhost_udp_proxy_mode:value("disable", translate("No Proxy"))
|
||||
localhost_udp_proxy_mode:value("direct/proxy", translate("Only use direct/proxy list"))
|
||||
localhost_udp_proxy_mode:value("proxy", translate("Proxy"))
|
||||
localhost_udp_proxy_mode.default = "default"
|
||||
localhost_udp_proxy_mode.validate = redir_mode_validate
|
||||
|
||||
tips = s:taboption("Proxy", DummyValue, "tips", " ")
|
||||
tips.rawhtml = true
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@ local has_ss_rust = api.is_finded("sslocal")
|
|||
local has_trojan_plus = api.is_finded("trojan-plus")
|
||||
local has_singbox = api.finded_com("singbox")
|
||||
local has_xray = api.finded_com("xray")
|
||||
local has_trojan_go = api.finded_com("trojan-go")
|
||||
local has_hysteria2 = api.finded_com("hysteria")
|
||||
local ss_aead_type = {}
|
||||
local trojan_type = {}
|
||||
|
|
@ -39,10 +38,6 @@ if has_xray then
|
|||
table.insert(vmess_type, s)
|
||||
table.insert(vless_type, s)
|
||||
end
|
||||
if has_trojan_go then
|
||||
local s = "trojan-go"
|
||||
table.insert(trojan_type, s)
|
||||
end
|
||||
if has_hysteria2 then
|
||||
local s = "hysteria2"
|
||||
table.insert(hysteria2_type, s)
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@ local has_ss_rust = api.is_finded("sslocal")
|
|||
local has_trojan_plus = api.is_finded("trojan-plus")
|
||||
local has_singbox = api.finded_com("singbox")
|
||||
local has_xray = api.finded_com("xray")
|
||||
local has_trojan_go = api.finded_com("trojan-go")
|
||||
local has_hysteria2 = api.finded_com("hysteria")
|
||||
local ss_aead_type = {}
|
||||
local trojan_type = {}
|
||||
|
|
@ -39,10 +38,6 @@ if has_xray then
|
|||
table.insert(vmess_type, s)
|
||||
table.insert(vless_type, s)
|
||||
end
|
||||
if has_trojan_go then
|
||||
local s = "trojan-go"
|
||||
table.insert(trojan_type, s)
|
||||
end
|
||||
if has_hysteria2 then
|
||||
local s = "hysteria2"
|
||||
table.insert(hysteria2_type, s)
|
||||
|
|
|
|||
|
|
@ -145,7 +145,7 @@ if (os.execute("lsmod | grep -i REDIRECT >/dev/null") == 0 and os.execute("lsmod
|
|||
end
|
||||
|
||||
o = s:option(Flag, "accept_icmp", translate("Hijacking ICMP (PING)"))
|
||||
o.default = 1
|
||||
o.default = 0
|
||||
|
||||
o = s:option(Flag, "accept_icmpv6", translate("Hijacking ICMPv6 (IPv6 PING)"))
|
||||
o:depends("ipv6_tproxy", true)
|
||||
|
|
|
|||
|
|
@ -1,40 +0,0 @@
|
|||
local m, s = ...
|
||||
|
||||
local api = require "luci.passwall.api"
|
||||
|
||||
if not api.finded_com("brook") then
|
||||
return
|
||||
end
|
||||
|
||||
local type_name = "Brook"
|
||||
|
||||
local option_prefix = "brook_"
|
||||
|
||||
local function option_name(name)
|
||||
return option_prefix .. name
|
||||
end
|
||||
|
||||
-- [[ Brook ]]
|
||||
|
||||
s.fields["type"]:value(type_name, translate("Brook"))
|
||||
|
||||
o = s:option(ListValue, option_name("protocol"), translate("Protocol"))
|
||||
o:value("client", translate("Brook"))
|
||||
o:value("wsclient", translate("WebSocket"))
|
||||
|
||||
o = s:option(Value, option_name("address"), translate("Address (Support Domain Name)"))
|
||||
|
||||
o = s:option(Value, option_name("port"), translate("Port"))
|
||||
o.datatype = "port"
|
||||
|
||||
o = s:option(Value, option_name("ws_path"), translate("WebSocket Path"))
|
||||
o.placeholder = "/"
|
||||
o:depends({ [option_name("protocol")] = "wsclient" })
|
||||
|
||||
o = s:option(Flag, option_name("tls"), translate("Use TLS"))
|
||||
o:depends({ [option_name("protocol")] = "wsclient" })
|
||||
|
||||
o = s:option(Value, option_name("password"), translate("Password"))
|
||||
o.password = true
|
||||
|
||||
api.luci_types(arg[1], m, s, type_name, option_prefix)
|
||||
|
|
@ -1,119 +0,0 @@
|
|||
local m, s = ...
|
||||
|
||||
local api = require "luci.passwall.api"
|
||||
|
||||
if not api.finded_com("trojan-go") then
|
||||
return
|
||||
end
|
||||
|
||||
local type_name = "Trojan-Go"
|
||||
|
||||
local option_prefix = "trojan_go_"
|
||||
|
||||
local function option_name(name)
|
||||
return option_prefix .. name
|
||||
end
|
||||
|
||||
local encrypt_methods_ss_aead = {
|
||||
"chacha20-ietf-poly1305",
|
||||
"aes-128-gcm",
|
||||
"aes-256-gcm",
|
||||
}
|
||||
|
||||
-- [[ Trojan Go ]]
|
||||
|
||||
s.fields["type"]:value(type_name, "Trojan-Go")
|
||||
|
||||
o = s:option(Value, option_name("address"), translate("Address (Support Domain Name)"))
|
||||
|
||||
o = s:option(Value, option_name("port"), translate("Port"))
|
||||
o.datatype = "port"
|
||||
|
||||
o = s:option(Value, option_name("password"), translate("Password"))
|
||||
o.password = true
|
||||
|
||||
o = s:option(ListValue, option_name("tcp_fast_open"), "TCP " .. translate("Fast Open"), translate("Need node support required"))
|
||||
o:value("false")
|
||||
o:value("true")
|
||||
|
||||
o = s:option(Flag, option_name("tls"), translate("TLS"))
|
||||
o.default = 1
|
||||
|
||||
o = s:option(Flag, option_name("tls_allowInsecure"), translate("allowInsecure"), translate("Whether unsafe connections are allowed. When checked, Certificate validation will be skipped."))
|
||||
o.default = "0"
|
||||
o:depends({ [option_name("tls")] = true })
|
||||
|
||||
o = s:option(Value, option_name("tls_serverName"), translate("Domain"))
|
||||
o:depends({ [option_name("tls")] = true })
|
||||
|
||||
o = s:option(Flag, option_name("tls_sessionTicket"), translate("Session Ticket"))
|
||||
o.default = "0"
|
||||
o:depends({ [option_name("tls")] = true })
|
||||
|
||||
o = s:option(ListValue, option_name("fingerprint"), translate("Finger Print"))
|
||||
o:value("disable", translate("Disable"))
|
||||
o:value("firefox")
|
||||
o:value("chrome")
|
||||
o:value("ios")
|
||||
o.default = "disable"
|
||||
o:depends({ [option_name("tls")] = true })
|
||||
|
||||
o = s:option(ListValue, option_name("transport"), translate("Transport"))
|
||||
o:value("original", translate("Original"))
|
||||
o:value("ws", "WebSocket")
|
||||
o.default = "original"
|
||||
o.rewrite_option = "trojan_transport"
|
||||
|
||||
o = s:option(ListValue, option_name("plugin_type"), translate("Transport Plugin"))
|
||||
o:value("plaintext", "Plain Text")
|
||||
o:value("shadowsocks", "ShadowSocks")
|
||||
o:value("other", "Other")
|
||||
o.default = "plaintext"
|
||||
o:depends({ [option_name("tls")] = false, [option_name("transport")] = "original" })
|
||||
|
||||
o = s:option(Value, option_name("plugin_cmd"), translate("Plugin Binary"))
|
||||
o.placeholder = "eg: /usr/bin/v2ray-plugin"
|
||||
o:depends({ [option_name("plugin_type")] = "shadowsocks" })
|
||||
o:depends({ [option_name("plugin_type")] = "other" })
|
||||
|
||||
o = s:option(Value, option_name("plugin_option"), translate("Plugin Option"))
|
||||
o.placeholder = "eg: obfs=http;obfs-host=www.baidu.com"
|
||||
o:depends({ [option_name("plugin_type")] = "shadowsocks" })
|
||||
o:depends({ [option_name("plugin_type")] = "other" })
|
||||
|
||||
o = s:option(DynamicList, option_name("plugin_arg"), translate("Plugin Option Args"))
|
||||
o.placeholder = "eg: [\"-config\", \"test.json\"]"
|
||||
o:depends({ [option_name("plugin_type")] = "shadowsocks" })
|
||||
o:depends({ [option_name("plugin_type")] = "other" })
|
||||
|
||||
o = s:option(Value, option_name("ws_host"), translate("WebSocket Host"))
|
||||
o:depends({ [option_name("transport")] = "ws" })
|
||||
|
||||
o = s:option(Value, option_name("ws_path"), translate("WebSocket Path"))
|
||||
o.placeholder = "/"
|
||||
o:depends({ [option_name("transport")] = "ws" })
|
||||
|
||||
-- [[ Shadowsocks2 ]] --
|
||||
o = s:option(Flag, option_name("ss_aead"), translate("Shadowsocks secondary encryption"))
|
||||
o.default = "0"
|
||||
|
||||
o = s:option(ListValue, option_name("ss_aead_method"), translate("Encrypt Method"))
|
||||
for _, v in ipairs(encrypt_methods_ss_aead) do o:value(v, v) end
|
||||
o.default = "aes-128-gcm"
|
||||
o:depends({ [option_name("ss_aead")] = true })
|
||||
|
||||
o = s:option(Value, option_name("ss_aead_pwd"), translate("Password"))
|
||||
o.password = true
|
||||
o:depends({ [option_name("ss_aead")] = true })
|
||||
|
||||
o = s:option(Flag, option_name("smux"), translate("Smux"))
|
||||
|
||||
o = s:option(Value, option_name("mux_concurrency"), translate("Mux concurrency"))
|
||||
o.default = 8
|
||||
o:depends({ [option_name("smux")] = true })
|
||||
|
||||
o = s:option(Value, option_name("smux_idle_timeout"), translate("Mux idle timeout"))
|
||||
o.default = 60
|
||||
o:depends({ [option_name("smux")] = true })
|
||||
|
||||
api.luci_types(arg[1], m, s, type_name, option_prefix)
|
||||
|
|
@ -1,41 +0,0 @@
|
|||
local m, s = ...
|
||||
|
||||
local api = require "luci.passwall.api"
|
||||
|
||||
if not api.finded_com("brook") then
|
||||
return
|
||||
end
|
||||
|
||||
local type_name = "Brook"
|
||||
|
||||
local option_prefix = "brook_"
|
||||
|
||||
local function option_name(name)
|
||||
return option_prefix .. name
|
||||
end
|
||||
|
||||
-- [[ Brook ]]
|
||||
|
||||
s.fields["type"]:value(type_name, translate("Brook"))
|
||||
|
||||
o = s:option(Value, option_name("port"), translate("Listen Port"))
|
||||
o.datatype = "port"
|
||||
|
||||
o = s:option(ListValue, option_name("protocol"), translate("Protocol"))
|
||||
o:value("server", "Brook")
|
||||
o:value("wsserver", "WebSocket")
|
||||
|
||||
--o = s:option(Flag, option_name("tls"), translate("Use TLS"))
|
||||
--o:depends({ [option_name("protocol")] = "wsserver" })
|
||||
|
||||
o = s:option(Value, option_name("password"), translate("Password"))
|
||||
o.password = true
|
||||
|
||||
o = s:option(Value, option_name("ws_path"), translate("WebSocket Path"))
|
||||
o:depends({ [option_name("protocol")] = "wsserver" })
|
||||
|
||||
o = s:option(Flag, option_name("log"), translate("Log"))
|
||||
o.default = "1"
|
||||
o.rmempty = false
|
||||
|
||||
api.luci_types(arg[1], m, s, type_name, option_prefix)
|
||||
|
|
@ -1,159 +0,0 @@
|
|||
local m, s = ...
|
||||
|
||||
local api = require "luci.passwall.api"
|
||||
|
||||
if not api.finded_com("trojan-go") then
|
||||
return
|
||||
end
|
||||
|
||||
local type_name = "Trojan-Go"
|
||||
|
||||
local option_prefix = "trojan_go_"
|
||||
|
||||
local function option_name(name)
|
||||
return option_prefix .. name
|
||||
end
|
||||
|
||||
local encrypt_methods_ss_aead = {
|
||||
"chacha20-ietf-poly1305",
|
||||
"aes-128-gcm",
|
||||
"aes-256-gcm",
|
||||
}
|
||||
|
||||
-- [[ Trojan-Go ]]
|
||||
|
||||
s.fields["type"]:value(type_name, "Trojan-Go")
|
||||
|
||||
o = s:option(Value, option_name("port"), translate("Listen Port"))
|
||||
o.datatype = "port"
|
||||
|
||||
o = s:option(DynamicList, option_name("uuid"), translate("ID") .. "/" .. translate("Password"))
|
||||
for i = 1, 3 do
|
||||
o:value(api.gen_uuid(1))
|
||||
end
|
||||
|
||||
o = s:option(Flag, option_name("tls"), translate("TLS"))
|
||||
o.default = 0
|
||||
o.validate = function(self, value, t)
|
||||
if value then
|
||||
local type = s.fields["type"] and s.fields["type"]:formvalue(t) or ""
|
||||
if value == "0" and type == type_name then
|
||||
return nil, translate("Original Trojan only supported 'tls', please choose 'tls'.")
|
||||
end
|
||||
if value == "1" then
|
||||
local ca = s.fields[option_name("tls_certificateFile")] and s.fields[option_name("tls_certificateFile")]:formvalue(t) or ""
|
||||
local key = s.fields[option_name("tls_keyFile")] and s.fields[option_name("tls_keyFile")]:formvalue(t) or ""
|
||||
if ca == "" or key == "" then
|
||||
return nil, translate("Public key and Private key path can not be empty!")
|
||||
end
|
||||
end
|
||||
return value
|
||||
end
|
||||
end
|
||||
|
||||
o = s:option(FileUpload, option_name("tls_certificateFile"), translate("Public key absolute path"), translate("as:") .. "/etc/ssl/fullchain.pem")
|
||||
o.default = m:get(s.section, "tls_certificateFile") or "/etc/config/ssl/" .. arg[1] .. ".pem"
|
||||
o:depends({ [option_name("tls")] = true })
|
||||
o.validate = function(self, value, t)
|
||||
if value and value ~= "" then
|
||||
if not nixio.fs.access(value) then
|
||||
return nil, translate("Can't find this file!")
|
||||
else
|
||||
return value
|
||||
end
|
||||
end
|
||||
return nil
|
||||
end
|
||||
|
||||
o = s:option(FileUpload, option_name("tls_keyFile"), translate("Private key absolute path"), translate("as:") .. "/etc/ssl/private.key")
|
||||
o.default = m:get(s.section, "tls_keyFile") or "/etc/config/ssl/" .. arg[1] .. ".key"
|
||||
o:depends({ [option_name("tls")] = true })
|
||||
o.validate = function(self, value, t)
|
||||
if value and value ~= "" then
|
||||
if not nixio.fs.access(value) then
|
||||
return nil, translate("Can't find this file!")
|
||||
else
|
||||
return value
|
||||
end
|
||||
end
|
||||
return nil
|
||||
end
|
||||
|
||||
o = s:option(Flag, option_name("tls_sessionTicket"), translate("Session Ticket"))
|
||||
o.default = "0"
|
||||
o:depends({ [option_name("tls")] = true })
|
||||
|
||||
o = s:option(ListValue, option_name("transport"), translate("Transport"))
|
||||
o:value("original", translate("Original"))
|
||||
o:value("ws", "WebSocket")
|
||||
o.default = "original"
|
||||
|
||||
o = s:option(ListValue, option_name("plugin_type"), translate("Transport Plugin"))
|
||||
o:value("plaintext", "Plain Text")
|
||||
o:value("shadowsocks", "ShadowSocks")
|
||||
o:value("other", "Other")
|
||||
o.default = "plaintext"
|
||||
o:depends({ [option_name("tls")] = false, [option_name("transport")] = "original" })
|
||||
|
||||
o = s:option(Value, option_name("plugin_cmd"), translate("Plugin Binary"))
|
||||
o.placeholder = "eg: /usr/bin/v2ray-plugin"
|
||||
o:depends({ [option_name("plugin_type")] = "shadowsocks" })
|
||||
o:depends({ [option_name("plugin_type")] = "other" })
|
||||
|
||||
o = s:option(Value, option_name("plugin_option"), translate("Plugin Option"))
|
||||
o.placeholder = "eg: obfs=http;obfs-host=www.baidu.com"
|
||||
o:depends({ [option_name("plugin_type")] = "shadowsocks" })
|
||||
o:depends({ [option_name("plugin_type")] = "other" })
|
||||
|
||||
o = s:option(DynamicList, option_name("plugin_arg"), translate("Plugin Option Args"))
|
||||
o.placeholder = "eg: [\"-config\", \"test.json\"]"
|
||||
o:depends({ [option_name("plugin_type")] = "shadowsocks" })
|
||||
o:depends({ [option_name("plugin_type")] = "other" })
|
||||
|
||||
o = s:option(Value, option_name("ws_host"), translate("WebSocket Host"))
|
||||
o:depends({ [option_name("transport")] = "ws" })
|
||||
|
||||
o = s:option(Value, option_name("ws_path"), translate("WebSocket Path"))
|
||||
o:depends({ [option_name("transport")] = "ws" })
|
||||
|
||||
o = s:option(Flag, option_name("ss_aead"), translate("Shadowsocks secondary encryption"))
|
||||
o.default = "0"
|
||||
|
||||
o = s:option(ListValue, option_name("ss_aead_method"), translate("Encrypt Method"))
|
||||
for _, v in ipairs(encrypt_methods_ss_aead) do o:value(v, v) end
|
||||
o.default = "aes-128-gcm"
|
||||
o:depends({ [option_name("ss_aead")] = true })
|
||||
|
||||
o = s:option(Value, option_name("ss_aead_pwd"), translate("Password"))
|
||||
o.password = true
|
||||
o:depends({ [option_name("ss_aead")] = true })
|
||||
|
||||
o = s:option(Flag, option_name("tcp_fast_open"), translate("TCP Fast Open"))
|
||||
o.default = "0"
|
||||
|
||||
o = s:option(Flag, option_name("remote_enable"), translate("Enable Remote"), translate("You can forward to Nginx/Caddy/V2ray/Xray WebSocket and more."))
|
||||
o.default = "1"
|
||||
o.rmempty = false
|
||||
|
||||
o = s:option(Value, option_name("remote_address"), translate("Remote Address"))
|
||||
o.default = "127.0.0.1"
|
||||
o:depends({ [option_name("remote_enable")] = true })
|
||||
|
||||
o = s:option(Value, option_name("remote_port"), translate("Remote Port"))
|
||||
o.datatype = "port"
|
||||
o.default = "80"
|
||||
o:depends({ [option_name("remote_enable")] = true })
|
||||
|
||||
o = s:option(Flag, option_name("log"), translate("Log"))
|
||||
o.default = "1"
|
||||
|
||||
o = s:option(ListValue, option_name("loglevel"), translate("Log Level"))
|
||||
o.default = "2"
|
||||
o:value("0", "all")
|
||||
o:value("1", "info")
|
||||
o:value("2", "warn")
|
||||
o:value("3", "error")
|
||||
o:value("4", "fatal")
|
||||
o:depends({ [option_name("log")] = true })
|
||||
|
||||
api.luci_types(arg[1], m, s, type_name, option_prefix)
|
||||
|
|
@ -8,17 +8,6 @@ local function gh_pre_release_url(self)
|
|||
return "https://api.github.com/repos/" .. self.repo .. "/releases?per_page=1"
|
||||
end
|
||||
|
||||
_M.brook = {
|
||||
name = "Brook",
|
||||
repo = "txthinking/brook",
|
||||
get_url = gh_release_url,
|
||||
cmd_version = "-v | awk '{print $3}'",
|
||||
zipped = false,
|
||||
default_path = "/usr/bin/brook",
|
||||
match_fmt_str = "linux_%s$",
|
||||
file_tree = {}
|
||||
}
|
||||
|
||||
_M.hysteria = {
|
||||
name = "Hysteria",
|
||||
repo = "HyNetwork/hysteria",
|
||||
|
|
@ -34,22 +23,6 @@ _M.hysteria = {
|
|||
}
|
||||
}
|
||||
|
||||
_M["trojan-go"] = {
|
||||
name = "Trojan-Go",
|
||||
repo = "p4gefau1t/trojan-go",
|
||||
get_url = gh_release_url,
|
||||
cmd_version = "-version | awk '{print $2}' | sed -n 1P",
|
||||
zipped = true,
|
||||
default_path = "/usr/bin/trojan-go",
|
||||
match_fmt_str = "linux%%-%s%%.zip",
|
||||
file_tree = {
|
||||
aarch64 = "armv8",
|
||||
armv8 = "armv8",
|
||||
mips = "mips%-hardfloat",
|
||||
mipsel = "mipsle%-hardfloat"
|
||||
}
|
||||
}
|
||||
|
||||
_M.singbox = {
|
||||
name = "Sing-Box",
|
||||
repo = "SagerNet/sing-box",
|
||||
|
|
|
|||
|
|
@ -152,18 +152,6 @@ local function start()
|
|||
elseif type == "Trojan-Plus" then
|
||||
config = require(require_dir .. "util_trojan").gen_config_server(user)
|
||||
bin = ln_run("/usr/sbin/trojan-plus", "trojan-plus", "-c " .. config_file, log_path)
|
||||
elseif type == "Trojan-Go" then
|
||||
config = require(require_dir .. "util_trojan").gen_config_server(user)
|
||||
bin = ln_run(api.get_app_path("trojan-go"), "trojan-go", "-config " .. config_file, log_path)
|
||||
elseif type == "Brook" then
|
||||
local brook_protocol = user.protocol
|
||||
local brook_password = user.password
|
||||
local brook_path = user.ws_path or "/ws"
|
||||
local brook_path_arg = ""
|
||||
if brook_protocol == "wsserver" and brook_path then
|
||||
brook_path_arg = " --path " .. brook_path
|
||||
end
|
||||
bin = ln_run(api.get_app_path("brook"), "brook_" .. id, string.format("--debug %s -l :%s -p %s%s", brook_protocol, port, brook_password, brook_path_arg), log_path)
|
||||
elseif type == "Hysteria2" then
|
||||
config = require(require_dir .. "util_hysteria2").gen_config_server(user)
|
||||
bin = ln_run(api.get_app_path("hysteria"), "hysteria", "-c " .. config_file .. " server", log_path)
|
||||
|
|
|
|||
|
|
@ -37,30 +37,6 @@ function gen_config_server(node)
|
|||
fast_open_qlen = 20
|
||||
}
|
||||
}
|
||||
if node.type == "Trojan-Go" then
|
||||
config.ssl.cipher = nil
|
||||
config.ssl.cipher_tls13 = nil
|
||||
config.udp_timeout = 60
|
||||
config.disable_http_check = true
|
||||
config.transport_plugin = ((node.tls == nil or node.tls ~= "1") and node.trojan_transport == "original") and {
|
||||
enabled = node.plugin_type ~= nil,
|
||||
type = node.plugin_type or "plaintext",
|
||||
command = node.plugin_type ~= "plaintext" and node.plugin_cmd or nil,
|
||||
option = node.plugin_type ~= "plaintext" and node.plugin_option or nil,
|
||||
arg = node.plugin_type ~= "plaintext" and { node.plugin_arg } or nil,
|
||||
env = {}
|
||||
} or nil
|
||||
config.websocket = (node.trojan_transport == 'ws') and {
|
||||
enabled = true,
|
||||
path = node.ws_path or "/",
|
||||
host = node.ws_host or ""
|
||||
} or nil
|
||||
config.shadowsocks = (node.ss_aead == "1") and {
|
||||
enabled = true,
|
||||
method = node.ss_aead_method or "aes_128_gcm",
|
||||
password = node.ss_aead_pwd or ""
|
||||
} or nil
|
||||
end
|
||||
return config
|
||||
end
|
||||
|
||||
|
|
@ -115,36 +91,6 @@ function gen_config(var)
|
|||
fast_open_qlen = 20
|
||||
}
|
||||
}
|
||||
if node.type == "Trojan-Go" then
|
||||
trojan.ssl.cipher = nil
|
||||
trojan.ssl.cipher_tls13 = nil
|
||||
trojan.ssl.fingerprint = (node.fingerprint ~= "disable") and node.fingerprint or ""
|
||||
trojan.ssl.alpn = (node.trojan_transport == 'ws') and {} or {"h2", "http/1.1"}
|
||||
if node.tls ~= "1" and node.trojan_transport == "original" then trojan.ssl = nil end
|
||||
trojan.transport_plugin = ((not node.tls or node.tls ~= "1") and node.trojan_transport == "original") and {
|
||||
enabled = node.plugin_type ~= nil,
|
||||
type = node.plugin_type or "plaintext",
|
||||
command = node.plugin_type ~= "plaintext" and node.plugin_cmd or nil,
|
||||
option = node.plugin_type ~= "plaintext" and node.plugin_option or nil,
|
||||
arg = node.plugin_type ~= "plaintext" and { node.plugin_arg } or nil,
|
||||
env = {}
|
||||
} or nil
|
||||
trojan.websocket = (node.trojan_transport == 'ws') and {
|
||||
enabled = true,
|
||||
path = node.ws_path or "/",
|
||||
host = node.ws_host or (node.tls_serverName or server)
|
||||
} or nil
|
||||
trojan.shadowsocks = (node.ss_aead == "1") and {
|
||||
enabled = true,
|
||||
method = node.ss_aead_method or "aes_128_gcm",
|
||||
password = node.ss_aead_pwd or ""
|
||||
} or nil
|
||||
trojan.mux = (node.smux == "1") and {
|
||||
enabled = true,
|
||||
concurrency = tonumber(node.mux_concurrency),
|
||||
idle_timeout = tonumber(node.smux_idle_timeout)
|
||||
} or nil
|
||||
end
|
||||
return json.stringify(trojan, 1)
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -149,7 +149,7 @@ https://github.com/pure-css/pure/blob/master/LICENSE.md
|
|||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="pure-u-1-4 check" onclick="check_connect('google', 'https://www.google.com')">
|
||||
<div class="pure-u-1-4 check" onclick="check_connect('google', 'https://www.google.com/generate_204')">
|
||||
<div class="block pure-g">
|
||||
<div class="pure-u-1-3">
|
||||
<div class="img-con">
|
||||
|
|
@ -249,9 +249,8 @@ https://github.com/pure-css/pure/blob/master/LICENSE.md
|
|||
url : url
|
||||
},
|
||||
function(x, rv) {
|
||||
if (rv.ping_type) {
|
||||
if (rv.ping_type && rv.ping_type == "curl") {
|
||||
var use_time = rv.use_time;
|
||||
var ping_type = rv.ping_type;
|
||||
if (use_time < 1000) {
|
||||
s.className="green";
|
||||
} else if (use_time < 2000) {
|
||||
|
|
@ -259,7 +258,7 @@ https://github.com/pure-css/pure/blob/master/LICENSE.md
|
|||
} else {
|
||||
s.className="red";
|
||||
}
|
||||
s.innerHTML = ping_type+ " " + use_time + " ms";
|
||||
s.innerHTML = use_time + " ms";
|
||||
} else if (rv.status) {
|
||||
s.className="green";
|
||||
s.innerHTML = "<%:Working...%>";
|
||||
|
|
|
|||
|
|
@ -140,12 +140,6 @@ local api = require "luci.passwall.api"
|
|||
} else if (v_type === "Trojan-Plus") {
|
||||
