OpenWrt/kenzok8-package
1
0
Fork 0
mirror of https://github.com/kenzok8/small-package synced 2025-01-05 11:36:47 +08:00
Code Issues Packages Projects Releases Wiki Activity

update 2024-12-07 16:24:54

Browse Source
This commit is contained in:
kenzok8 2024-12-07 16:24:54 +08:00
parent c7e74c9e48
commit 87d662c8ef
16 changed files with 277 additions and 142 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
floatip/Makefile
View File

@ -7,7 +7,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=floatip
PKG_VERSION:=1.0.0
PKG_VERSION:=1.0.1
PKG_RELEASE:=1
PKG_MAINTAINER:=jjm2473 <jjm2473@gmail.com>

4
floatip/files/floatip.config
View File

@ -6,7 +6,7 @@ config floatip 'main'
# option role 'main'
# 对于 fallback 节点,检查到 check_ip 都不在线超过一定时间例如30秒就设置自身的 set_ip然后检查 check_ip 中任一 IP 在线就清除自身的 set_ip重复上述流程。
# 对于 main 节点,启动后不断检查 set_ip ,直到 set_ip 不在线,就设置自身的 set_ip然后退出进程。
option set_ip '192.168.100.2/24'
option set_ip '192.168.100.3/24'
# check_ip 仅 fallback 有效,并且检查时只检查跟 set_ip 同一网段的
list check_ip '192.168.100.3'
list check_ip '192.168.100.2'
# list check_ip '192.168.100.4'

2
floatip/files/floatip.init
View File

@ -13,7 +13,7 @@ start_service() {
config_get set_ip "main" set_ip
[[ -n "$set_ip" ]] || return 0
eval "$(ipcalc.sh "$set_ip" )";set_prefix=$PREFIX;set_ip=$IP
[[ "$set_ip" = 0.0.0.0 ]] && set_ip=192.168.100.2
[[ "$set_ip" = 0.0.0.0 ]] && set_ip=192.168.100.3
[[ "$set_prefix" = 0 ]] && set_prefix=24
local lan_ip="`uci -q get network.lan.ipaddr`"
[[ -n "$lan_ip" ]] || return 0

4
floatip/files/floatip.sh
View File

@ -45,7 +45,7 @@ fallback_loop() {
eval "$(ipcalc.sh "$set_ip" )";set_net=$NETWORK;set_prefix=$PREFIX;set_ip=$IP
[[ "$set_net" = 0.0.0.0 ]] && set_net=192.168.100.0
[[ "$set_prefix" = 0 ]] && set_prefix=24
[[ "$set_ip" = 0.0.0.0 ]] && set_ip=192.168.100.2
[[ "$set_ip" = 0.0.0.0 ]] && set_ip=192.168.100.3
local ipaddr="$set_ip/$set_prefix"
local valid_check_ip cip
for cip in $check_ip; do
@ -104,7 +104,7 @@ main_loop() {
eval "$(ipcalc.sh "$set_ip" )";set_net=$NETWORK;set_prefix=$PREFIX;set_ip=$IP
[[ "$set_net" = 0.0.0.0 ]] && set_net=192.168.100.0
[[ "$set_prefix" = 0 ]] && set_prefix=24
[[ "$set_ip" = 0.0.0.0 ]] && set_ip=192.168.100.2
[[ "$set_ip" = 0.0.0.0 ]] && set_ip=192.168.100.3
local ipaddr="$set_ip/$set_prefix"
while :; do
# sleep 2-6s

3
luci-app-passwall/luasrc/model/cbi/passwall/client/rule.lua
View File

@ -94,7 +94,8 @@ if has_xray or has_singbox then
o.rmempty = false
o.description = "<ul>"
.. "<li>" .. translate("Experimental feature.") .. "</li>"
.. "<li>" .. translate("Analyzes and preloads GeoIP/Geosite data to enhance the shunt performance of Sing-box/Xray.") .. "</li>"
.. "<li>" .. "1." .. translate("Analyzes and preloads GeoIP/Geosite data to enhance the shunt performance of Sing-box/Xray.") .. "</li>"
.. "<li>" .. "2." .. translate("Once enabled, the rule list can support GeoIP/Geosite rules.") .. "</li>"
.. "<li>" .. translate("Note: Increases resource usage; Geosite analysis is only supported in ChinaDNS-NG and SmartDNS modes.") .. "</li>"
.. "</ul>"
end

