diff --git a/luci-app-openclash/Makefile b/luci-app-openclash/Makefile index 6ebbd372a..b292139ef 100644 --- a/luci-app-openclash/Makefile +++ b/luci-app-openclash/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luci-app-openclash -PKG_VERSION:=0.45.111 +PKG_VERSION:=0.45.112 PKG_RELEASE:=beta PKG_MAINTAINER:=vernesong diff --git a/luci-app-openclash/po/zh-cn/openclash.zh-cn.po b/luci-app-openclash/po/zh-cn/openclash.zh-cn.po index 6efa95d92..6a7994d00 100644 --- a/luci-app-openclash/po/zh-cn/openclash.zh-cn.po +++ b/luci-app-openclash/po/zh-cn/openclash.zh-cn.po @@ -3378,12 +3378,6 @@ msgstr "提示:IPv6 代理模式为 TProxy..." msgid "Warning: Only Meta Core Support IPv6 Tun Mode, Use TProxy Instead..." msgstr "提示:只有 Meta 内核支持 IPv6 Tun 模式,使用 TProxy 模式代替..." -msgid "Tip: Can't Get IPv4 LAN Interfaces, Please Verify The Firewall's LAN Zone Name is lan..." -msgstr "提示:无法获取 IPv4 的 LAN 接口名称,请确保防火墙设置中 IPv4 LAN 区域的名称为 lan..." - -msgid "Tip: Can't Get IPv6 LAN Interfaces, Please Verify The Firewall's LAN Zone Name is lan..." -msgstr "提示:无法获取 IPv6 的 LAN 接口名称,请确保防火墙设置中 IPv6 LAN 区域的名称为 lan..." - msgid "Tip: Can't Get IPv4 WAN Interfaces, Please Verify The Firewall's WAN Zone Name is wan, Ignore This IF The Device Does not Have a WAN Interfaces..." msgstr "提示:无法获取 IPv4 的 WAN 接口名称,请确保防火墙设置中 IPv6 WAN 区域的名称为 wan,如设备无 WAN 口请忽略此提示..." diff --git a/luci-app-openclash/root/etc/init.d/openclash b/luci-app-openclash/root/etc/init.d/openclash index c74c955aa..258072bfe 100644 --- a/luci-app-openclash/root/etc/init.d/openclash +++ b/luci-app-openclash/root/etc/init.d/openclash @@ -1330,45 +1330,6 @@ if [ "$ipv6_enable" -eq 1 ]; then esac fi -#lan interfaces -if [ -n "$FW4" ]; then - lan_ints=$(nft list chain inet fw4 input |grep -e "jump input_lan" 2>/dev/null |awk '{for (i=1;i<=NF;i++){if ($i ~ /iifname/ && $(i+1) != "{") {print $(i+1)} if ($i ~ /iifname/ && $(i+1) == "{"){for (j=i+1;j<=NF;j++){if ($j~ /}/) {out="";for (k=i+1;k<=j;k++){out=out" "$k};print out}}}}}' 2>/dev/null |sed 's/"//g'|sed 's/{//g'|sed 's/}//g'|sed 's/,//g') - if [ -z "$lan_ints" ]; then - lan_ints=$(ip route |grep 'default' |awk '{print $5}' |head -1 2>/dev/null) - if [ -z "$(echo "$(ls -l /sys/class/net/ 2>/dev/null |awk '{print $9}' 2>/dev/null)" |grep -E ^${lan_ints}$)" ]; then - lan_ints="" - fi - fi - lan6_ints=$(nft list chain inet fw4 input |grep -e "jump input_lan" 2>/dev/null |awk '{for (i=1;i<=NF;i++){if ($i ~ /iifname/ && $(i+1) != "{") {print $(i+1)} if ($i ~ /iifname/ && $(i+1) == "{"){for (j=i+1;j<=NF;j++){if ($j~ /}/) {out="";for (k=i+1;k<=j;k++){out=out" "$k};print out}}}}}' 2>/dev/null |sed 's/"//g'|sed 's/{//g'|sed 's/}//g'|sed 's/,//g') - if [ -z "$lan6_ints" ]; then - lan6_ints=$(ip route |grep 'default' |awk '{print $5}' |head -1 2>/dev/null) - if [ -z "$(echo "$(ls -l /sys/class/net/ 2>/dev/null |awk '{print $9}' 2>/dev/null)" |grep -E ^${lan6_ints}$)" ]; then - lan6_ints="" - fi - fi -else - lan_ints=$(iptables-save -t filter |grep -e "-j zone_lan_input" 2>/dev/null |awk '{for (i=1;i<=NF;i++) {if ($i ~ /-i/) {print $(i+1)}}}' 2>/dev/null) - if [ -z "$lan_ints" ]; then - lan_ints=$(ip route |grep 'default' |awk '{print $5}' |head -1 2>/dev/null) - if [ -z "$(echo "$(ls -l /sys/class/net/ 2>/dev/null |awk '{print $9}' 2>/dev/null)" |grep -E ^${lan_ints}$)" ]; then - lan_ints="" - fi - fi - lan6_ints=$(ip6tables-save -t filter |grep -e "-j zone_lan_input" 2>/dev/null |awk '{for (i=1;i<=NF;i++) {if ($i ~ /-i/) {print $(i+1)}}}' 