dom_prefix = "trojan_plus_"
|
||||
protocol = "trojan"
|
||||
} else if (v_type === "Trojan-Go") {
|
||||
dom_prefix = "trojan_go_"
|
||||
protocol = "trojan-go"
|
||||
} else if (v_type === "Brook") {
|
||||
dom_prefix = "brook_"
|
||||
protocol = "brook"
|
||||
} else if (v_type === "Hysteria2") {
|
||||
dom_prefix = "hysteria2_"
|
||||
protocol = "hysteria2"
|
||||
|
|
@ -346,74 +340,6 @@ local api = require "luci.passwall.api"
|
|||
params = params.substring(1);
|
||||
}
|
||||
url += params;
|
||||
} else if (v_type === "Trojan-Go") {
|
||||
var v_password = opt.get(dom_prefix + "password");
|
||||
var v_port = opt.get(dom_prefix + "port");
|
||||
url = encodeURIComponent(v_password.value) +
|
||||
"@" + _address +
|
||||
":" + v_port.value + "/?";
|
||||
var params = "";
|
||||
if (opt.get(dom_prefix + "tls").checked) {
|
||||
params += opt.query("sni", dom_prefix + "tls_serverName");
|
||||
} else {
|
||||
if (opt.get(dom_prefix + "transport").value === "original") {
|
||||
var plugin = {};
|
||||
plugin.type = opt.get(dom_prefix + "plugin_type").value;
|
||||
if (plugin.type !== "plaintext") {
|
||||
plugin.command = opt.get(dom_prefix + "plugin_cmd").value;
|
||||
plugin.option = opt.get(dom_prefix + "plugin_option").value;
|
||||
plugin.arg = opt.getlist(dom_prefix + "plugin_arg");
|
||||
}
|
||||
params += "&plugin=" + encodeURIComponent(JSON.stringify(plugin));
|
||||
}
|
||||
}
|
||||
params += opt.query("type", dom_prefix + "transport");
|
||||
var ws = (opt.get(dom_prefix + "transport").value.indexOf("ws") !== -1);
|
||||
var h2 = (opt.get(dom_prefix + "transport").value.indexOf("h2") !== -1);
|
||||
if (ws) {
|
||||
params += opt.query("host", dom_prefix + "ws_host");
|
||||
params += opt.query("path", dom_prefix + "ws_path");
|
||||
}
|
||||
var enc = "none";
|
||||
if (opt.get(dom_prefix + "ss_aead").checked === true) {
|
||||
enc = "ss;" +
|
||||
opt.get(dom_prefix + "ss_aead_method").value +
|
||||
":" + opt.get(dom_prefix + "ss_aead_pwd").value;
|
||||
}
|
||||
params += "&encryption=" + encodeURIComponent(enc);
|
||||
params += "#" + encodeURI(v_alias.value);
|
||||
if (params[0] == "&") {
|
||||
params = params.substring(1);
|
||||
}
|
||||
url += params;
|
||||
} else if (v_type === "Brook") {
|
||||
var url = "";
|
||||
var params = "?";
|
||||
var v_protocol = opt.get(dom_prefix + "protocol");
|
||||
var v_port = opt.get(dom_prefix + "port");
|
||||
var v_password = opt.get(dom_prefix + "password");
|
||||
var b_protocol_value = v_protocol.value.split('client').join('server');
|
||||
|
||||
var url_protocol = b_protocol_value;
|
||||
params += opt.query("password", dom_prefix + "password");
|
||||
if (b_protocol_value == "wsserver") {
|
||||
var server = '';
|
||||
var prefix = "ws://";
|
||||
if (opt.get(dom_prefix + "tls").checked) {
|
||||
prefix = "wss://";
|
||||
url_protocol = 'wssserver';
|
||||
}
|
||||
var v_path = opt.get(dom_prefix + "ws_path");
|
||||
var v_path_value = v_path.value || '/ws';
|
||||
if (v_path_value.length > 1 && v_path_value.indexOf('/') < 0) {
|
||||
v_path_value = '/' + v_path_value;
|
||||
}
|
||||
params += "&" + url_protocol + "=" + encodeURIComponent(prefix + _address + ":" + v_port.value + v_path_value);
|
||||
} else {
|
||||
params += "&" + url_protocol + "=" + encodeURIComponent(_address + ":" + v_port.value);
|
||||
}
|
||||
url += url_protocol;
|
||||
url += params;
|
||||
} else if ((v_type === "Hysteria2") || (v_type === "sing-box" && opt.get(dom_prefix + "protocol").value === "hysteria2")) {
|
||||
protocol = "hysteria2"
|
||||
var v_port = opt.get(dom_prefix + "port");
|
||||
|
|
@ -725,9 +651,6 @@ local api = require "luci.passwall.api"
|
|||
queryParam[decodeURIComponent(params[0]).toLowerCase()] = decodeURIComponent(params[1] || '');
|
||||
}
|
||||
}
|
||||
if (queryParam.mux || queryParam.ws || queryParam.h2 || queryParam.ss || queryParam.plugin) {
|
||||
ssu[0] = "trojan-go"
|
||||
}
|
||||
opt.set(dom_prefix + 'address', m.hostname);
|
||||
opt.set(dom_prefix + 'port', m.port || "443");
|
||||
opt.set(dom_prefix + 'password', decodeURIComponent(password));
|
||||
|
|
@ -737,80 +660,6 @@ local api = require "luci.passwall.api"
|
|||
if (m.hash) {
|
||||
opt.set('remarks', decodeURI(m.hash.substr(1)));
|
||||
}
|
||||
} if (ssu[0] === "trojan-go") {
|
||||
dom_prefix = "trojan_go_"
|
||||
var m = parseNodeUrl(ssrurl);
|
||||
var password = m.passwd;
|
||||
if (password === "") {
|
||||
s.innerHTML = "<font color='red'><%:Invalid Share URL Format%></font>";
|
||||
return false;
|
||||
}
|
||||
var queryParam = {};
|
||||
if (m.search.length > 1) {
|
||||
var query = m.search.split('?');
|
||||
var queryParams = query[1];
|
||||
var queryArray = queryParams.split('&');
|
||||
for (i = 0; i < queryArray.length; i++) {
|
||||
var params = queryArray[i].split('=');
|
||||
queryParam[decodeURIComponent(params[0]).toLowerCase()] = decodeURIComponent(params[1] || '');
|
||||
}
|
||||
}
|
||||
opt.set('type', 'Trojan-Go');
|
||||
opt.set(dom_prefix + 'address', m.hostname);
|
||||
opt.set(dom_prefix + 'port', m.port || "443");
|
||||
opt.set(dom_prefix + 'password', decodeURIComponent(password));
|
||||
opt.set(dom_prefix + 'tls', true);
|
||||
opt.set(dom_prefix + 'tls_allowInsecure', '0');
|
||||
opt.set(dom_prefix + 'tls_serverName', queryParam.peer || queryParam.sni || '');
|
||||
var plugin = queryParam.plugin !== undefined;
|
||||
if (plugin) {
|
||||
opt.set(dom_prefix + 'transport', 'original');
|
||||
var plugin = JSON.parse(queryParam.plugin);
|
||||
if (plugin) {
|
||||
opt.set(dom_prefix + 'plugin_type', plugin.type);
|
||||
if (plugin.type !== "plaintext") {
|
||||
opt.set(dom_prefix + 'plugin_cmd', plugin.command);
|
||||
opt.set(dom_prefix + 'plugin_option', plugin.option);
|
||||
opt.setlist(dom_prefix + 'plugin_arg', plugin.arg);
|
||||
}
|
||||
} else
|
||||
alert(queryParam.plugin);
|
||||
}
|
||||
var tran = 'original';
|
||||
var or = queryParam.type === undefined || queryParam.type === 'original';
|
||||
var ws = null;
|
||||
var h2 = null;
|
||||
if (queryParam.type) {
|
||||
ws = queryParam.type.indexOf('ws') !== -1;
|
||||
h2 = queryParam.type.indexOf('h2') !== -1;
|
||||
}
|
||||
if (ws && h2) {
|
||||
tran = 'h2+ws'
|
||||
} else {
|
||||
if (ws) tran = 'ws';
|
||||
if (h2) tran = 'h2';
|
||||
}
|
||||
opt.set(dom_prefix + 'transport', tran);
|
||||
if (ws) {
|
||||
opt.set(dom_prefix + 'ws_host', queryParam.host || '');
|
||||
opt.set(dom_prefix + 'ws_path', queryParam.path || '/');
|
||||
}
|
||||
var enc = {};
|
||||
var ss = false;
|
||||
if (queryParam.encryption) {
|
||||
var r = queryParam.encryption.match(/^(ss);([^;:]*)[;:](.*)$/),
|
||||
enc = { type: r[1], method: r[2], password: r[3] };
|
||||
}
|
||||
ss = enc.type === 'ss';
|
||||
opt.set(dom_prefix + 'ss_aead', ss);
|
||||
if (ss) {
|
||||
opt.set(dom_prefix + 'ss_aead_method', enc.method.toLowerCase() || '');
|
||||
opt.set(dom_prefix + 'ss_aead_pwd', enc.password || '');
|
||||
}
|
||||
opt.set(dom_prefix + 'smux', '1');
|
||||
if (m.hash) {
|
||||
opt.set('remarks', decodeURI(m.hash.substr(1)));
|
||||
}
|
||||
}
|
||||
if (ssu[0] === "vmess") {
|
||||
var sstr = b64DecodeUnicode(ssu[1]);
|
||||
|
|
@ -962,62 +811,6 @@ local api = require "luci.passwall.api"
|
|||
opt.set('remarks', decodeURI(m.hash.substr(1)));
|
||||
}
|
||||
}
|
||||
if (ssu[0] === "brook") {
|
||||
dom_prefix = "brook_"
|
||||
var stype = "Brook";
|
||||
var m = parseNodeUrl(ssrurl);
|
||||
|
||||
var from_protocol = m.host;
|
||||
var protocol = from_protocol.split('server').join('client');
|
||||
|
||||
var queryParam = {};
|
||||
if (m.search.length > 1) {
|
||||
var query = m.search.split('?');
|
||||
var queryParams = query[1];
|
||||
var queryArray = queryParams.split('&');
|
||||
var params;
|
||||
for (i = 0; i < queryArray.length; i++) {
|
||||
params = queryArray[i].split('=');
|
||||
queryParam[decodeURIComponent(params[0])] = decodeURIComponent(params[1] || '');
|
||||
}
|
||||
}
|
||||
|
||||
var password = queryParam.password;
|
||||
if (password === "") {
|
||||
s.innerHTML = "<font color='red'><%:Invalid Share URL Format%></font>";
|
||||
return false;
|
||||
}
|
||||
|
||||
opt.set('type', stype);
|
||||
opt.set(dom_prefix + 'protocol', protocol);
|
||||
opt.set(dom_prefix + 'password', password);
|
||||
|
||||
if (protocol == 'wsclient' || protocol == 'wssclient') {
|
||||
opt.set(dom_prefix + 'protocol', 'wsclient');
|
||||
var wsserver = queryParam[from_protocol].split('://');
|
||||
wsserver = wsserver[1].split('/');
|
||||
var path = wsserver[1] && '/' + wsserver[1] || '/ws';
|
||||
var server = wsserver[0].split(':');
|
||||
opt.set(dom_prefix + 'address', server[0]);
|
||||
opt.set(dom_prefix + 'port', server[1]);
|
||||
opt.set(dom_prefix + 'ws_path', path);
|
||||
if (protocol == 'wssclient') {
|
||||
opt.set(dom_prefix + 'tls', true);
|
||||
}
|
||||
} else {
|
||||
var server = queryParam[from_protocol].split(':');
|
||||
if (server.length < 2) {
|
||||
s.innerHTML = "<font color='red'><%:Invalid Share URL Format%></font>";
|
||||
return false;
|
||||
}
|
||||
opt.set(dom_prefix + 'address', server[0]);
|
||||
opt.set(dom_prefix + 'port', server[1]);
|
||||
}
|
||||
|
||||
if (m.hash) {
|
||||
opt.set('remarks', decodeURI(m.hash.substr(1)));
|
||||
}
|
||||
}
|
||||
if (ssu[0] === "hysteria2" || ssu[0] === "hy2") {
|
||||
var m = parseNodeUrl(ssrurl);
|
||||
var password = m.passwd;
|
||||
|
|
|
|||
|
|
@ -160,8 +160,11 @@ msgstr "此功能需要 DNS 服务器支持 EDNS Client Subnet(RFC7871)。"
|
|||
msgid "The effect is better, but will increase the memory."
|
||||
msgstr "效果更好,但会增加内存使用。"
|
||||
|
||||
msgid "When using the chnroute list the default DNS"
|
||||
msgstr "当使用中国列表外时的默认DNS"
|
||||
msgid "Default DNS"
|
||||
msgstr "默认DNS"
|
||||
|
||||
msgid "The default DNS used when not in the domain name rules list."
|
||||
msgstr "当域名不在规则列表中时使用的默认DNS。"
|
||||
|
||||
msgid "Remote DNS can avoid more DNS leaks, but some domestic domain names maybe to proxy!"
|
||||
msgstr "远程DNS可以避免更多的DNS泄露,但会导致规则列表外的某些国内域名可能会走代理!"
|
||||
|
|
@ -247,6 +250,12 @@ msgstr "进程"
|
|||
msgid "1 Process"
|
||||
msgstr "单进程"
|
||||
|
||||
msgid "Use %s"
|
||||
msgstr "使用 %s"
|
||||
|
||||
msgid "Close(Not use)"
|
||||
msgstr "关闭(不使用)"
|
||||
|
||||
msgid "Proxy Mode"
|
||||
msgstr "代理模式"
|
||||
|
||||
|
|
@ -271,9 +280,6 @@ msgstr "游戏模式"
|
|||
msgid "China List"
|
||||
msgstr "中国列表"
|
||||
|
||||
msgid "Only use direct/proxy list"
|
||||
msgstr "仅使用直连/代理列表"
|
||||
|
||||
msgid "Localhost"
|
||||
msgstr "本机"
|
||||
|
||||
|
|
@ -892,9 +898,6 @@ msgstr "%s 程序路径"
|
|||
msgid "%s Client App Path"
|
||||
msgstr "%s 客户端程序路径"
|
||||
|
||||
msgid "Trojan-Go Version API"
|
||||
msgstr "Trojan-Go 版本 API"
|
||||
|
||||
msgid "alternate API URL for version checking"
|
||||
msgstr "用于版本检查的 API URL"
|
||||
|
||||
|
|
@ -1114,12 +1117,6 @@ msgstr "插件名称"
|
|||
msgid "Plugin Arguments"
|
||||
msgstr "插件参数"
|
||||
|
||||
msgid "Brook Protocol"
|
||||
msgstr "Brook协议"
|
||||
|
||||
msgid "Use TLS"
|
||||
msgstr "使用TLS"
|
||||
|
||||
msgid "Naiveproxy Protocol"
|
||||
msgstr "Naiveproxy协议"
|
||||
|
||||
|
|
|
|||
|
|
@ -5,13 +5,13 @@ config global
|
|||
option tcp_node 'nil'
|
||||
option udp_node 'nil'
|
||||
option tcp_node_socks_port '1070'
|
||||
option filter_proxy_ipv6 '0'
|
||||
option dns_mode 'dns2tcp'
|
||||
option remote_dns '1.1.1.1'
|
||||
option filter_proxy_ipv6 '0'
|
||||
option when_chnroute_default_dns 'direct'
|
||||
option tcp_proxy_mode 'chnroute'
|
||||
option udp_proxy_mode 'chnroute'
|
||||
option chinadns_ng_default_tag 'smart'
|
||||
option use_default_dns 'direct'
|
||||
option chn_list 'direct'
|
||||
option tcp_proxy_mode 'proxy'
|
||||
option udp_proxy_mode 'proxy'
|
||||
option localhost_tcp_proxy_mode 'default'
|
||||
option localhost_udp_proxy_mode 'default'
|
||||
option acl_enable '0'
|
||||
|
|
@ -75,8 +75,6 @@ config global_rules
|
|||
config global_app
|
||||
option singbox_file '/usr/bin/sing-box'
|
||||
option xray_file '/usr/bin/xray'
|
||||
option trojan_go_file '/usr/bin/trojan-go'
|
||||
option brook_file '/usr/bin/brook'
|
||||
option hysteria_file '/usr/bin/hysteria'
|
||||
option chinadns_ng '/usr/bin/chinadns-ng'
|
||||
|
||||
|
|
|
|||
|
|
@ -487,7 +487,7 @@ run_chinadns_ng() {
|
|||
|
||||
local _default_tag=$(config_t_get global chinadns_ng_default_tag smart)
|
||||
local _extra_param=""
|
||||
[ -n "$_chnlist" ] && {
|
||||
[ "${_chnlist}" = "direct" ] && {
|
||||
[ -s "${RULES_PATH}/chnlist" ] && {
|
||||
local _chnlist_file="${TMP_PATH}/chinadns_chnlist"
|
||||
cp -a "${RULES_PATH}/chnlist" "${_chnlist_file}"
|
||||
|
|
@ -500,16 +500,18 @@ run_chinadns_ng() {
|
|||
_extra_param="${_extra_param} -4 ${chnroute4_set} -6 ${chnroute6_set} -m ${_chnlist_file} -M -a"
|
||||
}
|
||||
}
|
||||
|
||||
([ -n "$_chnlist" ] || [ -n "$_gfwlist" ]) && [ -s "${RULES_PATH}/gfwlist" ] && {
|
||||
local _gfwlist_file="${TMP_PATH}/chinadns_gfwlist"
|
||||
cp -a "${RULES_PATH}/gfwlist" "${_gfwlist_file}"
|
||||
local gfwlist_set="passwall_gfwlist,passwall_gfwlist6"
|
||||
[ "$nftflag" = "1" ] && gfwlist_set="inet@fw4@passwall_gfwlist,inet@fw4@passwall_gfwlist6"
|
||||
_extra_param="${_extra_param} -g ${_gfwlist_file} -A ${gfwlist_set}"
|
||||
#当只有使用gfwlist模式时设置默认DNS为本地直连
|
||||
[ -n "$_gfwlist" ] && [ -z "$_chnlist" ] && _default_tag="chn"
|
||||
[ "${_gfwlist}" = "1" ] && {
|
||||
[ -s "${RULES_PATH}/gfwlist" ] && {
|
||||
local _gfwlist_file="${TMP_PATH}/chinadns_gfwlist"
|
||||
cp -a "${RULES_PATH}/gfwlist" "${_gfwlist_file}"
|
||||
local gfwlist_set="passwall_gfwlist,passwall_gfwlist6"
|
||||
[ "$nftflag" = "1" ] && gfwlist_set="inet@fw4@passwall_gfwlist,inet@fw4@passwall_gfwlist6"
|
||||
_extra_param="${_extra_param} -g ${_gfwlist_file} -A ${gfwlist_set}"
|
||||
#当只有使用gfwlist模式时设置默认DNS为本地直连
|
||||
[ "${_gfwlist}" = "1" ] && [ "${_chnlist}" = "0" ] && _default_tag="chn"
|
||||
}
|
||||
}
|
||||
|
||||
[ -n "$_default_tag" ] && [ "$_default_tag" != "smart" ] && _extra_param="${_extra_param} -d ${_default_tag}"
|
||||
|
||||
_log_path="/dev/null"
|
||||
|
|
@ -606,10 +608,6 @@ run_socks() {
|
|||
[ -n "$relay_port" ] && _args="${_args} -server_host $server_host -server_port $port"
|
||||
run_xray flag=$flag node=$node socks_port=$socks_port config_file=$config_file log_file=$log_file ${_args}
|
||||
;;
|
||||
trojan-go)
|
||||
lua $UTIL_TROJAN gen_config -node $node -run_type client -local_addr $bind -local_port $socks_port -server_host $server_host -server_port $port > $config_file
|
||||
ln_run "$(first_type $(config_t_get global_app trojan_go_file) trojan-go)" trojan-go $log_file -config "$config_file"
|
||||
;;
|
||||
trojan*)
|
||||
lua $UTIL_TROJAN gen_config -node $node -run_type client -local_addr $bind -local_port $socks_port -server_host $server_host -server_port $port > $config_file
|
||||
ln_run "$(first_type ${type})" "${type}" $log_file -c "$config_file"
|
||||
|
|
@ -618,21 +616,6 @@ run_socks() {
|
|||
lua $UTIL_NAIVE gen_config -node $node -run_type socks -local_addr $bind -local_port $socks_port -server_host $server_host -server_port $port > $config_file
|
||||
ln_run "$(first_type naive)" naive $log_file "$config_file"
|
||||
;;
|
||||
brook)
|
||||
local protocol=$(config_n_get $node protocol client)
|
||||
local prefix=""
|
||||
[ "$protocol" == "wsclient" ] && {
|
||||
prefix="ws://"
|
||||
local brook_tls=$(config_n_get $node brook_tls 0)
|
||||
[ "$brook_tls" == "1" ] && {
|
||||
prefix="wss://"
|
||||
protocol="wssclient"
|
||||
}
|
||||
local ws_path=$(config_n_get $node ws_path "/ws")
|
||||
}
|
||||
server_host=${prefix}${server_host}
|
||||
ln_run "$(first_type $(config_t_get global_app brook_file) brook)" "brook_SOCKS_${flag}" $log_file "$protocol" --socks5 "$bind:$socks_port" -s "${server_host}:${port}${ws_path}" -p "$(config_n_get $node password)"
|
||||
;;
|
||||
ssr)
|
||||
lua $UTIL_SS gen_config -node $node -local_addr "0.0.0.0" -local_port $socks_port -server_host $server_host -server_port $port > $config_file
|
||||
ln_run "$(first_type ssr-local)" "ssr-local" $log_file -c "$config_file" -v -u
|
||||
|
|
@ -664,6 +647,8 @@ run_socks() {
|
|||
ln_run "$(first_type tuic-client)" "tuic-client" $log_file -c "$config_file"
|
||||
;;
|
||||
esac
|
||||
|
||||
eval node_${node}_socks_port=$socks_port
|
||||
|
||||
# http to socks
|
||||
[ -z "$http_flag" ] && [ "$http_port" != "0" ] && [ -n "$http_config_file" ] && [ "$type" != "sing-box" ] && [ "$type" != "xray" ] && [ "$type" != "socks" ] && {
|
||||
|
|
@ -729,11 +714,6 @@ run_redir() {
|
|||
xray)
|
||||
run_xray flag=UDP node=$node udp_redir_port=$local_port config_file=$config_file log_file=$log_file
|
||||
;;
|
||||
trojan-go)
|
||||
local loglevel=$(config_t_get global trojan_loglevel "2")
|
||||
lua $UTIL_TROJAN gen_config -node $node -run_type nat -local_addr "0.0.0.0" -local_port $local_port -loglevel $loglevel > $config_file
|
||||
ln_run "$(first_type $(config_t_get global_app trojan_go_file) trojan-go)" trojan-go $log_file -config "$config_file"
|
||||
;;
|
||||
trojan*)
|
||||
local loglevel=$(config_t_get global trojan_loglevel "2")
|
||||
lua $UTIL_TROJAN gen_config -node $node -run_type nat -local_addr "0.0.0.0" -local_port $local_port -loglevel $loglevel > $config_file
|
||||
|
|
@ -742,14 +722,6 @@ run_redir() {
|
|||
naiveproxy)
|
||||
echolog "Naiveproxy不支持UDP转发!"
|
||||
;;
|
||||
brook)
|
||||
local protocol=$(config_n_get $node protocol client)
|
||||
if [ "$protocol" == "wsclient" ]; then
|
||||
echolog "Brook的WebSocket不支持UDP转发!"
|
||||
else
|
||||
ln_run "$(first_type $(config_t_get global_app brook_file) brook)" "brook_UDP" $log_file tproxy -l ":$local_port" -s "$server_host:$port" -p "$(config_n_get $node password)" --doNotRunScripts
|
||||
fi
|
||||
;;
|
||||
ssr)
|
||||
lua $UTIL_SS gen_config -node $node -local_addr "0.0.0.0" -local_port $local_port > $config_file
|
||||
ln_run "$(first_type ssr-redir)" "ssr-redir" $log_file -c "$config_file" -v -U
|
||||
|
|
@ -894,16 +866,6 @@ run_redir() {
|
|||
}
|
||||
run_xray flag=$_flag node=$node tcp_redir_port=$local_port config_file=$config_file log_file=$log_file ${_args}
|
||||
;;
|
||||
trojan-go)
|
||||
[ "$TCP_UDP" = "1" ] && {
|
||||
config_file=$(echo $config_file | sed "s/TCP/TCP_UDP/g")
|
||||
UDP_REDIR_PORT=$TCP_REDIR_PORT
|
||||
UDP_NODE="nil"
|
||||
}
|
||||
local loglevel=$(config_t_get global trojan_loglevel "2")
|
||||
lua $UTIL_TROJAN gen_config -node $node -run_type nat -local_addr "0.0.0.0" -local_port $local_port -loglevel $loglevel > $config_file
|
||||
ln_run "$(first_type $(config_t_get global_app trojan_go_file) trojan-go)" trojan-go $log_file -config "$config_file"
|
||||
;;
|
||||
trojan*)
|
||||
[ "$tcp_proxy_way" = "tproxy" ] && lua_tproxy_arg="-use_tproxy true"
|
||||
[ "$TCP_UDP" = "1" ] && {
|
||||
|
|
@ -919,19 +881,6 @@ run_redir() {
|
|||
lua $UTIL_NAIVE gen_config -node $node -run_type redir -local_addr "0.0.0.0" -local_port $local_port > $config_file
|
||||
ln_run "$(first_type naive)" naive $log_file "$config_file"
|
||||
;;
|
||||
brook)
|
||||
local server_ip=$server_host
|
||||
local protocol=$(config_n_get $node protocol client)
|
||||
local prefix=""
|
||||
[ "$protocol" == "wsclient" ] && {
|
||||
prefix="ws://"
|
||||
local brook_tls=$(config_n_get $node brook_tls 0)
|
||||
[ "$brook_tls" == "1" ] && prefix="wss://"
|
||||
local ws_path=$(config_n_get $node ws_path "/ws")
|
||||
}
|
||||
server_ip=${prefix}${server_ip}
|
||||
ln_run "$(first_type $(config_t_get global_app brook_file) brook)" "brook_TCP" $log_file tproxy -l ":$local_port" -s "${server_ip}:${port}${ws_path}" -p "$(config_n_get $node password)" --doNotRunScripts
|
||||
;;
|
||||
ssr)
|
||||
[ "$tcp_proxy_way" = "tproxy" ] && lua_tproxy_arg="-tcp_tproxy true"
|
||||
[ "$TCP_UDP" = "1" ] && {
|
||||
|
|
@ -1215,24 +1164,6 @@ start_dns() {
|
|||
[ -n "$items" ] && {
|
||||
for item in $items; do
|
||||
[ "$(config_n_get $item enabled)" = "1" ] || continue
|
||||
[ "$(config_n_get $item tcp_node)" = "default" ] && [ "$TCP_NODE" != "nil" ] && {
|
||||
local item_tcp_proxy_mode=$(config_n_get $item tcp_proxy_mode default)
|
||||
[ "$item_tcp_proxy_mode" = "default" ] && item_tcp_proxy_mode=$TCP_PROXY_MODE
|
||||
global=$(echo "${global}${item_tcp_proxy_mode}" | grep "global")
|
||||
returnhome=$(echo "${returnhome}${item_tcp_proxy_mode}" | grep "returnhome")
|
||||
chnlist=$(echo "${chnlist}${item_tcp_proxy_mode}" | grep "chnroute")
|
||||
gfwlist=$(echo "${gfwlist}${item_tcp_proxy_mode}" | grep "gfwlist")
|
||||
ACL_TCP_PROXY_MODE=${ACL_TCP_PROXY_MODE}${item_tcp_proxy_mode}
|
||||
}
|
||||
[ "$(config_n_get $item udp_node)" = "default" ] && [ "$UDP_NODE" != "nil" ] && {
|
||||
local item_udp_proxy_mode=$(config_n_get $item udp_proxy_mode default)
|
||||
[ "$item_udp_proxy_mode" = "default" ] && item_udp_proxy_mode=$UDP_PROXY_MODE
|
||||
global=$(echo "${global}${item_udp_proxy_mode}" | grep "global")
|
||||
returnhome=$(echo "${returnhome}${item_udp_proxy_mode}" | grep "returnhome")
|
||||
chnlist=$(echo "${chnlist}${item_udp_proxy_mode}" | grep "chnroute")
|
||||
gfwlist=$(echo "${gfwlist}${item_udp_proxy_mode}" | grep "gfwlist")
|
||||
ACL_UDP_PROXY_MODE=${ACL_UDP_PROXY_MODE}${item_udp_proxy_mode}
|
||||
}
|
||||
done
|
||||
}
|
||||
}
|
||||
|
|
@ -1319,7 +1250,7 @@ start_dns() {
|
|||
[ "${use_tcp_node_resolve_dns}" = "1" ] && echolog " * 请确认上游 DNS 支持 TCP 查询,如非直连地址,确保 TCP 代理打开,并且已经正确转发!"
|
||||
[ "${use_udp_node_resolve_dns}" = "1" ] && echolog " * 要求代理 DNS 请求,如上游 DNS 非直连地址,确保 UDP 代理打开,并且已经正确转发!"
|
||||
|
||||
[ "$CHINADNS_NG" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && ([ -n "$chnlist" ] || [ -n "$gfwlist" ]) && {
|
||||
[ "$CHINADNS_NG" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && ([ "${CHN_LIST}" = "direct" ] || [ "${USE_GFW_LIST}" = "1" ]) && {
|
||||
[ "$FILTER_PROXY_IPV6" = "1" ] && {
|
||||
local _no_ipv6_rules="gt"
|
||||
}
|
||||
|
|
@ -1329,24 +1260,25 @@ start_dns() {
|
|||
_listen_port=${china_ng_listen_port} \
|
||||
_dns_china=$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",") \
|
||||
_dns_trust="${TUN_DNS}" \
|
||||
_chnlist="${chnlist}" \
|
||||
_gfwlist="${gfwlist}" \
|
||||
_chnlist="${CHN_LIST}" \
|
||||
_gfwlist="${USE_GFW_LIST}" \
|
||||
_no_ipv6_rules="${_no_ipv6_rules}" \
|
||||
_log_path="${TMP_PATH}/chinadns-ng.log"
|
||||
|
||||
WHEN_CHNROUTE_DEFAULT_DNS="chinadns_ng"
|
||||
USE_DEFAULT_DNS="chinadns_ng"
|
||||
}
|
||||
|
||||
[ "$DNS_SHUNT" = "dnsmasq" ] && {
|
||||
[ "$WHEN_CHNROUTE_DEFAULT_DNS" = "remote" ] && {
|
||||
[ "$USE_DEFAULT_DNS" = "remote" ] && {
|
||||
dnsmasq_version=$(dnsmasq -v | grep -i "Dnsmasq version " | awk '{print $3}')
|
||||
[ "$(expr $dnsmasq_version \>= 2.87)" == 0 ] && echolog "Dnsmasq版本低于2.87,有可能无法正常使用!!!"
