update 2022-10-10 23:52:02

2025-01-08 11:17:34 +08:00 · 2022-10-10 23:52:02 +08:00 · 2022-10-10 23:52:02 +08:00 · 6865b9f5fa
commit 6865b9f5fa
parent e2e002a11f
29 changed files with 75 additions and 75 deletions
--- a/luci-app-amlogic/Makefile
+++ b/luci-app-amlogic/Makefile
@ -16,7 +16,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=luci-app-amlogic
-PKG_VERSION:=3.1.129
+PKG_VERSION:=3.1.130
 PKG_RELEASE:=1

 PKG_LICENSE:=GPL-2.0 License
--- a/luci-app-amlogic/luasrc/model/cbi/amlogic/amlogic_config.lua
+++ b/luci-app-amlogic/luasrc/model/cbi/amlogic/amlogic_config.lua
@ -62,8 +62,8 @@ kernel_branch.description = translate("Set the version branch of the openwrt fir
 kernel_branch:value("5.4", translate("5.4"))
 kernel_branch:value("5.10", translate("5.10"))
 kernel_branch:value("5.15", translate("5.15"))
-kernel_branch:value("5.18", translate("5.18"))
 kernel_branch:value("5.19", translate("5.19"))
+kernel_branch:value("6.0", translate("6.0"))
 local default_kernel_branch = luci.sys.exec("ls /lib/modules/ 2>/dev/null | grep -oE '^[1-9].[0-9]{1,3}'")
 kernel_branch.default = trim(default_kernel_branch)
 kernel_branch.rmempty = false
--- a/luci-app-amlogic/luasrc/view/amlogic/other_info.htm
+++ b/luci-app-amlogic/luasrc/view/amlogic/other_info.htm
@ -26,7 +26,7 @@
 			<%:Amlogic s905d --- [ Phicomm-N1 ]%><br>
 			<%:Amlogic Other --- [ Optional DTB ]%><br>
 			<%:Allwinner H6 ---- [ V-Plus Cloud ]%><br>
-			<%:Rockchip 3328 --- [ BeikeYun, Chainedbox L1 Pro ]%><br>
+			<%:Rockchip -------- [ BeikeYun, Chainedbox L1 Pro, FastRhino R66S, FastRhino R68S, Radxa ROCK 5B ]%><br>
 			<%:Used in KVM ----- [ Can be used in KVM virtual machine of Armbian system. ]%>
 		</td></tr>
 	</table>
--- a/luci-app-amlogic/po/zh-cn/amlogic.po
+++ b/luci-app-amlogic/po/zh-cn/amlogic.po
@ -278,8 +278,8 @@ msgstr "晶晨其他 ----- [ 自定义 DTB 文件 ]"
 msgid "Allwinner H6 ---- [ V-Plus Cloud ]"
 msgstr "全志 H6 ------ [ 微加云 ]"

-msgid "Rockchip 3328 --- [ BeikeYun, Chainedbox L1 Pro ]"
-msgstr "瑞芯微 3328 -- [ 贝壳云、我家云 ]"
+msgid "Rockchip -------- [ BeikeYun, Chainedbox L1 Pro, FastRhino R66S, FastRhino R68S, Radxa ROCK 5B ]"
+msgstr "瑞芯微 ------- [ 贝壳云, 我家云, 电犀牛R66S, 电犀牛R68S, 瑞莎5B ]"

 msgid "Used in KVM ----- [ Can be used in KVM virtual machine of Armbian system. ]"
 msgstr "KVM 中使用 --- [ 可以在 Armbian 系统的 KVM 虚拟机中使用。 ]"
--- a/luci-app-godproxy/Makefile
+++ b/luci-app-godproxy/Makefile
@ -2,11 +2,11 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=luci-app-ikoolproxy
 PKG_VERSION:=3.8.5
-PKG_RELEASE:=20220805
+PKG_RELEASE:=20221010

 PKG_MAINTAINER:=panda-mute <wxuzju@gmail.com>

-LUCI_TITLE:=LuCI support for ikoolproxy
+LUCI_TITLE:=LuCI support for koolproxy
 LUCI_PKGARCH:=all
 LUCI_DEPENDS:=+koolproxy +openssl-util +ipset +dnsmasq-full +@BUSYBOX_CONFIG_DIFF +iptables-mod-nat-extra +wget