2>/dev/null) - if [ -z "$lan6_ints" ]; then - lan6_ints=$(ip route |grep 'default' |awk '{print $5}' |head -1 2>/dev/null) - if [ -z "$(echo "$(ls -l /sys/class/net/ 2>/dev/null |awk '{print $9}' 2>/dev/null)" |grep -E ^${lan6_ints}$)" ]; then - lan6_ints="" - fi - fi -fi -if [ -z "$lan_ints" ]; then - LOG_OUT "Tip: Can't Get IPv4 LAN Interfaces, Please Verify The Firewall's LAN Zone Name is lan..." -fi -if [ -z "$lan6_ints" ]; then - LOG_OUT "Tip: Can't Get IPv6 LAN Interfaces, Please Verify The Firewall's LAN Zone Name is lan..." -fi - if [ -n "$FW4" ]; then LOG_OUT "Tip: Firewall4 was Detected, Use NFTABLE Rules..." if [ "$china_ip_route" = "1" ] || [ "$disable_udp_quic" = "1" ]; then @@ -1584,14 +1545,7 @@ if [ -n "$FW4" ]; then #tcp nft 'add chain inet fw4 openclash' 2>/dev/null nft 'flush chain inet fw4 openclash' 2>/dev/null - if [ -n "$lan_ints" ]; then - nft add rule inet fw4 openclash iifname lo ip daddr @localnetwork counter return 2>/dev/null - for lan_int in $lan_ints; do - nft add rule inet fw4 openclash iifname "$lan_int" ip daddr @localnetwork counter return - done >/dev/null 2>&1 - else - nft add rule inet fw4 openclash ip daddr @localnetwork counter return 2>/dev/null - fi + nft add rule inet fw4 openclash ip daddr @localnetwork counter return 2>/dev/null if [ -z "$en_mode_tun" ] && [ "$en_mode" = "fake-ip" ]; then nft add rule inet fw4 openclash ip protocol tcp ip daddr { "$fakeip_range" } counter redirect to "$proxy_port" 2>/dev/null fi @@ -1631,14 +1585,7 @@ if [ -n "$FW4" ]; then nft 'add chain inet fw4 openclash_upnp' 2>/dev/null nft 'flush chain inet fw4 openclash_upnp' 2>/dev/null upnp_exclude - if [ -n "$lan_ints" ]; then - nft add rule inet fw4 openclash_mangle iifname lo ip daddr @localnetwork counter return 2>/dev/null - for lan_int in $lan_ints; do - nft add rule inet fw4 openclash_mangle iifname "$lan_int" ip daddr @localnetwork counter return - done >/dev/null 2>&1 - else - nft add rule inet fw4 openclash_mangle ip daddr @localnetwork counter return 2>/dev/null - fi + nft add rule inet fw4 openclash_mangle ip daddr @localnetwork counter return 2>/dev/null nft 'add rule inet fw4 openclash_mangle udp dport 53 counter return' 2>/dev/null if [ "$en_mode" = "fake-ip" ]; then nft add rule inet fw4 openclash_mangle meta l4proto { udp } ip daddr { "$fakeip_range" } mark set "$PROXY_FWMARK" tproxy ip to 127.0.0.1:"$tproxy_port" counter accept 2>/dev/null @@ -1776,14 +1723,7 @@ if [ -n "$FW4" ]; then #其他流量 nft 'add rule inet fw4 openclash_mangle meta l4proto {tcp,udp} iifname utun counter return' 2>/dev/null - if [ -n "$lan_ints" ]; then - nft add rule inet fw4 openclash_mangle iifname lo ip daddr @localnetwork counter return 2>/dev/null - for lan_int in $lan_ints; do - nft add rule inet fw4 openclash_mangle iifname "$lan_int" ip daddr @localnetwork counter return - done >/dev/null 2>&1 - else - nft add rule inet fw4 openclash_mangle ip daddr @localnetwork counter return 2>/dev/null - fi + nft add rule inet fw4 openclash_mangle ip daddr @localnetwork counter return 2>/dev/null nft 'add rule inet fw4 openclash_mangle ip saddr @localnetwork meta l4proto {tcp,udp} th sport @lan_ac_black_ports counter return' 2>/dev/null nft 'add rule inet fw4 openclash_mangle ip daddr @wan_ac_black_ips counter return' 2>/dev/null nft 'add rule inet fw4 openclash_mangle ip saddr @lan_ac_black_ips counter return' 2>/dev/null @@ -1985,14 +1925,7 @@ if [ -n "$FW4" ]; then #tcp nft 'add