|
||||
}
|
||||
source $APP_PATH/helper_dnsmasq.sh stretch
|
||||
lua $APP_PATH/helper_dnsmasq_add.lua -FLAG "default" -TMP_DNSMASQ_PATH ${TMP_DNSMASQ_PATH} \
|
||||
-DNSMASQ_CONF_FILE "/tmp/dnsmasq.d/dnsmasq-passwall.conf" -DEFAULT_DNS ${DEFAULT_DNS} -LOCAL_DNS ${LOCAL_DNS} \
|
||||
-TUN_DNS ${TUN_DNS} -REMOTE_FAKEDNS ${fakedns:-0} -CHNROUTE_MODE_DEFAULT_DNS "${WHEN_CHNROUTE_DEFAULT_DNS:-direct}" -CHINADNS_DNS ${china_ng_listen:-0} \
|
||||
-TCP_NODE ${TCP_NODE} -PROXY_MODE "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${ACL_TCP_PROXY_MODE}" -NO_PROXY_IPV6 ${FILTER_PROXY_IPV6:-0} -NFTFLAG ${nftflag:-0} \
|
||||
-TUN_DNS ${TUN_DNS} -REMOTE_FAKEDNS ${fakedns:-0} -USE_DEFAULT_DNS "${USE_DEFAULT_DNS:-direct}" -CHINADNS_DNS ${china_ng_listen:-0} \
|
||||
-USE_DIRECT_LIST "${USE_BLOCK_LIST}" -USE_PROXY_LIST "${USE_PROXY_LIST}" -USE_BLOCK_LIST "${USE_BLOCK_LIST}" -USE_GFW_LIST "${USE_GFW_LIST}" -CHN_LIST "${CHN_LIST}" \
|
||||
-TCP_NODE ${TCP_NODE} -DEFAULT_PROXY_MODE "${TCP_PROXY_MODE}" -NO_PROXY_IPV6 ${FILTER_PROXY_IPV6:-0} -NFTFLAG ${nftflag:-0} \
|
||||
-NO_LOGIC_LOG ${NO_LOGIC_LOG:-0}
|
||||
}
|
||||
}
|
||||
|
|
@ -1435,15 +1367,20 @@ acl_app() {
|
|||
mkdir -p $TMP_ACL_PATH/$sid
|
||||
echo -e "${rule_list}" | sed '/^$/d' > $TMP_ACL_PATH/$sid/rule_list
|
||||
|
||||
tcp_proxy_mode=${tcp_proxy_mode:-default}
|
||||
udp_proxy_mode=${udp_proxy_mode:-default}
|
||||
tcp_node=${tcp_node:-default}
|
||||
udp_node=${udp_node:-default}
|
||||
use_direct_list=${use_direct_list:-1}
|
||||
use_proxy_list=${use_proxy_list:-1}
|
||||
use_block_list=${use_block_list:-1}
|
||||
use_gfw_list=${use_gfw_list:-1}
|
||||
chn_list=${chn_list:-direct}
|
||||
tcp_proxy_mode=${tcp_proxy_mode:-proxy}
|
||||
udp_proxy_mode=${udp_proxy_mode:-proxy}
|
||||
filter_proxy_ipv6=${filter_proxy_ipv6:-0}
|
||||
dns_mode=${dns_mode:-dns2socks}
|
||||
remote_dns=${remote_dns:-1.1.1.1}
|
||||
chinadns_ng=${chinadns_ng:-0}
|
||||
when_chnroute_default_dns=${when_chnroute_default_dns:-direct}
|
||||
use_default_dns=${use_default_dns:-direct}
|
||||
[ "$dns_mode" = "sing-box" ] && {
|
||||
[ "$v2ray_dns_mode" = "doh" ] && remote_dns=${remote_dns_doh:-https://1.1.1.1/dns-query}
|
||||
}
|
||||
|
|
@ -1474,7 +1411,7 @@ acl_app() {
|
|||
eval node_${tcp_node}_$(echo -n "${remote_dns}" | md5sum | cut -d " " -f1)=${_dns_port}
|
||||
}
|
||||
|
||||
[ "$chinadns_ng" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && ([ "$tcp_proxy_mode" = "chnroute" ] || [ "$tcp_proxy_mode" = "gfwlist" ]) && {
|
||||
[ "$chinadns_ng" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && ([ "${chn_list}" = "direct" ] || [ "${use_gfw_list}" = "1" ]) && {
|
||||
[ "$filter_proxy_ipv6" = "1" ] && {
|
||||
local _no_ipv6_rules="gt"
|
||||
}
|
||||
|
|
@ -1485,13 +1422,13 @@ acl_app() {
|
|||
_listen_port=${chinadns_port} \
|
||||
_dns_china=$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",") \
|
||||
_dns_trust="127.0.0.1#${_dns_port}" \
|
||||
_chnlist=$(echo "${tcp_proxy_mode}" | grep "chnroute") \
|
||||
_gfwlist=$(echo "${tcp_proxy_mode}" | grep "gfwlist") \
|
||||
_chnlist=${chn_list} \
|
||||
_gfwlist=${use_gfw_list} \
|
||||
_no_ipv6_rules="${_no_ipv6_rules}" \
|
||||
_log_path="${TMP_ACL_PATH}/${sid}/chinadns-ng.log" \
|
||||
_no_logic_log=1
|
||||
|
||||
when_chnroute_default_dns="chinadns_ng"
|
||||
use_default_dns="chinadns_ng"
|
||||
}
|
||||
|
||||
dnsmasq_port=$(get_new_port $(expr $dnsmasq_port + 1))
|
||||
|
|
@ -1504,81 +1441,70 @@ acl_app() {
|
|||
sed -i "/dhcp/d" $TMP_ACL_PATH/$sid/dnsmasq.conf
|
||||
sed -i "/port=/d" $TMP_ACL_PATH/$sid/dnsmasq.conf
|
||||
sed -i "/conf-dir/d" $TMP_ACL_PATH/$sid/dnsmasq.conf
|
||||
sed -i "/server/d" $TMP_ACL_PATH/$sid/dnsmasq.conf
|
||||
}
|
||||
echo "port=${dnsmasq_port}" >> $TMP_ACL_PATH/$sid/dnsmasq.conf
|
||||
d_server=127.0.0.1
|
||||
[ "$tcp_proxy_mode" = "global" ] && {
|
||||
d_server=${d_server}#${_dns_port}
|
||||
sed -i "/no-poll/d" $TMP_ACL_PATH/$sid/dnsmasq.conf
|
||||
sed -i "/no-resolv/d" $TMP_ACL_PATH/$sid/dnsmasq.conf
|
||||
echo "server=${d_server}" >> $TMP_ACL_PATH/$sid/dnsmasq.conf
|
||||
echo "no-poll" >> $TMP_ACL_PATH/$sid/dnsmasq.conf
|
||||
echo "no-resolv" >> $TMP_ACL_PATH/$sid/dnsmasq.conf
|
||||
}
|
||||
[ "$when_chnroute_default_dns" = "remote" ] && {
|
||||
[ "$use_default_dns" = "remote" ] && {
|
||||
dnsmasq_version=$(dnsmasq -v | grep -i "Dnsmasq version " | awk '{print $3}')
|
||||
[ "$(expr $dnsmasq_version \>= 2.87)" == 0 ] && echolog "Dnsmasq版本低于2.87,有可能无法正常使用!!!"
|
||||
}
|
||||
lua $APP_PATH/helper_dnsmasq_add.lua -FLAG ${sid} -TMP_DNSMASQ_PATH $TMP_ACL_PATH/$sid/dnsmasq.d \
|
||||
-DNSMASQ_CONF_FILE $TMP_ACL_PATH/$sid/dnsmasq.conf -DEFAULT_DNS $DEFAULT_DNS -LOCAL_DNS $LOCAL_DNS \
|
||||
-TUN_DNS "127.0.0.1#${_dns_port}" -REMOTE_FAKEDNS 0 -CHNROUTE_MODE_DEFAULT_DNS "${when_chnroute_default_dns:-direct}" -CHINADNS_DNS ${_china_ng_listen:-0} \
|
||||
-TCP_NODE $tcp_node -PROXY_MODE ${tcp_proxy_mode} -NO_PROXY_IPV6 ${filter_proxy_ipv6:-0} -NFTFLAG ${nftflag:-0} \
|
||||
-USE_DIRECT_LIST "${use_direct_list}" -USE_PROXY_LIST "${use_proxy_list}" -USE_BLOCK_LIST "${use_block_list}" -USE_GFW_LIST "${use_gfw_list}" -CHN_LIST "${CHN_LIST}" \
|
||||
-TUN_DNS "127.0.0.1#${_dns_port}" -REMOTE_FAKEDNS 0 -USE_DEFAULT_DNS "${use_default_dns:-direct}" -CHINADNS_DNS ${_china_ng_listen:-0} \
|
||||
-TCP_NODE $tcp_node -DEFAULT_PROXY_MODE ${tcp_proxy_mode} -NO_PROXY_IPV6 ${filter_proxy_ipv6:-0} -NFTFLAG ${nftflag:-0} \
|
||||
-NO_LOGIC_LOG 1
|
||||
ln_run "$(first_type dnsmasq)" "dnsmasq_${sid}" "/dev/null" -C $TMP_ACL_PATH/$sid/dnsmasq.conf -x $TMP_ACL_PATH/$sid/dnsmasq.pid
|
||||
eval node_${tcp_node}_$(echo -n "${tcp_proxy_mode}${remote_dns}" | md5sum | cut -d " " -f1)=${dnsmasq_port}
|
||||
}
|
||||
if [ "$tcp_node" = "$TCP_NODE" ]; then
|
||||
tcp_port=$TCP_REDIR_PORT
|
||||
else
|
||||
_redir_port=$(eval echo \${node_${tcp_node}_redir_port})
|
||||
_socks_port=$(eval echo \${node_${tcp_node}_socks_port})
|
||||
if [ -n "${_socks_port}" ] && [ -n "${_redir_port}" ]; then
|
||||
socks_port=${_socks_port}
|
||||
tcp_port=${_redir_port}
|
||||
_dnsmasq_port=$(eval echo \${node_${tcp_node}_$(echo -n "${tcp_proxy_mode}${remote_dns}" | md5sum | cut -d " " -f1)})
|
||||
if [ -z "${_dnsmasq_port}" ]; then
|
||||
_dns_port=$(eval echo \${node_${tcp_node}_$(echo -n "${remote_dns}" | md5sum | cut -d " " -f1)})
|
||||
run_dns ${_dns_port}
|
||||
else
|
||||
redirect_dns_port=${_dnsmasq_port}
|
||||
fi
|
||||
else
|
||||
socks_port=$(get_new_port $(expr $socks_port + 1))
|
||||
eval node_${tcp_node}_socks_port=$socks_port
|
||||
redir_port=$(get_new_port $(expr $redir_port + 1))
|
||||
eval node_${tcp_node}_redir_port=$redir_port
|
||||
tcp_port=$redir_port
|
||||
|
||||
local type=$(echo $(config_n_get $tcp_node type) | tr 'A-Z' 'a-z')
|
||||
if [ -n "${type}" ] && ([ "${type}" = "sing-box" ] || [ "${type}" = "xray" ]); then
|
||||
config_file="acl/${tcp_node}_TCP_${redir_port}.json"
|
||||
_extra_param="socks_address=127.0.0.1 socks_port=$socks_port"
|
||||
if [ "$dns_mode" = "sing-box" ] || [ "$dns_mode" = "xray" ]; then
|
||||
dns_port=$(get_new_port $(expr $dns_port + 1))
|
||||
_dns_port=$dns_port
|
||||
config_file=$(echo $config_file | sed "s/TCP_/DNS_${_dns_port}_TCP_/g")
|
||||
remote_dns_doh=${remote_dns}
|
||||
[ "$dns_mode" = "xray" ] && [ "$v2ray_dns_mode" = "tcp+doh" ] && remote_dns_doh=${remote_dns_doh:-https://1.1.1.1/dns-query}
|
||||
_extra_param="dns_listen_port=${_dns_port} remote_dns_protocol=${v2ray_dns_mode} remote_dns_tcp_server=${remote_dns} remote_dns_doh=${remote_dns_doh} remote_dns_query_strategy=${DNS_QUERY_STRATEGY} dns_client_ip=${dns_client_ip} dns_query_strategy=${DNS_QUERY_STRATEGY}"
|
||||
fi
|
||||
[ "$udp_node" != "nil" ] && ([ "$udp_node" = "tcp" ] || [ "$udp_node" = "$tcp_node" ]) && {
|
||||
config_file=$(echo $config_file | sed "s/TCP_/TCP_UDP_/g")
|
||||
_extra_param="${_extra_param} udp_redir_port=$redir_port"
|
||||
}
|
||||
config_file="$TMP_PATH/$config_file"
|
||||
[ "${type}" = "sing-box" ] && type="singbox"
|
||||
run_${type} flag=$tcp_node node=$tcp_node tcp_redir_port=$redir_port ${_extra_param} config_file=$config_file
|
||||
else
|
||||
config_file="acl/${tcp_node}_SOCKS_${socks_port}.json"
|
||||
run_socks flag=$tcp_node node=$tcp_node bind=127.0.0.1 socks_port=$socks_port config_file=$config_file
|
||||
local log_file=$TMP_ACL_PATH/ipt2socks_${tcp_node}_${redir_port}.log
|
||||
log_file="/dev/null"
|
||||
run_ipt2socks flag=acl_${tcp_node} tcp_tproxy=${is_tproxy} local_port=$redir_port socks_address=127.0.0.1 socks_port=$socks_port log_file=$log_file
|
||||
fi
|
||||
_redir_port=$(eval echo \${node_${tcp_node}_redir_port})
|
||||
_socks_port=$(eval echo \${node_${tcp_node}_socks_port})
|
||||
if [ -n "${_socks_port}" ] && [ -n "${_redir_port}" ]; then
|
||||
socks_port=${_socks_port}
|
||||
tcp_port=${_redir_port}
|
||||
_dnsmasq_port=$(eval echo \${node_${tcp_node}_$(echo -n "${tcp_proxy_mode}${remote_dns}" | md5sum | cut -d " " -f1)})
|
||||
if [ -z "${_dnsmasq_port}" ]; then
|
||||
_dns_port=$(eval echo \${node_${tcp_node}_$(echo -n "${remote_dns}" | md5sum | cut -d " " -f1)})
|
||||
run_dns ${_dns_port}
|
||||
else
|
||||
redirect_dns_port=${_dnsmasq_port}
|
||||
fi
|
||||
echo "${tcp_node}" > $TMP_ACL_PATH/$sid/var_tcp_node
|
||||
else
|
||||
socks_port=$(get_new_port $(expr $socks_port + 1))
|
||||
eval node_${tcp_node}_socks_port=$socks_port
|
||||
redir_port=$(get_new_port $(expr $redir_port + 1))
|
||||
eval node_${tcp_node}_redir_port=$redir_port
|
||||
tcp_port=$redir_port
|
||||
|
||||
local type=$(echo $(config_n_get $tcp_node type) | tr 'A-Z' 'a-z')
|
||||
if [ -n "${type}" ] && ([ "${type}" = "sing-box" ] || [ "${type}" = "xray" ]); then
|
||||
config_file="acl/${tcp_node}_TCP_${redir_port}.json"
|
||||
_extra_param="socks_address=127.0.0.1 socks_port=$socks_port"
|
||||
if [ "$dns_mode" = "sing-box" ] || [ "$dns_mode" = "xray" ]; then
|
||||
dns_port=$(get_new_port $(expr $dns_port + 1))
|
||||
_dns_port=$dns_port
|
||||
config_file=$(echo $config_file | sed "s/TCP_/DNS_${_dns_port}_TCP_/g")
|
||||
remote_dns_doh=${remote_dns}
|
||||
[ "$dns_mode" = "xray" ] && [ "$v2ray_dns_mode" = "tcp+doh" ] && remote_dns_doh=${remote_dns_doh:-https://1.1.1.1/dns-query}
|
||||
_extra_param="dns_listen_port=${_dns_port} remote_dns_protocol=${v2ray_dns_mode} remote_dns_tcp_server=${remote_dns} remote_dns_doh=${remote_dns_doh} remote_dns_query_strategy=${DNS_QUERY_STRATEGY} dns_client_ip=${dns_client_ip} dns_query_strategy=${DNS_QUERY_STRATEGY}"
|
||||
fi
|
||||
[ "$udp_node" != "nil" ] && ([ "$udp_node" = "tcp" ] || [ "$udp_node" = "$tcp_node" ]) && {
|
||||
config_file=$(echo $config_file | sed "s/TCP_/TCP_UDP_/g")
|
||||
_extra_param="${_extra_param} udp_redir_port=$redir_port"
|
||||
}
|
||||
config_file="$TMP_PATH/$config_file"
|
||||
[ "${type}" = "sing-box" ] && type="singbox"
|
||||
run_${type} flag=$tcp_node node=$tcp_node tcp_redir_port=$redir_port ${_extra_param} config_file=$config_file
|
||||
else
|
||||
config_file="acl/${tcp_node}_SOCKS_${socks_port}.json"
|
||||
run_socks flag=$tcp_node node=$tcp_node bind=127.0.0.1 socks_port=$socks_port config_file=$config_file
|
||||
local log_file=$TMP_ACL_PATH/ipt2socks_${tcp_node}_${redir_port}.log
|
||||
log_file="/dev/null"
|
||||
run_ipt2socks flag=acl_${tcp_node} tcp_tproxy=${is_tproxy} local_port=$redir_port socks_address=127.0.0.1 socks_port=$socks_port log_file=$log_file
|
||||
fi
|
||||
run_dns ${_dns_port}
|
||||
fi
|
||||
echo "${tcp_node}" > $TMP_ACL_PATH/$sid/var_tcp_node
|
||||
}
|
||||
fi
|
||||
echo "${tcp_port}" > $TMP_ACL_PATH/$sid/var_tcp_port
|
||||
|
|
@ -1738,27 +1664,32 @@ TCP_NO_REDIR_PORTS=$(config_t_get global_forwarding tcp_no_redir_ports 'disable'
|
|||
UDP_NO_REDIR_PORTS=$(config_t_get global_forwarding udp_no_redir_ports 'disable')
|
||||
TCP_PROXY_DROP_PORTS=$(config_t_get global_forwarding tcp_proxy_drop_ports 'disable')
|
||||
UDP_PROXY_DROP_PORTS=$(config_t_get global_forwarding udp_proxy_drop_ports '80,443')
|
||||
TCP_PROXY_MODE=$(config_t_get global tcp_proxy_mode chnroute)
|
||||
UDP_PROXY_MODE=$(config_t_get global udp_proxy_mode chnroute)
|
||||
USE_DIRECT_LIST=$(config_t_get global use_direct_list 1)
|
||||
USE_PROXY_LIST=$(config_t_get global use_proxy_list 1)
|
||||
USE_BLOCK_LIST=$(config_t_get global use_block_list 1)
|
||||
USE_GFW_LIST=$(config_t_get global use_gfw_list 1)
|
||||
CHN_LIST=$(config_t_get global chn_list direct)
|
||||
TCP_PROXY_MODE=$(config_t_get global tcp_proxy_mode proxy)
|
||||
UDP_PROXY_MODE=$(config_t_get global udp_proxy_mode proxy)
|
||||
[ "${TCP_PROXY_MODE}" != "disable" ] && TCP_PROXY_MODE="proxy"
|
||||
[ "${UDP_PROXY_MODE}" != "disable" ] && UDP_PROXY_MODE="proxy"
|
||||
LOCALHOST_TCP_PROXY_MODE=$(config_t_get global localhost_tcp_proxy_mode default)
|
||||
LOCALHOST_UDP_PROXY_MODE=$(config_t_get global localhost_udp_proxy_mode default)
|
||||
[ "${LOCALHOST_TCP_PROXY_MODE}" != "disable" ] && LOCALHOST_TCP_PROXY_MODE="proxy"
|
||||
[ "${LOCALHOST_UDP_PROXY_MODE}" != "disable" ] && LOCALHOST_UDP_PROXY_MODE="proxy"
|
||||
[ "$LOCALHOST_TCP_PROXY_MODE" == "default" ] && LOCALHOST_TCP_PROXY_MODE=$TCP_PROXY_MODE
|
||||
[ "$LOCALHOST_UDP_PROXY_MODE" == "default" ] && LOCALHOST_UDP_PROXY_MODE=$UDP_PROXY_MODE
|
||||
global=$(echo "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${UDP_PROXY_MODE}${LOCALHOST_UDP_PROXY_MODE}" | grep "global")
|
||||
returnhome=$(echo "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${UDP_PROXY_MODE}${LOCALHOST_UDP_PROXY_MODE}" | grep "returnhome")
|
||||
chnlist=$(echo "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${UDP_PROXY_MODE}${LOCALHOST_UDP_PROXY_MODE}" | grep "chnroute")
|
||||
gfwlist=$(echo "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${UDP_PROXY_MODE}${LOCALHOST_UDP_PROXY_MODE}" | grep "gfwlist")
|
||||
DNS_SHUNT="dnsmasq"
|
||||
DNS_MODE=$(config_t_get global dns_mode dns2tcp)
|
||||
DNS_CACHE=$(config_t_get global dns_cache 0)
|
||||
REMOTE_DNS=$(config_t_get global remote_dns 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')
|
||||
CHINADNS_NG=$(config_t_get global chinadns_ng 0)
|
||||
WHEN_CHNROUTE_DEFAULT_DNS=$(config_t_get global when_chnroute_default_dns direct)
|
||||
USE_DEFAULT_DNS=$(config_t_get global use_default_dns direct)
|
||||
FILTER_PROXY_IPV6=$(config_t_get global filter_proxy_ipv6 0)
|
||||
dns_listen_port=${DNS_PORT}
|
||||
|
||||
REDIRECT_LIST="socks ss ss-rust ssr sing-box xray trojan-go trojan-plus naiveproxy hysteria2"
|
||||
TPROXY_LIST="brook socks ss ss-rust ssr sing-box xray trojan-go trojan-plus hysteria2"
|
||||
REDIRECT_LIST="socks ss ss-rust ssr sing-box xray trojan-plus naiveproxy hysteria2"
|
||||
TPROXY_LIST="socks ss ss-rust ssr sing-box xray trojan-plus hysteria2"
|
||||
RESOLVFILE=/tmp/resolv.conf.d/resolv.conf.auto
|
||||
[ -f "${RESOLVFILE}" ] && [ -s "${RESOLVFILE}" ] || RESOLVFILE=/tmp/resolv.conf.auto
|
||||
|
||||
|
|
|
|||
|
|
@ -9,10 +9,15 @@ local DEFAULT_DNS = var["-DEFAULT_DNS"]
|
|||
local LOCAL_DNS = var["-LOCAL_DNS"]
|
||||
local TUN_DNS = var["-TUN_DNS"]
|
||||
local REMOTE_FAKEDNS = var["-REMOTE_FAKEDNS"]
|
||||
local CHNROUTE_MODE_DEFAULT_DNS = var["-CHNROUTE_MODE_DEFAULT_DNS"]
|
||||
local USE_DEFAULT_DNS = var["-USE_DEFAULT_DNS"]
|
||||
local CHINADNS_DNS = var["-CHINADNS_DNS"]
|
||||
local TCP_NODE = var["-TCP_NODE"]
|
||||
local PROXY_MODE = var["-PROXY_MODE"]
|
||||
local USE_DIRECT_LIST = var["-USE_DIRECT_LIST"]
|
||||
local USE_PROXY_LIST = var["-USE_PROXY_LIST"]
|
||||
local USE_BLOCK_LIST = var["-USE_BLOCK_LIST"]
|
||||
local USE_GFW_LIST = var["-USE_GFW_LIST"]
|
||||
local CHN_LIST = var["-CHN_LIST"]
|
||||
local DEFAULT_PROXY_MODE = var["-DEFAULT_PROXY_MODE"]
|
||||
local NO_PROXY_IPV6 = var["-NO_PROXY_IPV6"]
|
||||
local NO_LOGIC_LOG = var["-NO_LOGIC_LOG"]
|
||||
local NFTFLAG = var["-NFTFLAG"]
|
||||
|
|
@ -145,7 +150,7 @@ end
|
|||
|
||||
local cache_text = ""
|
||||
local new_rules = luci.sys.exec("echo -n $(find /usr/share/passwall/rules -type f | xargs md5sum)")
|
||||
local new_text = TMP_DNSMASQ_PATH .. DNSMASQ_CONF_FILE .. DEFAULT_DNS .. LOCAL_DNS .. TUN_DNS .. REMOTE_FAKEDNS .. CHNROUTE_MODE_DEFAULT_DNS .. CHINADNS_DNS .. PROXY_MODE .. NO_PROXY_IPV6 .. new_rules .. NFTFLAG
|
||||
local new_text = TMP_DNSMASQ_PATH .. DNSMASQ_CONF_FILE .. DEFAULT_DNS .. LOCAL_DNS .. TUN_DNS .. REMOTE_FAKEDNS .. USE_DEFAULT_DNS .. CHINADNS_DNS .. USE_DIRECT_LIST .. USE_PROXY_LIST .. USE_BLOCK_LIST .. USE_GFW_LIST .. CHN_LIST .. DEFAULT_PROXY_MODE .. NO_PROXY_IPV6 .. new_rules .. NFTFLAG
|
||||
if fs.access(CACHE_TEXT_FILE) then
|
||||
for line in io.lines(CACHE_TEXT_FILE) do
|
||||
cache_text = line
|
||||
|
|
@ -156,24 +161,26 @@ if cache_text ~= new_text then
|
|||
api.remove(CACHE_DNS_PATH .. "*")
|
||||
end
|
||||
|
||||
local global = PROXY_MODE:find("global")
|
||||
local returnhome = PROXY_MODE:find("returnhome")
|
||||
local chnlist = PROXY_MODE:find("chnroute")
|
||||
local gfwlist = PROXY_MODE:find("gfwlist")
|
||||
local only_global
|
||||
|
||||
local dnsmasq_default_dns
|
||||
if CHNROUTE_MODE_DEFAULT_DNS ~= "nil" then
|
||||
if chnlist and CHNROUTE_MODE_DEFAULT_DNS == "remote" then
|
||||
if USE_DEFAULT_DNS ~= "nil" then
|
||||
if USE_DEFAULT_DNS == "direct" then
|
||||
dnsmasq_default_dns = LOCAL_DNS
|
||||
end
|
||||
if USE_DEFAULT_DNS == "remote" then
|
||||
dnsmasq_default_dns = TUN_DNS
|
||||
end
|
||||
if (chnlist or gfwlist) and CHNROUTE_MODE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" then
|
||||
if USE_DEFAULT_DNS == "remote" and CHN_LIST == "direct" then
|
||||
dnsmasq_default_dns = TUN_DNS
|
||||
end
|
||||
if USE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" and (CHN_LIST == "direct" or USE_GFW_LIST == "1") then
|
||||
dnsmasq_default_dns = CHINADNS_DNS
|
||||
end
|
||||
end
|
||||
|
||||
if global and (not returnhome and not chnlist and not gfwlist) then
|
||||
--只有全局模式时
|
||||
if DEFAULT_PROXY_MODE == "proxy" and CHN_LIST == "0" and USE_GFW_LIST == "0" then
|
||||
--没有启用中国列表和GFW列表时
|
||||
dnsmasq_default_dns = TUN_DNS
|
||||
only_global = 1
|
||||
end
|
||||
|
|
@ -186,9 +193,11 @@ if not fs.access(CACHE_DNS_PATH) then
|
|||
fs.mkdir(CACHE_DNS_PATH)
|
||||
|
||||
--屏蔽列表
|
||||
for line in io.lines("/usr/share/passwall/rules/block_host") do
|
||||
if line ~= "" and not line:find("#") then
|
||||
set_domain_address(line, "")
|
||||
if USE_BLOCK_LIST == "1" then
|
||||
for line in io.lines("/usr/share/passwall/rules/block_host") do
|
||||
if line ~= "" and not line:find("#") then
|
||||
set_domain_address(line, "")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -202,37 +211,106 @@ if not fs.access(CACHE_DNS_PATH) then
|
|||
end)
|
||||
log(string.format(" - 节点列表中的域名(vpslist):%s", LOCAL_DNS or "默认"))
|
||||
|
||||
--始终用国内DNS解析直连(白名单)列表
|
||||
for line in io.lines("/usr/share/passwall/rules/direct_host") do
|
||||
if line ~= "" and not line:find("#") then
|
||||
add_excluded_domain(line)
|
||||
set_domain_dns(line, LOCAL_DNS)
|
||||
set_domain_ipset(line, setflag_4 .. "passwall_whitelist," .. setflag_6 .. "passwall_whitelist6")
|
||||
--直连(白名单)列表
|
||||
if USE_DIRECT_LIST == "1" then
|
||||
--始终用国内DNS解析直连(白名单)列表
|
||||
for line in io.lines("/usr/share/passwall/rules/direct_host") do
|
||||
if line ~= "" and not line:find("#") then
|
||||
add_excluded_domain(line)
|
||||
set_domain_dns(line, LOCAL_DNS)
|
||||
set_domain_ipset(line, setflag_4 .. "passwall_whitelist," .. setflag_6 .. "passwall_whitelist6")
|
||||
end
|
||||
end
|
||||
log(string.format(" - 域名白名单(whitelist):%s", LOCAL_DNS or "默认"))
|
||||
end
|
||||
log(string.format(" - 域名白名单(whitelist):%s", LOCAL_DNS or "默认"))
|
||||
|
||||
local fwd_dns
|
||||
local ipset_flag
|
||||
local no_ipv6
|
||||
|
||||
--始终使用远程DNS解析代理(黑名单)列表
|
||||
for line in io.lines("/usr/share/passwall/rules/proxy_host") do
|
||||
if line ~= "" and not line:find("#") then
|
||||
add_excluded_domain(line)
|
||||
local ipset_flag = setflag_4 .. "passwall_blacklist," .. setflag_6 .. "passwall_blacklist6"
|
||||
if NO_PROXY_IPV6 == "1" then
|
||||
set_domain_address(line, "::")
|
||||
ipset_flag = setflag_4 .. "passwall_blacklist"
|
||||
--代理(黑名单)列表
|
||||
if USE_PROXY_LIST == "1" then
|
||||
--始终使用远程DNS解析代理(黑名单)列表
|
||||
for line in io.lines("/usr/share/passwall/rules/proxy_host") do
|
||||
if line ~= "" and not line:find("#") then
|
||||
add_excluded_domain(line)
|
||||
local ipset_flag = setflag_4 .. "passwall_blacklist," .. setflag_6 .. "passwall_blacklist6"
|
||||
if NO_PROXY_IPV6 == "1" then
|
||||
set_domain_address(line, "::")
|
||||
ipset_flag = setflag_4 .. "passwall_blacklist"
|
||||
end
|
||||
if REMOTE_FAKEDNS == "1" then
|
||||
ipset_flag = nil
|
||||
end
|
||||
set_domain_dns(line, TUN_DNS)
|
||||
set_domain_ipset(line, ipset_flag)
|
||||
end
|
||||
if REMOTE_FAKEDNS == "1" then
|
||||
ipset_flag = nil
|
||||
end
|
||||
log(string.format(" - 代理域名表(blacklist):%s", TUN_DNS or "默认"))
|
||||
end
|
||||
|
||||
--GFW列表
|
||||
if USE_GFW_LIST == "1" then
|
||||
if fs.access("/usr/share/passwall/rules/gfwlist") then
|
||||
fwd_dns = TUN_DNS
|
||||
if USE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" then
|
||||
fwd_dns = nil
|
||||
else
|
||||
local ipset_flag = setflag_4 .. "passwall_gfwlist," .. setflag_6 .. "passwall_gfwlist6"
|
||||
if NO_PROXY_IPV6 == "1" then
|
||||
ipset_flag = setflag_4 .. "passwall_gfwlist"
|
||||
end
|
||||
if REMOTE_FAKEDNS == "1" then
|
||||
ipset_flag = nil
|
||||
end
|
||||
local gfwlist_str = sys.exec('cat /usr/share/passwall/rules/gfwlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"')
|
||||
for line in string.gmatch(gfwlist_str, "[^\r\n]+") do
|
||||
if line ~= "" then
|
||||
if NO_PROXY_IPV6 == "1" then
|
||||
set_domain_address(line, "::")
|
||||
end
|
||||
set_domain_dns(line, fwd_dns)
|
||||
set_domain_ipset(line, ipset_flag)
|
||||
end
|
||||
end
|
||||
end
|
||||
set_domain_dns(line, TUN_DNS)
|
||||
set_domain_ipset(line, ipset_flag)
|
||||
log(string.format(" - 防火墙域名表(gfwlist):%s", fwd_dns or "默认"))
|
||||
end
|
||||
end
|
||||
|
||||
--中国列表
|
||||
if CHN_LIST ~= "0" then
|
||||
if fs.access("/usr/share/passwall/rules/chnlist") then
|
||||
fwd_dns = LOCAL_DNS
|
||||
if CHN_LIST == "proxy" then
|
||||
fwd_dns = TUN_DNS
|
||||
end
|
||||
if CHN_LIST == "direct" and USE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" then
|
||||
fwd_dns = nil
|
||||
else
|
||||
local ipset_flag = setflag_4 .. "passwall_chnroute," .. setflag_6 .. "passwall_chnroute6"
|
||||
if CHN_LIST == "proxy" then
|
||||
if NO_PROXY_IPV6 == "1" then
|
||||
ipset_flag = setflag_4 .. "passwall_chnroute"
|
||||
end
|
||||
if REMOTE_FAKEDNS == "1" then
|
||||
ipset_flag = nil
|
||||
end
|
||||
end
|
||||
local chnlist_str = sys.exec('cat /usr/share/passwall/rules/chnlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"')
|
||||
for line in string.gmatch(chnlist_str, "[^\r\n]+") do
|
||||
if line ~= "" then
|
||||
if CHN_LIST == "proxy" and NO_PROXY_IPV6 == "1" then
|
||||