--- a/luci-app-godproxy/change.log
+++ b/luci-app-godproxy/change.log
@ -1,5 +1,7 @@
-## 更新：2022年8月5日：
-1、修复coding规则地址失效。
+
+## 更新：2022年10月10日：
+1、感谢群里Mr Conter（@biliconter）提供修复证书过期的二进制文件。
+

 ## 更新：2022年3月24日：
 1、删除以前所有commits。升级到了最新的comiits：其中重要的几次如下
--- a/luci-app-godproxy/koolproxy/files/aarch64
+++ b/luci-app-godproxy/koolproxy/files/aarch64
--- a/luci-app-godproxy/koolproxy/files/arm
+++ b/luci-app-godproxy/koolproxy/files/arm
--- a/luci-app-godproxy/koolproxy/files/i386
+++ b/luci-app-godproxy/koolproxy/files/i386
--- a/luci-app-godproxy/koolproxy/files/mips
+++ b/luci-app-godproxy/koolproxy/files/mips
--- a/luci-app-godproxy/koolproxy/files/mipsel
+++ b/luci-app-godproxy/koolproxy/files/mipsel
--- a/luci-app-godproxy/koolproxy/files/x86_64
+++ b/luci-app-godproxy/koolproxy/files/x86_64
--- a/luci-app-godproxy/luasrc/controller/koolproxy.lua
+++ b/luci-app-godproxy/luasrc/controller/koolproxy.lua
@ -1,14 +1,11 @@
-module("luci.controller.koolproxy", package.seeall)
+module("luci.controller.koolproxy",package.seeall)

 function index()
 	if not nixio.fs.access("/etc/config/koolproxy") then
 		return
 	end

-	local page = entry({"admin", "services", "koolproxy"}, alias("admin", "services", "koolproxy", "basic"), _("iKoolProxy 滤广告"), 1)
-	page.dependent = true
-	page.acl_depends = { "luci-app-ikoolproxy" }
-
+	entry({"admin", "services", "koolproxy"}, alias("admin", "services", "koolproxy", "basic"), _("iKoolProxy 滤广告"), 1).dependent = true
 	entry({"admin", "services", "koolproxy", "basic"}, cbi("koolproxy/basic"), _("基本设置"), 1).leaf = true
 	entry({"admin", "services", "koolproxy", "control"}, cbi("koolproxy/control"), _("访问控制"), 2).leaf = true
 	entry({"admin", "services", "koolproxy", "add_rule"}, cbi("koolproxy/add_rule"), _("规则订阅"), 3).leaf = true
--- a/luci-app-godproxy/root/etc/uci-defaults/luci-koolproxy
+++ b/luci-app-godproxy/root/etc/uci-defaults/luci-koolproxy
@ -5,7 +5,6 @@ uci -q batch <<-EOF >/dev/null
 	add ucitrack koolproxy
 	set ucitrack.@koolproxy[-1].init=koolproxy
 	commit ucitrack
-
 	delete firewall.koolproxy
 	set firewall.koolproxy=include
 	set firewall.koolproxy.type=script
--- a/luci-app-godproxy/root/usr/share/koolproxy/kpupdate
+++ b/luci-app-godproxy/root/usr/share/koolproxy/kpupdate
@ -111,16 +111,16 @@ update_rss_rules() {
 	