12
luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua
View File

@ -41,7 +41,7 @@ o.validate = function(self, value)
value = value:gsub("^%s+", ""):gsub("%s+$","\n"):gsub("\r\n","\n"):gsub("[ \t]*\n[ \t]*", "\n")
string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(hosts, w) end)
for index, host in ipairs(hosts) do
if host:sub(1, 1) == "#" then
if host:sub(1, 1) == "#" or host:sub(1, 8) == "geosite:" then
return value
end
if not datatypes.hostname(host) then
@ -70,7 +70,7 @@ o.validate = function(self, value)
value = value:gsub("^%s+", ""):gsub("%s+$","\n"):gsub("\r\n","\n"):gsub("[ \t]*\n[ \t]*", "\n")
string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(ipmasks, w) end)
for index, ipmask in ipairs(ipmasks) do
if ipmask:sub(1, 1) == "#" then
if ipmask:sub(1, 1) == "#" or ipmask:sub(1, 6) == "geoip:" then
return value
end
if not ( datatypes.ipmask4(ipmask) or datatypes.ipmask6(ipmask) ) then
@ -101,7 +101,7 @@ o.validate = function(self, value)
value = value:gsub("^%s+", ""):gsub("%s+$","\n"):gsub("\r\n","\n"):gsub("[ \t]*\n[ \t]*", "\n")
string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(hosts, w) end)
for index, host in ipairs(hosts) do
if host:sub(1, 1) == "#" then
if host:sub(1, 1) == "#" or host:sub(1, 8) == "geosite:" then
return value
end
if not datatypes.hostname(host) then
@ -130,7 +130,7 @@ o.validate = function(self, value)
value = value:gsub("^%s+", ""):gsub("%s+$","\n"):gsub("\r\n","\n"):gsub("[ \t]*\n[ \t]*", "\n")
string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(ipmasks, w) end)
for index, ipmask in ipairs(ipmasks) do
if ipmask:sub(1, 1) == "#" then
if ipmask:sub(1, 1) == "#" or ipmask:sub(1, 6) == "geoip:" then
return value
end
if not ( datatypes.ipmask4(ipmask) or datatypes.ipmask6(ipmask) ) then
@ -159,7 +159,7 @@ o.validate = function(self, value)
value = value:gsub("^%s+", ""):gsub("%s+$","\n"):gsub("\r\n","\n"):gsub("[ \t]*\n[ \t]*", "\n")
string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(hosts, w) end)
for index, host in ipairs(hosts) do
if host:sub(1, 1) == "#" then
if host:sub(1, 1) == "#" or host:sub(1, 8) == "geosite:" then
return value
end
if not datatypes.hostname(host) then
@ -188,7 +188,7 @@ o.validate = function(self, value)
value = value:gsub("^%s+", ""):gsub("%s+$","\n"):gsub("\r\n","\n"):gsub("[ \t]*\n[ \t]*", "\n")
string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(ipmasks, w) end)
for index, ipmask in ipairs(ipmasks) do
if ipmask:sub(1, 1) == "#" then
if ipmask:sub(1, 1) == "#" or ipmask:sub(1, 6) == "geoip:" then
return value
end
if not ( datatypes.ipmask4(ipmask) or datatypes.ipmask6(ipmask) ) then

3
luci-app-passwall/po/zh-cn/passwall.po
View File

@ -934,6 +934,9 @@ msgstr "开启 Geo 数据解析"
msgid "Analyzes and preloads GeoIP/Geosite data to enhance the shunt performance of Sing-box/Xray."
msgstr "分析和预加载 GeoIP/Geosite 数据,以增强 Sing-box/Xray 的分流效果。"
msgid "Once enabled, the rule list can support GeoIP/Geosite rules."
msgstr "启用后,规则列表可以支持 GeoIP/Geosite 规则。"
msgid "Note: Increases resource usage; Geosite analysis is only supported in ChinaDNS-NG and SmartDNS modes."
msgstr "注:会增加一些系统资源的开销,仅在 ChinaDNS-NG 和 SmartDNS 模式下支持分析 Geosite 。"