set_domain_address(line, "::")
|
||||
end
|
||||
set_domain_dns(line, fwd_dns)
|
||||
set_domain_ipset(line, ipset_flag)
|
||||
end
|
||||
end
|
||||
end
|
||||
log(string.format(" - 中国域名表(chnroute):%s", fwd_dns or "默认"))
|
||||
end
|
||||
end
|
||||
log(string.format(" - 代理域名表(blacklist):%s", TUN_DNS or "默认"))
|
||||
|
||||
--分流规则
|
||||
if uci:get(appname, TCP_NODE, "protocol") == "_shunt" then
|
||||
|
|
@ -298,72 +376,6 @@ if not fs.access(CACHE_DNS_PATH) then
|
|||
}
|
||||
end
|
||||
|
||||
if not only_global then
|
||||
--如果没有使用回国模式
|
||||
if not returnhome then
|
||||
if fs.access("/usr/share/passwall/rules/gfwlist") then
|
||||
fwd_dns = TUN_DNS
|
||||
if CHNROUTE_MODE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" then
|
||||
fwd_dns = nil
|
||||
else
|
||||
local ipset_flag = setflag_4 .. "passwall_gfwlist," .. setflag_6 .. "passwall_gfwlist6"
|
||||
if NO_PROXY_IPV6 == "1" then
|
||||
ipset_flag = setflag_4 .. "passwall_gfwlist"
|
||||
end
|
||||
if REMOTE_FAKEDNS == "1" then
|
||||
ipset_flag = nil
|
||||
end
|
||||
local gfwlist_str = sys.exec('cat /usr/share/passwall/rules/gfwlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"')
|
||||
for line in string.gmatch(gfwlist_str, "[^\r\n]+") do
|
||||
if line ~= "" then
|
||||
if NO_PROXY_IPV6 == "1" then
|
||||
set_domain_address(line, "::")
|
||||
end
|
||||
set_domain_dns(line, fwd_dns)
|
||||
set_domain_ipset(line, ipset_flag)
|
||||
end
|
||||
end
|
||||
end
|
||||
log(string.format(" - 防火墙域名表(gfwlist):%s", fwd_dns or "默认"))
|
||||
end
|
||||
|
||||
if chnlist and fs.access("/usr/share/passwall/rules/chnlist") and (CHNROUTE_MODE_DEFAULT_DNS == "remote" or (CHNROUTE_MODE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0")) then
|
||||
fwd_dns = LOCAL_DNS
|
||||
if CHNROUTE_MODE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" then
|
||||
fwd_dns = nil
|
||||
else
|
||||
local chnlist_str = sys.exec('cat /usr/share/passwall/rules/chnlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"')
|
||||
for line in string.gmatch(chnlist_str, "[^\r\n]+") do
|
||||
if line ~= "" then
|
||||
set_domain_dns(line, fwd_dns)
|
||||
set_domain_ipset(line, setflag_4 .. "passwall_chnroute," .. setflag_6 .. "passwall_chnroute6")
|
||||
end
|
||||
end
|
||||
end
|
||||
log(string.format(" - 中国域名表(chnroute):%s", fwd_dns or "默认"))
|
||||
end
|
||||
else
|
||||
if fs.access("/usr/share/passwall/rules/chnlist") then
|
||||
local chnlist_str = sys.exec('cat /usr/share/passwall/rules/chnlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"')
|
||||
for line in string.gmatch(chnlist_str, "[^\r\n]+") do
|
||||
if line ~= "" then
|
||||
local ipset_flag = setflag_4 .. "passwall_chnroute," .. setflag_6 .. "passwall_chnroute6"
|
||||
if NO_PROXY_IPV6 == "1" then
|
||||
ipset_flag = setflag_4 .. "passwall_chnroute"
|
||||
set_domain_address(line, "::")
|
||||
end
|
||||
set_domain_dns(line, TUN_DNS)
|
||||
if REMOTE_FAKEDNS == "1" then
|
||||
ipset_flag = nil
|
||||
end
|
||||
set_domain_ipset(line, ipset_flag)
|
||||
end
|
||||
end
|
||||
log(string.format(" - 中国域名表(chnroute):%s", TUN_DNS or "默认"))
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
local address_out = io.open(CACHE_DNS_PATH .. "/000-address.conf", "a")
|
||||
local server_out = io.open(CACHE_DNS_PATH .. "/001-server.conf", "a")
|
||||
local ipset_out = io.open(CACHE_DNS_PATH .. "/ipset.conf", "a")
|
||||
|
|
@ -413,7 +425,9 @@ if DNSMASQ_CONF_FILE ~= "nil" then
|
|||
local conf_out = io.open(DNSMASQ_CONF_FILE, "a")
|
||||
conf_out:write(string.format("conf-dir=%s\n", TMP_DNSMASQ_PATH))
|
||||
if dnsmasq_default_dns then
|
||||
conf_out:write(string.format("server=%s\n", dnsmasq_default_dns))
|
||||
for s in string.gmatch(dnsmasq_default_dns, '[^' .. "," .. ']+') do
|
||||
conf_out:write(string.format("server=%s\n", s))
|
||||
end
|
||||
conf_out:write("all-servers\n")
|
||||
conf_out:write("no-poll\n")
|
||||
conf_out:write("no-resolv\n")
|
||||
|
|
|
|||
|
|
@ -132,93 +132,28 @@ REDIRECT() {
|
|||
echo $s
|
||||
}
|
||||
|
||||
get_ipset_ipt() {
|
||||
case "$1" in
|
||||
gfwlist)
|
||||
echo "$(dst $IPSET_GFW)"
|
||||
;;
|
||||
chnroute)
|
||||
echo "$(dst $IPSET_CHN !)"
|
||||
;;
|
||||
returnhome)
|
||||
echo "$(dst $IPSET_CHN)"
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
get_ipset_ip6t() {
|
||||
case "$1" in
|
||||
gfwlist)
|
||||
echo "$(dst $IPSET_GFW6)"
|
||||
;;
|
||||
chnroute)
|
||||
echo "$(dst $IPSET_CHN6 !)"
|
||||
;;
|
||||
returnhome)
|
||||
echo "$(dst $IPSET_CHN6)"
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
get_redirect_ipt() {
|
||||
case "$1" in
|
||||
disable)
|
||||
echo "-j RETURN"
|
||||
;;
|
||||
global)
|
||||
echo "$(REDIRECT $2 $3)"
|
||||
;;
|
||||
gfwlist)
|
||||
echo "$(dst $IPSET_GFW) $(REDIRECT $2 $3)"
|
||||
;;
|
||||
chnroute)
|
||||
echo "$(dst $IPSET_CHN !) $(REDIRECT $2 $3)"
|
||||
;;
|
||||
returnhome)
|
||||
echo "$(dst $IPSET_CHN) $(REDIRECT $2 $3)"
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
get_redirect_ip6t() {
|
||||
case "$1" in
|
||||
disable)
|
||||
echo "-j RETURN"
|
||||
;;
|
||||
global)
|
||||
echo "$(REDIRECT $2 $3)"
|
||||
;;
|
||||
gfwlist)
|
||||
echo "$(dst $IPSET_GFW6) $(REDIRECT $2 $3)"
|
||||
;;
|
||||
chnroute)
|
||||
echo "$(dst $IPSET_CHN6 !) $(REDIRECT $2 $3)"
|
||||
;;
|
||||
returnhome)
|
||||
echo "$(dst $IPSET_CHN6) $(REDIRECT $2 $3)"
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
get_action_chain_name() {
|
||||
case "$1" in
|
||||
disable)
|
||||
echo "不代理"
|
||||
;;
|
||||
global)
|
||||
echo "全局代理"
|
||||
proxy)
|
||||
echo "代理"
|
||||
;;
|
||||
gfwlist)
|
||||
echo "防火墙列表"
|
||||
esac
|
||||
}
|
||||
|
||||
get_jump_ipt() {
|
||||
case "$1" in
|
||||
direct)
|
||||
echo "-j RETURN"
|
||||
;;
|
||||
chnroute)
|
||||
echo "中国列表以外"
|
||||
;;
|
||||
returnhome)
|
||||
echo "中国列表"
|
||||
;;
|
||||
direct/proxy)
|
||||
echo "仅使用直连/代理列表"
|
||||
proxy)
|
||||
if [ -n "$2" ] && [ -n "$(echo $2 | grep "^-")" ]; then
|
||||
echo "$2"
|
||||
else
|
||||
echo "$(REDIRECT $2 $3)"
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
|
@ -259,9 +194,7 @@ load_acl() {
|
|||
echolog "访问控制:"
|
||||
for sid in $(ls -F ${TMP_ACL_PATH} | grep '/$' | awk -F '/' '{print $1}'); do
|
||||
eval $(uci -q show "${CONFIG}.${sid}" | cut -d'.' -sf 3-)
|
||||
|
||||
tcp_proxy_mode=${tcp_proxy_mode:-default}
|
||||
udp_proxy_mode=${udp_proxy_mode:-default}
|
||||
|
||||
tcp_no_redir_ports=${tcp_no_redir_ports:-default}
|
||||
udp_no_redir_ports=${udp_no_redir_ports:-default}
|
||||
tcp_proxy_drop_ports=${tcp_proxy_drop_ports:-default}
|
||||
|
|
@ -270,8 +203,13 @@ load_acl() {
|
|||
udp_redir_ports=${udp_redir_ports:-default}
|
||||
tcp_node=${tcp_node:-default}
|
||||
udp_node=${udp_node:-default}
|
||||
[ "$tcp_proxy_mode" = "default" ] && tcp_proxy_mode=$TCP_PROXY_MODE
|
||||
[ "$udp_proxy_mode" = "default" ] && udp_proxy_mode=$UDP_PROXY_MODE
|
||||
use_direct_list=${use_direct_list:-1}
|
||||
use_proxy_list=${use_proxy_list:-1}
|
||||
use_block_list=${use_block_list:-1}
|
||||
use_gfw_list=${use_gfw_list:-1}
|
||||
chn_list=${chn_list:-direct}
|
||||
tcp_proxy_mode=${tcp_proxy_mode:-proxy}
|
||||
udp_proxy_mode=${udp_proxy_mode:-proxy}
|
||||
[ "$tcp_no_redir_ports" = "default" ] && tcp_no_redir_ports=$TCP_NO_REDIR_PORTS
|
||||
[ "$udp_no_redir_ports" = "default" ] && udp_no_redir_ports=$UDP_NO_REDIR_PORTS
|
||||
[ "$tcp_proxy_drop_ports" = "default" ] && tcp_proxy_drop_ports=$TCP_PROXY_DROP_PORTS
|
||||
|
|
@ -313,9 +251,17 @@ load_acl() {
|
|||
|
||||
ipt_tmp=$ipt_n
|
||||
[ -n "${is_tproxy}" ] && ipt_tmp=$ipt_m
|
||||
[ "${use_direct_list}" = "1" ] && $ipt_n -A PSW $(comment "$remarks") ${_ipt_source} $(dst $IPSET_WHITELIST) -j RETURN
|
||||
[ "${use_direct_list}" = "1" ] && $ipt_m -A PSW $(comment "$remarks") ${_ipt_source} $(dst $IPSET_WHITELIST) -j RETURN
|
||||
[ "${use_block_list}" = "1" ] && $ipt_m -A PSW $(comment "$remarks") ${_ipt_source} $(dst $IPSET_BLOCKLIST) -j DROP
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
[ "${use_direct_list}" = "1" ] && $ipt6_n -A PSW $(comment "$remarks") ${_ipt_source} $(dst $IPSET_WHITELIST6) -j RETURN
|
||||
[ "${use_direct_list}" = "1" ] && $ipt6_m -A PSW $(comment "$remarks") ${_ipt_source} $(dst $IPSET_WHITELIST6) -j RETURN
|
||||
[ "${use_block_list}" = "1" ] && $ipt6_m -A PSW $(comment "$remarks") ${_ipt_source} $(dst $IPSET_BLOCKLIST6) -j DROP
|
||||
}
|
||||
|
||||
[ -n "$tcp_port" ] && {
|
||||
if [ "$tcp_proxy_mode" != "disable" ]; then
|
||||
if [ -n "${tcp_proxy_mode}" ]; then
|
||||
[ -s "${TMP_ACL_PATH}/${sid}/var_redirect_dns_port" ] && $ipt_n -A PSW_REDIRECT $(comment "$remarks") -p udp ${_ipt_source} --dport 53 -j REDIRECT --to-ports $(cat ${TMP_ACL_PATH}/${sid}/var_redirect_dns_port)
|
||||
msg2="${msg}使用TCP节点[$tcp_node_remark] [$(get_action_chain_name $tcp_proxy_mode)]"
|
||||
if [ -n "${is_tproxy}" ]; then
|
||||
|
|
@ -328,14 +274,18 @@ load_acl() {
|
|||
[ "$accept_icmp" = "1" ] && {
|
||||
$ipt_n -A PSW $(comment "$remarks") -p icmp ${_ipt_source} -d $FAKE_IP $(REDIRECT)
|
||||
$ipt_n -A PSW $(comment "$remarks") -p icmp ${_ipt_source} $(dst $IPSET_SHUNTLIST) $(REDIRECT)
|
||||
$ipt_n -A PSW $(comment "$remarks") -p icmp ${_ipt_source} $(dst $IPSET_BLACKLIST) $(REDIRECT)
|
||||
[ "$tcp_proxy_mode" != "direct/proxy" ] && $ipt_n -A PSW $(comment "$remarks") -p icmp ${_ipt_source} $(get_redirect_ipt $tcp_proxy_mode)
|
||||
[ "${use_proxy_list}" = "1" ] && $ipt_n -A PSW $(comment "$remarks") -p icmp ${_ipt_source} $(dst $IPSET_BLACKLIST) $(REDIRECT)
|
||||
[ "${use_gfw_list}" = "1" ] && $ipt_n -A PSW $(comment "$remarks") -p icmp ${_ipt_source} $(dst $IPSET_GFW) $(REDIRECT)
|
||||
[ "${chn_list}" != "0" ] && $ipt_n -A PSW $(comment "$remarks") -p icmp ${_ipt_source} $(dst $IPSET_CHN) $(get_jump_ipt ${chn_list})
|
||||
[ "${tcp_proxy_mode}" != "disable" ] && $ipt_n -A PSW $(comment "$remarks") -p icmp ${_ipt_source} $(REDIRECT)
|
||||
}
|
||||
|
||||
[ "$accept_icmpv6" = "1" ] && [ "$PROXY_IPV6" == "1" ] && {
|
||||
$ip6t_n -A PSW $(comment "$remarks") -p ipv6-icmp ${_ipt_source} $(dst $IPSET_SHUNTLIST6) $(REDIRECT) 2>/dev/null
|
||||
$ip6t_n -A PSW $(comment "$remarks") -p ipv6-icmp ${_ipt_source} $(dst $IPSET_BLACKLIST6) $(REDIRECT) 2>/dev/null
|
||||
[ "$tcp_proxy_mode" != "direct/proxy" ] && $ip6t_n -A PSW $(comment "$remarks") -p ipv6-icmp ${_ipt_source} $(get_redirect_ip6t $tcp_proxy_mode) 2>/dev/null
|
||||
[ "${use_proxy_list}" = "1" ] && $ip6t_n -A PSW $(comment "$remarks") -p ipv6-icmp ${_ipt_source} $(dst $IPSET_BLACKLIST6) $(REDIRECT) 2>/dev/null
|
||||
[ "${use_gfw_list}" = "1" ] && $ip6t_n -A PSW $(comment "$remarks") -p ipv6-icmp ${_ipt_source} $(dst $IPSET_GFW6) $(REDIRECT) 2>/dev/null
|
||||
[ "${chn_list}" != "0" ] && $ip6t_n -A PSW $(comment "$remarks") -p ipv6-icmp ${_ipt_source} $(dst $IPSET_CHN6) $(get_jump_ipt ${chn_list}) 2>/dev/null
|
||||
[ "${tcp_proxy_mode}" != "disable" ] && $ip6t_n -A PSW $(comment "$remarks") -p ipv6-icmp ${_ipt_source} $(REDIRECT) 2>/dev/null
|
||||
}
|
||||
|
||||
[ "$tcp_no_redir_ports" != "disable" ] && {
|
||||
|
|
@ -348,32 +298,42 @@ load_acl() {
|
|||
[ "$tcp_proxy_drop_ports" != "disable" ] && {
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
$ip6t_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST6) -j DROP 2>/dev/null
|
||||
$ip6t_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST6) -j DROP 2>/dev/null
|
||||
[ "$tcp_proxy_mode" != "direct/proxy" ] && $ip6t_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "-m multiport --dport") $(get_ipset_ip6t $tcp_proxy_mode) -j DROP 2>/dev/null
|
||||
[ "${use_proxy_list}" = "1" ] && $ip6t_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST6) -j DROP 2>/dev/null
|
||||
[ "${use_gfw_list}" = "1" ] && $ip6t_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "-m multiport --dport") $(dst $IPSET_GFW6) -j DROP 2>/dev/null
|
||||
[ "${chn_list}" != "0" ] && $ip6t_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "-m multiport --dport") $(dst $IPSET_CHN6) $(get_jump_ipt ${chn_list} "-j DROP") 2>/dev/null
|
||||
[ "${tcp_proxy_mode}" != "disable" ] && $ip6t_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "-m multiport --dport") -j DROP 2>/dev/null
|
||||
}
|
||||
$ipt_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "-m multiport --dport") -d $FAKE_IP -j DROP
|
||||
$ipt_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST) -j DROP
|
||||
$ipt_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j DROP
|
||||
[ "$tcp_proxy_mode" != "direct/proxy" ] && $ipt_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "-m multiport --dport") $(get_ipset_ipt $tcp_proxy_mode) -j DROP
|
||||
[ "${use_proxy_list}" = "1" ] && $ipt_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j DROP
|
||||
[ "${use_gfw_list}" = "1" ] && $ipt_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "-m multiport --dport") $(dst $IPSET_GFW) -j DROP
|
||||
[ "${chn_list}" != "0" ] && $ipt_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "-m multiport --dport") $(dst $IPSET_CHN) $(get_jump_ipt ${chn_list} "-j DROP")
|
||||
[ "${tcp_proxy_mode}" != "disable" ] && $ipt_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "-m multiport --dport") -j DROP
|
||||
msg2="${msg2}[$?],屏蔽代理TCP 端口:${tcp_proxy_drop_ports}"
|
||||
}
|
||||
|
||||
if [ "${ipt_tmp}" = "${ipt_n}" ]; then
|
||||
$ipt_n -A PSW $(comment "$remarks") -p tcp ${_ipt_source} -d $FAKE_IP $(REDIRECT $tcp_port)
|
||||
$ipt_n -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $tcp_port)
|
||||
$ipt_n -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $tcp_port)
|
||||
[ "$tcp_proxy_mode" != "direct/proxy" ] && $ipt_n -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(get_redirect_ipt $tcp_proxy_mode $tcp_port)
|
||||
[ "${use_proxy_list}" = "1" ] && $ipt_n -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $tcp_port)
|
||||
[ "${use_gfw_list}" = "1" ] && $ipt_n -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_GFW) $(REDIRECT $tcp_port)
|
||||
[ "${chn_list}" != "0" ] && $ipt_n -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_CHN) $(get_jump_ipt ${chn_list} $tcp_port)
|
||||
[ "${tcp_proxy_mode}" != "disable" ] && $ipt_n -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(REDIRECT $tcp_port)
|
||||
else
|
||||
$ipt_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} -d $FAKE_IP -j PSW_RULE
|
||||
$ipt_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST) -j PSW_RULE
|
||||
$ipt_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j PSW_RULE
|
||||
[ "$tcp_proxy_mode" != "direct/proxy" ] && $ipt_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(get_ipset_ipt $tcp_proxy_mode) -j PSW_RULE
|
||||
[ "${use_proxy_list}" = "1" ] && $ipt_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j PSW_RULE
|
||||
[ "${use_gfw_list}" = "1" ] && $ipt_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_GFW) -j PSW_RULE
|
||||
[ "${chn_list}" != "0" ] && $ipt_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_CHN) $(get_jump_ipt ${chn_list} "-j PSW_RULE")
|
||||
[ "${tcp_proxy_mode}" != "disable" ] && $ipt_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") -j PSW_RULE
|
||||
$ipt_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(REDIRECT $tcp_port TPROXY)
|
||||
fi
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
$ip6t_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST6) -j PSW_RULE 2>/dev/null
|
||||
$ip6t_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST6) -j PSW_RULE 2>/dev/null
|
||||
[ "$tcp_proxy_mode" != "direct/proxy" ] && $ip6t_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(get_ipset_ip6t $tcp_proxy_mode) -j PSW_RULE 2>/dev/null
|
||||
[ "${use_proxy_list}" = "1" ] && $ip6t_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST6) -j PSW_RULE 2>/dev/null
|
||||
[ "${use_gfw_list}" = "1" ] && $ip6t_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_GFW6) -j PSW_RULE 2>/dev/null
|
||||
[ "${chn_list}" != "0" ] && $ip6t_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_CHN6) $(get_jump_ipt ${chn_list} "-j PSW_RULE") 2>/dev/null
|
||||
[ "${tcp_proxy_mode}" != "disable" ] && $ip6t_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") -j PSW_RULE 2>/dev/null
|
||||
$ip6t_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(REDIRECT $tcp_port TPROXY) 2>/dev/null
|
||||
}
|
||||
else
|
||||
|
|
@ -388,18 +348,22 @@ load_acl() {
|
|||
[ "$udp_proxy_drop_ports" != "disable" ] && {
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
$ip6t_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_proxy_drop_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST6) -j DROP 2>/dev/null
|
||||
$ip6t_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_proxy_drop_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST6) -j DROP 2>/dev/null
|
||||
[ "$udp_proxy_mode" != "direct/proxy" ] && $ip6t_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_proxy_drop_ports "-m multiport --dport") $(get_ipset_ip6t $udp_proxy_mode) -j DROP 2>/dev/null
|
||||
[ "${use_proxy_list}" = "1" ] && $ip6t_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_proxy_drop_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST6) -j DROP 2>/dev/null
|
||||
[ "${use_gfw_list}" = "1" ] && $ip6t_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_proxy_drop_ports "-m multiport --dport") $(dst $IPSET_GFW6) -j DROP 2>/dev/null
|
||||
[ "${chn_list}" != "0" ] && $ip6t_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_proxy_drop_ports "-m multiport --dport") $(dst $IPSET_CHN6) $(get_jump_ipt ${chn_list} "-j DROP") 2>/dev/null
|
||||
[ "${udp_proxy_mode}" != "disable" ] && $ip6t_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_proxy_drop_ports "-m multiport --dport") -j DROP 2>/dev/null
|
||||
}
|
||||
$ipt_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_proxy_drop_ports "-m multiport --dport") -d $FAKE_IP -j DROP
|
||||
$ipt_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_proxy_drop_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST) -j DROP
|
||||
$ipt_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_proxy_drop_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j DROP
|
||||
[ "$udp_proxy_mode" != "direct/proxy" ] && $ipt_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_proxy_drop_ports "-m multiport --dport") $(get_ipset_ipt $udp_proxy_mode) -j DROP
|
||||
[ "${use_proxy_list}" = "1" ] && $ipt_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_proxy_drop_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j DROP
|
||||
[ "${use_gfw_list}" = "1" ] && $ipt_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_proxy_drop_ports "-m multiport --dport") $(dst $IPSET_GFW) -j DROP
|
||||
[ "${chn_list}" != "0" ] && $ipt_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_proxy_drop_ports "-m multiport --dport") $(dst $IPSET_CHN) $(get_jump_ipt ${chn_list} "-j DROP")
|
||||
[ "${udp_proxy_mode}" != "disable" ] && $ipt_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_proxy_drop_ports "-m multiport --dport") -j DROP
|
||||
msg2="${msg2}[$?],屏蔽代理UDP 端口:${udp_proxy_drop_ports}"
|
||||
}
|
||||
|
||||
[ -n "$udp_port" ] && {
|
||||
if [ "$udp_proxy_mode" != "disable" ]; then
|
||||
if [ -n "${udp_proxy_mode}" ]; then
|
||||
msg2="${msg}使用UDP节点[$udp_node_remark] [$(get_action_chain_name $udp_proxy_mode)]"
|
||||
msg2="${msg2}(TPROXY:${udp_port})代理"
|
||||
[ "$udp_no_redir_ports" != "disable" ] && {
|
||||
|
|
@ -411,14 +375,18 @@ load_acl() {
|
|||
|
||||
$ipt_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} -d $FAKE_IP -j PSW_RULE
|
||||
$ipt_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST) -j PSW_RULE
|
||||
$ipt_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j PSW_RULE
|
||||
[ "$udp_proxy_mode" != "direct/proxy" ] && $ipt_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") $(get_ipset_ipt $udp_proxy_mode) -j PSW_RULE
|
||||
[ "${use_proxy_list}" = "1" ] && $ipt_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j PSW_RULE
|
||||
[ "${use_gfw_list}" = "1" ] && $ipt_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") $(dst $IPSET_GFW) -j PSW_RULE
|
||||
[ "${chn_list}" != "0" ] && $ipt_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") $(dst $IPSET_CHN) $(get_jump_ipt ${chn_list} "-j PSW_RULE")
|
||||
[ "${udp_proxy_mode}" != "disable" ] && $ipt_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") -j PSW_RULE
|
||||
$ipt_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(REDIRECT $udp_port TPROXY)
|
||||
|
||||
[ "$PROXY_IPV6" == "1" ] && [ "$PROXY_IPV6_UDP" == "1" ] && {
|
||||
$ip6t_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST6) -j PSW_RULE 2>/dev/null
|
||||
$ip6t_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST6) -j PSW_RULE 2>/dev/null
|
||||
[ "$udp_proxy_mode" != "direct/proxy" ] && $ip6t_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") $(get_ipset_ip6t $udp_proxy_mode) -j PSW_RULE 2>/dev/null
|
||||
[ "${use_proxy_list}" = "1" ] && $ip6t_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST6) -j PSW_RULE 2>/dev/null
|
||||
[ "${use_gfw_list}" = "1" ] && $ip6t_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") $(dst $IPSET_GFW6) -j PSW_RULE 2>/dev/null
|
||||
[ "${chn_list}" != "0" ] && $ip6t_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") $(dst $IPSET_CHN6) $(get_jump_ipt ${chn_list} "-j PSW_RULE") 2>/dev/null
|
||||
[ "${udp_proxy_mode}" != "disable" ] && $ip6t_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") -j PSW_RULE 2>/dev/null
|
||||
$ip6t_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(REDIRECT $udp_port TPROXY) 2>/dev/null
|
||||
}
|
||||
else
|
||||
|
|
@ -429,27 +397,39 @@ load_acl() {
|
|||
$ip6t_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -j RETURN 2>/dev/null
|
||||
$ipt_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -j RETURN
|
||||
done
|
||||
unset enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node
|
||||
unset enabled sid remarks sources use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node
|
||||
unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark
|
||||
unset ipt_tmp msg msg2
|
||||
done
|
||||
}
|
||||
|
||||
[ "$ENABLED_DEFAULT_ACL" == 1 ] && {
|
||||
[ "${USE_DIRECT_LIST}" = "1" ] && $ipt_n -A PSW $(comment "默认") $(dst $IPSET_WHITELIST) -j RETURN
|
||||
[ "${USE_DIRECT_LIST}" = "1" ] && $ipt_m -A PSW $(comment "默认") $(dst $IPSET_WHITELIST) -j RETURN
|
||||
[ "${USE_BLOCK_LIST}" = "1" ] && $ipt_m -A PSW $(comment "默认") $(dst $IPSET_BLOCKLIST) -j DROP
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
[ "${USE_DIRECT_LIST}" = "1" ] && $ipt6_n -A PSW $(comment "默认") $(dst $IPSET_WHITELIST6) -j RETURN
|
||||
[ "${USE_DIRECT_LIST}" = "1" ] && $ipt6_m -A PSW $(comment "默认") $(dst $IPSET_WHITELIST6) -j RETURN
|
||||
[ "${USE_BLOCK_LIST}" = "1" ] && $ipt6_m -A PSW $(comment "默认") $(dst $IPSET_BLOCKLIST6) -j DROP
|
||||
}
|
||||
# 加载TCP默认代理模式
|
||||
[ "$TCP_PROXY_DROP_PORTS" != "disable" ] && {
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