 update_rules() {
 	echo $(date "+%F %T"): ------------------- 内置规则更新 ------------------- >>$LOGFILE
-	wget 'https://cdn.jsdelivr.net/gh/yaof2/koolproxy@main/rules/kp.dat' -q -O $KP_DIR/data/rules/kp.dat
-	wget 'https://cdn.jsdelivr.net/gh/yaof2/koolproxy@main/rules/daily.txt' -q -O $KP_DIR/data/rules/daily.txt
-	wget 'https://cdn.jsdelivr.net/gh/yaof2/koolproxy@main/rules/koolproxy.txt' -q -O $KP_DIR/data/rules/koolproxy.txt
-	wget 'https://cdn.jsdelivr.net/gh/yaof2/koolproxy@main/rules/yhosts.txt' -q -O $KP_DIR/data/rules/yhosts.txt
-	wget 'https://cdn.jsdelivr.net/gh/yaof2/koolproxy@main/rules/steven.txt' -q -O $KP_DIR/data/rules/steven.txt
-	wget 'https://cdn.jsdelivr.net/gh/yaof2/koolproxy@main/rules/adg.txt' -q -O $KP_DIR/data/rules/adg.txt
-	wget 'https://cdn.jsdelivr.net/gh/yaof2/koolproxy@main/rules/antiad.txt' -q -O $KP_DIR/data/rules/antiad.txt
-	wget 'https://cdn.jsdelivr.net/gh/yaof2/koolproxy@main/rules/adgk.txt' -q -O $KP_DIR/data/rules/adgk.txt
-	wget 'https://cdn.jsdelivr.net/gh/yaof2/koolproxy@main/rules/koolproxy_ipset.conf' -q -O $KP_DIR/koolproxy_ipset.conf
-	wget 'https://cdn.jsdelivr.net/gh/yaof2/koolproxy@main/rules/dnsmasq.adblock' -q -O $KP_DIR/dnsmasq.adblock
+	wget 'https://yaof.coding.net/p/ikoolproxy/d/rules/git/raw/master/rules/kp.dat' -q -O $KP_DIR/data/rules/kp.dat
+	wget 'https://yaof.coding.net/p/ikoolproxy/d/rules/git/raw/master/rules/daily.txt' -q -O $KP_DIR/data/rules/daily.txt
+	wget 'https://yaof.coding.net/p/ikoolproxy/d/rules/git/raw/master/rules/koolproxy.txt' -q -O $KP_DIR/data/rules/koolproxy.txt
+	wget 'https://yaof.coding.net/p/ikoolproxy/d/rules/git/raw/master/rules/yhosts.txt' -q -O $KP_DIR/data/rules/yhosts.txt
+	wget 'https://yaof.coding.net/p/ikoolproxy/d/rules/git/raw/master/rules/steven.txt' -q -O $KP_DIR/data/rules/steven.txt
+	wget 'https://yaof.coding.net/p/ikoolproxy/d/rules/git/raw/master/rules/adg.txt' -q -O $KP_DIR/data/rules/adg.txt
+	wget 'https://yaof.coding.net/p/ikoolproxy/d/rules/git/raw/master/rules/antiad.txt' -q -O $KP_DIR/data/rules/antiad.txt
+	wget 'https://yaof.coding.net/p/ikoolproxy/d/rules/git/raw/master/rules/adgk.txt' -q -O $KP_DIR/data/rules/adgk.txt
+	wget 'https://yaof.coding.net/p/ikoolproxy/d/rules/git/raw/master/rules/koolproxy_ipset.conf' -q -O $KP_DIR/koolproxy_ipset.conf
+	wget 'https://yaof.coding.net/p/ikoolproxy/d/rules/git/raw/master/rules/dnsmasq.adblock' -q -O $KP_DIR/dnsmasq.adblock
 	adg_rules_local=`cat /usr/share/koolproxy/data/rules/adg.txt  | sed -n '4p'|awk '{print $4}'`
 	steven_rules_local=`cat /usr/share/koolproxy/data/rules/steven.txt  | sed -n '2p'|awk '{print $3,$4,$5,$6}'`
 	yhosts_rules_local=`cat /usr/share/koolproxy/data/rules/yhosts.txt  | sed -n '1p' | cut -d ":" -f2`
--- a/luci-app-godproxy/root/usr/share/rpcd/acl.d/luci-app-ikoolproxy.json
+++ b/luci-app-godproxy/root/usr/share/rpcd/acl.d/luci-app-ikoolproxy.json
@ -1,6 +1,6 @@
 {
-	"luci-app-ikoolproxy": {
-		"description": "Grant UCI access for luci-app-ikoolproxy",
+	"luci-app-godproxy": {
+		"description": "Grant UCI access for luci-app-godproxy",
 		"read": {
 			"uci": [ "koolproxy" ]
 		},
--- a/luci-app-ikoolproxy/Makefile
+++ b/luci-app-ikoolproxy/Makefile
@ -2,11 +2,11 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=luci-app-ikoolproxy
 PKG_VERSION:=3.8.5
-PKG_RELEASE:=20220805
+PKG_RELEASE:=20221010

 PKG_MAINTAINER:=panda-mute <wxuzju@gmail.com>

-LUCI_TITLE:=LuCI support for ikoolproxy
+LUCI_TITLE:=LuCI support for koolproxy
 LUCI_PKGARCH:=all
 LUCI_DEPENDS:=+koolproxy +openssl-util +ipset +dnsmasq-full +@BUSYBOX_CONFIG_DIFF +iptables-mod-nat-extra +wget