25
luci-app-passwall/root/usr/share/passwall/app.sh
View File

@ -359,17 +359,6 @@ parse_doh() {
eval "${__url_var}='${__url}' ${__host_var}='${__host}' ${__port_var}='${__port}' ${__bootstrap_var}='${__bootstrap}'"
}
get_dnsmasq_conf_dir() {
local dnsmasq_conf_path=$(grep -l "^conf-dir=" /tmp/etc/dnsmasq.conf.${DEFAULT_DNSMASQ_CFGID})
[ -n "$dnsmasq_conf_path" ] && {
local dnsmasq_conf_dir=$(grep '^conf-dir=' "$dnsmasq_conf_path" | cut -d'=' -f2 | head -n 1)
[ -n "$dnsmasq_conf_dir" ] && {
DNSMASQ_CONF_DIR=${dnsmasq_conf_dir%*/}
TMP_DNSMASQ_PATH=${DNSMASQ_CONF_DIR}/${CONFIG}
}
}
}
run_ipt2socks() {
local flag proto tcp_tproxy local_port socks_address socks_port socks_username socks_password log_file
local _extra_param=""
@ -2010,7 +1999,17 @@ RESOLVFILE=/tmp/resolv.conf.d/resolv.conf.auto
ISP_DNS=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | sort -u | grep -v 0.0.0.0 | grep -v 127.0.0.1)
ISP_DNS6=$(cat $RESOLVFILE 2>/dev/null | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | awk -F % '{print $1}' | awk -F " " '{print $2}'| sort -u | grep -v -Fx ::1 | grep -v -Fx ::)
DEFAULT_DNSMASQ_CFGID=$(uci show dhcp.@dnsmasq[0] | awk -F '.' '{print $2}' | awk -F '=' '{print $1}'| head -1)
DEFAULT_DNSMASQ_CFGID="$(uci -q show "dhcp.@dnsmasq[0]" | awk 'NR==1 {split($0, conf, /[.=]/); print conf[2]}')"
if [ -f "/tmp/etc/dnsmasq.conf.$DEFAULT_DNSMASQ_CFGID" ]; then
DNSMASQ_CONF_DIR="$(awk -F '=' '/^conf-dir=/ {print $2}' "/tmp/etc/dnsmasq.conf.$DEFAULT_DNSMASQ_CFGID")"
if [ -n "$DNSMASQ_CONF_DIR" ]; then
DNSMASQ_CONF_DIR=${DNSMASQ_CONF_DIR%*/}
TMP_DNSMASQ_PATH=${DNSMASQ_CONF_DIR}/${CONFIG}
else
DNSMASQ_CONF_DIR="/tmp/dnsmasq.d"
fi
fi
DEFAULT_DNS=$(uci show dhcp.@dnsmasq[0] | grep "\.server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' '\n' | grep -v "\/" | head -2 | sed ':label;N;s/\n/,/;b label')
[ -z "${DEFAULT_DNS}" ] && [ "$(echo $ISP_DNS | tr ' ' '\n' | wc -l)" -le 2 ] && DEFAULT_DNS=$(echo -n $ISP_DNS | tr ' ' '\n' | head -2 | tr '\n' ',')
LOCAL_DNS="${DEFAULT_DNS:-119.29.29.29,223.5.5.5}"
@ -2020,8 +2019,6 @@ DNS_QUERY_STRATEGY="UseIP"
[ "$FILTER_PROXY_IPV6" = "1" ] && DNS_QUERY_STRATEGY="UseIPv4"
DNSMASQ_FILTER_PROXY_IPV6=${FILTER_PROXY_IPV6}
get_dnsmasq_conf_dir
export V2RAY_LOCATION_ASSET=$(config_t_get global_rules v2ray_location_asset "/usr/share/v2ray/")
export XRAY_LOCATION_ASSET=$V2RAY_LOCATION_ASSET
mkdir -p /tmp/etc $TMP_PATH $TMP_BIN_PATH $TMP_SCRIPT_FUNC_PATH $TMP_ID_PATH $TMP_ROUTE_PATH $TMP_ACL_PATH $TMP_IFACE_PATH $TMP_PATH2

65
luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua
View File

@ -30,6 +30,7 @@ local RULES_PATH = "/usr/share/" .. appname .. "/rules"
local FLAG_PATH = TMP_ACL_PATH .. "/" .. FLAG
local config_lines = {}
local tmp_lines = {}
local USE_GEOVIEW = uci:get(appname, "@global_rules[0]", "enable_geoview")
local function log(...)
if NO_LOGIC_LOG == "1" then
@ -115,12 +116,18 @@ end
--自定义规则组,后声明的组具有更高优先级
--屏蔽列表
local file_block_host = TMP_ACL_PATH .. "/block_host"
if USE_BLOCK_LIST == "1" and not fs.access(file_block_host) then --对自定义列表进行清洗
if USE_BLOCK_LIST == "1" and not fs.access(file_block_host) then
local block_domain, lookup_block_domain = {}, {}
local geosite_arg = ""
for line in io.lines(RULES_PATH .. "/block_host") do
line = api.get_std_domain(line)
if line ~= "" and not line:find("#") then
insert_unique(block_domain, line, lookup_block_domain)
if not line:find("#") and line:find("geosite:") then
line = string.match(line, ":([^:]+)$")
geosite_arg = geosite_arg .. (geosite_arg ~= "" and "," or "") .. line
else
line = api.get_std_domain(line)
if line ~= "" and not line:find("#") then
insert_unique(block_domain, line, lookup_block_domain)
end
end
end
if #block_domain > 0 then