$ip6t_m -A PSW $(comment "默认") -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST6) -j DROP
|
||||
$ip6t_m -A PSW $(comment "默认") -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST6) -j DROP
|
||||
[ "$TCP_PROXY_MODE" != "direct/proxy" ] && $ip6t_m -A PSW $(comment "默认") -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") $(get_ipset_ip6t $TCP_PROXY_MODE) -j DROP
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && $ip6t_m -A PSW $(comment "默认") -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST6) -j DROP
|
||||
[ "${USE_GFW_LIST}" = "1" ] && $ip6t_m -A PSW $(comment "默认") -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_GFW6) -j DROP
|
||||
[ "${CHN_LIST}" != "0" ] && $ip6t_m -A PSW $(comment "默认") -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_CHN6) $(get_jump_ipt ${CHN_LIST} "-j DROP")
|
||||
[ "${TCP_PROXY_MODE}" != "disable" ] && $ip6t_m -A PSW $(comment "默认") -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") -j DROP
|
||||
}
|
||||
$ipt_m -A PSW $(comment "默认") -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") -d $FAKE_IP -j DROP
|
||||
$ipt_m -A PSW $(comment "默认") -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) -j DROP
|
||||
$ipt_m -A PSW $(comment "默认") -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j DROP
|
||||
[ "$TCP_PROXY_MODE" != "direct/proxy" ] && $ipt_m -A PSW $(comment "默认") -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") $(get_ipset_ipt $TCP_PROXY_MODE) -j DROP
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && $ipt_m -A PSW $(comment "默认") -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j DROP
|
||||
[ "${USE_GFW_LIST}" = "1" ] && $ipt_m -A PSW $(comment "默认") -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_GFW) -j DROP
|
||||
[ "${CHN_LIST}" != "0" ] && $ipt_m -A PSW $(comment "默认") -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_CHN) $(get_jump_ipt ${CHN_LIST} "-j DROP")
|
||||
[ "${TCP_PROXY_MODE}" != "disable" ] && $ipt_m -A PSW $(comment "默认") -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") -j DROP
|
||||
}
|
||||
|
||||
if [ "$TCP_PROXY_MODE" != "disable" ]; then
|
||||
if [ -n "${TCP_PROXY_MODE}" ]; then
|
||||
local ipt_tmp=$ipt_n
|
||||
[ -n "${is_tproxy}" ] && ipt_tmp=$ipt_m
|
||||
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && {
|
||||
|
|
@ -470,33 +450,43 @@ load_acl() {
|
|||
[ "$accept_icmp" = "1" ] && {
|
||||
$ipt_n -A PSW $(comment "默认") -p icmp -d $FAKE_IP $(REDIRECT)
|
||||
$ipt_n -A PSW $(comment "默认") -p icmp $(dst $IPSET_SHUNTLIST) $(REDIRECT)
|
||||
$ipt_n -A PSW $(comment "默认") -p icmp $(dst $IPSET_BLACKLIST) $(REDIRECT)
|
||||
[ "$TCP_PROXY_MODE" != "direct/proxy" ] && $ipt_n -A PSW $(comment "默认") -p icmp $(get_redirect_ipt $TCP_PROXY_MODE)
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && $ipt_n -A PSW $(comment "默认") -p icmp $(dst $IPSET_BLACKLIST) $(REDIRECT)
|
||||
[ "${USE_GFW_LIST}" = "1" ] && $ipt_n -A PSW $(comment "默认") -p icmp $(dst $IPSET_GFW) $(REDIRECT)
|
||||
[ "${CHN_LIST}" != "0" ] && $ipt_n -A PSW $(comment "默认") -p icmp $(dst $IPSET_CHN) $(get_jump_ipt ${CHN_LIST})
|
||||
[ "${TCP_PROXY_MODE}" != "disable" ] && $ipt_n -A PSW $(comment "默认") -p icmp $(REDIRECT)
|
||||
}
|
||||
|
||||
[ "$accept_icmpv6" = "1" ] && [ "$PROXY_IPV6" == "1" ] && {
|
||||
$ip6t_n -A PSW $(comment "默认") -p ipv6-icmp $(dst $IPSET_SHUNTLIST6) $(REDIRECT)
|
||||
$ip6t_n -A PSW $(comment "默认") -p ipv6-icmp $(dst $IPSET_BLACKLIST6) $(REDIRECT)
|
||||
[ "$TCP_PROXY_MODE" != "direct/proxy" ] && $ip6t_n -A PSW $(comment "默认") -p ipv6-icmp $(get_redirect_ip6t $TCP_PROXY_MODE)
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && $ip6t_n -A PSW $(comment "默认") -p ipv6-icmp $(dst $IPSET_BLACKLIST6) $(REDIRECT)
|
||||
[ "${USE_GFW_LIST}" = "1" ] && $ip6t_n -A PSW $(comment "默认") -p ipv6-icmp $(dst $IPSET_GFW6) $(REDIRECT)
|
||||
[ "${CHN_LIST}" != "0" ] && $ip6t_n -A PSW $(comment "默认") -p ipv6-icmp $(dst $IPSET_CHN6) $(get_jump_ipt ${CHN_LIST})
|
||||
[ "${TCP_PROXY_MODE}" != "disable" ] && $ip6t_n -A PSW $(comment "默认") -p ipv6-icmp $(REDIRECT)
|
||||
}
|
||||
|
||||
if [ "${ipt_tmp}" = "${ipt_n}" ]; then
|
||||
$ipt_n -A PSW $(comment "默认") -p tcp -d $FAKE_IP $(REDIRECT $TCP_REDIR_PORT)
|
||||
$ipt_n -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $TCP_REDIR_PORT)
|
||||
$ipt_n -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $TCP_REDIR_PORT)
|
||||
[ "$TCP_PROXY_MODE" != "direct/proxy" ] && $ipt_n -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $TCP_PROXY_MODE $TCP_REDIR_PORT)
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && $ipt_n -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $TCP_REDIR_PORT)
|
||||
[ "${USE_GFW_LIST}" = "1" ] && $ipt_n -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_GFW) $(REDIRECT $TCP_REDIR_PORT)
|
||||
[ "${CHN_LIST}" != "0" ] && $ipt_n -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_CHN) $(get_jump_ipt ${CHN_LIST} $TCP_REDIR_PORT)
|
||||
[ "${TCP_PROXY_MODE}" != "disable" ] && $ipt_n -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(REDIRECT $TCP_REDIR_PORT)
|
||||
else
|
||||
$ipt_m -A PSW $(comment "默认") -p tcp -d $FAKE_IP -j PSW_RULE
|
||||
$ipt_m -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) -j PSW_RULE
|
||||
$ipt_m -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j PSW_RULE
|
||||
[ "$TCP_PROXY_MODE" != "direct/proxy" ] && $ipt_m -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(get_ipset_ipt $TCP_PROXY_MODE) -j PSW_RULE
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && $ipt_m -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j PSW_RULE
|
||||
[ "${USE_GFW_LIST}" = "1" ] && $ipt_m -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_GFW) -j PSW_RULE
|
||||
[ "${CHN_LIST}" != "0" ] && $ipt_m -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_CHN) $(get_jump_ipt ${CHN_LIST} "-j PSW_RULE")
|
||||
[ "${TCP_PROXY_MODE}" != "disable" ] && $ipt_m -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j PSW_RULE
|
||||
$ipt_m -A PSW $(comment "默认") -p tcp $(REDIRECT $TCP_REDIR_PORT TPROXY)
|
||||
fi
|
||||
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
$ip6t_m -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST6) -j PSW_RULE
|
||||
$ip6t_m -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST6) -j PSW_RULE
|
||||
[ "$TCP_PROXY_MODE" != "direct/proxy" ] && $ip6t_m -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(get_ipset_ip6t $TCP_PROXY_MODE) -j PSW_RULE
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && $ip6t_m -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST6) -j PSW_RULE
|
||||
[ "${USE_GFW_LIST}" = "1" ] && $ip6t_m -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_GFW6) -j PSW_RULE
|
||||
[ "${CHN_LIST}" != "0" ] && $ip6t_m -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_CHN6) $(get_jump_ipt ${CHN_LIST} "-j PSW_RULE")
|
||||
[ "${TCP_PROXY_MODE}" != "disable" ] && $ip6t_m -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j PSW_RULE
|
||||
$ip6t_m -A PSW $(comment "默认") -p tcp $(REDIRECT $TCP_REDIR_PORT TPROXY)
|
||||
}
|
||||
|
||||
|
|
@ -511,15 +501,19 @@ load_acl() {
|
|||
[ "$UDP_PROXY_DROP_PORTS" != "disable" ] && {
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
$ip6t_m -A PSW $(comment "默认") -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST6) -j DROP
|
||||
$ip6t_m -A PSW $(comment "默认") -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST6) -j DROP
|
||||
[ "$UDP_PROXY_MODE" != "direct/proxy" ] && $ip6t_m -A PSW $(comment "默认") -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") $(get_ipset_ip6t $UDP_PROXY_MODE) -j DROP
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && $ip6t_m -A PSW $(comment "默认") -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST6) -j DROP
|
||||
[ "${USE_GFW_LIST}" = "1" ] && $ip6t_m -A PSW $(comment "默认") -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_GFW6) -j DROP
|
||||
[ "${CHN_LIST}" != "0" ] && $ip6t_m -A PSW $(comment "默认") -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_CHN6) $(get_jump_ipt ${CHN_LIST} "-j DROP")
|
||||
[ "${UDP_PROXY_MODE}" != "disable" ] && $ip6t_m -A PSW $(comment "默认") -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") -j DROP
|
||||
}
|
||||
$ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") -d $FAKE_IP -j DROP
|
||||
$ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) -j DROP
|
||||
$ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j DROP
|
||||
[ "$UDP_PROXY_MODE" != "direct/proxy" ] && $ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") $(get_ipset_ipt $UDP_PROXY_MODE) -j DROP
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && $ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j DROP
|
||||
[ "${USE_GFW_LIST}" = "1" ] && $ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_GFW) -j DROP
|
||||
[ "${CHN_LIST}" != "0" ] && $ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_CHN) $(get_jump_ipt ${CHN_LIST} "-j DROP")
|
||||
[ "${UDP_PROXY_MODE}" != "disable" ] && $ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") -j DROP
|
||||
}
|
||||
if [ "$UDP_PROXY_MODE" != "disable" ]; then
|
||||
if [ -n "${UDP_PROXY_MODE}" ]; then
|
||||
[ "$UDP_NO_REDIR_PORTS" != "disable" ] && {
|
||||
$ip6t_m -A PSW $(comment "默认") -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN
|
||||
$ipt_m -A PSW $(comment "默认") -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN
|
||||
|
|
@ -534,14 +528,18 @@ load_acl() {
|
|||
|
||||
$ipt_m -A PSW $(comment "默认") -p udp -d $FAKE_IP -j PSW_RULE
|
||||
$ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) -j PSW_RULE
|
||||
$ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j PSW_RULE
|
||||
[ "$UDP_PROXY_MODE" != "direct/proxy" ] && $ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_ipset_ipt $UDP_PROXY_MODE) -j PSW_RULE
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && $ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j PSW_RULE
|
||||
[ "${USE_GFW_LIST}" = "1" ] && $ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_GFW) -j PSW_RULE
|
||||
[ "${CHN_LIST}" != "0" ] && $ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_CHN) $(get_jump_ipt ${CHN_LIST} "-j PSW_RULE")
|
||||
[ "${UDP_PROXY_MODE}" != "disable" ] && $ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW_RULE
|
||||
$ipt_m -A PSW $(comment "默认") -p udp $(REDIRECT $UDP_REDIR_PORT TPROXY)
|
||||
|
||||
[ "$PROXY_IPV6" == "1" ] && [ "$PROXY_IPV6_UDP" == "1" ] && {
|
||||
$ip6t_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST6) -j PSW_RULE
|
||||
$ip6t_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST6) -j PSW_RULE
|
||||
[ "$UDP_PROXY_MODE" != "direct/proxy" ] && $ip6t_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_ipset_ip6t $UDP_PROXY_MODE) -j PSW_RULE
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && $ip6t_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST6) -j PSW_RULE
|
||||
[ "${USE_GFW_LIST}" = "1" ] && $ip6t_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_GFW6) -j PSW_RULE
|
||||
[ "${CHN_LIST}" != "0" ] && $ip6t_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_CHN6) $(get_jump_ipt ${CHN_LIST} "-j PSW_RULE")
|
||||
[ "${UDP_PROXY_MODE}" != "disable" ] && $ip6t_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW_RULE
|
||||
$ip6t_m -A PSW $(comment "默认") -p udp $(REDIRECT $UDP_REDIR_PORT TPROXY)
|
||||
}
|
||||
|
||||
|
|
@ -776,7 +774,6 @@ add_firewall_rule() {
|
|||
$ipt_n -N PSW
|
||||
$ipt_n -A PSW $(dst $IPSET_LANLIST) -j RETURN
|
||||
$ipt_n -A PSW $(dst $IPSET_VPSLIST) -j RETURN
|
||||
$ipt_n -A PSW $(dst $IPSET_WHITELIST) -j RETURN
|
||||
|
||||
WAN_IP=$(get_wan_ip)
|
||||
[ ! -z "${WAN_IP}" ] && $ipt_n -A PSW $(comment "WAN_IP_RETURN") -d "${WAN_IP}" -j RETURN
|
||||
|
|
@ -787,7 +784,7 @@ add_firewall_rule() {
|
|||
$ipt_n -N PSW_OUTPUT
|
||||
$ipt_n -A PSW_OUTPUT $(dst $IPSET_LANLIST) -j RETURN
|
||||
$ipt_n -A PSW_OUTPUT $(dst $IPSET_VPSLIST) -j RETURN
|
||||
$ipt_n -A PSW_OUTPUT $(dst $IPSET_WHITELIST) -j RETURN
|
||||
[ "${USE_DIRECT_LIST}" = "1" ] && $ipt_n -A PSW_OUTPUT $(dst $IPSET_WHITELIST) -j RETURN
|
||||
$ipt_n -A PSW_OUTPUT -m mark --mark 0xff -j RETURN
|
||||
|
||||
$ipt_n -N PSW_REDIRECT
|
||||
|
|
@ -807,8 +804,6 @@ add_firewall_rule() {
|
|||
$ipt_m -N PSW
|
||||
$ipt_m -A PSW $(dst $IPSET_LANLIST) -j RETURN
|
||||
$ipt_m -A PSW $(dst $IPSET_VPSLIST) -j RETURN
|
||||
$ipt_m -A PSW $(dst $IPSET_WHITELIST) -j RETURN
|
||||
$ipt_m -A PSW $(dst $IPSET_BLOCKLIST) -j DROP
|
||||
|
||||
[ ! -z "${WAN_IP}" ] && $ipt_m -A PSW $(comment "WAN_IP_RETURN") -d "${WAN_IP}" -j RETURN
|
||||
unset WAN_IP
|
||||
|
|
@ -819,9 +814,9 @@ add_firewall_rule() {
|
|||
$ipt_m -N PSW_OUTPUT
|
||||
$ipt_m -A PSW_OUTPUT $(dst $IPSET_LANLIST) -j RETURN
|
||||
$ipt_m -A PSW_OUTPUT $(dst $IPSET_VPSLIST) -j RETURN
|
||||
$ipt_m -A PSW_OUTPUT $(dst $IPSET_WHITELIST) -j RETURN
|
||||
[ "${USE_DIRECT_LIST}" = "1" ] && $ipt_m -A PSW_OUTPUT $(dst $IPSET_WHITELIST) -j RETURN
|
||||
$ipt_m -A PSW_OUTPUT -m mark --mark 0xff -j RETURN
|
||||
$ipt_m -A PSW_OUTPUT $(dst $IPSET_BLOCKLIST) -j DROP
|
||||
[ "${USE_BLOCK_LIST}" = "1" ] && $ipt_m -A PSW_OUTPUT $(dst $IPSET_BLOCKLIST) -j DROP
|
||||
|
||||
ip rule add fwmark 1 lookup 100
|
||||
ip route add local 0.0.0.0/0 dev lo table 100
|
||||
|
|
@ -830,13 +825,12 @@ add_firewall_rule() {
|
|||
$ip6t_n -N PSW
|
||||
$ip6t_n -A PSW $(dst $IPSET_LANLIST6) -j RETURN
|
||||
$ip6t_n -A PSW $(dst $IPSET_VPSLIST6) -j RETURN
|
||||
$ip6t_n -A PSW $(dst $IPSET_WHITELIST6) -j RETURN
|
||||
$ip6t_n -A PREROUTING -p ipv6-icmp -j PSW
|
||||
|
||||
$ip6t_n -N PSW_OUTPUT
|
||||
$ip6t_n -A PSW_OUTPUT $(dst $IPSET_LANLIST6) -j RETURN
|
||||
$ip6t_n -A PSW_OUTPUT $(dst $IPSET_VPSLIST6) -j RETURN
|
||||
$ip6t_n -A PSW_OUTPUT $(dst $IPSET_WHITELIST6) -j RETURN
|
||||
[ "${USE_DIRECT_LIST}" = "1" ] && $ip6t_n -A PSW_OUTPUT $(dst $IPSET_WHITELIST6) -j RETURN
|
||||
$ip6t_n -A PSW_OUTPUT -m mark --mark 0xff -j RETURN
|
||||
}
|
||||
|
||||
|
|
@ -854,8 +848,6 @@ add_firewall_rule() {
|
|||
$ip6t_m -N PSW
|
||||
$ip6t_m -A PSW $(dst $IPSET_LANLIST6) -j RETURN
|
||||
$ip6t_m -A PSW $(dst $IPSET_VPSLIST6) -j RETURN
|
||||
$ip6t_m -A PSW $(dst $IPSET_WHITELIST6) -j RETURN
|
||||
$ip6t_m -A PSW $(dst $IPSET_BLOCKLIST6) -j DROP
|
||||
|
||||
WAN6_IP=$(get_wan6_ip)
|
||||
[ ! -z "${WAN6_IP}" ] && $ip6t_m -A PSW $(comment "WAN6_IP_RETURN") -d ${WAN6_IP} -j RETURN
|
||||
|
|
@ -868,8 +860,8 @@ add_firewall_rule() {
|
|||
$ip6t_m -A PSW_OUTPUT -m mark --mark 0xff -j RETURN
|
||||
$ip6t_m -A PSW_OUTPUT $(dst $IPSET_LANLIST6) -j RETURN
|
||||
$ip6t_m -A PSW_OUTPUT $(dst $IPSET_VPSLIST6) -j RETURN
|
||||
$ip6t_m -A PSW_OUTPUT $(dst $IPSET_WHITELIST6) -j RETURN
|
||||
$ip6t_m -A PSW_OUTPUT $(dst $IPSET_BLOCKLIST6) -j DROP
|
||||
[ "${USE_DIRECT_LIST}" = "1" ] && $ip6t_m -A PSW_OUTPUT $(dst $IPSET_WHITELIST6) -j RETURN
|
||||
[ "${USE_BLOCK_LIST}" = "1" ] && $ip6t_m -A PSW_OUTPUT $(dst $IPSET_BLOCKLIST6) -j DROP
|
||||
|
||||
ip -6 rule add fwmark 1 table 100
|
||||
ip -6 route add local ::/0 dev lo table 100
|
||||
|
|
@ -919,15 +911,19 @@ add_firewall_rule() {
|
|||
$ipt_n -A OUTPUT -p icmp -j PSW_OUTPUT
|
||||
$ipt_n -A PSW_OUTPUT -p icmp -d $FAKE_IP $(REDIRECT)
|
||||
$ipt_n -A PSW_OUTPUT -p icmp $(dst $IPSET_SHUNTLIST) $(REDIRECT)
|
||||
$ipt_n -A PSW_OUTPUT -p icmp $(dst $IPSET_BLACKLIST) $(REDIRECT)
|
||||
[ "$LOCALHOST_TCP_PROXY_MODE" != "direct/proxy" ] && $ipt_n -A PSW_OUTPUT -p icmp $(get_redirect_ipt $LOCALHOST_TCP_PROXY_MODE)
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && $ipt_n -A PSW_OUTPUT -p icmp $(dst $IPSET_BLACKLIST) $(REDIRECT)
|
||||
[ "${USE_GFW_LIST}" = "1" ] && $ipt_n -A PSW_OUTPUT -p icmp $(dst $IPSET_GFW) $(REDIRECT)
|
||||
[ "${CHN_LIST}" != "0" ] && $ipt_n -A PSW_OUTPUT -p icmp $(dst $IPSET_CHN) $(get_jump_ipt ${CHN_LIST})
|
||||
[ "${LOCALHOST_TCP_PROXY_MODE}" != "disable" ] && $ipt_n -A PSW_OUTPUT -p icmp $(REDIRECT)
|
||||
}
|
||||
|
||||
[ "$accept_icmpv6" = "1" ] && {
|
||||
$ip6t_n -A OUTPUT -p ipv6-icmp -j PSW_OUTPUT
|
||||
$ip6t_n -A PSW_OUTPUT -p ipv6-icmp $(dst $IPSET_SHUNTLIST6) $(REDIRECT)
|
||||
$ip6t_n -A PSW_OUTPUT -p ipv6-icmp $(dst $IPSET_BLACKLIST6) $(REDIRECT)
|
||||
[ "$LOCALHOST_TCP_PROXY_MODE" != "direct/proxy" ] && $ip6t_n -A PSW_OUTPUT -p ipv6-icmp $(get_redirect_ip6t $LOCALHOST_TCP_PROXY_MODE)
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && $ip6t_n -A PSW_OUTPUT -p ipv6-icmp $(dst $IPSET_BLACKLIST6) $(REDIRECT)
|
||||
[ "${USE_GFW_LIST}" = "1" ] && $ip6t_n -A PSW_OUTPUT -p ipv6-icmp $(dst $IPSET_GFW6) $(REDIRECT)
|
||||
[ "${CHN_LIST}" != "0" ] && $ip6t_n -A PSW_OUTPUT -p ipv6-icmp $(dst $IPSET_CHN6) $(get_jump_ipt ${CHN_LIST})
|
||||
[ "${LOCALHOST_TCP_PROXY_MODE}" != "disable" ] && $ip6t_n -A PSW_OUTPUT -p ipv6-icmp $(REDIRECT)
|
||||
}
|
||||
|
||||
local ipt_tmp=$ipt_n
|
||||
|
|
@ -958,28 +954,34 @@ add_firewall_rule() {
|
|||
$ip6t_m -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
|
||||
echolog " - [$?]不代理TCP 端口:$TCP_NO_REDIR_PORTS"
|
||||
}
|
||||
[ "$TCP_PROXY_DROP_PORTS" != "disable" ] && [ "$LOCALHOST_TCP_PROXY_MODE" != "disable" ] && {
|
||||
[ "$TCP_PROXY_DROP_PORTS" != "disable" ] && [ -n "${LOCALHOST_TCP_PROXY_MODE}" ] && {
|
||||
$ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") -d $FAKE_IP -j DROP
|
||||
$ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) -j DROP
|
||||
$ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j DROP
|
||||
[ "$LOCALHOST_TCP_PROXY_MODE" != "direct/proxy" ] && $ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") $(get_ipset_ipt $LOCALHOST_TCP_PROXY_MODE) -j DROP
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && $ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j DROP
|
||||
[ "${USE_GFW_LIST}" = "1" ] && $ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_GFW) -j DROP
|
||||
[ "${CHN_LIST}" != "0" ] && $ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_CHN) $(get_jump_ipt ${CHN_LIST} "-j DROP")
|
||||
[ "${LOCALHOST_TCP_PROXY_MODE}" != "disable" ] && $ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") -j DROP
|
||||
echolog " - [$?],屏蔽代理TCP 端口:$TCP_PROXY_DROP_PORTS"
|
||||
}
|
||||
|
||||
if [ "${ipt_tmp}" = "${ipt_n}" ]; then
|
||||
[ "$LOCALHOST_TCP_PROXY_MODE" != "disable" ] && {
|
||||
[ -n "${LOCALHOST_TCP_PROXY_MODE}" ] && {
|
||||
$ipt_n -A PSW_OUTPUT -p tcp -d $FAKE_IP $(REDIRECT $TCP_REDIR_PORT)
|
||||
$ipt_n -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $TCP_REDIR_PORT)
|
||||
$ipt_n -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $TCP_REDIR_PORT)
|
||||
[ "$LOCALHOST_TCP_PROXY_MODE" != "direct/proxy" ] && $ipt_n -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $LOCALHOST_TCP_PROXY_MODE $TCP_REDIR_PORT)
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && $ipt_n -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $TCP_REDIR_PORT)
|
||||
[ "${USE_GFW_LIST}" = "1" ] && $ipt_n -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_GFW) $(REDIRECT $TCP_REDIR_PORT)
|
||||
[ "${CHN_LIST}" != "0" ] && $ipt_n -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_CHN) $(get_jump_ipt ${CHN_LIST} $TCP_REDIR_PORT)
|
||||
[ "${LOCALHOST_TCP_PROXY_MODE}" != "disable" ] && $ipt_n -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(REDIRECT $TCP_REDIR_PORT)
|
||||
}
|
||||
$ipt_n -A OUTPUT -p tcp -j PSW_OUTPUT
|
||||
else
|
||||
[ "$LOCALHOST_TCP_PROXY_MODE" != "disable" ] && {
|
||||
[ -n "${LOCALHOST_TCP_PROXY_MODE}" ] && {
|
||||
$ipt_m -A PSW_OUTPUT -p tcp -d $FAKE_IP -j PSW_RULE
|
||||
$ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) -j PSW_RULE
|
||||
$ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j PSW_RULE
|
||||
[ "$LOCALHOST_TCP_PROXY_MODE" != "direct/proxy" ] && $ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(get_ipset_ipt $LOCALHOST_TCP_PROXY_MODE) -j PSW_RULE
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && $ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j PSW_RULE
|
||||
[ "${USE_GFW_LIST}" = "1" ] && $ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_GFW) -j PSW_RULE
|
||||
[ "${CHN_LIST}" != "0" ] && $ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_CHN) $(get_jump_ipt ${CHN_LIST} "-j PSW_RULE")
|
||||
[ "${LOCALHOST_TCP_PROXY_MODE}" != "disable" ] && $ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j PSW_RULE
|
||||
$ipt_m -A PSW $(comment "本机") -p tcp -i lo $(REDIRECT $TCP_REDIR_PORT TPROXY)
|
||||
}
|
||||
$ipt_m -A PSW $(comment "本机") -p tcp -i lo -j RETURN
|
||||
|
|
@ -987,10 +989,12 @@ add_firewall_rule() {
|
|||
fi
|
||||
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
[ "$LOCALHOST_TCP_PROXY_MODE" != "disable" ] && {
|
||||
[ -n "${LOCALHOST_TCP_PROXY_MODE}" ] && {
|
||||
$ip6t_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST6) -j PSW_RULE
|
||||
$ip6t_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST6) -j PSW_RULE
|
||||
[ "$LOCALHOST_TCP_PROXY_MODE" != "direct/proxy" ] && $ip6t_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(get_ipset_ip6t $LOCALHOST_TCP_PROXY_MODE) -j PSW_RULE
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && $ip6t_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST6) -j PSW_RULE
|
||||
[ "${USE_GFW_LIST}" = "1" ] && $ip6t_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_GFW6) -j PSW_RULE
|
||||
[ "${CHN_LIST}" != "0" ] && $ip6t_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_CHN6) $(get_jump_ipt ${CHN_LIST} "-j PSW_RULE")
|
||||
[ "${LOCALHOST_TCP_PROXY_MODE}" != "disable" ] && $ip6t_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j PSW_RULE
|
||||
$ip6t_m -A PSW $(comment "本机") -p tcp -i lo $(REDIRECT $TCP_REDIR_PORT TPROXY)
|
||||
}
|
||||
$ip6t_m -A PSW $(comment "本机") -p tcp -i lo -j RETURN
|
||||
|
|
@ -999,11 +1003,13 @@ add_firewall_rule() {
|
|||
fi
|
||||
|
||||
# 加载路由器自身代理 UDP
|
||||
[ "$UDP_PROXY_DROP_PORTS" != "disable" ] && [ "$LOCALHOST_UDP_PROXY_MODE" != "disable" ] && {
|
||||
[ "$UDP_PROXY_DROP_PORTS" != "disable" ] && [ -n "$LOCALHOST_UDP_PROXY_MODE" ] && {
|
||||
$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") -d $FAKE_IP -j DROP
|
||||
$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) -j DROP
|
||||
$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j DROP
|
||||
[ "$LOCALHOST_UDP_PROXY_MODE" != "direct/proxy" ] && $ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") $(get_ipset_ipt $LOCALHOST_UDP_PROXY_MODE) -j DROP
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && $ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j DROP
|
||||
[ "${USE_GFW_LIST}" = "1" ] && $ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_GFW) -j DROP
|
||||
[ "${CHN_LIST}" != "0" ] && $ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_CHN) $(get_jump_ipt ${CHN_LIST} "-j DROP")
|
||||
[ "${LOCALHOST_UDP_PROXY_MODE}" != "disable" ] && $ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") -j DROP
|
||||
echolog " - [$?],屏蔽代理UDP 端口:$UDP_PROXY_DROP_PORTS"
|
||||
}
|
||||
if [ "$UDP_NODE" != "nil" -o "$TCP_UDP" = "1" ]; then
|
||||
|
|