chain inet fw4 openclash_v6' 2>/dev/null nft 'flush chain inet fw4 openclash_v6' 2>/dev/null - if [ -n "$lan6_ints" ]; then - nft add rule inet fw4 openclash_v6 iifname lo ip6 daddr @localnetwork6 counter return 2>/dev/null - for lan6_int in $lan6_ints; do - nft add rule inet fw4 openclash_v6 iifname "$lan6_int" ip6 daddr @localnetwork6 counter return - done >/dev/null 2>&1 - else - nft add rule inet fw4 openclash_v6 ip6 daddr @localnetwork6 counter return 2>/dev/null - fi + nft add rule inet fw4 openclash_v6 ip6 daddr @localnetwork6 counter return 2>/dev/null nft 'add rule inet fw4 openclash_v6 ip6 saddr @localnetwork6 meta nfproto {ipv6} sport @lan_ac_black_ports counter return' 2>/dev/null nft 'add rule inet fw4 openclash_v6 ip6 daddr @wan_ac_black_ipv6s counter return' 2>/dev/null nft 'add rule inet fw4 openclash_v6 ip6 saddr @lan_ac_black_ipv6s counter return' 2>/dev/null @@ -2048,14 +1981,7 @@ if [ -n "$FW4" ]; then if [ "$enable_v6_udp_proxy" -eq 1 ] || [ "$ipv6_mode" -eq 0 ] || [ "$ipv6_mode" -eq 2 ]; then nft 'add chain inet fw4 openclash_mangle_v6' 2>/dev/null nft 'flush chain inet fw4 openclash_mangle_v6' 2>/dev/null - if [ -n "$lan6_ints" ]; then - nft add rule inet fw4 openclash_mangle_v6 iifname lo ip6 daddr @localnetwork6 counter return 2>/dev/null - for lan6_int in $lan6_ints; do - nft add rule inet fw4 openclash_mangle_v6 iifname "$lan6_int" ip6 daddr @localnetwork6 counter return - done >/dev/null 2>&1 - else - nft add rule inet fw4 openclash_mangle_v6 ip6 daddr @localnetwork6 counter return 2>/dev/null - fi + nft add rule inet fw4 openclash_mangle_v6 ip6 daddr @localnetwork6 counter return 2>/dev/null nft 'add rule inet fw4 openclash_mangle_v6 meta nfproto {ipv6} udp dport 53 counter return' 2>/dev/null nft 'add rule inet fw4 openclash_mangle_v6 ip6 saddr @localnetwork6 meta nfproto {ipv6} sport @lan_ac_black_ports counter return' 2>/dev/null nft 'add rule inet fw4 openclash_mangle_v6 ip6 daddr @wan_ac_black_ipv6s counter return' 2>/dev/null @@ -2390,14 +2316,7 @@ else #tcp iptables -t nat -N openclash iptables -t nat -F openclash - if [ -n "$lan_ints" ]; then - iptables -t nat -A openclash -i lo -m set --match-set localnetwork dst -j RETURN - for lan_int in $lan_ints; do - iptables -t nat -A openclash -i "$lan_int" -m set --match-set localnetwork dst -j RETURN - done - else - iptables -t nat -A openclash -m set --match-set localnetwork dst -j RETURN - fi + iptables -t nat -A openclash -m set --match-set localnetwork dst -j RETURN if [ -z "$en_mode_tun" ] && [ "$en_mode" = "fake-ip" ]; then iptables -t nat -A openclash -p tcp -d "$fakeip_range" -j REDIRECT --to-ports "$proxy_port" fi @@ -2438,14 +2357,7 @@ else iptables -t mangle -N openclash_upnp iptables -t mangle -F openclash_upnp upnp_exclude - if [ -n "$lan_ints" ]; then - iptables -t mangle -A openclash -i lo -m set --match-set localnetwork dst -j RETURN - for lan_int in $lan_ints; do - iptables -t mangle -A openclash -i "$lan_int" -m set --match-set localnetwork dst -j RETURN - done >/dev/null 2>&1 - else - iptables -t mangle -A openclash -m set --match-set localnetwork dst -j RETURN - fi + iptables -t mangle -A openclash -m set --match-set localnetwork dst -j RETURN iptables -t mangle -A openclash -p udp --dport 53 -j RETURN >/dev/null 2>&1 if [ "$en_mode" = "fake-ip" ]; then iptables -t mangle -A openclash -p udp -d "$fakeip_range" -j TPROXY --on-port "$tproxy_port" --tproxy-mark "$PROXY_FWMARK" @@ -2583,14 +2495,7 @@ else upnp_exclude #其他流量 iptables -t mangle -A openclash -i utun -j RETURN >/dev/null 2>&1 - if [ -n "$lan_ints" ]; then - iptables -t mangle -A openclash -i lo -m set --match-set localnetwork dst -j RETURN - for lan_int in $lan_ints; do - iptables -t mangle -A openclash -i "$lan_int" -m set --match-set localnetwork dst -j RETURN - done >/dev/null 2>&1 - else - iptables -t mangle -A openclash -m set --match-set localnetwork dst -j RETURN - fi + iptables -t mangle -A openclash -m set --match-set localnetwork dst -j RETURN iptables -t mangle -A openclash -m set --match-set localnetwork src -m set --match-set lan_ac_black_ports src -j RETURN >/dev/null 2>&1 iptables -t mangle -A openclash -m set --match-set wan_ac_black_ips dst -j RETURN >/dev/null 2>&1 iptables -t mangle -A openclash -m set --match-set lan_ac_black_ips src -j RETURN >/dev/null 2>&1 @@ -2787,14 +2692,7 @@ else #tcp ip6tables -t nat -N openclash ip6tables -t nat -F openclash - if [ -n "$lan6_ints" ]; then - ip6tables -t nat -A openclash -i lo -m set --match-set localnetwork6 dst -j RETURN - for lan6_int in $lan6_ints; do - ip6tables -t nat -A openclash -i "$lan6_int" -m set --match-set localnetwork6 dst -j RETURN - done - else - ip6tables -t nat -A openclash -m set --match-set localnetwork6 dst -j RETURN - fi + ip6tables -t nat -A openclash -m set --match-set localnetwork6 dst -j RETURN ip6tables -t nat -A openclash -m set --match-set localnetwork6 src -m set --match-set lan_ac_black_ports src -j RETURN >/dev/null 2>&1 ip6tables -t nat -A openclash -m set --match-set wan_ac_black_ipv6s dst -j RETURN >/dev/null 2>&1 ip6tables -t nat -A openclash -m set --match-set lan_ac_black_ipv6s src -j RETURN >/dev/null 2>&1 @@ -2844,14 +2742,7 @@ else if [ "$enable_v6_udp_proxy" -eq 1 ] || [ "$ipv6_mode" -eq 0 ] || [ "$ipv6_mode" -eq 2 ]; then ip6tables -t mangle -N openclash ip6tables -t mangle -F openclash - if [ -n "$lan6_ints" ]; then - ip6tables -t mangle -A openclash -i lo -m set --match-set localnetwork6 dst -j RETURN - for lan6_int in $lan6_ints; do - ip6tables -t mangle -A openclash -i "$lan6_int" -m set --match-set localnetwork6 dst -j RETURN - done >/dev/null 2>&1 - else - ip6tables -t mangle -A openclash -m set --match-set localnetwork6 dst -j RETURN - fi + ip6tables -t mangle -A openclash -m set --match-set localnetwork6 dst -j RETURN ip6tables -t mangle -A openclash -p udp --dport 53 -j RETURN >/dev/null 2>&1 ip6tables -t mangle -A openclash -m set --match-set localnetwork6 src -m set --match-set lan_ac_black_ports src -j RETURN >/dev/null 2>&1 ip6tables -t mangle -A openclash -m set --match-set wan_ac_black_ipv6s dst -j RETURN >/dev/null 2>&1 diff --git a/luci-app-ssr-plus/root/etc/init.d/shadowsocksr b/luci-app-ssr-plus/root/etc/init.d/shadowsocksr index 4afdb807e..b836c109c 100755 --- a/luci-app-ssr-plus/root/etc/init.d/shadowsocksr +++ b/luci-app-ssr-plus/root/etc/init.d/shadowsocksr @@ -226,8 +226,7 @@ gen_service_file() { if [ $1 == "ssr" ]; then cat <<-EOF >$3 { - "server": "0.0.0.0", - "server_ipv6": "::", + "server": ["[::0]", "0.0.0.0"], "server_port": $(uci_get_by_name $2 server_port), "mode": "tcp_and_udp", "password": "$(uci_get_by_name $2 password)", @@ -243,8 +242,7 @@ gen_service_file() { else cat <<-EOF >$3 { - "server": "0.0.0.0", - "server_ipv6": "::", + "server": ["[::0]", "0.0.0.0"], "server_port": $(uci_get_by_name $2 server_port), "mode": "tcp_and_udp", "password": "$(uci_get_by_name $2 password)",