@ -130,6 +137,10 @@ if USE_BLOCK_LIST == "1" and not fs.access(file_block_host) then --对自定
end
f_out:close()
end
if USE_GEOVIEW == "1" and geosite_arg ~= "" and api.is_finded("geoview") then
get_geosite(geosite_arg, file_block_host)
log(" * 解析[屏蔽列表] Geosite 到屏蔽域名表(blocklist)完成")
end
end
if USE_BLOCK_LIST == "1" and is_file_nonzero(file_block_host) then
tmp_lines = {
@ -168,12 +179,18 @@ end
--直连(白名单)列表
local file_direct_host = TMP_ACL_PATH .. "/direct_host"
if USE_DIRECT_LIST == "1" and not fs.access(file_direct_host) then --对自定义列表进行清洗
if USE_DIRECT_LIST == "1" and not fs.access(file_direct_host) then
local direct_domain, lookup_direct_domain = {}, {}
local geosite_arg = ""
for line in io.lines(RULES_PATH .. "/direct_host") do
line = api.get_std_domain(line)
if line ~= "" and not line:find("#") then
insert_unique(direct_domain, line, lookup_direct_domain)
if not line:find("#") and line:find("geosite:") then
line = string.match(line, ":([^:]+)$")
geosite_arg = geosite_arg .. (geosite_arg ~= "" and "," or "") .. line
else
line = api.get_std_domain(line)
if line ~= "" and not line:find("#") then
insert_unique(direct_domain, line, lookup_direct_domain)
end
end
end
if #direct_domain > 0 then
@ -183,6 +200,10 @@ if USE_DIRECT_LIST == "1" and not fs.access(file_direct_host) then --对自定
end
f_out:close()
end
if USE_GEOVIEW == "1" and geosite_arg ~= "" and api.is_finded("geoview") then
get_geosite(geosite_arg, file_direct_host)
log(" * 解析[直连列表] Geosite 到域名白名单(whitelist)完成")
end
end
if USE_DIRECT_LIST == "1" and is_file_nonzero(file_direct_host) then
tmp_lines = {
@ -197,12 +218,18 @@ end
--代理(黑名单)列表
local file_proxy_host = TMP_ACL_PATH .. "/proxy_host"
if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then --对自定义列表进行清洗
if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then
local proxy_domain, lookup_proxy_domain = {}, {}
local geosite_arg = ""
for line in io.lines(RULES_PATH .. "/proxy_host") do
line = api.get_std_domain(line)
if line ~= "" and not line:find("#") then
insert_unique(proxy_domain, line, lookup_proxy_domain)
if not line:find("#") and line:find("geosite:") then
line = string.match(line, ":([^:]+)$")
geosite_arg = geosite_arg .. (geosite_arg ~= "" and "," or "") .. line
else
line = api.get_std_domain(line)
if line ~= "" and not line:find("#") then
insert_unique(proxy_domain, line, lookup_proxy_domain)
end
end
end
if #proxy_domain > 0 then
@ -212,6 +239,10 @@ if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then --对自定
end
f_out:close()
end
if USE_GEOVIEW == "1" and geosite_arg ~= "" and api.is_finded("geoview") then
get_geosite(geosite_arg, file_proxy_host)
log(" * 解析[代理列表] Geosite 到代理域名表(blacklist)完成")
end
end
if USE_PROXY_LIST == "1" and is_file_nonzero(file_proxy_host) then
tmp_lines = {
@ -334,14 +365,14 @@ if uci:get(appname, TCP_NODE, "protocol") == "_shunt" then
end
end
local use_geoview = uci:get(appname, "@global_rules[0]", "enable_geoview")
if GFWLIST == "1" and CHNLIST == "0" and use_geoview == "1" then --仅GFW模式解析geosite
if GFWLIST == "1" and CHNLIST == "0" and USE_GEOVIEW == "1" and api.is_finded("geoview") then --仅GFW模式解析geosite
if geosite_white_arg ~= "" then
get_geosite(geosite_white_arg, file_white_host)
end
if geosite_shunt_arg ~= "" then
get_geosite(geosite_shunt_arg, file_shunt_host)
end
log(" * 解析[分流节点] Geosite 完成")
end
if is_file_nonzero(file_white_host) then
@ -409,11 +440,11 @@ end
table.insert(config_lines, "hosts")
if DEFAULT_TAG == "chn" then
log(string.format(" - 默认%s", DNS_LOCAL))
log(string.format(" - 默认 DNS %s", DNS_LOCAL))
elseif DEFAULT_TAG == "gfw" then
log(string.format(" - 默认%s", DNS_TRUST))
log(string.format(" - 默认 DNS %s", DNS_TRUST))
else
log(string.format(" - 默认%s", "智能匹配"))
log(string.format(" - 默认 DNS %s", "智能匹配"))
end
--输出配置文件