@ -1026,21 +1032,25 @@ add_firewall_rule() {
|
|||
echolog " - [$?]不代理 UDP 端口:$UDP_NO_REDIR_PORTS"
|
||||
}
|
||||
|
||||
[ "$LOCALHOST_UDP_PROXY_MODE" != "disable" ] && {
|
||||
[ -n "${LOCALHOST_UDP_PROXY_MODE}" ] && {
|
||||
$ipt_m -A PSW_OUTPUT -p udp -d $FAKE_IP -j PSW_RULE
|
||||
$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) -j PSW_RULE
|
||||
$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j PSW_RULE
|
||||
[ "$LOCALHOST_UDP_PROXY_MODE" != "direct/proxy" ] && $ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_ipset_ipt $LOCALHOST_UDP_PROXY_MODE) -j PSW_RULE
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && $ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j PSW_RULE
|
||||
[ "${USE_GFW_LIST}" = "1" ] && $ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_GFW) -j PSW_RULE
|
||||
[ "${CHN_LIST}" != "0" ] && $ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_CHN)$(get_jump_ipt ${CHN_LIST} "-j PSW_RULE")
|
||||
[ "${LOCALHOST_UDP_PROXY_MODE}" != "disable" ] && $ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW_RULE
|
||||
$ipt_m -A PSW $(comment "本机") -p udp -i lo $(REDIRECT $UDP_REDIR_PORT TPROXY)
|
||||
}
|
||||
$ipt_m -A PSW $(comment "本机") -p udp -i lo -j RETURN
|
||||
insert_rule_before "$ipt_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW) -p udp -j PSW_OUTPUT"
|
||||
|
||||
[ "$PROXY_IPV6" == "1" ] && [ "$PROXY_IPV6_UDP" == "1" ] && {
|
||||
[ "$LOCALHOST_UDP_PROXY_MODE" != "disable" ] && {
|
||||
[ -n "$LOCALHOST_UDP_PROXY_MODE" ] && {
|
||||
$ip6t_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST6) -j PSW_RULE
|
||||
$ip6t_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST6) -j PSW_RULE
|
||||
[ "$LOCALHOST_UDP_PROXY_MODE" != "direct/proxy" ] && $ip6t_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_ipset_ip6t $LOCALHOST_UDP_PROXY_MODE) -j PSW_RULE
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && $ip6t_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST6) -j PSW_RULE
|
||||
[ "${USE_GFW_LIST}" = "1" ] && $ip6t_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_GFW6) -j PSW_RULE
|
||||
[ "${CHN_LIST}" != "0" ] && $ip6t_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_CHN6) $(get_jump_ipt ${CHN_LIST} "-j PSW_RULE")
|
||||
[ "${LOCALHOST_UDP_PROXY_MODE}" != "disable" ] && $ip6t_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW_RULE
|
||||
$ip6t_m -A PSW $(comment "本机") -p udp -i lo $(REDIRECT $UDP_REDIR_PORT TPROXY)
|
||||
}
|
||||
$ip6t_m -A PSW $(comment "本机") -p udp -i lo -j RETURN
|
||||
|
|
|
|||
|
|
@ -164,93 +164,28 @@ gen_nftset() {
|
|||
[ -n "${1}" ] && insert_nftset $nftset_name $timeout_argument_element $@
|
||||
}
|
||||
|
||||
get_redirect_ipv4() {
|
||||
case "$1" in
|
||||
disable)
|
||||
echo "counter return"
|
||||
;;
|
||||
global)
|
||||
echo "$(REDIRECT $2 $3)"
|
||||
;;
|
||||
gfwlist)
|
||||
echo "ip daddr @$NFTSET_GFW $(REDIRECT $2 $3)"
|
||||
;;
|
||||
chnroute)
|
||||
echo "ip daddr != @$NFTSET_CHN $(REDIRECT $2 $3)"
|
||||
;;
|
||||
returnhome)
|
||||
echo "ip daddr @$NFTSET_CHN $(REDIRECT $2 $3)"
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
get_redirect_ipv6() {
|
||||
case "$1" in
|
||||
disable)
|
||||
echo "counter return"
|
||||
;;
|
||||
global)
|
||||
echo "$(REDIRECT $2 $3)"
|
||||
;;
|
||||
gfwlist)
|
||||
echo "ip6 daddr @$NFTSET_GFW6 $(REDIRECT $2 $3)"
|
||||
;;
|
||||
chnroute)
|
||||
echo "ip6 daddr != @$NFTSET_CHN6 $(REDIRECT $2 $3)"
|
||||
;;
|
||||
returnhome)
|
||||
echo "ip6 daddr @$NFTSET_CHN6 $(REDIRECT $2 $3)"
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
get_nftset_ipv4() {
|
||||
case "$1" in
|
||||
gfwlist)
|
||||
echo "ip daddr @$NFTSET_GFW counter"
|
||||
;;
|
||||
chnroute)
|
||||
echo "ip daddr != @$NFTSET_CHN counter"
|
||||
;;
|
||||
returnhome)
|
||||
echo "$ip daddr @$NFTSET_CHN counter"
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
get_nftset_ipv6() {
|
||||
case "$1" in
|
||||
gfwlist)
|
||||
echo "ip6 daddr @$NFTSET_GFW6 counter"
|
||||
;;
|
||||
chnroute)
|
||||
echo "ip6 daddr != @$NFTSET_CHN6 counter"
|
||||
;;
|
||||
returnhome)
|
||||
echo "$ip6 daddr @$NFTSET_CHN6 counter"
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
get_action_chain_name() {
|
||||
case "$1" in
|
||||
disable)
|
||||
echo "不代理"
|
||||
;;
|
||||
global)
|
||||
echo "全局代理"
|
||||
proxy)
|
||||
echo "代理"
|
||||
;;
|
||||
gfwlist)
|
||||
echo "防火墙列表"
|
||||
esac
|
||||
}
|
||||
|
||||
get_jump_ipt() {
|
||||
case "$1" in
|
||||
direct)
|
||||
echo "counter return"
|
||||
;;
|
||||
chnroute)
|
||||
echo "中国列表以外"
|
||||
;;
|
||||
returnhome)
|
||||
echo "中国列表"
|
||||
;;
|
||||
direct/proxy)
|
||||
echo "仅使用直连/代理列表"
|
||||
proxy)
|
||||
if [ -n "$2" ] && [ -n "$(echo $2 | grep "^counter")" ]; then
|
||||
echo "$2"
|
||||
else
|
||||
echo "$(REDIRECT $2 $3)"
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
|
@ -291,9 +226,7 @@ load_acl() {
|
|||
echolog "访问控制:"
|
||||
for sid in $(ls -F ${TMP_ACL_PATH} | grep '/$' | awk -F '/' '{print $1}'); do
|
||||
eval $(uci -q show "${CONFIG}.${sid}" | cut -d'.' -sf 3-)
|
||||
|
||||
tcp_proxy_mode=${tcp_proxy_mode:-default}
|
||||
udp_proxy_mode=${udp_proxy_mode:-default}
|
||||
|
||||
tcp_no_redir_ports=${tcp_no_redir_ports:-default}
|
||||
udp_no_redir_ports=${udp_no_redir_ports:-default}
|
||||
tcp_proxy_drop_ports=${tcp_proxy_drop_ports:-default}
|
||||
|
|
@ -302,8 +235,13 @@ load_acl() {
|
|||
udp_redir_ports=${udp_redir_ports:-default}
|
||||
tcp_node=${tcp_node:-default}
|
||||
udp_node=${udp_node:-default}
|
||||
[ "$tcp_proxy_mode" = "default" ] && tcp_proxy_mode=$TCP_PROXY_MODE
|
||||
[ "$udp_proxy_mode" = "default" ] && udp_proxy_mode=$UDP_PROXY_MODE
|
||||
use_direct_list=${use_direct_list:-1}
|
||||
use_proxy_list=${use_proxy_list:-1}
|
||||
use_block_list=${use_block_list:-1}
|
||||
use_gfw_list=${use_gfw_list:-1}
|
||||
chn_list=${chn_list:-direct}
|
||||
tcp_proxy_mode=${tcp_proxy_mode:-proxy}
|
||||
udp_proxy_mode=${udp_proxy_mode:-proxy}
|
||||
[ "$tcp_no_redir_ports" = "default" ] && tcp_no_redir_ports=$TCP_NO_REDIR_PORTS
|
||||
[ "$udp_no_redir_ports" = "default" ] && udp_no_redir_ports=$UDP_NO_REDIR_PORTS
|
||||
[ "$tcp_proxy_drop_ports" = "default" ] && tcp_proxy_drop_ports=$TCP_PROXY_DROP_PORTS
|
||||
|
|
@ -344,9 +282,18 @@ load_acl() {
|
|||
else
|
||||
continue
|
||||
fi
|
||||
|
||||
[ "${use_direct_list}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE ${_ipt_source} ip daddr @$NFTSET_WHITELIST counter return comment \"$remarks\""
|
||||
[ "${use_direct_list}" = "1" ] && [ -z "${is_tproxy}" ] && nft "add rule inet fw4 PSW_NAT ${_ipt_source} ip daddr @$NFTSET_WHITELIST counter return comment \"$remarks\""
|
||||
[ "${use_block_list}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE ${_ipt_source} ip daddr @$NFTSET_BLOCKLIST counter drop comment \"$remarks\""
|
||||
[ "${use_block_list}" = "1" ] && [ -z "${is_tproxy}" ] && nft "add rule inet fw4 PSW_NAT ${_ipt_source} ip daddr @$NFTSET_BLOCKLIST counter drop comment \"$remarks\""
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
[ "${use_direct_list}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE_V6 ${_ipt_source} ip6 daddr @$NFTSET_WHITELIST6 counter return comment \"$remarks\""
|
||||
[ "${use_block_list}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE_V6 ${_ipt_source} ip6 daddr @$NFTSET_BLOCKLIST6 counter drop comment \"$remarks\""
|
||||
}
|
||||
|
||||
[ -n "$tcp_port" ] && {
|
||||
if [ "$tcp_proxy_mode" != "disable" ]; then
|
||||
if [ -n "${tcp_proxy_mode}" ]; then
|
||||
[ -s "${TMP_ACL_PATH}/${sid}/var_redirect_dns_port" ] && nft "add rule inet fw4 PSW_REDIRECT ip protocol udp ${_ipt_source} udp dport 53 counter redirect to $(cat ${TMP_ACL_PATH}/${sid}/var_redirect_dns_port) comment \"$remarks\""
|
||||
msg2="${msg}使用TCP节点[$tcp_node_remark] [$(get_action_chain_name $tcp_proxy_mode)]"
|
||||
if [ -n "${is_tproxy}" ]; then
|
||||
|
|
@ -356,17 +303,23 @@ load_acl() {
|
|||
fi
|
||||
|
||||
[ "$accept_icmp" = "1" ] && {
|
||||
[ "${use_direct_list}" = "1" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT ip protocol icmp ${_ipt_source} ip daddr @$NFTSET_WHITELIST counter return comment \"默认\""
|
||||
nft "add rule inet fw4 PSW_ICMP_REDIRECT ip protocol icmp ${_ipt_source} ip daddr $FAKE_IP $(REDIRECT) comment \"$remarks\""
|
||||
nft "add rule inet fw4 PSW_ICMP_REDIRECT ip protocol icmp ${_ipt_source} ip daddr @$NFTSET_SHUNTLIST $(REDIRECT) comment \"$remarks\""
|
||||
nft "add rule inet fw4 PSW_ICMP_REDIRECT ip protocol icmp ${_ipt_source} ip daddr @$NFTSET_BLACKLIST $(REDIRECT) comment \"$remarks\""
|
||||
[ "$tcp_proxy_mode" != "direct/proxy" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT ip protocol icmp ${_ipt_source} $(get_redirect_ipv4 $tcp_proxy_mode) comment \"$remarks\""
|
||||
[ "${use_proxy_list}" = "1" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT ip protocol icmp ${_ipt_source} ip daddr @$NFTSET_BLACKLIST $(REDIRECT) comment \"$remarks\""
|
||||
[ "${use_gfw_list}" = "1" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT ip protocol icmp ${_ipt_source} ip daddr @$NFTSET_GFW $(REDIRECT) comment \"$remarks\""
|
||||
[ "${chn_list}" != "0" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT ip protocol icmp ${_ipt_source} ip daddr @$NFTSET_CHN $(get_jump_ipt ${chn_list}) comment \"$remarks\""
|
||||
[ "${tcp_proxy_mode}" != "disable" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT ip protocol icmp ${_ipt_source} $(REDIRECT) comment \"$remarks\""
|
||||
nft "add rule inet fw4 PSW_ICMP_REDIRECT ip protocol icmp ${_ipt_source} return comment \"$remarks\""
|
||||
}
|
||||
|
||||
[ "$accept_icmpv6" = "1" ] && [ "$PROXY_IPV6" == "1" ] && {
|
||||
[ "${use_direct_list}" = "1" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT meta l4proto icmpv6 ${_ipt_source} ip6 daddr @$NFTSET_WHITELIST6 counter return comment \"默认\"" 2>/dev/null
|
||||
nft "add rule inet fw4 PSW_ICMP_REDIRECT meta l4proto icmpv6 ${_ipt_source} ip6 daddr @$NFTSET_SHUNTLIST6 $(REDIRECT) comment \"$remarks\"" 2>/dev/null
|
||||
nft "add rule inet fw4 PSW_ICMP_REDIRECT meta l4proto icmpv6 ${_ipt_source} ip6 daddr @$NFTSET_BLACKLIST6 $(REDIRECT) comment \"$remarks\"" 2>/dev/null
|
||||
[ "$tcp_proxy_mode" != "direct/proxy" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT meta l4proto icmpv6 ${_ipt_source} $(get_redirect_ipv6 $tcp_proxy_mode) comment \"$remarks\"" 2>/dev/null
|
||||
[ "${use_proxy_list}" = "1" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT meta l4proto icmpv6 ${_ipt_source} ip6 daddr @$NFTSET_BLACKLIST6 $(REDIRECT) comment \"$remarks\"" 2>/dev/null
|
||||
[ "${use_gfw_list}" = "1" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT meta l4proto icmpv6 ${_ipt_source} ip6 daddr @$NFTSET_GFW6 $(REDIRECT) comment \"$remarks\"" 2>/dev/null
|
||||
[ "${chn_list}" != "0" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT meta l4proto icmpv6 ${_ipt_source} ip6 daddr @$NFTSET_CHN6 $(get_jump_ipt ${chn_list}) comment \"$remarks\"" 2>/dev/null
|
||||
[ "${tcp_proxy_mode}" != "disable" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT meta l4proto icmpv6 ${_ipt_source} $(REDIRECT) comment \"$remarks\"" 2>/dev/null
|
||||
nft "add rule inet fw4 PSW_ICMP_REDIRECT meta l4proto icmpv6 ${_ipt_source} return comment \"$remarks\"" 2>/dev/null
|
||||
}
|
||||
|
||||
|
|
@ -380,33 +333,43 @@ load_acl() {
|
|||
[ "$tcp_proxy_drop_ports" != "disable" ] && {
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "tcp dport") ip6 daddr @$NFTSET_SHUNTLIST6 counter drop comment \"$remarks\"" 2>/dev/null
|
||||
nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "tcp dport") ip6 daddr @$NFTSET_BLACKLIST6 counter drop comment \"$remarks\"" 2>/dev/null
|
||||
[ "$tcp_proxy_mode" != "direct/proxy" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "tcp dport") $(get_nftset_ipv6 $tcp_proxy_mode) counter drop comment \"$remarks\"" 2>/dev/null
|
||||
[ "${use_proxy_list}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "tcp dport") ip6 daddr @$NFTSET_BLACKLIST6 counter drop comment \"$remarks\"" 2>/dev/null
|
||||
[ "${use_gfw_list}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "tcp dport") ip6 daddr @$NFTSET_GFW6 counter drop comment \"$remarks\"" 2>/dev/null
|
||||
[ "${chn_list}" != "0" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "tcp dport") ip6 daddr @$NFTSET_CHN6 $(get_jump_ipt ${chn_list} "counter drop") comment \"$remarks\"" 2>/dev/null
|
||||
[ "${tcp_proxy_mode}" != "disable" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "tcp dport") counter drop comment \"$remarks\"" 2>/dev/null
|
||||
}
|
||||
nft "add rule inet fw4 $nft_prerouting_chain ip protocol tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "tcp dport") ip daddr $FAKE_IP counter drop comment \"$remarks\""
|
||||
nft "add rule inet fw4 $nft_prerouting_chain ip protocol tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "tcp dport") ip daddr @$NFTSET_SHUNTLIST counter drop comment \"$remarks\""
|
||||
nft "add rule inet fw4 $nft_prerouting_chain ip protocol tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "tcp dport") ip daddr @$NFTSET_BLACKLIST counter drop comment \"$remarks\""
|
||||
[ "$tcp_proxy_mode" != "direct/proxy" ] && nft "add rule inet fw4 $nft_prerouting_chain ip protocol tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "tcp dport") $(get_nftset_ipv4 $tcp_proxy_mode) counter drop comment \"$remarks\""
|
||||
[ "${use_proxy_list}" = "1" ] && nft "add rule inet fw4 $nft_prerouting_chain ip protocol tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "tcp dport") ip daddr @$NFTSET_BLACKLIST counter drop comment \"$remarks\""
|
||||
[ "${use_gfw_list}" = "1" ] && nft "add rule inet fw4 $nft_prerouting_chain ip protocol tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "tcp dport") ip daddr @$NFTSET_GFW counter drop comment \"$remarks\""
|
||||
[ "${chn_list}" != "0" ] && nft "add rule inet fw4 $nft_prerouting_chain ip protocol tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "tcp dport") ip daddr @$NFTSET_CHN $(get_jump_ipt ${chn_list} "counter drop") comment \"$remarks\""
|
||||
[ "${tcp_proxy_mode}" != "disable" ] && nft "add rule inet fw4 $nft_prerouting_chain ip protocol tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "tcp dport") counter drop comment \"$remarks\""
|
||||
msg2="${msg2}[$?],屏蔽代理TCP 端口:${tcp_proxy_drop_ports}"
|
||||
}
|
||||
|
||||
if [ -z "${is_tproxy}" ]; then
|
||||
nft "add rule inet fw4 PSW_NAT ${_ipt_source} ip daddr $FAKE_IP $(REDIRECT $tcp_port) comment \"$remarks\""
|
||||
nft "add rule inet fw4 PSW_NAT ${_ipt_source} $(factor $tcp_redir_ports "tcp dport") ip daddr @$NFTSET_SHUNTLIST $(REDIRECT $tcp_port) comment \"$remarks\""
|
||||
nft "add rule inet fw4 PSW_NAT ${_ipt_source} $(factor $tcp_redir_ports "tcp dport") ip daddr @$NFTSET_BLACKLIST $(REDIRECT $tcp_port) comment \"$remarks\""
|
||||
[ "$tcp_proxy_mode" != "direct/proxy" ] && nft "add rule inet fw4 PSW_NAT ${_ipt_source} $(factor $tcp_redir_ports "tcp dport") $(get_redirect_ipv4 $tcp_proxy_mode $tcp_port) comment \"$remarks\""
|
||||
[ "${use_proxy_list}" = "1" ] && nft "add rule inet fw4 PSW_NAT ${_ipt_source} $(factor $tcp_redir_ports "tcp dport") ip daddr @$NFTSET_BLACKLIST $(REDIRECT $tcp_port) comment \"$remarks\""
|
||||
[ "${use_gfw_list}" = "1" ] && nft "add rule inet fw4 PSW_NAT ${_ipt_source} $(factor $tcp_redir_ports "tcp dport") ip daddr @$NFTSET_GFW $(REDIRECT $tcp_port) comment \"$remarks\""
|
||||
[ "${chn_list}" != "0" ] && nft "add rule inet fw4 PSW_NAT ${_ipt_source} $(factor $tcp_redir_ports "tcp dport") ip daddr @$NFTSET_CHN $(get_jump_ipt ${chn_list} $tcp_port) comment \"$remarks\""
|
||||
[ "${tcp_proxy_mode}" != "disable" ] && nft "add rule inet fw4 PSW_NAT ${_ipt_source} $(factor $tcp_redir_ports "tcp dport") $(REDIRECT $tcp_port) comment \"$remarks\""
|
||||
else
|
||||
nft "add rule inet fw4 PSW_MANGLE ip protocol tcp ${_ipt_source} ip daddr $FAKE_IP counter jump PSW_RULE comment \"$remarks\""
|
||||
nft "add rule inet fw4 PSW_MANGLE ip protocol tcp ${_ipt_source} $(factor $tcp_redir_ports "tcp dport") ip daddr @$NFTSET_SHUNTLIST counter jump PSW_RULE comment \"$remarks\""
|
||||
nft "add rule inet fw4 PSW_MANGLE ip protocol tcp ${_ipt_source} $(factor $tcp_redir_ports "tcp dport") ip daddr @$NFTSET_BLACKLIST counter jump PSW_RULE comment \"$remarks\" "
|
||||
[ "$tcp_proxy_mode" != "direct/proxy" ] && nft "add rule inet fw4 PSW_MANGLE ip protocol tcp ${_ipt_source} $(factor $tcp_redir_ports "tcp dport") $(get_nftset_ipv4 $tcp_proxy_mode) counter jump PSW_RULE comment \"$remarks\""
|
||||
[ "${use_proxy_list}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE ip protocol tcp ${_ipt_source} $(factor $tcp_redir_ports "tcp dport") ip daddr @$NFTSET_BLACKLIST counter jump PSW_RULE comment \"$remarks\" "
|
||||
[ "${use_gfw_list}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE ip protocol tcp ${_ipt_source} $(factor $tcp_redir_ports "tcp dport") ip daddr @$NFTSET_GFW counter jump PSW_RULE comment \"$remarks\" "
|
||||
[ "${chn_list}" != "0" ] && nft "add rule inet fw4 PSW_MANGLE ip protocol tcp ${_ipt_source} $(factor $tcp_redir_ports "tcp dport") ip daddr @$NFTSET_CHN $(get_jump_ipt ${chn_list} "counter jump PSW_RULE") comment \"$remarks\" "
|
||||
[ "${tcp_proxy_mode}" != "disable" ] && nft "add rule inet fw4 PSW_MANGLE ip protocol tcp ${_ipt_source} $(factor $tcp_redir_ports "tcp dport") counter jump PSW_RULE comment \"$remarks\""
|
||||
nft "add rule inet fw4 PSW_MANGLE meta nfproto {ipv4} meta l4proto tcp ${_ipt_source} $(REDIRECT $tcp_port TPROXY4) comment \"$remarks\""
|
||||
fi
|
||||
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp ${_ipt_source} $(factor $tcp_redir_ports "tcp dport") ip6 daddr @$NFTSET_SHUNTLIST6 counter jump PSW_RULE comment \"$remarks\"" 2>/dev/null
|
||||
nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp ${_ipt_source} $(factor $tcp_redir_ports "tcp dport") ip6 daddr @$NFTSET_BLACKLIST6 counter jump PSW_RULE comment \"$remarks\"" 2>/dev/null
|
||||
[ "$tcp_proxy_mode" != "direct/proxy" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp ${_ipt_source} $(factor $tcp_redir_ports "tcp dport") $(get_nftset_ipv6 $tcp_proxy_mode) jump PSW_RULE comment \"$remarks\"" 2>/dev/null
|
||||
[ "${use_proxy_list}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp ${_ipt_source} $(factor $tcp_redir_ports "tcp dport") ip6 daddr @$NFTSET_BLACKLIST6 counter jump PSW_RULE comment \"$remarks\"" 2>/dev/null
|
||||
[ "${use_gfw_list}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp ${_ipt_source} $(factor $tcp_redir_ports "tcp dport") ip6 daddr @$NFTSET_GFW6 counter jump PSW_RULE comment \"$remarks\"" 2>/dev/null
|
||||
[ "${chn_list}" != "0" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp ${_ipt_source} $(factor $tcp_redir_ports "tcp dport") ip6 daddr @$NFTSET_CHN6 $(get_jump_ipt ${chn_list} "counter jump PSW_RULE") comment \"$remarks\" "
|
||||
[ "${tcp_proxy_mode}" != "disable" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp ${_ipt_source} $(factor $tcp_redir_ports "tcp dport") counter jump PSW_RULE comment \"$remarks\"" 2>/dev/null
|
||||
nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp ${_ipt_source} $(REDIRECT $tcp_port TPROXY) comment \"$remarks\"" 2>/dev/null
|
||||
}
|
||||
else
|
||||
|
|
@ -421,18 +384,22 @@ load_acl() {
|
|||
[ "$udp_proxy_drop_ports" != "disable" ] && {
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_proxy_drop_ports "udp dport") ip6 daddr @$NFTSET_SHUNTLIST6 counter drop comment \"$remarks\"" 2>/dev/null
|
||||
nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_proxy_drop_ports "udp dport") ip6 daddr @$NFTSET_BLACKLIST6 counter drop comment \"$remarks\"" 2>/dev/null
|
||||
[ "$udp_proxy_mode" != "direct/proxy" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_proxy_drop_ports "udp dport") $(get_nftset_ipv6 $udp_proxy_mode) counter drop comment \"$remarks\"" 2>/dev/null
|
||||
[ "${use_proxy_list}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_proxy_drop_ports "udp dport") ip6 daddr @$NFTSET_BLACKLIST6 counter drop comment \"$remarks\"" 2>/dev/null
|
||||
[ "${use_gfw_list}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_proxy_drop_ports "udp dport") ip6 daddr @$NFTSET_GFW6 counter drop comment \"$remarks\"" 2>/dev/null
|
||||
[ "${chn_list}" != "0" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_proxy_drop_ports "udp dport") ip6 daddr @$NFTSET_CHN6 $(get_jump_ipt ${chn_list} "counter drop") comment \"$remarks\"" 2>/dev/null
|
||||
[ "${udp_proxy_mode}" != "disable" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_proxy_drop_ports "udp dport") counter drop comment \"$remarks\"" 2>/dev/null
|
||||
}
|
||||
nft "add rule inet fw4 PSW_MANGLE ip protocol udp ${_ipt_source} $(factor $udp_proxy_drop_ports "udp dport") ip daddr $FAKE_IP counter drop comment \"$remarks\"" 2>/dev/null
|
||||
nft "add rule inet fw4 PSW_MANGLE ip protocol udp ${_ipt_source} $(factor $udp_proxy_drop_ports "udp dport") ip daddr @$NFTSET_SHUNTLIST counter drop comment \"$remarks\"" 2>/dev/null
|
||||
nft "add rule inet fw4 PSW_MANGLE ip protocol udp ${_ipt_source} $(factor $udp_proxy_drop_ports "udp dport") ip daddr @$NFTSET_BLACKLIST counter drop comment \"$remarks\"" 2>/dev/null
|
||||
[ "$udp_proxy_mode" != "direct/proxy" ] && nft "add rule inet fw4 PSW_MANGLE ip protocol udp ${_ipt_source} $(factor $udp_proxy_drop_ports "udp dport") $(get_nftset_ipv4 $udp_proxy_mode) counter drop comment \"$remarks\"" 2>/dev/null
|
||||
[ "${use_proxy_list}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE ip protocol udp ${_ipt_source} $(factor $udp_proxy_drop_ports "udp dport") ip daddr @$NFTSET_BLACKLIST counter drop comment \"$remarks\"" 2>/dev/null
|
||||
[ "${use_gfw_list}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE ip protocol udp ${_ipt_source} $(factor $udp_proxy_drop_ports "udp dport") ip daddr @$NFTSET_GFW counter drop comment \"$remarks\"" 2>/dev/null
|
||||
[ "${chn_list}" != "0" ] && nft "add rule inet fw4 PSW_MANGLE ip protocol udp ${_ipt_source} $(factor $udp_proxy_drop_ports "udp dport") ip daddr @$NFTSET_CHN $(get_jump_ipt ${chn_list} "counter drop") comment \"$remarks\"" 2>/dev/null
|
||||
[ "${udp_proxy_mode}" != "disable" ] && nft "add rule inet fw4 PSW_MANGLE ip protocol udp ${_ipt_source} $(factor $udp_proxy_drop_ports "udp dport") counter drop comment \"$remarks\"" 2>/dev/null
|
||||
msg2="${msg2}[$?],屏蔽代理UDP 端口:${udp_proxy_drop_ports}"
|
||||
}
|
||||
|
||||
[ -n "$udp_port" ] && {
|
||||
if [ "$udp_proxy_mode" != "disable" ]; then
|
||||
if [ -n "${udp_proxy_mode}" ]; then
|
||||
msg2="${msg}使用UDP节点[$udp_node_remark] [$(get_action_chain_name $udp_proxy_mode)]"
|
||||
msg2="${msg2}(TPROXY:${udp_port})代理"
|
||||
[ "$udp_no_redir_ports" != "disable" ] && {
|
||||
|
|
@ -444,14 +411,18 @@ load_acl() {
|
|||
|
||||
nft "add rule inet fw4 PSW_MANGLE ip protocol udp ${_ipt_source} ip daddr $FAKE_IP counter jump PSW_RULE comment \"$remarks\""
|
||||