--- a/luci-app-ikoolproxy/change.log
+++ b/luci-app-ikoolproxy/change.log
@ -1,5 +1,7 @@
-## 更新：2022年8月5日：
-1、修复coding规则地址失效。
+
+## 更新：2022年10月10日：
+1、感谢群里Mr Conter（@biliconter）提供修复证书过期的二进制文件。
+

 ## 更新：2022年3月24日：
 1、删除以前所有commits。升级到了最新的comiits：其中重要的几次如下
--- a/luci-app-ikoolproxy/koolproxy/files/aarch64
+++ b/luci-app-ikoolproxy/koolproxy/files/aarch64
--- a/luci-app-ikoolproxy/koolproxy/files/arm
+++ b/luci-app-ikoolproxy/koolproxy/files/arm
--- a/luci-app-ikoolproxy/koolproxy/files/i386
+++ b/luci-app-ikoolproxy/koolproxy/files/i386
--- a/luci-app-ikoolproxy/koolproxy/files/mips
+++ b/luci-app-ikoolproxy/koolproxy/files/mips
--- a/luci-app-ikoolproxy/koolproxy/files/mipsel
+++ b/luci-app-ikoolproxy/koolproxy/files/mipsel
--- a/luci-app-ikoolproxy/koolproxy/files/x86_64
+++ b/luci-app-ikoolproxy/koolproxy/files/x86_64
--- a/luci-app-ikoolproxy/luasrc/controller/koolproxy.lua
+++ b/luci-app-ikoolproxy/luasrc/controller/koolproxy.lua
@ -1,14 +1,11 @@
-module("luci.controller.koolproxy", package.seeall)
+module("luci.controller.koolproxy",package.seeall)

 function index()
 	if not nixio.fs.access("/etc/config/koolproxy") then
 		return
 	end

-	local page = entry({"admin", "services", "koolproxy"}, alias("admin", "services", "koolproxy", "basic"), _("iKoolProxy 滤广告"), 1)
-	page.dependent = true
-	page.acl_depends = { "luci-app-ikoolproxy" }
-
+	entry({"admin", "services", "koolproxy"}, alias("admin", "services", "koolproxy", "basic"), _("iKoolProxy 滤广告"), 1).dependent = true
 	entry({"admin", "services", "koolproxy", "basic"}, cbi("koolproxy/basic"), _("基本设置"), 1).leaf = true
 	entry({"admin", "services", "koolproxy", "control"}, cbi("koolproxy/control"), _("访问控制"), 2).leaf = true
 	entry({"admin", "services", "koolproxy", "add_rule"}, cbi("koolproxy/add_rule"), _("规则订阅"), 3).leaf = true
--- a/luci-app-ikoolproxy/root/etc/uci-defaults/luci-koolproxy
+++ b/luci-app-ikoolproxy/root/etc/uci-defaults/luci-koolproxy
@ -5,7 +5,6 @@ uci -q batch <<-EOF >/dev/null
 	add ucitrack koolproxy
 	set ucitrack.@koolproxy[-1].init=koolproxy
 	commit ucitrack
-
 	delete firewall.koolproxy
 	set firewall.koolproxy=include
 	set firewall.koolproxy.type=script
--- a/luci-app-ikoolproxy/root/usr/share/koolproxy/kpupdate
+++ b/luci-app-ikoolproxy/root/usr/share/koolproxy/kpupdate
@ -111,16 +111,16 @@ update_rss_rules() {
 	