61
luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua
View File

@ -36,6 +36,7 @@ local RULES_PATH = "/usr/share/" .. appname .. "/rules"
local FLAG_PATH = TMP_ACL_PATH .. "/" .. FLAG
local config_lines = {}
local tmp_lines = {}
local USE_GEOVIEW = uci:get(appname, "@global_rules[0]", "enable_geoview")
local function log(...)
if NO_LOGIC_LOG == "1" then
@ -233,12 +234,18 @@ end
--屏蔽列表
local file_block_host = TMP_ACL_PATH .. "/block_host"
if USE_BLOCK_LIST == "1" and not fs.access(file_block_host) then --对自定义列表进行清洗
if USE_BLOCK_LIST == "1" and not fs.access(file_block_host) then
local block_domain, lookup_block_domain = {}, {}
local geosite_arg = ""
for line in io.lines(RULES_PATH .. "/block_host") do
line = api.get_std_domain(line)
if line ~= "" and not line:find("#") then
insert_unique(block_domain, line, lookup_block_domain)
if not line:find("#") and line:find("geosite:") then
line = string.match(line, ":([^:]+)$")
geosite_arg = geosite_arg .. (geosite_arg ~= "" and "," or "") .. line
else
line = api.get_std_domain(line)
if line ~= "" and not line:find("#") then
insert_unique(block_domain, line, lookup_block_domain)
end
end
end
if #block_domain > 0 then
@ -248,6 +255,10 @@ if USE_BLOCK_LIST == "1" and not fs.access(file_block_host) then --对自定
end
f_out:close()
end
if USE_GEOVIEW == "1" and geosite_arg ~= "" and api.is_finded("geoview") then
get_geosite(geosite_arg, file_block_host)
log(" * 解析[屏蔽列表] Geosite 到屏蔽域名表(blocklist)完成")
end
end
if USE_BLOCK_LIST == "1" and is_file_nonzero(file_block_host) then
local domain_set_name = "passwall-block"
@ -289,12 +300,18 @@ end
--直连(白名单)列表
local file_direct_host = TMP_ACL_PATH .. "/direct_host"
if USE_DIRECT_LIST == "1" and not fs.access(file_direct_host) then --对自定义列表进行清洗
if USE_DIRECT_LIST == "1" and not fs.access(file_direct_host) then
local direct_domain, lookup_direct_domain = {}, {}
local geosite_arg = ""
for line in io.lines(RULES_PATH .. "/direct_host") do
line = api.get_std_domain(line)
if line ~= "" and not line:find("#") then
insert_unique(direct_domain, line, lookup_direct_domain)
if not line:find("#") and line:find("geosite:") then
line = string.match(line, ":([^:]+)$")
geosite_arg = geosite_arg .. (geosite_arg ~= "" and "," or "") .. line
else
line = api.get_std_domain(line)
if line ~= "" and not line:find("#") then
insert_unique(direct_domain, line, lookup_direct_domain)
end
end
end
if #direct_domain > 0 then
@ -304,6 +321,10 @@ if USE_DIRECT_LIST == "1" and not fs.access(file_direct_host) then --对自定
end
f_out:close()
end
if USE_GEOVIEW == "1" and geosite_arg ~= "" and api.is_finded("geoview") then
get_geosite(geosite_arg, file_direct_host)
log(" * 解析[直连列表] Geosite 到域名白名单(whitelist)完成")
end
end
if USE_DIRECT_LIST == "1" and is_file_nonzero(file_direct_host) then
local domain_set_name = "passwall-directlist"
@ -320,12 +341,18 @@ end
--代理(黑名单)列表
local file_proxy_host = TMP_ACL_PATH .. "/proxy_host"
if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then --对自定义列表进行清洗
if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then
local proxy_domain, lookup_proxy_domain = {}, {}
local geosite_arg = ""
for line in io.lines(RULES_PATH .. "/proxy_host") do
line = api.get_std_domain(line)
if line ~= "" and not line:find("#") then
insert_unique(proxy_domain, line, lookup_proxy_domain)
if not line:find("#") and line:find("geosite:") then
line = string.match(line, ":([^:]+)$")
geosite_arg = geosite_arg .. (geosite_arg ~= "" and "," or "") .. line
else
line = api.get_std_domain(line)
if line ~= "" and not line:find("#") then
insert_unique(proxy_domain, line, lookup_proxy_domain)
end
end
end
if #proxy_domain > 0 then
@ -335,6 +362,10 @@ if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then --对自定
end
f_out:close()
end
if USE_GEOVIEW == "1" and geosite_arg ~= "" and api.is_finded("geoview") then
get_geosite(geosite_arg, file_proxy_host)
log(" * 解析[代理列表] Geosite 到代理域名表(blacklist)完成")
end
end
if USE_PROXY_LIST == "1" and is_file_nonzero(file_proxy_host) then
local domain_set_name = "passwall-proxylist"
@ -477,14 +508,14 @@ if uci:get(appname, TCP_NODE, "protocol") == "_shunt" then
end
end
local use_geoview = uci:get(appname, "@global_rules[0]", "enable_geoview")
if USE_GFW_LIST == "1" and CHN_LIST == "0" and use_geoview == "1" then --仅GFW模式解析geosite
if USE_GFW_LIST == "1" and CHN_LIST == "0" and USE_GEOVIEW == "1" and api.is_finded("geoview") then --仅GFW模式解析geosite
if geosite_white_arg ~= "" then
get_geosite(geosite_white_arg, file_white_host)
end
if geosite_shunt_arg ~= "" then
get_geosite(geosite_shunt_arg, file_shunt_host)
end
log(" * 解析[分流节点] Geosite 完成")
end
if is_file_nonzero(file_white_host) then
@ -535,7 +566,7 @@ if #config_lines > 0 then
end
if DEFAULT_DNS_GROUP then
log(string.format(" - 默认分组:%s", DEFAULT_DNS_GROUP))
log(string.format(" - 默认 DNS 分组:%s", DEFAULT_DNS_GROUP))
end
fs.symlink(CACHE_DNS_FILE, SMARTDNS_CONF)