nft "add rule inet fw4 PSW_MANGLE ip protocol udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") ip daddr @$NFTSET_SHUNTLIST counter jump PSW_RULE comment \"$remarks\""
|
||||
nft "add rule inet fw4 PSW_MANGLE ip protocol udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") ip daddr @$NFTSET_BLACKLIST counter jump PSW_RULE comment \"$remarks\""
|
||||
[ "$udp_proxy_mode" != "direct/proxy" ] && nft "add rule inet fw4 PSW_MANGLE ip protocol udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") $(get_nftset_ipv4 $udp_proxy_mode) jump PSW_RULE comment \"$remarks\""
|
||||
[ "${use_proxy_list}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE ip protocol udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") ip daddr @$NFTSET_BLACKLIST counter jump PSW_RULE comment \"$remarks\""
|
||||
[ "${use_gfw_list}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE ip protocol udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") ip daddr @$NFTSET_GFW counter jump PSW_RULE comment \"$remarks\""
|
||||
[ "${chn_list}" != "0" ] && nft "add rule inet fw4 PSW_MANGLE ip protocol udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") ip daddr @$NFTSET_CHN $(get_jump_ipt ${chn_list} "counter jump PSW_RULE") comment \"$remarks\""
|
||||
[ "${udp_proxy_mode}" != "disable" ] && nft "add rule inet fw4 PSW_MANGLE ip protocol udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") counter jump PSW_RULE comment \"$remarks\""
|
||||
nft "add rule inet fw4 PSW_MANGLE ip protocol udp ${_ipt_source} $(REDIRECT $udp_port TPROXY4) comment \"$remarks\""
|
||||
|
||||
[ "$PROXY_IPV6" == "1" ] && [ "$PROXY_IPV6_UDP" == "1" ] && {
|
||||
nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") ip6 daddr @$NFTSET_SHUNTLIST6 counter jump PSW_RULE comment \"$remarks\"" 2>/dev/null
|
||||
nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") ip6 daddr @$NFTSET_BLACKLIST6 counter jump PSW_RULE comment \"$remarks\"" 2>/dev/null
|
||||
[ "$udp_proxy_mode" != "direct/proxy" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") $(get_nftset_ipv6 $udp_proxy_mode) counter jump PSW_RULE comment \"$remarks\"" 2>/dev/null
|
||||
[ "${use_proxy_list}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") ip6 daddr @$NFTSET_BLACKLIST6 counter jump PSW_RULE comment \"$remarks\"" 2>/dev/null
|
||||
[ "${use_gfw_list}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") ip6 daddr @$NFTSET_GFW6 counter jump PSW_RULE comment \"$remarks\"" 2>/dev/null
|
||||
[ "${chn_list}" != "0" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") ip6 daddr @$NFTSET_CHN6 $(get_jump_ipt ${chn_list} "counter jump PSW_RULE") comment \"$remarks\"" 2>/dev/null
|
||||
[ "${udp_proxy_mode}" != "disable" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") counter jump PSW_RULE comment \"$remarks\"" 2>/dev/null
|
||||
nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp ${_ipt_source} $(REDIRECT $udp_port TPROXY) comment \"$remarks\"" 2>/dev/null
|
||||
}
|
||||
else
|
||||
|
|
@ -462,28 +433,40 @@ load_acl() {
|
|||
nft "add rule inet fw4 PSW_MANGLE ip protocol udp ${_ipt_source} counter return comment \"$remarks\""
|
||||
nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp ${_ipt_source} counter return comment \"$remarks\"" 2>/dev/null
|
||||
done
|
||||
unset enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node
|
||||
unset enabled sid remarks sources use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node
|
||||
unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark
|
||||
unset msg msg2
|
||||
done
|
||||
}
|
||||
|
||||
[ "$ENABLED_DEFAULT_ACL" == 1 ] && {
|
||||
[ "${USE_DIRECT_LIST}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE ip daddr @$NFTSET_WHITELIST counter return comment \"$remarks\""
|
||||
[ "${USE_DIRECT_LIST}" = "1" ] && [ -z "${is_tproxy}" ] && nft "add rule inet fw4 PSW_NAT ip daddr @$NFTSET_WHITELIST counter return comment \"$remarks\""
|
||||
[ "${USE_BLOCK_LIST}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE ip daddr @$NFTSET_BLOCKLIST counter drop comment \"$remarks\""
|
||||
[ "${USE_BLOCK_LIST}" = "1" ] && [ -z "${is_tproxy}" ] && nft "add rule inet fw4 PSW_NAT ip daddr @$NFTSET_BLOCKLIST counter drop comment \"$remarks\""
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
[ "${USE_DIRECT_LIST}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE_V6 ip6 daddr @$NFTSET_WHITELIST6 counter return comment \"$remarks\""
|
||||
[ "${USE_BLOCK_LIST}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE_V6 ip6 daddr @$NFTSET_BLOCKLIST6 counter drop comment \"$remarks\""
|
||||
}
|
||||
# 加载TCP默认代理模式
|
||||
[ "$TCP_PROXY_DROP_PORTS" != "disable" ] && {
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp $(factor $TCP_PROXY_DROP_PORTS "tcp dport") ip6 daddr @$NFTSET_SHUNTLIST6 counter drop comment \"默认\""
|
||||
nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp $(factor $TCP_PROXY_DROP_PORTS "tcp dport") ip6 daddr @$NFTSET_BLACKLIST6 counter drop comment \"默认\""
|
||||
[ "$TCP_PROXY_MODE" != "direct/proxy" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp $(factor $TCP_PROXY_DROP_PORTS "tcp dport") $(get_nftset_ipv6 $TCP_PROXY_MODE) counter drop comment \"默认\""
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp $(factor $TCP_PROXY_DROP_PORTS "tcp dport") ip6 daddr @$NFTSET_BLACKLIST6 counter drop comment \"默认\""
|
||||
[ "${USE_GFW_LIST}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp $(factor $TCP_PROXY_DROP_PORTS "tcp dport") ip6 daddr @$NFTSET_GFW6 counter drop comment \"默认\""
|
||||
[ "${CHN_LIST}" != "0" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp $(factor $TCP_PROXY_DROP_PORTS "tcp dport") ip6 daddr @$NFTSET_CHN6 $(get_jump_ipt ${CHN_LIST} "counter drop") comment \"默认\""
|
||||
[ "${TCP_PROXY_MODE}" != "disable" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp $(factor $TCP_PROXY_DROP_PORTS "tcp dport") counter drop comment \"默认\""
|
||||
}
|
||||
|
||||
nft "add inet fw4 $nft_prerouting_chain ip protocol tcp $(factor $TCP_PROXY_DROP_PORTS "tcp dport") ip daddr $FAKE_IP counter drop comment \"默认\""
|
||||
nft "add inet fw4 $nft_prerouting_chain ip protocol tcp $(factor $TCP_PROXY_DROP_PORTS "tcp dport") ip daddr @$NFTSET_SHUNTLIST counter drop comment \"默认\""
|
||||
nft "add inet fw4 $nft_prerouting_chain ip protocol tcp $(factor $TCP_PROXY_DROP_PORTS "tcp dport") ip daddr @$NFTSET_BLACKLIST counter drop comment \"默认\""
|
||||
[ "$TCP_PROXY_MODE" != "direct/proxy" ] && nft "add inet fw4 $nft_prerouting_chain ip protocol tcp $(factor $TCP_PROXY_DROP_PORTS "tcp dport") $(get_nftset_ipv4 $TCP_PROXY_MODE) counter drop comment \"默认\""
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && nft "add inet fw4 $nft_prerouting_chain ip protocol tcp $(factor $TCP_PROXY_DROP_PORTS "tcp dport") ip daddr @$NFTSET_BLACKLIST counter drop comment \"默认\""
|
||||
[ "${USE_GFW_LIST}" = "1" ] && nft "add inet fw4 $nft_prerouting_chain ip protocol tcp $(factor $TCP_PROXY_DROP_PORTS "tcp dport") ip daddr @$NFTSET_GFW counter drop comment \"默认\""
|
||||
[ "${CHN_LIST}" != "0" ] && nft "add inet fw4 $nft_prerouting_chain ip protocol tcp $(factor $TCP_PROXY_DROP_PORTS "tcp dport") ip daddr @$NFTSET_CHN $(get_jump_ipt ${CHN_LIST} "counter drop") comment \"默认\""
|
||||
[ "${TCP_PROXY_MODE}" != "disable" ] && nft "add inet fw4 $nft_prerouting_chain ip protocol tcp $(factor $TCP_PROXY_DROP_PORTS "tcp dport") counter drop comment \"默认\""
|
||||
}
|
||||
|
||||
if [ "$TCP_PROXY_MODE" != "disable" ]; then
|
||||
if [ -n "${TCP_PROXY_MODE}" ]; then
|
||||
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && {
|
||||
nft add rule inet fw4 $nft_prerouting_chain ip protocol tcp $(factor $TCP_NO_REDIR_PORTS "tcp dport") counter return comment \"默认\"
|
||||
nft add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp $(factor $TCP_NO_REDIR_PORTS "tcp dport") counter return comment \"默认\"
|
||||
|
|
@ -500,39 +483,51 @@ load_acl() {
|
|||
msg="${msg}所有端口"
|
||||
|
||||
[ "$accept_icmp" = "1" ] && {
|
||||
[ "${USE_DIRECT_LIST}" = "1" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT ip daddr @$NFTSET_WHITELIST counter return comment \"默认\""
|
||||
nft "add rule inet fw4 PSW_ICMP_REDIRECT ip protocol icmp ip daddr $FAKE_IP $(REDIRECT) comment \"默认\""
|
||||
nft "add rule inet fw4 PSW_ICMP_REDIRECT ip protocol icmp ip daddr @$NFTSET_SHUNTLIST $(REDIRECT) comment \"默认\""
|
||||
nft "add rule inet fw4 PSW_ICMP_REDIRECT ip protocol icmp ip daddr @$NFTSET_BLACKLIST $(REDIRECT) comment \"默认\""
|
||||
[ "$TCP_PROXY_MODE" != "direct/proxy" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT ip protocol icmp $(get_redirect_ipv4 $TCP_PROXY_MODE) comment \"默认\""
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT ip protocol icmp ip daddr @$NFTSET_BLACKLIST $(REDIRECT) comment \"默认\""
|
||||
[ "${USE_GFW_LIST}" = "1" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT ip protocol icmp ip daddr @$NFTSET_GFW $(REDIRECT) comment \"默认\""
|
||||
[ "${CHN_LIST}" != "0" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT ip protocol icmp ip daddr @$NFTSET_CHN $(get_jump_ipt ${CHN_LIST}) comment \"默认\""
|
||||
[ "${TCP_PROXY_MODE}" != "disable" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT ip protocol icmp $(REDIRECT) comment \"默认\""
|
||||
nft "add rule inet fw4 PSW_ICMP_REDIRECT ip protocol icmp return comment \"默认\""
|
||||
}
|
||||
|
||||
[ "$accept_icmpv6" = "1" ] && [ "$PROXY_IPV6" == "1" ] && {
|
||||
[ "${USE_DIRECT_LIST}" = "1" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT ip6 daddr @$NFTSET_WHITELIST6 counter return comment \"默认\""
|
||||
nft "add rule inet fw4 PSW_ICMP_REDIRECT meta l4proto icmpv6 ip6 daddr @$NFTSET_SHUNTLIST6 $(REDIRECT) comment \"默认\""
|
||||
nft "add rule inet fw4 PSW_ICMP_REDIRECT meta l4proto icmpv6 ip6 daddr @$NFTSET_BLACKLIST6 $(REDIRECT) comment \"默认\""
|
||||
[ "$TCP_PROXY_MODE" != "direct/proxy" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT meta l4proto icmpv6 $(get_redirect_ipv6 $TCP_PROXY_MODE) comment \"默认\""
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT meta l4proto icmpv6 ip6 daddr @$NFTSET_BLACKLIST6 $(REDIRECT) comment \"默认\""
|
||||
[ "${USE_GFW_LIST}" = "1" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT meta l4proto icmpv6 ip6 daddr @$NFTSET_GFW6 $(REDIRECT) comment \"默认\""
|
||||
[ "${CHN_LIST}" != "0" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT meta l4proto icmpv6 ip6 daddr @$NFTSET_CHN6 $(get_jump_ipt ${CHN_LIST}) comment \"默认\""
|
||||
[ "${TCP_PROXY_MODE}" != "disable" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT meta l4proto icmpv6 $(REDIRECT) comment \"默认\""
|
||||
nft "add rule inet fw4 PSW_ICMP_REDIRECT meta l4proto icmpv6 return comment \"默认\""
|
||||
}
|
||||
|
||||
if [ -z "${is_tproxy}" ]; then
|
||||
nft "add rule inet fw4 PSW_NAT ip protocol tcp ip daddr $FAKE_IP $(REDIRECT $TCP_REDIR_PORT) comment \"默认\""
|
||||
nft "add rule inet fw4 PSW_NAT ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") ip daddr @$NFTSET_SHUNTLIST $(REDIRECT $TCP_REDIR_PORT) comment \"默认\""
|
||||
nft "add rule inet fw4 PSW_NAT ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") ip daddr @$NFTSET_BLACKLIST $(REDIRECT $TCP_REDIR_PORT) comment \"默认\""
|
||||
[ "$TCP_PROXY_MODE" != "direct/proxy" ] && nft "add rule inet fw4 PSW_NAT ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") $(get_redirect_ipv4 $TCP_PROXY_MODE $TCP_REDIR_PORT) comment \"默认\""
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && nft "add rule inet fw4 PSW_NAT ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") ip daddr @$NFTSET_BLACKLIST $(REDIRECT $TCP_REDIR_PORT) comment \"默认\""
|
||||
[ "${USE_GFW_LIST}" = "1" ] && nft "add rule inet fw4 PSW_NAT ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") ip daddr @$NFTSET_GFW $(REDIRECT $TCP_REDIR_PORT) comment \"默认\""
|
||||
[ "${CHN_LIST}" != "0" ] && nft "add rule inet fw4 PSW_NAT ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") ip daddr @$NFTSET_CHN $(get_jump_ipt ${CHN_LIST} $TCP_REDIR_PORT) comment \"默认\""
|
||||
[ "${TCP_PROXY_MODE}" != "disable" ] && nft "add rule inet fw4 PSW_NAT ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") $(REDIRECT $TCP_REDIR_PORT) comment \"默认\""
|
||||
nft "add rule inet fw4 PSW_NAT ip protocol tcp counter return comment \"默认\""
|
||||
else
|
||||
nft "add rule inet fw4 PSW_MANGLE ip protocol tcp ip daddr $FAKE_IP counter jump PSW_RULE comment \"默认\""
|
||||
nft "add rule inet fw4 PSW_MANGLE ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") ip daddr @$NFTSET_SHUNTLIST counter jump PSW_RULE comment \"默认\""
|
||||
nft "add rule inet fw4 PSW_MANGLE ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") ip daddr @$NFTSET_BLACKLIST counter jump PSW_RULE comment \"默认\""
|
||||
[ "$TCP_PROXY_MODE" != "direct/proxy" ] && nft "add rule inet fw4 PSW_MANGLE ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") $(get_nftset_ipv4 $TCP_PROXY_MODE) jump PSW_RULE comment \"默认\""
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") ip daddr @$NFTSET_BLACKLIST counter jump PSW_RULE comment \"默认\""
|
||||
[ "${USE_GFW_LIST}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") ip daddr @$NFTSET_GFW counter jump PSW_RULE comment \"默认\""
|
||||
[ "${CHN_LIST}" != "0" ] && nft "add rule inet fw4 PSW_MANGLE ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") ip daddr @$NFTSET_CHN $(get_jump_ipt ${CHN_LIST} "counter jump PSW_RULE") comment \"默认\""
|
||||
[ "${TCP_PROXY_MODE}" != "disable" ] && nft "add rule inet fw4 PSW_MANGLE ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") counter jump PSW_RULE comment \"默认\""
|
||||
nft "add rule inet fw4 PSW_MANGLE meta l4proto tcp $(REDIRECT $TCP_REDIR_PORT TPROXY) comment \"默认\""
|
||||
nft "add rule inet fw4 PSW_MANGLE ip protocol tcp counter return comment \"默认\""
|
||||
fi
|
||||
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp $(factor $TCP_REDIR_PORTS "tcp dport") ip6 daddr @$NFTSET_SHUNTLIST6 counter jump PSW_RULE comment \"默认\""
|
||||
nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp $(factor $TCP_REDIR_PORTS "tcp dport") ip6 daddr @$NFTSET_BLACKLIST6 counter jump PSW_RULE comment \"默认\""
|
||||
[ "$TCP_PROXY_MODE" != "direct/proxy" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp $(factor $TCP_REDIR_PORTS "tcp dport") $(get_nftset_ipv6 $TCP_PROXY_MODE) jump PSW_RULE comment \"默认\""
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp $(factor $TCP_REDIR_PORTS "tcp dport") ip6 daddr @$NFTSET_BLACKLIST6 counter jump PSW_RULE comment \"默认\""
|
||||
[ "${USE_GFW_LIST}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp $(factor $TCP_REDIR_PORTS "tcp dport") ip6 daddr @$NFTSET_GFW6 counter jump PSW_RULE comment \"默认\""
|
||||
[ "${CHN_LIST}" != "0" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp $(factor $TCP_REDIR_PORTS "tcp dport") ip6 daddr @$NFTSET_CHN6 $(get_jump_ipt ${CHN_LIST} "counter jump PSW_RULE") comment \"默认\""
|
||||
[ "${TCP_PROXY_MODE}" != "disable" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp $(factor $TCP_REDIR_PORTS "tcp dport") counter jump PSW_RULE comment \"默认\""
|
||||
nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp $(REDIRECT $TCP_REDIR_PORT TPROXY) comment \"默认\""
|
||||
nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp counter return comment \"默认\""
|
||||
}
|
||||
|
|
@ -545,15 +540,19 @@ load_acl() {
|
|||
[ "$UDP_PROXY_DROP_PORTS" != "disable" ] && {
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp $(factor $UDP_PROXY_DROP_PORTS "udp dport") ip6 daddr @$NFTSET_SHUNTLIST6 counter drop comment \"默认\""
|
||||
nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp $(factor $UDP_PROXY_DROP_PORTS "udp dport") ip6 daddr @$NFTSET_BLACKLIST6 counter drop comment \"默认\""
|
||||
[ "$UDP_PROXY_MODE" != "direct/proxy" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp $(factor $UDP_PROXY_DROP_PORTS "udp dport") $(get_nftset_ipv6 $UDP_PROXY_MODE) counter drop comment \"默认\""
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp $(factor $UDP_PROXY_DROP_PORTS "udp dport") ip6 daddr @$NFTSET_BLACKLIST6 counter drop comment \"默认\""
|
||||
[ "${USE_GFW_LIST}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp $(factor $UDP_PROXY_DROP_PORTS "udp dport") ip6 daddr @$NFTSET_GFW6 counter drop comment \"默认\""
|
||||
[ "${CHN_LIST}" != "0" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp $(factor $UDP_PROXY_DROP_PORTS "udp dport") ip6 daddr @$NFTSET_CHN6 $(get_jump_ipt ${CHN_LIST} "counter drop") comment \"默认\""
|
||||
[ "${UDP_PROXY_MODE}" != "disable" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp $(factor $UDP_PROXY_DROP_PORTS "udp dport") counter drop comment \"默认\""
|
||||
}
|
||||
nft "add rule inet fw4 PSW_MANGLE $(factor $UDP_PROXY_DROP_PORTS "udp dport") ip daddr $FAKE_IP counter drop comment \"默认\""
|
||||
nft "add rule inet fw4 PSW_MANGLE $(factor $UDP_PROXY_DROP_PORTS "udp dport") ip daddr @$NFTSET_SHUNTLIST counter drop comment \"默认\""
|
||||
nft "add rule inet fw4 PSW_MANGLE $(factor $UDP_PROXY_DROP_PORTS "udp dport") ip daddr @$NFTSET_BLACKLIST counter drop comment \"默认\""
|
||||
[ "$UDP_PROXY_MODE" != "direct/proxy" ] && nft "add inet fw4 PSW_MANGLE ip protocol udp $(factor $UDP_PROXY_DROP_PORTS "udp dport") $(get_nftset_ipv4 $UDP_PROXY_MODE) counter drop comment \"默认\""
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE $(factor $UDP_PROXY_DROP_PORTS "udp dport") ip daddr @$NFTSET_BLACKLIST counter drop comment \"默认\""
|
||||
[ "${USE_GFW_LIST}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE $(factor $UDP_PROXY_DROP_PORTS "udp dport") ip daddr @$NFTSET_GFW counter drop comment \"默认\""
|
||||
[ "${CHN_LIST}" != "0" ] && nft "add rule inet fw4 PSW_MANGLE $(factor $UDP_PROXY_DROP_PORTS "udp dport") ip daddr @$NFTSET_CHN $(get_jump_ipt ${CHN_LIST} "counter drop") comment \"默认\""
|
||||
[ "${UDP_PROXY_MODE}" != "disable" ] && nft "add inet fw4 PSW_MANGLE ip protocol udp $(factor $UDP_PROXY_DROP_PORTS "udp dport") counter drop comment \"默认\""
|
||||
}
|
||||
if [ "$UDP_PROXY_MODE" != "disable" ]; then
|
||||
if [ -n "${UDP_PROXY_MODE}" ]; then
|
||||
[ "$UDP_NO_REDIR_PORTS" != "disable" ] && {
|
||||
nft "add inet fw4 PSW_MANGLE ip protocol udp $(factor $UDP_NO_REDIR_PORTS "udp dport") counter return comment \"默认\""
|
||||
nft "add inet fw4 PSW_MANGLE_V6 counter meta l4proto udp $(factor $UDP_NO_REDIR_PORTS "udp dport") counter return comment \"默认\""
|
||||
|
|
@ -568,15 +567,19 @@ load_acl() {
|
|||
|
||||
nft "add rule inet fw4 PSW_MANGLE ip protocol udp ip daddr $FAKE_IP counter jump PSW_RULE comment \"默认\""
|
||||
nft "add rule inet fw4 PSW_MANGLE ip protocol udp $(factor $UDP_REDIR_PORTS "udp dport") ip daddr @$NFTSET_SHUNTLIST counter jump PSW_RULE comment \"默认\""
|
||||
nft "add rule inet fw4 PSW_MANGLE ip protocol udp $(factor $UDP_REDIR_PORTS "udp dport") ip daddr @$NFTSET_BLACKLIST counter jump PSW_RULE comment \"默认\""
|
||||
[ "$UDP_PROXY_MODE" != "direct/proxy" ] && nft "add rule inet fw4 PSW_MANGLE ip protocol udp $(factor $UDP_REDIR_PORTS "udp dport") $(get_nftset_ipv4 $UDP_PROXY_MODE) jump PSW_RULE comment \"默认\""
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE ip protocol udp $(factor $UDP_REDIR_PORTS "udp dport") ip daddr @$NFTSET_BLACKLIST counter jump PSW_RULE comment \"默认\""
|
||||
[ "${USE_GFW_LIST}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE ip protocol udp $(factor $UDP_REDIR_PORTS "udp dport") ip daddr @$NFTSET_GFW counter jump PSW_RULE comment \"默认\""
|
||||
[ "${CHN_LIST}" != "0" ] && nft "add rule inet fw4 PSW_MANGLE ip protocol udp $(factor $UDP_REDIR_PORTS "udp dport") ip daddr @$NFTSET_CHN $(get_jump_ipt ${CHN_LIST} "counter jump PSW_RULE") comment \"默认\""
|
||||
[ "${UDP_PROXY_MODE}" != "disable" ] && nft "add rule inet fw4 PSW_MANGLE ip protocol udp $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW_RULE comment \"默认\""
|
||||
nft "add rule inet fw4 PSW_MANGLE meta l4proto udp $(REDIRECT $UDP_REDIR_PORT TPROXY) comment \"默认\""
|
||||
nft "add rule inet fw4 PSW_MANGLE ip protocol udp counter return comment \"默认\""
|
||||
|
||||
[ "$PROXY_IPV6" == "1" ] && [ "$PROXY_IPV6_UDP" == "1" ] && {
|
||||
nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") ip6 daddr @$NFTSET_SHUNTLIST6 counter jump PSW_RULE comment \"默认\""
|
||||
nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") ip6 daddr @$NFTSET_BLACKLIST6 counter jump PSW_RULE comment \"默认\""
|
||||
[ "$UDP_PROXY_MODE" != "direct/proxy" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") $(get_nftset_ipv6 $UDP_PROXY_MODE) jump PSW_RULE comment \"默认\""
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") ip6 daddr @$NFTSET_BLACKLIST6 counter jump PSW_RULE comment \"默认\""
|
||||
[ "${USE_GFW_LIST}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") ip6 daddr @$NFTSET_GFW6 counter jump PSW_RULE comment \"默认\""
|
||||
[ "${CHN_LIST}" != "0" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") ip6 daddr @$NFTSET_CHN6 $(get_jump_ipt ${CHN_LIST} "counter jump PSW_RULE") comment \"默认\""
|
||||
[ "${UDP_PROXY_MODE}" != "disable" ] && nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW_RULE comment \"默认\""
|
||||
nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp $(REDIRECT $UDP_REDIR_PORT TPROXY) comment \"默认\""
|
||||
nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp counter return comment \"默认\""
|
||||
}
|
||||
|
|
@ -831,16 +834,14 @@ add_firewall_rule() {
|
|||
nft "flush chain inet fw4 PSW_MANGLE"
|
||||
nft "add rule inet fw4 PSW_MANGLE ip daddr @$NFTSET_LANLIST counter return"
|
||||
nft "add rule inet fw4 PSW_MANGLE ip daddr @$NFTSET_VPSLIST counter return"
|
||||
nft "add rule inet fw4 PSW_MANGLE ip daddr @$NFTSET_WHITELIST counter return"
|
||||
nft "add rule inet fw4 PSW_MANGLE ip daddr @$NFTSET_BLOCKLIST counter drop"
|
||||
|
||||
nft "add chain inet fw4 PSW_OUTPUT_MANGLE"
|
||||
nft "flush chain inet fw4 PSW_OUTPUT_MANGLE"
|
||||
nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_LANLIST counter return"
|
||||
nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_VPSLIST counter return"
|
||||
nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_WHITELIST counter return"
|
||||
[ "${USE_DIRECT_LIST}" = "1" ] && nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_WHITELIST counter return"
|
||||
nft "add rule inet fw4 PSW_OUTPUT_MANGLE meta mark 0xff counter return"
|
||||
nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_BLOCKLIST counter drop"
|
||||
[ "${USE_BLOCK_LIST}" = "1" ] && nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_BLOCKLIST counter drop"
|
||||
|
||||
# jump chains
|
||||
nft "add rule inet fw4 mangle_prerouting meta nfproto {ipv4} counter jump PSW_MANGLE"
|
||||
|
|
@ -852,17 +853,15 @@ add_firewall_rule() {
|
|||
nft "flush chain inet fw4 PSW_NAT"
|
||||
nft "add rule inet fw4 PSW_NAT ip daddr @$NFTSET_LANLIST counter return"
|
||||
nft "add rule inet fw4 PSW_NAT ip daddr @$NFTSET_VPSLIST counter return"
|
||||
nft "add rule inet fw4 PSW_NAT ip daddr @$NFTSET_WHITELIST counter return"
|
||||