 update_rules() {
 	echo $(date "+%F %T"): ------------------- 内置规则更新 ------------------- >>$LOGFILE
-	wget 'https://cdn.jsdelivr.net/gh/yaof2/koolproxy@main/rules/kp.dat' -q -O $KP_DIR/data/rules/kp.dat
-	wget 'https://cdn.jsdelivr.net/gh/yaof2/koolproxy@main/rules/daily.txt' -q -O $KP_DIR/data/rules/daily.txt
-	wget 'https://cdn.jsdelivr.net/gh/yaof2/koolproxy@main/rules/koolproxy.txt' -q -O $KP_DIR/data/rules/koolproxy.txt
-	wget 'https://cdn.jsdelivr.net/gh/yaof2/koolproxy@main/rules/yhosts.txt' -q -O $KP_DIR/data/rules/yhosts.txt
-	wget 'https://cdn.jsdelivr.net/gh/yaof2/koolproxy@main/rules/steven.txt' -q -O $KP_DIR/data/rules/steven.txt
-	wget 'https://cdn.jsdelivr.net/gh/yaof2/koolproxy@main/rules/adg.txt' -q -O $KP_DIR/data/rules/adg.txt
-	wget 'https://cdn.jsdelivr.net/gh/yaof2/koolproxy@main/rules/antiad.txt' -q -O $KP_DIR/data/rules/antiad.txt
-	wget 'https://cdn.jsdelivr.net/gh/yaof2/koolproxy@main/rules/adgk.txt' -q -O $KP_DIR/data/rules/adgk.txt
-	wget 'https://cdn.jsdelivr.net/gh/yaof2/koolproxy@main/rules/koolproxy_ipset.conf' -q -O $KP_DIR/koolproxy_ipset.conf
-	wget 'https://cdn.jsdelivr.net/gh/yaof2/koolproxy@main/rules/dnsmasq.adblock' -q -O $KP_DIR/dnsmasq.adblock
+	wget 'https://yaof.coding.net/p/ikoolproxy/d/rules/git/raw/master/rules/kp.dat' -q -O $KP_DIR/data/rules/kp.dat
+	wget 'https://yaof.coding.net/p/ikoolproxy/d/rules/git/raw/master/rules/daily.txt' -q -O $KP_DIR/data/rules/daily.txt
+	wget 'https://yaof.coding.net/p/ikoolproxy/d/rules/git/raw/master/rules/koolproxy.txt' -q -O $KP_DIR/data/rules/koolproxy.txt
+	wget 'https://yaof.coding.net/p/ikoolproxy/d/rules/git/raw/master/rules/yhosts.txt' -q -O $KP_DIR/data/rules/yhosts.txt
+	wget 'https://yaof.coding.net/p/ikoolproxy/d/rules/git/raw/master/rules/steven.txt' -q -O $KP_DIR/data/rules/steven.txt
+	wget 'https://yaof.coding.net/p/ikoolproxy/d/rules/git/raw/master/rules/adg.txt' -q -O $KP_DIR/data/rules/adg.txt
+	wget 'https://yaof.coding.net/p/ikoolproxy/d/rules/git/raw/master/rules/antiad.txt' -q -O $KP_DIR/data/rules/antiad.txt
+	wget 'https://yaof.coding.net/p/ikoolproxy/d/rules/git/raw/master/rules/adgk.txt' -q -O $KP_DIR/data/rules/adgk.txt
+	wget 'https://yaof.coding.net/p/ikoolproxy/d/rules/git/raw/master/rules/koolproxy_ipset.conf' -q -O $KP_DIR/koolproxy_ipset.conf
+	wget 'https://yaof.coding.net/p/ikoolproxy/d/rules/git/raw/master/rules/dnsmasq.adblock' -q -O $KP_DIR/dnsmasq.adblock
 	adg_rules_local=`cat /usr/share/koolproxy/data/rules/adg.txt  | sed -n '4p'|awk '{print $4}'`
 	steven_rules_local=`cat /usr/share/koolproxy/data/rules/steven.txt  | sed -n '2p'|awk '{print $3,$4,$5,$6}'`
 	yhosts_rules_local=`cat /usr/share/koolproxy/data/rules/yhosts.txt  | sed -n '1p' | cut -d ":" -f2`
--- a/luci-app-passwall/root/usr/share/passwall/nftables.sh
+++ b/luci-app-passwall/root/usr/share/passwall/nftables.sh
@ -10,7 +10,7 @@ NFTSET_CHN="chnroute"
 NFTSET_BLACKLIST="blacklist"
 NFTSET_WHITELIST="whitelist"
 NFTSET_BLOCKLIST="blocklist"
- 
+
 NFTSET_LANIPLIST6="laniplist6"
 NFTSET_VPSIPLIST6="vpsiplist6"
 NFTSET_SHUNTLIST6="shuntlist6"
@ -19,11 +19,11 @@ NFTSET_CHN6="chnroute6"
 NFTSET_BLACKLIST6="blacklist6"
 NFTSET_WHITELIST6="whitelist6"
 NFTSET_BLOCKLIST6="blocklist6"
- 
+
 FORCE_INDEX=2
- 
+
 . /lib/functions/network.sh
- 
+
 FWI=$(uci -q get firewall.passwall.path 2>/dev/null)
 FAKE_IP="198.18.0.0/16"

@ -950,7 +950,7 @@ add_firewall_rule() {
 	nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_BLOCKLIST counter drop"

 	# jump chains
-	nft "add rule inet fw4 mangle_prerouting counter jump PSW_MANGLE"
+	nft "add rule inet fw4 mangle_prerouting meta nfproto {ipv4} counter jump PSW_MANGLE"
 	insert_rule_before "inet fw4" "mangle_prerouting" "PSW_MANGLE" "counter jump PSW_DIVERT"

 	#ipv4 tcp redirect mode
@ -990,7 +990,9 @@ add_firewall_rule() {
 	fi

 	WAN_IP=$(get_wan_ip)
-	[ -n "${WAN_IP}" ] && nft "add rule inet fw4 PSW_MANGLE ip daddr ${WAN_IP} counter return comment \"WAN_IP_RETURN\"" || nft "add rule inet fw4 PSW ip daddr ${WAN_IP} counter return comment \"WAN_IP_RETURN\""
+	if [ -n "${WAN_IP}" ]; then
+		[ -n "${is_tproxy}" ] && nft "add rule inet fw4 PSW_MANGLE ip daddr ${WAN_IP} counter return comment \"WAN_IP_RETURN\"" || nft "add rule inet fw4 PSW ip daddr ${WAN_IP} counter return comment \"WAN_IP_RETURN\""
+	fi
 	unset WAN_IP

 	ip rule add fwmark 1 lookup 100
@ -1057,7 +1059,7 @@ add_firewall_rule() {
 				nft add rule inet fw4 PSW_OUTPUT ip protocol tcp ip daddr ${2} tcp dport ${3} $(REDIRECT $TCP_REDIR_PORT)
 			else
 				nft add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol tcp ip daddr ${2} tcp dport ${3} counter jump PSW_RULE
-				nft add rule inet fw4 PSW_MANGLE iifname lo tcp dport ${3} ip daddr ${2} $(REDIRECT $TCP_REDIR_PORT TPROXY4) comment \"本机\"
+				nft add rule inet fw4 PSW_MANGLE iif lo tcp dport ${3} ip daddr ${2} $(REDIRECT $TCP_REDIR_PORT TPROXY4) comment \"本机\"
 			fi
 			echolog "  - [$?]将上游 DNS 服务器 ${2}:${3} 加入到路由器自身代理的 TCP 转发链"
 		}
@ -1087,8 +1089,8 @@ add_firewall_rule() {
 			nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol tcp ip daddr @$NFTSET_SHUNTLIST $(factor $TCP_REDIR_PORTS "tcp dport") counter jump PSW_RULE"
 			nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol tcp ip daddr @$NFTSET_BLACKLIST $(factor $TCP_REDIR_PORTS "tcp dport") counter jump PSW_RULE"
 			nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") $(get_nftset_ipv4 $LOCALHOST_TCP_PROXY_MODE) jump PSW_RULE"
-			nft "add rule inet fw4 PSW_OUTPUT_MANGLE meta l4proto tcp iifname lo $(REDIRECT $TCP_REDIR_PORT TPROXY) comment \"本机\""
-			nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol tcp iifname lo counter return comment \"本机\""
+			nft "add rule inet fw4 PSW_MANGLE meta l4proto tcp iif lo $(REDIRECT $TCP_REDIR_PORT TPROXY) comment \"本机\""
+			nft "add rule inet fw4 PSW_MANGLE ip protocol tcp iif lo counter return comment \"本机\""
 			nft "add rule inet fw4 mangle_output meta nfproto {ipv4} meta l4proto tcp counter jump PSW_OUTPUT_MANGLE comment \"mangle-OUTPUT-PSW\""
 		fi

@ -1096,8 +1098,8 @@ add_firewall_rule() {
 			nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 meta l4proto tcp ip6 daddr @$NFTSET_SHUNTLIST6 $(factor $TCP_REDIR_PORTS "tcp dport") counter jump PSW_RULE"
 			nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 meta l4proto tcp ip6 daddr @$NFTSET_BLACKLIST6 $(factor $TCP_REDIR_PORTS "tcp dport") counter jump PSW_RULE"
 			nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 meta l4proto tcp $(factor $TCP_REDIR_PORTS "tcp dport") $(get_nftset_ipv6 $LOCALHOST_TCP_PROXY_MODE) jump PSW_RULE"
-			nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp iifname lo $(REDIRECT $TCP_REDIR_PORT TPROXY) comment \"本机\""
-			nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp iifname lo counter return comment \"本机\""
+			nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp iif lo $(REDIRECT $TCP_REDIR_PORT TPROXY) comment \"本机\""
+			nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp iif lo counter return comment \"本机\""
 		}
 	fi

@ -1159,7 +1161,7 @@ add_firewall_rule() {
 				return 0
 			}
 			nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol udp ip daddr ${2} udp dport ${3} counter jump PSW_RULE"
-			nft "add rule inet fw4 PSW_MANGLE iifname lo meta l4proto udp ip daddr ${2} $(REDIRECT $UDP_REDIR_PORT TPROXY4) comment \"本机\""
+			nft "add rule inet fw4 PSW_MANGLE iif lo meta l4proto udp ip daddr ${2} $(REDIRECT $UDP_REDIR_PORT TPROXY4) comment \"本机\""
 			echolog "  - [$?]将上游 DNS 服务器 ${2}:${3} 加入到路由器自身代理的 UDP 转发链"
 		}
 		[ "$use_udp_node_resolve_dns" == 1 ] && hosts_foreach REMOTE_DNS _proxy_udp_access 53
@ -1173,24 +1175,24 @@ add_firewall_rule() {
 		nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol udp ip daddr @$NFTSET_SHUNTLIST $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW_RULE"
 		nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol udp ip daddr @$NFTSET_BLACKLIST $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW_RULE"
 		nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol udp $(factor $UDP_REDIR_PORTS "udp dport") $(get_nftset_ipv4 $LOCALHOST_UDP_PROXY_MODE) jump PSW_RULE"
-		nft "add rule inet fw4 PSW_MANGLE meta l4proto udp iifname lo $(REDIRECT $UDP_REDIR_PORT TPROXY) comment \"本机\""
-		nft "add rule inet fw4 PSW_MANGLE ip protocol udp iifname lo counter return comment \"本机\""
+		nft "add rule inet fw4 PSW_MANGLE meta l4proto udp iif lo $(REDIRECT $UDP_REDIR_PORT TPROXY) comment \"本机\""
+		nft "add rule inet fw4 PSW_MANGLE ip protocol udp iif lo counter return comment \"本机\""
 		nft "add rule inet fw4 mangle_output meta nfproto {ipv4} meta l4proto udp counter jump PSW_OUTPUT_MANGLE"

 		[ "$PROXY_IPV6" == "1" ] && [ "$PROXY_IPV6_UDP" == "1" ] && {
 			nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 meta l4proto udp ip6 daddr @$NFTSET_SHUNTLIST6 $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW_RULE"
 			nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 meta l4proto udp ip6 daddr @$NFTSET_BLACKLIST6 $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW_RULE"
 			nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") $(get_nftset_ipv6 $LOCALHOST_PROXY_MODE) jump PSW_RULE"
-			nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp iifname lo $(REDIRECT $UDP_REDIR_PORT TPROXY) comment \"本机\""
-			nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp iifname lo counter return comment \"本机\""
+			nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp iif lo $(REDIRECT $UDP_REDIR_PORT TPROXY) comment \"本机\""
+			nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp iif lo counter return comment \"本机\""
 		}
 	fi

-	nft "add rule inet fw4 mangle_output oifname lo counter return comment \"mangle-OUTPUT-PSW\""
+	nft "add rule inet fw4 mangle_output oif lo counter return comment \"mangle-OUTPUT-PSW\""
 	nft "add rule inet fw4 mangle_output meta mark 1 counter return comment \"mangle-OUTPUT-PSW\""

-	nft "add rule inet fw4 PSW_MANGLE counter ip protocol udp udp dport 53 counter return"
-	nft "add rule inet fw4 PSW_MANGLE_V6 counter meta l4proto udp udp dport 53 counter return"
+	nft "add rule inet fw4 PSW_MANGLE ip protocol udp udp dport 53 counter return"
+	nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp udp dport 53 counter return"
 	#  加载ACLS
 	load_acl

@ -1277,7 +1279,7 @@ gen_include() {
 				nft "add rule inet fw4 nat_output ip protocol tcp counter jump PSW_OUTPUT"
 			}

-			nft "add rule inet fw4 mangle_prerouting counter jump PSW_MANGLE"
+			nft "add rule inet fw4 mangle_prerouting meta nfproto {ipv4} counter jump PSW_MANGLE"
 			[ -n "${is_tproxy}" ] && nft "add rule inet fw4 mangle_output meta nfproto {ipv4} meta l4proto tcp counter jump PSW_OUTPUT_MANGLE comment \"mangle-OUTPUT-PSW\""
 			nft "add rule inet fw4 mangle_output meta nfproto {ipv4} meta l4proto udp counter jump PSW_OUTPUT_MANGLE"
 			\$(${MY_PATH} insert_rule_before "inet fw4" "mangle_prerouting" "PSW_MANGLE" "counter jump PSW_DIVERT")
@ -1287,7 +1289,7 @@ gen_include() {
 				nft "add rule inet fw4 mangle_output meta nfproto {ipv6} counter jump PSW_OUTPUT_MANGLE_V6 comment \"mangle-OUTPUT-PSW\""
 			}

-			nft "add rule inet fw4 mangle_output oifname lo counter return comment \"mangle-OUTPUT-PSW\""
+			nft "add rule inet fw4 mangle_output oif lo counter return comment \"mangle-OUTPUT-PSW\""
 			nft "add rule inet fw4 mangle_output meta mark 1 counter return comment \"mangle-OUTPUT-PSW\""
 		EOF
 		)
--- a/luci-app-passwall/root/usr/share/passwall/rule_update.lua
+++ b/luci-app-passwall/root/usr/share/passwall/rule_update.lua
@ -91,19 +91,21 @@ local function line_count(file_path)
 end

 local function non_file_check(file_path, vali_file)
-	if nixio.fs.readfile(file_path, 1000) then
-		local remote_file_size = luci.sys.exec("cat " .. vali_file .. " | grep -i Content-Length | awk '{print $2}'")
-		local local_file_size = luci.sys.exec("ls -l " .. file_path .. "| awk '{print $5}'")
-		if remote_file_size then
-			if tonumber(remote_file_size) == tonumber(local_file_size) then
+	if nixio.fs.readfile(file_path, 10) then
+		local remote_file_size = tonumber(luci.sys.exec("cat " .. vali_file .. " | grep -i 'Content-Length' | awk '{print $2}'"))
+		local local_file_size = tonumber(nixio.fs.stat(file_path, "size"))
+		if remote_file_size and local_file_size then
+			if remote_file_size == local_file_size then
 				return nil;
 			else
+				log("下载文件大小校验出错，原始文件大小" .. remote_file_size .. "B，下载文件大小：" .. local_file_size .. "B。")
 				return true;
 			end
 		else
 			return nil;
 		end
 	else
+		log("下载文件读取出错。")
 		return true;
 	end
 end
@ -122,14 +124,14 @@ local function fetch_rule(rule_name,rule_type,url,exclude_domain)
 	for k,v in ipairs(url) do
 		sret_tmp = curl(v, download_file_tmp..k, vali_file..k)
 		if sret_tmp == 200 and non_file_check(download_file_tmp..k, vali_file..k) then
-			log(rule_name.. " 第" ..k.. "条规则:" ..v.. "下载文件读取出错，尝试重新下载。")
+			log(rule_name.. " 第" ..k.. "条规则:" ..v.. "下载文件过程出错，尝试重新下载。")
 			os.remove(download_file_tmp..k)
 			os.remove(vali_file..k)
 			sret_tmp = curl(v, download_file_tmp..k, vali_file..k)
 			if sret_tmp == 200 and non_file_check(download_file_tmp..k, vali_file..k) then
 				sret = 0
 				sret_tmp = 0
-				log(rule_name.. " 第" ..k.. "条规则:" ..v.. "下载文件读取出错，请检查网络或下载链接后重试！")
+				log(rule_name.. " 第" ..k.. "条规则:" ..v.. "下载文件过程出错，请检查网络或下载链接后重试！")
 			end
 		end