98
luci-app-passwall/root/usr/share/passwall/iptables.sh
View File

@ -776,53 +776,97 @@ add_firewall_rule() {
ipset -! create $IPSET_WHITELIST6 nethash family inet6 maxelem 1048576 timeout 172800
ipset -! create $IPSET_BLOCKLIST6 nethash family inet6 maxelem 1048576 timeout 172800
#分流规则的IP列表(使用分流节点时导入)
cat $RULES_PATH/chnroute | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/chnroute6 | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
#导入规则列表、分流规则中的IP列表
local USE_SHUNT_NODE=0
local USE_PROXY_LIST_ALL=${USE_PROXY_LIST}
local USE_DIRECT_LIST_ALL=${USE_DIRECT_LIST}
local USE_BLOCK_LIST_ALL=${USE_BLOCK_LIST}
local _TCP_NODE=$(config_t_get global tcp_node nil)
local _UDP_NODE=$(config_t_get global udp_node nil)
local USE_GEOVIEW=$(config_t_get global_rules enable_geoview)
[ "$_TCP_NODE" != "nil" ] && [ "$(config_n_get $_TCP_NODE protocol)" = "_shunt" ] && USE_SHUNT_TCP=1 && USE_SHUNT_NODE=1
[ "$_UDP_NODE" != "nil" ] && [ "$(config_n_get $_UDP_NODE protocol)" = "_shunt" ] && USE_SHUNT_UDP=1 && USE_SHUNT_NODE=1
[ "$_UDP_NODE" = "tcp" ] && USE_SHUNT_UDP=$USE_SHUNT_TCP
[ "$USE_SHUNT_NODE" = "0" ] && {
for acl_section in $(uci show ${CONFIG} | grep "=acl_rule" | cut -d '.' -sf 2 | cut -d '=' -sf 1); do
[ "$(config_n_get $acl_section enabled)" != "1" ] && continue
for _node in $(config_n_get $acl_section tcp_node) $(config_n_get $acl_section udp_node); do
local node_protocol=$(config_n_get $_node protocol)
[ "$node_protocol" = "_shunt" ] && { USE_SHUNT_NODE=1; break 2; }
done
for acl_section in $(uci show ${CONFIG} | grep "=acl_rule" | cut -d '.' -sf 2 | cut -d '=' -sf 1); do
[ "$(config_n_get $acl_section enabled)" != "1" ] && continue
[ "$(config_n_get $acl_section use_global_config 0)" != "1" ] && {
[ "$(config_n_get $acl_section use_direct_list 1)" = "1" ] && USE_PROXY_LIST_ALL=1
[ "$(config_n_get $acl_section use_proxy_list 1)" = "1" ] && USE_DIRECT_LIST_ALL=1
[ "$(config_n_get $acl_section use_block_list 1)" = "1" ] && USE_BLOCK_LIST_ALL=1
}
for _node in $(config_n_get $acl_section tcp_node) $(config_n_get $acl_section udp_node); do
local node_protocol=$(config_n_get $_node protocol)
[ "$node_protocol" = "_shunt" ] && { USE_SHUNT_NODE=1; break; }
done
done
#直连列表
[ "$USE_DIRECT_LIST_ALL" = "1" ] && {
cat $RULES_PATH/direct_ip | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_WHITELIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/direct_ip | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_WHITELIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
[ "$USE_GEOVIEW" = "1" ] && {
local GEOIP_CODE=$(cat $RULES_PATH/direct_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g')
if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then
get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_WHITELIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_WHITELIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
echolog " - [$?]解析并加入[直连列表] GeoIP 到 IPSET 完成"
fi
}
}
#代理列表
[ "$USE_PROXY_LIST_ALL" = "1" ] && {
cat $RULES_PATH/proxy_ip | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLACKLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/proxy_ip | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_BLACKLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
[ "$USE_GEOVIEW" = "1" ] && {
local GEOIP_CODE=$(cat $RULES_PATH/proxy_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g')
if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then
get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLACKLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_BLACKLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
echolog " - [$?]解析并加入[代理列表] GeoIP 到 IPSET 完成"
fi
}
}
#屏蔽列表
[ "$USE_PROXY_LIST_ALL" = "1" ] && {
cat $RULES_PATH/block_ip | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLOCKLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/block_ip | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_BLOCKLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
[ "$USE_GEOVIEW" = "1" ] && {
local GEOIP_CODE=$(cat $RULES_PATH/block_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g')
if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then
get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLOCKLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_BLOCKLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
echolog " - [$?]解析并加入[屏蔽列表] GeoIP 到 IPSET 完成"
fi
}
}
#分流列表
[ "$USE_SHUNT_NODE" = "1" ] && {
local GEOIP_CODE=""
local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
for shunt_id in $shunt_ids; do
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_SHUNTLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_SHUNTLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
[ "$(config_t_get global_rules enable_geoview)" = "1" ] && {
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_SHUNTLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_SHUNTLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
[ "$USE_GEOVIEW" = "1" ] && {
local geoip_code=$(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g')
[ -n "$geoip_code" ] && GEOIP_CODE="${GEOIP_CODE:+$GEOIP_CODE,}$geoip_code"
}
done
if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then
get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_SHUNTLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_SHUNTLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
echolog " - [$?]解析并加入[分流节点] GeoIP 到 IPSET 完成"
fi
}
if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then
get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_SHUNTLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_SHUNTLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
echolog " - [$?]解析并加入分流节点 GeoIP 到 IPSET 完成"
fi
cat $RULES_PATH/chnroute | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/proxy_ip | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLACKLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/direct_ip | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_WHITELIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/block_ip | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLOCKLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/chnroute6 | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/proxy_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/direct_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_WHITELIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/block_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLOCKLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
#局域网IP列表
ipset -! -R <<-EOF
$(gen_lanlist | sed -e "s/^/add $IPSET_LANLIST /")
EOF