nft "add rule inet fw4 PSW_NAT ip daddr @$NFTSET_BLOCKLIST counter drop"
|
||||
nft "add rule inet fw4 dstnat ip protocol tcp counter jump PSW_NAT"
|
||||
|
||||
nft "add chain inet fw4 PSW_OUTPUT_NAT"
|
||||
nft "flush chain inet fw4 PSW_OUTPUT_NAT"
|
||||
nft "add rule inet fw4 PSW_OUTPUT_NAT ip daddr @$NFTSET_LANLIST counter return"
|
||||
nft "add rule inet fw4 PSW_OUTPUT_NAT ip daddr @$NFTSET_VPSLIST counter return"
|
||||
nft "add rule inet fw4 PSW_OUTPUT_NAT ip daddr @$NFTSET_WHITELIST counter return"
|
||||
[ "${USE_DIRECT_LIST}" = "1" ] && nft "add rule inet fw4 PSW_OUTPUT_NAT ip daddr @$NFTSET_WHITELIST counter return"
|
||||
nft "add rule inet fw4 PSW_OUTPUT_NAT meta mark 0xff counter return"
|
||||
nft "add rule inet fw4 PSW_OUTPUT_NAT ip daddr @$NFTSET_BLOCKLIST counter drop"
|
||||
[ "${USE_BLOCK_LIST}" = "1" ] && nft "add rule inet fw4 PSW_OUTPUT_NAT ip daddr @$NFTSET_BLOCKLIST counter drop"
|
||||
}
|
||||
|
||||
#icmp ipv6-icmp redirect
|
||||
|
|
@ -871,12 +870,10 @@ add_firewall_rule() {
|
|||
nft "flush chain inet fw4 PSW_ICMP_REDIRECT"
|
||||
nft "add rule inet fw4 PSW_ICMP_REDIRECT ip daddr @$NFTSET_LANLIST counter return"
|
||||
nft "add rule inet fw4 PSW_ICMP_REDIRECT ip daddr @$NFTSET_VPSLIST counter return"
|
||||
nft "add rule inet fw4 PSW_ICMP_REDIRECT ip daddr @$NFTSET_WHITELIST counter return"
|
||||
|
||||
[ "$accept_icmpv6" = "1" ] && {
|
||||
nft "add rule inet fw4 PSW_ICMP_REDIRECT ip6 daddr @$NFTSET_LANLIST6 counter return"
|
||||
nft "add rule inet fw4 PSW_ICMP_REDIRECT ip6 daddr @$NFTSET_VPSLIST6 counter return"
|
||||
nft "add rule inet fw4 PSW_ICMP_REDIRECT ip6 daddr @$NFTSET_WHITELIST6 counter return"
|
||||
}
|
||||
|
||||
nft "add rule inet fw4 dstnat meta l4proto {icmp,icmpv6} counter jump PSW_ICMP_REDIRECT"
|
||||
|
|
@ -897,16 +894,14 @@ add_firewall_rule() {
|
|||
nft "flush chain inet fw4 PSW_MANGLE_V6"
|
||||
nft "add rule inet fw4 PSW_MANGLE_V6 ip6 daddr @$NFTSET_LANLIST6 counter return"
|
||||
nft "add rule inet fw4 PSW_MANGLE_V6 ip6 daddr @$NFTSET_VPSLIST6 counter return"
|
||||
nft "add rule inet fw4 PSW_MANGLE_V6 ip6 daddr @$NFTSET_WHITELIST6 counter return"
|
||||
nft "add rule inet fw4 PSW_MANGLE_V6 ip6 daddr @$NFTSET_BLOCKLIST6 counter drop"
|
||||
|
||||
nft "add chain inet fw4 PSW_OUTPUT_MANGLE_V6"
|
||||
nft "flush chain inet fw4 PSW_OUTPUT_MANGLE_V6"
|
||||
nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 ip6 daddr @$NFTSET_LANLIST6 counter return"
|
||||
nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 ip6 daddr @$NFTSET_VPSLIST6 counter return"
|
||||
nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 ip6 daddr @$NFTSET_WHITELIST6 counter return"
|
||||
[ "${USE_DIRECT_LIST}" = "1" ] && nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 ip6 daddr @$NFTSET_WHITELIST6 counter return"
|
||||
nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 meta mark 0xff counter return"
|
||||
nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 ip6 daddr @$NFTSET_BLOCKLIST6 counter drop"
|
||||
[ "${USE_BLOCK_LIST}" = "1" ] && nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 ip6 daddr @$NFTSET_BLOCKLIST6 counter drop"
|
||||
|
||||
# jump chains
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
|
|
@ -965,15 +960,19 @@ add_firewall_rule() {
|
|||
[ "$accept_icmp" = "1" ] && {
|
||||
nft "add rule inet fw4 PSW_ICMP_REDIRECT oif lo ip protocol icmp ip daddr $FAKE_IP counter redirect"
|
||||
nft "add rule inet fw4 PSW_ICMP_REDIRECT oif lo ip protocol icmp ip daddr @$NFTSET_SHUNTLIST counter redirect"
|
||||
nft "add rule inet fw4 PSW_ICMP_REDIRECT oif lo ip protocol icmp ip daddr @$NFTSET_BLACKLIST counter redirect"
|
||||
[ "$LOCALHOST_TCP_PROXY_MODE" != "direct/proxy" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT oif lo ip protocol icmp $(get_nftset_ipv4 $LOCALHOST_TCP_PROXY_MODE) counter redirect"
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT oif lo ip protocol icmp ip daddr @$NFTSET_BLACKLIST counter redirect"
|
||||
[ "${USE_GFW_LIST}" = "1" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT oif lo ip protocol icmp ip daddr @$NFTSET_GFW counter redirect"
|
||||
[ "${CHN_LIST}" != "0" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT oif lo ip protocol icmp ip daddr @$NFTSET_CHN $(get_jump_ipt ${CHN_LIST})"
|
||||
[ "${LOCALHOST_TCP_PROXY_MODE}" != "disable" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT oif lo ip protocol icmp counter redirect"
|
||||
nft "add rule inet fw4 PSW_ICMP_REDIRECT oif lo ip protocol icmp counter return"
|
||||
}
|
||||
|
||||
[ "$accept_icmpv6" = "1" ] && {
|
||||
nft "add rule inet fw4 PSW_ICMP_REDIRECT oif lo meta l4proto icmpv6 ip6 daddr @$NFTSET_SHUNTLIST6 counter redirect"
|
||||
nft "add rule inet fw4 PSW_ICMP_REDIRECT oif lo meta l4proto icmpv6 ip6 daddr @$NFTSET_BLACKLIST6 counter redirect"
|
||||
[ "$LOCALHOST_TCP_PROXY_MODE" != "direct/proxy" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT oif lo meta l4proto icmpv6 $(get_nftset_ipv6 $LOCALHOST_TCP_PROXY_MODE) counter redirect"
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT oif lo meta l4proto icmpv6 ip6 daddr @$NFTSET_BLACKLIST6 counter redirect"
|
||||
[ "${USE_GFW_LIST}" = "1" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT oif lo meta l4proto icmpv6 ip6 daddr @$NFTSET_GFW6 counter redirect"
|
||||
[ "${CHN_LIST}" != "0" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT oif lo meta l4proto icmpv6 ip6 daddr @$NFTSET_CHN6 $(get_jump_ipt ${CHN_LIST})"
|
||||
[ "${LOCALHOST_TCP_PROXY_MODE}" != "disable" ] && nft "add rule inet fw4 PSW_ICMP_REDIRECT oif lo meta l4proto icmpv6 counter redirect"
|
||||
nft "add rule inet fw4 PSW_ICMP_REDIRECT oif lo meta l4proto icmpv6 counter return"
|
||||
}
|
||||
|
||||
|
|
@ -1003,28 +1002,34 @@ add_firewall_rule() {
|
|||
nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 meta l4proto tcp $(factor $TCP_NO_REDIR_PORTS "tcp dport") counter return"
|
||||
echolog " - [$?]不代理TCP 端口:$TCP_NO_REDIR_PORTS"
|
||||
}
|
||||
[ "$TCP_PROXY_DROP_PORTS" != "disable" ] && [ "$LOCALHOST_TCP_PROXY_MODE" != "disable" ] && {
|
||||
[ "$TCP_PROXY_DROP_PORTS" != "disable" ] && [ -n "$LOCALHOST_TCP_PROXY_MODE" ] && {
|
||||
nft add rule inet fw4 $nft_output_chain ip protocol tcp ip daddr $FAKE_IP $(factor $TCP_PROXY_DROP_PORTS "tcp dport") counter drop
|
||||
nft add rule inet fw4 $nft_output_chain ip protocol tcp ip daddr @$NFTSET_SHUNTLIST $(factor $TCP_PROXY_DROP_PORTS "tcp dport") counter drop
|
||||
nft add rule inet fw4 $nft_output_chain ip protocol tcp ip daddr @$NFTSET_BLACKLIST $(factor $TCP_PROXY_DROP_PORTS "tcp dport") counter drop
|
||||
[ "$LOCALHOST_TCP_PROXY_MODE" != "direct/proxy" ] && nft add rule inet fw4 $nft_output_chain ip protocol tcp $(factor $TCP_PROXY_DROP_PORTS "tcp dport") $(get_nftset_ipv4 $LOCALHOST_TCP_PROXY_MODE) counter drop
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && nft add rule inet fw4 $nft_output_chain ip protocol tcp ip daddr @$NFTSET_BLACKLIST $(factor $TCP_PROXY_DROP_PORTS "tcp dport") counter drop
|
||||
[ "${USE_GFW_LIST}" = "1" ] && nft add rule inet fw4 $nft_output_chain ip protocol tcp ip daddr @$NFTSET_GFW $(factor $TCP_PROXY_DROP_PORTS "tcp dport") counter drop
|
||||
[ "${CHN_LIST}" != "0" ] && nft add rule inet fw4 $nft_output_chain ip protocol tcp ip daddr @$NFTSET_CHN $(factor $TCP_PROXY_DROP_PORTS "tcp dport") $(get_jump_ipt ${CHN_LIST} "counter drop")
|
||||
[ "${LOCALHOST_TCP_PROXY_MODE}" != "disable" ] && nft add rule inet fw4 $nft_output_chain ip protocol tcp $(factor $TCP_PROXY_DROP_PORTS "tcp dport") counter drop
|
||||
echolog " - [$?],屏蔽代理TCP 端口:$TCP_PROXY_DROP_PORTS"
|
||||
}
|
||||
|
||||
if [ -z "${is_tproxy}" ]; then
|
||||
[ "$LOCALHOST_TCP_PROXY_MODE" != "disable" ] && {
|
||||
[ -n "${LOCALHOST_TCP_PROXY_MODE}" ] && {
|
||||
nft "add rule inet fw4 PSW_OUTPUT_NAT ip protocol tcp ip daddr $FAKE_IP $(REDIRECT $TCP_REDIR_PORT)"
|
||||
nft "add rule inet fw4 PSW_OUTPUT_NAT ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") ip daddr @$NFTSET_SHUNTLIST counter $(REDIRECT $TCP_REDIR_PORT)"
|
||||
nft "add rule inet fw4 PSW_OUTPUT_NAT ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") ip daddr @$NFTSET_BLACKLIST counter $(REDIRECT $TCP_REDIR_PORT)"
|
||||
[ "$LOCALHOST_TCP_PROXY_MODE" != "direct/proxy" ] && nft "add rule inet fw4 PSW_OUTPUT_NAT ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") $(get_redirect_ipv4 $LOCALHOST_TCP_PROXY_MODE $TCP_REDIR_PORT)"
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && nft "add rule inet fw4 PSW_OUTPUT_NAT ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") ip daddr @$NFTSET_BLACKLIST counter $(REDIRECT $TCP_REDIR_PORT)"
|
||||
[ "${USE_GFW_LIST}" = "1" ] && nft "add rule inet fw4 PSW_OUTPUT_NAT ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") ip daddr @$NFTSET_GFW counter $(REDIRECT $TCP_REDIR_PORT)"
|
||||
[ "${CHN_LIST}" != "0" ] && nft "add rule inet fw4 PSW_OUTPUT_NAT ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") ip daddr @$NFTSET_CHN $(get_jump_ipt ${CHN_LIST} $TCP_REDIR_PORT)"
|
||||
[ "${LOCALHOST_TCP_PROXY_MODE}" != "disable" ] && nft "add rule inet fw4 PSW_OUTPUT_NAT ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") counter $(REDIRECT $TCP_REDIR_PORT)"
|
||||
}
|
||||
nft "add rule inet fw4 nat_output ip protocol tcp counter jump PSW_OUTPUT_NAT"
|
||||
else
|
||||
[ "$LOCALHOST_TCP_PROXY_MODE" != "disable" ] && {
|
||||
[ -n "${LOCALHOST_TCP_PROXY_MODE}" ] && {
|
||||
nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol tcp ip daddr $FAKE_IP counter jump PSW_RULE"
|
||||
nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol tcp ip daddr @$NFTSET_SHUNTLIST $(factor $TCP_REDIR_PORTS "tcp dport") counter jump PSW_RULE"
|
||||
nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol tcp ip daddr @$NFTSET_BLACKLIST $(factor $TCP_REDIR_PORTS "tcp dport") counter jump PSW_RULE"
|
||||
[ "$LOCALHOST_TCP_PROXY_MODE" != "direct/proxy" ] && nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") $(get_nftset_ipv4 $LOCALHOST_TCP_PROXY_MODE) jump PSW_RULE"
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol tcp ip daddr @$NFTSET_BLACKLIST $(factor $TCP_REDIR_PORTS "tcp dport") counter jump PSW_RULE"
|
||||
[ "${USE_GFW_LIST}" = "1" ] && nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol tcp ip daddr @$NFTSET_GFW $(factor $TCP_REDIR_PORTS "tcp dport") counter jump PSW_RULE"
|
||||
[ "${CHN_LIST}" != "0" ] && nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol tcp ip daddr @$NFTSET_CHN $(factor $TCP_REDIR_PORTS "tcp dport") $(get_jump_ipt ${CHN_LIST} "counter jump PSW_RULE")"
|
||||
[ "${LOCALHOST_TCP_PROXY_MODE}" != "disable" ] && nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") counter jump PSW_RULE"
|
||||
nft "add rule inet fw4 PSW_MANGLE meta l4proto tcp iif lo $(REDIRECT $TCP_REDIR_PORT TPROXY) comment \"本机\""
|
||||
}
|
||||
nft "add rule inet fw4 PSW_MANGLE ip protocol tcp iif lo counter return comment \"本机\""
|
||||
|
|
@ -1032,10 +1037,12 @@ add_firewall_rule() {
|
|||
fi
|
||||
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
[ "$LOCALHOST_TCP_PROXY_MODE" != "disable" ] && {
|
||||
[ -n "${LOCALHOST_TCP_PROXY_MODE}" ] && {
|
||||
nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 meta l4proto tcp ip6 daddr @$NFTSET_SHUNTLIST6 $(factor $TCP_REDIR_PORTS "tcp dport") counter jump PSW_RULE"
|
||||
nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 meta l4proto tcp ip6 daddr @$NFTSET_BLACKLIST6 $(factor $TCP_REDIR_PORTS "tcp dport") counter jump PSW_RULE"
|
||||
[ "$LOCALHOST_TCP_PROXY_MODE" != "direct/proxy" ] && nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 meta l4proto tcp $(factor $TCP_REDIR_PORTS "tcp dport") $(get_nftset_ipv6 $LOCALHOST_TCP_PROXY_MODE) jump PSW_RULE"
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 meta l4proto tcp ip6 daddr @$NFTSET_BLACKLIST6 $(factor $TCP_REDIR_PORTS "tcp dport") counter jump PSW_RULE"
|
||||
[ "${USE_GFW_LIST}" = "1" ] && nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 meta l4proto tcp ip6 daddr @$NFTSET_GFW6 $(factor $TCP_REDIR_PORTS "tcp dport") counter jump PSW_RULE"
|
||||
[ "${CHN_LIST}" != "0" ] && nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 meta l4proto tcp ip6 daddr @$NFTSET_CHN6 $(factor $TCP_REDIR_PORTS "tcp dport") $(get_jump_ipt ${CHN_LIST} "counter jump PSW_RULE")"
|
||||
[ "${LOCALHOST_TCP_PROXY_MODE}" != "disable" ] && nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 meta l4proto tcp $(factor $TCP_REDIR_PORTS "tcp dport") counter jump PSW_RULE"
|
||||
nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp iif lo $(REDIRECT $TCP_REDIR_PORT TPROXY) comment \"本机\""
|
||||
}
|
||||
nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp iif lo counter return comment \"本机\""
|
||||
|
|
@ -1043,11 +1050,13 @@ add_firewall_rule() {
|
|||
fi
|
||||
|
||||
# 加载路由器自身代理 UDP
|
||||
[ "$UDP_PROXY_DROP_PORTS" != "disable" ] && [ "$LOCALHOST_UDP_PROXY_MODE" != "disable" ] && {
|
||||
[ "$UDP_PROXY_DROP_PORTS" != "disable" ] && [ -n "${LOCALHOST_UDP_PROXY_MODE}" ] && {
|
||||
nft add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol udp ip daddr $FAKE_IP $(factor $UDP_PROXY_DROP_PORTS "udp dport") counter drop
|
||||
nft add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol udp ip daddr @$NFTSET_SHUNTLIST $(factor $UDP_PROXY_DROP_PORTS "udp dport") counter drop
|
||||
nft add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol udp ip daddr @$NFTSET_BLACKLIST $(factor $UDP_PROXY_DROP_PORTS "udp dport") counter drop
|
||||
[ "$LOCALHOST_UDP_PROXY_MODE" != "direct/proxy" ] && nft add rule inet fw4 PSW_OUTPUT_MANGLE counter ip protocol udp $(factor $UDP_PROXY_DROP_PORTS "udp dport") $(get_nftset_ipv4 $LOCALHOST_UDP_PROXY_MODE) counter drop
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && nft add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol udp ip daddr @$NFTSET_BLACKLIST $(factor $UDP_PROXY_DROP_PORTS "udp dport") counter drop
|
||||
[ "${USE_GFW_LIST}" = "1" ] && nft add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol udp ip daddr @$NFTSET_GFW $(factor $UDP_PROXY_DROP_PORTS "udp dport") counter drop
|
||||
[ "${CHN_LIST}" != "0" ] && nft add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol udp ip daddr @$NFTSET_CHN $(factor $UDP_PROXY_DROP_PORTS "udp dport") $(get_jump_ipt ${CHN_LIST} "counter drop")
|
||||
[ "${LOCALHOST_UDP_PROXY_MODE}" != "disable" ] && nft add rule inet fw4 PSW_OUTPUT_MANGLE counter ip protocol udp $(factor $UDP_PROXY_DROP_PORTS "udp dport") counter drop
|
||||
echolog " - [$?],屏蔽代理UDP 端口:$UDP_PROXY_DROP_PORTS"
|
||||
}
|
||||
if [ "$UDP_NODE" != "nil" -o "$TCP_UDP" = "1" ]; then
|
||||
|
|
@ -1070,21 +1079,25 @@ add_firewall_rule() {
|
|||
echolog " - [$?]不代理 UDP 端口:$UDP_NO_REDIR_PORTS"
|
||||
}
|
||||
|
||||
[ "$LOCALHOST_UDP_PROXY_MODE" != "disable" ] && {
|
||||
[ -n "${LOCALHOST_UDP_PROXY_MODE}" ] && {
|
||||
nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol udp ip daddr $FAKE_IP counter jump PSW_RULE"
|
||||
nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol udp ip daddr @$NFTSET_SHUNTLIST $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW_RULE"
|
||||
nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol udp ip daddr @$NFTSET_BLACKLIST $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW_RULE"
|
||||
[ "$LOCALHOST_UDP_PROXY_MODE" != "direct/proxy" ] && nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol udp $(factor $UDP_REDIR_PORTS "udp dport") $(get_nftset_ipv4 $LOCALHOST_UDP_PROXY_MODE) jump PSW_RULE"
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol udp ip daddr @$NFTSET_BLACKLIST $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW_RULE"
|
||||
[ "${USE_GFW_LIST}" = "1" ] && nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol udp ip daddr @$NFTSET_GFW $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW_RULE"
|
||||
[ "${CHN_LIST}" != "0" ] && nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol udp ip daddr @$NFTSET_CHN $(factor $UDP_REDIR_PORTS "udp dport") $(get_jump_ipt ${CHN_LIST} "counter jump PSW_RULE")"
|
||||
[ "${LOCALHOST_UDP_PROXY_MODE}" != "disable" ] && nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol udp $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW_RULE"
|
||||
nft "add rule inet fw4 PSW_MANGLE meta l4proto udp iif lo $(REDIRECT $UDP_REDIR_PORT TPROXY) comment \"本机\""
|
||||
}
|
||||
nft "add rule inet fw4 PSW_MANGLE ip protocol udp iif lo counter return comment \"本机\""
|
||||
nft "add rule inet fw4 mangle_output meta nfproto {ipv4} meta l4proto udp counter jump PSW_OUTPUT_MANGLE comment \"PSW_OUTPUT_MANGLE\""
|
||||
|
||||
[ "$PROXY_IPV6" == "1" ] && [ "$PROXY_IPV6_UDP" == "1" ] && {
|
||||
[ "$LOCALHOST_UDP_PROXY_MODE" != "disable" ] && {
|
||||
[ -n "${LOCALHOST_UDP_PROXY_MODE}" ] && {
|
||||
nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 meta l4proto udp ip6 daddr @$NFTSET_SHUNTLIST6 $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW_RULE"
|
||||
nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 meta l4proto udp ip6 daddr @$NFTSET_BLACKLIST6 $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW_RULE"
|
||||
[ "$LOCALHOST_UDP_PROXY_MODE" != "direct/proxy" ] && nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") $(get_nftset_ipv6 $LOCALHOST_UDP_PROXY_MODE) jump PSW_RULE"
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 meta l4proto udp ip6 daddr @$NFTSET_BLACKLIST6 $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW_RULE"
|
||||
[ "${USE_GFW_LIST}" = "1" ] && nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 meta l4proto udp ip6 daddr @$NFTSET_GFW6 $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW_RULE"
|
||||
[ "${CHN_LIST}" != "0" ] && nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 meta l4proto udp ip6 daddr @$NFTSET_CHN6 $(factor $UDP_REDIR_PORTS "udp dport") $(get_jump_ipt ${CHN_LIST} "counter jump PSW_RULE")"
|
||||
[ "${LOCALHOST_UDP_PROXY_MODE}" != "disable" ] && nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW_RULE"
|
||||
nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp iif lo $(REDIRECT $UDP_REDIR_PORT TPROXY) comment \"本机\""
|
||||
}
|
||||
nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp iif lo counter return comment \"本机\""
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
bing.com
|
||||
sspanel.net
|
||||
v2ex.com
|
||||
c.mi.com
|
||||
|
||||
#google
|
||||
googleapis.cn
|
||||
|
|
|
|||
|
|
@ -27,7 +27,6 @@ local has_ss_rust = api.is_finded("sslocal")
|
|||
local has_trojan_plus = api.is_finded("trojan-plus")
|
||||
local has_singbox = api.finded_com("singbox")
|
||||
local has_xray = api.finded_com("xray")
|
||||
local has_trojan_go = api.finded_com("trojan-go")
|
||||
local has_hysteria2 = api.finded_com("hysteria")
|
||||
local allowInsecure_default = nil
|
||||
local ss_aead_type_default = uci:get(appname, "@global_subscribe[0]", "ss_aead_type") or "shadowsocks-libev"
|
||||
|
|
@ -606,23 +605,7 @@ local function processData(szType, content, add_mode, add_from)
|
|||
local peer, sni = nil, ""
|
||||
if params.peer then peer = params.peer end
|
||||
sni = params.sni and params.sni or ""
|
||||
if params.ws and params.ws == "1" then
|
||||
result.trojan_transport = "ws"
|
||||
if params.wshost then result.ws_host = params.wshost end
|
||||
if params.wspath then result.ws_path = params.wspath end
|
||||
if sni == "" and params.wshost then sni = params.wshost end
|
||||
end
|
||||
if params.ss and params.ss == "1" then
|
||||
result.ss_aead = "1"
|
||||
if params.ssmethod then result.ss_aead_method = string.lower(params.ssmethod) end
|
||||
if params.sspasswd then result.ss_aead_pwd = params.sspasswd end
|
||||
end
|
||||
result.port = port
|
||||
if result.trojan_transport == "ws" or result.ss_aead then
|
||||
result.type = "Trojan-Go"
|
||||
result.fingerprint = "firefox"
|
||||
result.mux = "1"
|
||||
end
|
||||
result.tls = '1'
|
||||
result.tls_serverName = peer and peer or sni
|
||||
if params.allowinsecure then
|
||||
|
|
@ -644,65 +627,6 @@ local function processData(szType, content, add_mode, add_from)
|
|||
elseif trojan_type_default == "xray" and has_xray then
|
||||
result.type = 'Xray'
|
||||
result.protocol = 'trojan'
|
||||
elseif trojan_type_default == "trojan-go" and has_trojan_go then
|
||||
result.type = 'Trojan-Go'
|
||||
end
|
||||
elseif szType == "trojan-go" then
|
||||
local alias = ""
|
||||
if content:find("#") then
|
||||
local idx_sp = content:find("#")
|
||||
alias = content:sub(idx_sp + 1, -1)
|
||||
content = content:sub(0, idx_sp - 1)
|
||||
end
|
||||
result.remarks = UrlDecode(alias)
|
||||
if has_trojan_go then
|
||||
result.type = "Trojan-Go"
|
||||
end
|
||||
if content:find("@") then
|
||||
local Info = split(content, "@")
|
||||
result.password = UrlDecode(Info[1])
|
||||
local port = "443"
|
||||
Info[2] = (Info[2] or ""):gsub("/%?", "?")
|
||||
local query = split(Info[2], "?")
|
||||
local host_port = query[1]
|
||||
local params = {}
|
||||
for _, v in pairs(split(query[2], '&')) do
|
||||
local t = split(v, '=')
|
||||
params[string.lower(t[1])] = UrlDecode(t[2])
|
||||
end
|
||||
-- [2001:4860:4860::8888]:443
|
||||
-- 8.8.8.8:443
|
||||
if host_port:find(":") then
|
||||
local sp = split(host_port, ":")
|
||||
port = sp[#sp]
|
||||
if api.is_ipv6addrport(host_port) then
|
||||
result.address = api.get_ipv6_only(host_port)
|
||||
else
|
||||
result.address = sp[1]
|
||||
end
|
||||
else
|
||||
result.address = host_port
|
||||
end
|
||||
local peer, sni = nil, ""
|
||||
if params.peer then peer = params.peer end
|
||||
sni = params.sni and params.sni or ""
|
||||
if params.type and params.type == "ws" then
|
||||
result.trojan_transport = "ws"
|
||||
if params.host then result.ws_host = params.host end
|
||||
if params.path then result.ws_path = params.path end
|
||||
if sni == "" and params.host then sni = params.host end
|
||||
end
|
||||
if params.encryption and params.encryption:match('^ss;[^;:]*[;:].*$') then
|
||||
result.ss_aead = "1"
|
||||
result.ss_aead_method, result.ss_aead_pwd = params.encryption:match('^ss;([^;:]*)[;:](.*)$')
|
||||
result.ss_aead_method = string.lower(result.ss_aead_method)
|
||||
end
|
||||
result.port = port
|
||||
result.fingerprint = "firefox"
|
||||
result.tls = "1"
|
||||
result.tls_serverName = peer and peer or sni
|
||||
result.tls_allowInsecure = "0"
|
||||
result.mux = "1"
|
||||
end
|
||||
elseif szType == "ssd" then
|
||||
result.type = "SS"
|
||||
|
|
@ -1218,7 +1142,7 @@ local function parse_link(raw, add_mode, add_from)
|
|||
local node = trim(v)
|
||||
local dat = split(node, "://")
|
||||
if dat and dat[1] and dat[2] then
|
||||
if dat[1] == 'ss' or dat[1] == 'trojan' or dat[1] == 'trojan-go' then
|
||||
if dat[1] == 'ss' or dat[1] == 'trojan' then
|
||||
result = processData(dat[1], dat[2], add_mode, add_from)
|
||||
else
|
||||
result = processData(dat[1], base64Decode(dat[2]), add_mode, add_from)
|
||||
|
|
|
|||
Loading…
Reference in New Issue