94
luci-app-passwall/root/usr/share/passwall/nftables.sh
View File

@ -839,9 +839,9 @@ add_firewall_rule() {
else
gen_nftset $NFTSET_CHN ipv4_addr "2d" 0 $(cat $RULES_PATH/chnroute | tr -s '\n' | grep -v "^#")
fi
gen_nftset $NFTSET_BLACKLIST ipv4_addr "2d" 0 $(cat $RULES_PATH/proxy_ip | tr -s '\n' | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
gen_nftset $NFTSET_WHITELIST ipv4_addr "2d" 0 $(cat $RULES_PATH/direct_ip | tr -s '\n' | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
gen_nftset $NFTSET_BLOCKLIST ipv4_addr "2d" 0 $(cat $RULES_PATH/block_ip | tr -s '\n' | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
gen_nftset $NFTSET_BLACKLIST ipv4_addr "2d" 0
gen_nftset $NFTSET_WHITELIST ipv4_addr "2d" 0
gen_nftset $NFTSET_BLOCKLIST ipv4_addr "2d" 0
gen_nftset $NFTSET_SHUNTLIST ipv4_addr "2d" 0
gen_nftset $NFTSET_VPSLIST6 ipv6_addr 0 0
@ -853,47 +853,97 @@ add_firewall_rule() {
else
gen_nftset $NFTSET_CHN6 ipv6_addr "2d" 0 $(cat $RULES_PATH/chnroute6 | tr -s '\n' | grep -v "^#")
fi
gen_nftset $NFTSET_BLACKLIST6 ipv6_addr "2d" 0 $(cat $RULES_PATH/proxy_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
gen_nftset $NFTSET_WHITELIST6 ipv6_addr "2d" 0 $(cat $RULES_PATH/direct_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
gen_nftset $NFTSET_BLOCKLIST6 ipv6_addr "2d" 0 $(cat $RULES_PATH/block_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
gen_nftset $NFTSET_BLACKLIST6 ipv6_addr "2d" 0
gen_nftset $NFTSET_WHITELIST6 ipv6_addr "2d" 0
gen_nftset $NFTSET_BLOCKLIST6 ipv6_addr "2d" 0
gen_nftset $NFTSET_SHUNTLIST6 ipv6_addr "2d" 0
#分流规则的IP列表(使用分流节点时导入)
#导入规则列表、分流规则的IP列表
local USE_SHUNT_NODE=0
local USE_PROXY_LIST_ALL=${USE_PROXY_LIST}
local USE_DIRECT_LIST_ALL=${USE_DIRECT_LIST}
local USE_BLOCK_LIST_ALL=${USE_BLOCK_LIST}
local _TCP_NODE=$(config_t_get global tcp_node nil)
local _UDP_NODE=$(config_t_get global udp_node nil)
local USE_GEOVIEW=$(config_t_get global_rules enable_geoview)
[ "$_TCP_NODE" != "nil" ] && [ "$(config_n_get $_TCP_NODE protocol)" = "_shunt" ] && USE_SHUNT_TCP=1 && USE_SHUNT_NODE=1
[ "$_UDP_NODE" != "nil" ] && [ "$(config_n_get $_UDP_NODE protocol)" = "_shunt" ] && USE_SHUNT_UDP=1 && USE_SHUNT_NODE=1
[ "$_UDP_NODE" = "tcp" ] && USE_SHUNT_UDP=$USE_SHUNT_TCP
[ "$USE_SHUNT_NODE" = "0" ] && {
for acl_section in $(uci show ${CONFIG} | grep "=acl_rule" | cut -d '.' -sf 2 | cut -d '=' -sf 1); do
[ "$(config_n_get $acl_section enabled)" != "1" ] && continue
for _node in $(config_n_get $acl_section tcp_node) $(config_n_get $acl_section udp_node); do
local node_protocol=$(config_n_get $_node protocol)
[ "$node_protocol" = "_shunt" ] && { USE_SHUNT_NODE=1; break 2; }
done
for acl_section in $(uci show ${CONFIG} | grep "=acl_rule" | cut -d '.' -sf 2 | cut -d '=' -sf 1); do
[ "$(config_n_get $acl_section enabled)" != "1" ] && continue
[ "$(config_n_get $acl_section use_global_config 0)" != "1" ] && {
[ "$(config_n_get $acl_section use_direct_list 1)" = "1" ] && USE_PROXY_LIST_ALL=1
[ "$(config_n_get $acl_section use_proxy_list 1)" = "1" ] && USE_DIRECT_LIST_ALL=1
[ "$(config_n_get $acl_section use_block_list 1)" = "1" ] && USE_BLOCK_LIST_ALL=1
}
for _node in $(config_n_get $acl_section tcp_node) $(config_n_get $acl_section udp_node); do
local node_protocol=$(config_n_get $_node protocol)
[ "$node_protocol" = "_shunt" ] && { USE_SHUNT_NODE=1; break; }
done
done
#直连列表
[ "$USE_DIRECT_LIST_ALL" = "1" ] && {
insert_nftset $NFTSET_WHITELIST "0" $(cat $RULES_PATH/direct_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
insert_nftset $NFTSET_WHITELIST6 "0" $(cat $RULES_PATH/direct_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
[ "$USE_GEOVIEW" = "1" ] && {
local GEOIP_CODE=$(cat $RULES_PATH/direct_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g')
if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then
insert_nftset $NFTSET_WHITELIST "0" $(get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
insert_nftset $NFTSET_WHITELIST6 "0" $(get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
echolog " - [$?]解析并加入[直连列表] GeoIP 到 NFTSET 完成"
fi
}
}
#代理列表
[ "$USE_PROXY_LIST_ALL" = "1" ] && {
insert_nftset $NFTSET_BLACKLIST "0" $(cat $RULES_PATH/proxy_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
insert_nftset $NFTSET_BLACKLIST6 "0" $(cat $RULES_PATH/proxy_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
[ "$USE_GEOVIEW" = "1" ] && {
local GEOIP_CODE=$(cat $RULES_PATH/proxy_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g')
if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then
insert_nftset $NFTSET_BLACKLIST "0" $(get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
insert_nftset $NFTSET_BLACKLIST6 "0" $(get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
echolog " - [$?]解析并加入[代理列表] GeoIP 到 NFTSET 完成"
fi
}
}
#屏蔽列表
[ "$USE_PROXY_LIST_ALL" = "1" ] && {
insert_nftset $NFTSET_BLOCKLIST "0" $(cat $RULES_PATH/block_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
insert_nftset $NFTSET_BLOCKLIST6 "0" $(cat $RULES_PATH/block_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
[ "$USE_GEOVIEW" = "1" ] && {
local GEOIP_CODE=$(cat $RULES_PATH/block_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g')
if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then
insert_nftset $NFTSET_BLOCKLIST "0" $(get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
insert_nftset $NFTSET_BLOCKLIST6 "0" $(get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
echolog " - [$?]解析并加入[屏蔽列表] GeoIP 到 NFTSET 完成"
fi
}
}
#分流列表
[ "$USE_SHUNT_NODE" = "1" ] && {
local GEOIP_CODE=""
local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
for shunt_id in $shunt_ids; do
insert_nftset $NFTSET_SHUNTLIST "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
insert_nftset $NFTSET_SHUNTLIST6 "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
[ "$(config_t_get global_rules enable_geoview)" = "1" ] && {
insert_nftset $NFTSET_SHUNTLIST "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
insert_nftset $NFTSET_SHUNTLIST6 "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
[ "$USE_GEOVIEW" = "1" ] && {
local geoip_code=$(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g')
[ -n "$geoip_code" ] && GEOIP_CODE="${GEOIP_CODE:+$GEOIP_CODE,}$geoip_code"
}
done
if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then
insert_nftset $NFTSET_SHUNTLIST "0" $(get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
insert_nftset $NFTSET_SHUNTLIST6 "0" $(get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
echolog " - [$?]解析并加入[分流节点] GeoIP 到 NFTSET 完成"
fi
}
if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then
insert_nftset $NFTSET_SHUNTLIST "0" $(get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
insert_nftset $NFTSET_SHUNTLIST6 "0" $(get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
echolog " - [$?]解析并加入分流节点 GeoIP 到 NFTSET 完成"
fi
# 忽略特殊IP段
local lan_ifname lan_ip

2
luci-app-systools/Makefile
View File

@ -2,7 +2,7 @@
include $(TOPDIR)/rules.mk
PKG_VERSION:=1.0.7-20241206
PKG_VERSION:=1.0.8-20241207
PKG_RELEASE:=
LUCI_TITLE:=LuCI support for SysTools

4
luci-app-systools/luasrc/controller/systools.lua
View File

@ -186,9 +186,9 @@ end
function install_execute_systools(req)
local cmd
if req["tool"] == "speedtest" then
cmd = string.format("/usr/libexec/istorec/systools.sh %s %s", req["tool"], req["speedTestServer"])
cmd = string.format("/usr/libexec/systools.sh %s %s", req["tool"], req["speedTestServer"])
else
cmd = string.format("/usr/libexec/istorec/systools.sh %s", req["tool"])
cmd = string.format("/usr/libexec/systools.sh %s", req["tool"])
end
cmd = "/etc/init.d/tasks task_add systools " .. luci.util.shellquote(cmd)
os.execute(cmd .. " >/dev/null 2>&1")

36
luci-app-systools/root/usr/libexec/istorec/systools.sh → luci-app-systools/root/usr/libexec/systools.sh
View File

@ -16,39 +16,17 @@ usage() {
echo " speedtest Start a speedtest"
}
case ${ACTION} in
"turn_off_ipv6"|\
"full_ipv6"|\
"half_ipv6")
bash "/usr/share/systools/${ACTION}.run"
;;
"reset_rom_pkgs")
bash "/usr/share/systools/${ACTION}.run"
;;
"qb_reset_password")
bash "/usr/share/systools/${ACTION}.run"
;;
"disk_power_mode")
bash "/usr/share/systools/${ACTION}.run"
;;
case "${ACTION}" in
"speedtest")
/usr/share/systools/speedtest.run ${1}
;;
"openssl-aes256gcm")
bash "/usr/share/systools/${ACTION}.run"
;;
"openssl-chacha20-poly1305")
bash "/usr/share/systools/${ACTION}.run"
;;
"istore-reinstall")
bash "/usr/share/systools/${ACTION}.run"
;;
"disable-wandrop")
bash "/usr/share/systools/${ACTION}.run"
;;
*)
usage
exit 1
if [ -n "${ACTION}" -a -s /usr/share/systools/${ACTION}.run ]; then
bash "/usr/share/systools/${ACTION}.run"
else
usage
exit 1
fi
;;
esac

4
v2ray-geoview/Makefile
View File

@ -1,12 +1,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=geoview
PKG_VERSION:=0.0.8
PKG_VERSION:=0.0.9
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/snowie2000/geoview/tar.gz/$(PKG_VERSION)?
PKG_HASH:=1d94d2f251505fd5da8e03de6aba5722554e199b0873de28ecd7be62538aad60
PKG_HASH:=ba0af14cd7a6ce457584ab4754331848ed78240ae39abdf65fef646df0130c2e
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE