OpenWrt/kenzok8-package
1
0
Fork 0
mirror of https://github.com/kenzok8/small-package synced 2025-01-07 07:06:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

update-02.20

Browse Source
This commit is contained in:
github-actions[bot] 2022-02-20 09:13:03 +08:00
parent c897bafedc
commit c3b82c23be
24 changed files with 550 additions and 413 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cups/files/etc/cups/cupsd.conf
View File

@ -46,7 +46,7 @@ ServerAlias *
<Location />
Order Allow,Deny
Allow From 127.0.0.1
Allow From 192.168.1.0/24
#Allow From 192.168.1.0/24
Allow all
</Location>
@ -55,6 +55,6 @@ AuthType Basic
AuthClass System
Order Allow,Deny
Allow From 127.0.0.1
Allow From 192.168.1.0/24
#Allow From 192.168.1.0/24
Allow all
</Location>

41
luci-app-mosdns/root/etc/mosdns/serverlist.txt
View File

@ -794,6 +794,7 @@
5faad595f4.com
5fst22.cn
5glyqw.com
5ibanma.com
5ijo.01net.com
5ijs.vip
5imoney.com
@ -4591,6 +4592,7 @@ beaubitternessapplication.com
beautylamp.cn
beavertron.com
bebadu.com
bebaytowns.com
bebelait.com
bebi.com
bebreloomr.com
@ -4608,6 +4610,7 @@ bedsbreath.com
bedsideseller.com
bedsitetrypa.com
bedspursueclueless.com
bedumbserugate.com
beeaimaid.com
beefymartpronunciation.com
beegmove.com
@ -5784,6 +5787,7 @@ cdgfa.ifeng.com
cdgxq.com
cdhhbyy.cn
cdiah.com
cdikrxknopf.com
cdjkngs.cn
cdlinli.com
cdlkzb.com
@ -5954,6 +5958,7 @@ changedcombustible.com
changement.pro
changhehengqi.com
chango.com
chanmao.online
channelintelligence.com
chaoge.club
chaogej.com
@ -6449,6 +6454,7 @@ cntrafficpro.com
cnxad.net
cnxdztpgjyc.com
cnxmyb.cn
cnxscqqgjf.top
cnxunkewang.info
cny.yoyo.org
cnyibs.com
@ -8030,6 +8036,7 @@ disapprovalhardwareenvy.com
disarrayanticipatedversion.com
disavowmigration.com
disbandcrumena.com
dischargedecent.com
discordclosure.com
discountclick.com
discountryvc.club
@ -8163,6 +8170,7 @@ dlski.space
dltenjy.cn
dltinaozs.com
dlvds9i67c60j.cloudfront.net
dlvjmr.cn
dlxgm.cn
dlxrlc2ni2.com
dlyukun.cn
@ -9042,6 +9050,7 @@ engagesrvr.filefactory.com
engageya.com
engine.eroge.com
engine.espace.netavenir.com
engine.fxempire.com
engine.laweekly.com
enginedriverflexible.com
enginedriverhaw.com
@ -9869,6 +9878,7 @@ flashclicks.com
flashinginvolvementmatches.com
flashtalking.com
flashymass.com
flasknstall.click
flaskstationsubsequent.com
flatcapspriggy.cam
flatepicbats.com
@ -11847,6 +11857,7 @@ holdierpriv.club
holdspreoccupation.com
holidayhappy.online
hollowafterthought.com
holydelicatessen.com
holyyjs.xyz
homchang.site
home-prize-winner-ma2d.live
@ -11876,6 +11887,7 @@ hongtefm.com
hongwenge.com
hongyangbg.com
honhon.top
honoka.design
honorablehall.com
honorableland.com
honorablesimilar.com
@ -12140,6 +12152,7 @@ hw6.com
hwanjia.com
hxadt.com
hxbt.alading123.com
hxbylm.vip
hxclove.club
hxf1688.xyz
hxfree.vip
@ -13235,6 +13248,7 @@ jltzknvw.com
jlvqhftliz.com
jlwljym.com
jlxzt.com
jlyayxz.cn
jlys.fun
jm166.cn
jmdardu.cn
@ -13257,6 +13271,7 @@ jnffgawh.com
jngapkf.cn
jnhofgrcmsqw.xyz
jnjcxx.com
jnkangnuo.com
jnkqds.cn
jnmqym4.cn
jnrtavp2x66u.com
@ -13973,6 +13988,7 @@ kronosspell.com
krouekal.com
krxd.net
ks67.com
ksaggspp.xyz
ksdqhiaythajdv.com
ksdr.xyz
ksharu.com
@ -14481,6 +14497,7 @@ linghangshouji.com
linglingccc.xyz
lingqinga.cn
lingquan.vip
lingquanba.wang
lingzhushijie.cn
linicom.co.il
linicom.co.uk
@ -14890,6 +14907,7 @@ lw88.site
lwgadm.com
lwlscy.com
lx2rv.com
lx52168.online
lxanimation.cn
lxgmgalmrxqlj.xyz
lxhjaq.cn
@ -16092,6 +16110,7 @@ myfastcdn.com
myfengyi.xyz
myfineartde.biz
mygoodlives.com
mygqhvz.cn
mykhtesikvuz.com
mykiger.com
mykpkyvtuqmonij.com
@ -16708,6 +16727,7 @@ nrgat.com
nrnma.com
nrnwubdanwl.com
nryceuula.com
ns-zhy.com
ns003.com
ns1.chinayms.com
ns1p.net
@ -18083,6 +18103,8 @@ pjtymy.cn
pjx1ky4xhwip.com
pk965.com
pkbook.com.cn
pkfyelxxpbisf.com
pkfyelxxpbisf.top
pkgebysm.com
pkhhyool.com
pkk1.zuimeiniwo.com
@ -18477,6 +18499,7 @@ prevotch.com
prfctmney.com
prfqcdfws.com
prfuxl.xyz
prgznhukaoggg.com
prheoxpdoqmjou.com
priceplaneadulthood.com
pricestern.top
@ -19211,6 +19234,7 @@ qscwdv.top
qservz.com
qshxc.com
qslychhjeo.com
qsnyswg.cn
qtbb6.com
qtmojo.cn
qtrwwov.cn
@ -19338,6 +19362,7 @@ qzkxt.com
qzlglizfy.com
qzmixun.com
qzqyw.cn
qzvlbjatsgzgn.com
qzxmtyy.com
qzy123.ink
qzyfpfyy.com
@ -19458,6 +19483,7 @@ rauwoafe.com
ravalads.com
ravaquinal.com
rawasy.com
rawjeansadvertising.com
rawoarsy.com
rayjump.com
razdvabm.com
@ -19743,6 +19769,7 @@ republika.onet.pl
requentlyfths.club
requested.cn
requestvirginity.com
requial.com
requiresdetached.com
rereddit.com
rereegny.net
@ -19837,6 +19864,7 @@ reversionconceivedremarks.com
revfusion.net
reviabiliseriez.site
revimedia.com
revincenizam.com
revive.docmatic.org
revive.dubcnm.com
revive.haskovo.net
@ -20751,10 +20779,12 @@ sfhyojoctcry.com
sfixretarum.com
sfjviolrukaysn.xyz
sflywdvzyh.com
sflywfcanq.com
sfoimvwyyf.com
sftapi.com
sfxl.com.cn
sfz023.com
sfzover.com
sg01.top
sg2rgnza7k9t.com
sgaga.xyz
@ -21467,6 +21497,7 @@ spitzerpfunde.com
spjxwlkj.com
spkcmgydiuin.com
spkoevngk.com
splakesmutty.com
splashfloating.com
splashforgodm.com
splashsjewels.com
@ -21907,6 +21938,7 @@ sudahj.com
suddensidewalk.com
suecubrearrange.com
sueencumberpiggy.com
sufferingslippery.com
sufficient.cn
suffocatepremise.com
sugarcurtain.com
@ -22073,6 +22105,7 @@ sxmutan.com
sxmyyx.com
sxouyada.cn
sxrgd.com
sxrs.shop
sxsui.cn
sxswjkgs.com
sxtcdjy.com
@ -22406,6 +22439,7 @@ teracreative.com
terats.com
teresacd.cn
termadodad.com
termitekalinga.com
terningpail.com
terra8nb.com
terraclicks.com
@ -22600,6 +22634,7 @@ throattrees.com
throbbingmill.com
throposehodger.pro
throtle.io
throughlavish.com
thruport.com
thrustdeadconsiderably.com
thrustlumpypulse.com
@ -22679,6 +22714,7 @@ tingeffukec.one
tingfengyu.top
tinglian.com
tingthenee.biz
tingyusw.xyz
tinkerta.com
tinkerwidth.com
tinkshop.cn
@ -23445,6 +23481,7 @@ uaxyutpxh.xyz
ub1.job592.com
ubalh.com
uballcc.com
ubgkvsjnbjtk.com
ubilox.com
ubjectsandie.biz
ubmcvideo.baidustatic.com
@ -24515,6 +24552,7 @@ waust.at
wauthaik.net
wauthaum.com
wautoosa.net
wavail.com
waveclks.com
wavysumatone.cam
waxpigbaa.com
@ -25452,6 +25490,7 @@ xingnu.site
xingpingmaoyi.cn
xingsky.cn
xingtu.ltd
xingxingdd.com
xingxingdm.com
xingyou46.icu
xingzhu.top
@ -25603,6 +25642,7 @@ xrfabakydcwngov.xyz
xroynaxvqvouy.com
xs.houyi.baofeng.net
xsdizch.cn
xsdlt.top
xsgkjsb.cn
xsjyun.cn
xsrs.com
@ -26302,6 +26342,7 @@ yzftqx.cn
yzh360.com
yzjihang.cn
yzjlsb.com
yzjy.pro
yzlwuuzzehjh.com
yzt001.com
yzus09by.com

3
luci-app-mosdns/root/etc/mosdns/whitelist.txt
View File

@ -1 +1,2 @@
example.example
example.example
stat.xiaomi.com

22
luci-app-passwall/Makefile
View File

@ -6,15 +6,16 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-passwall
PKG_VERSION:=4.49
PKG_VERSION:=4.50
PKG_RELEASE:=1
#20220207
#20220219
PKG_CONFIG_DEPENDS:= \
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Brook \
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_ChinaDNS_NG \
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Haproxy \
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Hysteria \
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_IPv6_Nat \
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Kcptun \
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_NaiveProxy \
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_PDNSD \
@ -30,8 +31,7 @@ PKG_CONFIG_DEPENDS:= \
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_V2ray \
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_V2ray_Plugin \
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Xray \
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Xray_Plugin \
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_IPv6_Nat
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Xray_Plugin
LUCI_TITLE:=LuCI support for PassWall
LUCI_PKGARCH:=all
@ -43,6 +43,7 @@ LUCI_DEPENDS:=+coreutils +coreutils-base64 +coreutils-nohup +curl \
+PACKAGE_$(PKG_NAME)_INCLUDE_ChinaDNS_NG:chinadns-ng \
+PACKAGE_$(PKG_NAME)_INCLUDE_Haproxy:haproxy \
+PACKAGE_$(PKG_NAME)_INCLUDE_Hysteria:hysteria \
+PACKAGE_$(PKG_NAME)_INCLUDE_IPv6_Nat:ip6tables-mod-nat \
+PACKAGE_$(PKG_NAME)_INCLUDE_Kcptun:kcptun-client \
+PACKAGE_$(PKG_NAME)_INCLUDE_NaiveProxy:naiveproxy \
+PACKAGE_$(PKG_NAME)_INCLUDE_PDNSD:pdnsd-alt \
@ -59,8 +60,7 @@ LUCI_DEPENDS:=+coreutils +coreutils-base64 +coreutils-nohup +curl \
+PACKAGE_$(PKG_NAME)_INCLUDE_V2ray:v2ray-core \
+PACKAGE_$(PKG_NAME)_INCLUDE_V2ray_Plugin:v2ray-plugin \
+PACKAGE_$(PKG_NAME)_INCLUDE_Xray:xray-core \
+PACKAGE_$(PKG_NAME)_INCLUDE_Xray_Plugin:xray-plugin \
+PACKAGE_$(PKG_NAME)_INCLUDE_IPv6_Nat:ip6tables-mod-nat
+PACKAGE_$(PKG_NAME)_INCLUDE_Xray_Plugin:xray-plugin
define Package/$(PKG_NAME)/config
menu "Configuration"
@ -81,6 +81,11 @@ config PACKAGE_$(PKG_NAME)_INCLUDE_Hysteria
bool "Include Hysteria"
default n
config PACKAGE_$(PKG_NAME)_INCLUDE_IPv6_Nat
depends on PACKAGE_ip6tables
bool "Include IPv6 Nat"
default n
config PACKAGE_$(PKG_NAME)_INCLUDE_Kcptun
bool "Include Kcptun"
default n
@ -143,11 +148,6 @@ config PACKAGE_$(PKG_NAME)_INCLUDE_Xray_Plugin
bool "Include Xray-Plugin (Shadowsocks Plugin)"
default n
config PACKAGE_$(PKG_NAME)_INCLUDE_IPv6_Nat
depends on PACKAGE_ip6tables
bool "Include IPv6 Nat"
default n
endmenu
endef

3
luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray.lua
View File

@ -6,6 +6,7 @@ local node_section = var["-node"]
local proto = var["-proto"]
local proxy_way = var["-proxy_way"]
local redir_port = var["-redir_port"]
local sniffing = var["-sniffing"]
local route_only = var["-route_only"]
local local_socks_address = var["-local_socks_address"] or "0.0.0.0"
local local_socks_port = var["-local_socks_port"]
@ -280,7 +281,7 @@ if node_section then
protocol = "dokodemo-door",
settings = {network = proto, followRedirect = true},
streamSettings = {sockopt = {tproxy = proxy_way}},
sniffing = {enabled = true, destOverride = {"http", "tls", (dns_fakedns) and "fakedns"}, metadataOnly = false, routeOnly = route_only and true or nil}
sniffing = {enabled = sniffing and true or false, destOverride = {"http", "tls", (dns_fakedns) and "fakedns"}, metadataOnly = false, routeOnly = route_only and true or nil}
})
end

21
luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
View File

@ -179,6 +179,19 @@ o:value("disable", translate("No patterns are used"))
o:value("default", translate("Default"))
o:value("1:65535", translate("All"))
---- TCP Proxy Drop Ports
o = s:option(Value, "tcp_proxy_drop_ports", translate("TCP Proxy Drop Ports"))
o.default = "default"
o:value("disable", translate("No patterns are used"))
o:value("default", translate("Default"))
---- UDP Proxy Drop Ports
o = s:option(Value, "udp_proxy_drop_ports", translate("UDP Proxy Drop Ports"))
o.default = "default"
o:value("disable", translate("No patterns are used"))
o:value("default", translate("Default"))
o:value("80,443", translate("QUIC"))
---- TCP Redir Ports
o = s:option(Value, "tcp_redir_ports", translate("TCP Redir Ports"))
o.default = "default"
@ -280,12 +293,4 @@ o = s:option(Value, "dns_client_ip", translate("EDNS Client Subnet"))
o.datatype = "ipaddr"
o:depends("v2ray_dns_mode", "doh")
o = s:option(ListValue, "dns_query_strategy", translate("Query Strategy"))
o.default = "UseIPv4"
o:value("UseIPv4")
o:value("UseIPv6")
o:value("UseIP")
o:depends("dns_mode", "v2ray")
o:depends("dns_mode", "xray")
return m

13
luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
View File

@ -187,9 +187,6 @@ if api.is_finded("smartdns") then
group_domestic.description = translate("You only need to configure domestic DNS packets in SmartDNS and set it redirect or as Dnsmasq upstream, and fill in the domestic DNS group name here.")
end
o = s:taboption("DNS", Flag, "filter_proxy_ipv6", translate("Filter Proxy Host IPv6"), translate("Experimental feature."))
o.default = "0"
---- DNS Forward Mode
dns_mode = s:taboption("DNS", ListValue, "dns_mode", translate("Filter Mode"))
dns_mode.rmempty = false
@ -279,16 +276,6 @@ o.datatype = "ipaddr"
o:depends("v2ray_dns_mode", "tcp")
o:depends("v2ray_dns_mode", "doh")
o = s:taboption("DNS", ListValue, "dns_query_strategy", translate("Query Strategy"))
o.default = "UseIPv4"
o:value("UseIPv4")
o:value("UseIPv6")
o:value("UseIP")
o:depends({dns_mode = "v2ray", v2ray_dns_mode = "tcp"})
o:depends({dns_mode = "v2ray", v2ray_dns_mode = "doh"})
o:depends({dns_mode = "xray", v2ray_dns_mode = "tcp"})
o:depends({dns_mode = "xray", v2ray_dns_mode = "doh"})
o = s:taboption("DNS", Flag, "dns_cache", translate("Cache Resolved"))
o.default = "1"
o:depends({dns_mode = "dns2socks"})

18
luci-app-passwall/luasrc/model/cbi/passwall/client/other.lua
View File

@ -68,6 +68,17 @@ o.default = "disable"
o:value("disable", translate("No patterns are used"))
o:value("1:65535", translate("All"))
---- TCP Proxy Drop Ports
o = s:option(Value, "tcp_proxy_drop_ports", translate("TCP Proxy Drop Ports"))
o.default = "disable"
o:value("disable", translate("No patterns are used"))
---- UDP Proxy Drop Ports
o = s:option(Value, "udp_proxy_drop_ports", translate("UDP Proxy Drop Ports"))
o.default = "80,443"
o:value("disable", translate("No patterns are used"))
o:value("80,443", translate("QUIC"))
---- TCP Redir Ports
o = s:option(Value, "tcp_redir_ports", translate("TCP Redir Ports"))
o.default = "22,25,53,143,465,587,853,993,995,80,443"
@ -114,8 +125,13 @@ o = s:option(Flag, "accept_icmpv6", translate("Hijacking ICMPv6 (IPv6 PING)"))
o:depends("ipv6_tproxy", true)
o.default = 0
o = s:option(Flag, "route_only", translate("Sniffing Route Only (V2Ray/Xray)"))
o = s:option(Flag, "sniffing", translate("Sniffing (V2Ray/Xray)"), translate("When using the V2ray/Xray shunt, must be enabled, otherwise the shunt will invalid."))
o.default = 1
o.rmempty = false
o = s:option(Flag, "route_only", translate("Sniffing Route Only (Xray)"), translate("When enabled, the server not will resolve the domain name again."))
o.default = "1"
o:depends("sniffing", true)
--[[
---- TCP Redir Port

8
luci-app-passwall/luasrc/view/passwall/node_list/link_add_node.htm
View File

@ -48,11 +48,13 @@ local api = require "luci.model.cbi.passwall.api.api"
function add_node() {
var nodes_link = document.getElementById("nodes_link").value;
if (nodes_link.trim() != "") {
if (nodes_link.indexOf("ss://") == 0 || nodes_link.indexOf("ssr://") == 0 || nodes_link.indexOf("vmess://") == 0 || nodes_link.indexOf("vless://") == 0 || nodes_link.indexOf("trojan://") == 0 || nodes_link.indexOf("trojan-go://") == 0) {
var supports = "ss ssr vmess vless trojan trojan-go hysteria";
var itype = nodes_link.split('://')[0];
if (itype.trim() != "" && supports.indexOf(itype) > 0) {
ajax_add_node(nodes_link);
}
else {
alert("<%:Please enter the correct link, ss:// ssr:// vmess:// vless:// trojan://%>");
alert("<%:Please enter the correct link.%>");
}
}
else {
@ -79,7 +81,7 @@ local api = require "luci.model.cbi.passwall.api.api"
<div id="add_link_div">
<div class="cbi-value">
<label class="cbi-value-title"><%:SS/SSR/Vmess/VLESS/Trojan Link%></label>
<label class="cbi-value-title"><%:SS/SSR/Vmess/VLESS/Trojan/Hysteria Link%></label>
<div class="cbi-value-field">
<textarea id="nodes_link" rows="5" cols="50"></textarea>
</div>

61
luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm
View File

@ -104,14 +104,17 @@ local has_xray = api.is_finded("xray")
}
return ret;
},
query: function(param, src, tval = "1", fval = "0") {
query: function(param, src, default_value, tval = "1", fval = "0") {
var ret = "&" + param + "=";
var obj = this.get(src);
if (obj) {
if (obj.type === "checkbox") {
return ret + (obj.checked === true ? tval : fval);
} else {
return ret + encodeURIComponent(obj.value);
var result = encodeURIComponent(obj.value);
if ((result == null || result.trim() == "") && default_value)
result = default_value;
return ret + result;
}
}
return ""
@ -352,6 +355,23 @@ local has_xray = api.is_finded("xray")
}
url += url_protocol;
url += params;
} else if (v_type === "Hysteria") {
var v_server = opt.get("address");
var v_port = opt.get("port");
var params = "";
params += opt.query("protocol", "hysteria_protocol");
params += opt.query("auth", "hysteria_auth_password");
params += opt.query("peer", "tls_serverName");
params += opt.query("insecure", "tls_allowInsecure");
params += opt.query("upmbps", "hysteria_up_mbps", 1000);
params += opt.query("downmbps", "hysteria_down_mbps", 1000);
params += opt.query("alpn", "hysteria_alpn");
params += opt.query("obfsParam", "hysteria_obfs");
var url =
v_server.value + ":" +
v_port.value + "?" +
params +
"#" + encodeURI(v_alias.value);
}
if (url) {
url = v_type.toLowerCase() + "://" + url;
@ -456,7 +476,6 @@ local has_xray = api.is_finded("xray")
} else {
var url0 = sstr;
}
console.log(param);
var ssm = url0.match(/^(.+):([^:]+):([^:]*):([^:]+):([^:]*):([^:]+)/);
if (!ssm || ssm.length < 7) {
s.innerHTML = "<font color='red'><%:Invalid Share URL Format%></font>";
@ -543,7 +562,6 @@ local has_xray = api.is_finded("xray")
} else if (ssu[0] === "trojan" || ssu[0] === "trojan-plus") {
var stype = "Trojan-Plus";
var m = parseNodeUrl(ssrurl);
console.log(m.search);
var password = m.passwd;
if (password === "") {
s.innerHTML = "<font color='red'><%:Invalid Share URL Format%></font>";
@ -614,7 +632,6 @@ local has_xray = api.is_finded("xray")
}
} else if (ssu[0] === "trojan-go") {
var m = parseNodeUrl(ssrurl);
console.log(m.search);
var password = m.passwd;
if (password === "") {
s.innerHTML = "<font color='red'><%:Invalid Share URL Format%></font>";
@ -705,7 +722,6 @@ local has_xray = api.is_finded("xray")
param = sstr.substr(ploc + 2);
}
var ssm = JSON.parse(sstr);
console.log(ssm);
opt.set('remarks', ssm.ps);
opt.set('address', ssm.add);
opt.set('port', ssm.port);
@ -750,7 +766,6 @@ local has_xray = api.is_finded("xray")
<% end %>
opt.set('protocol', "vless");
var m = parseNodeUrl(ssrurl);
console.log(m.search);
var password = m.passwd;
if (password === "") {
s.innerHTML = "<font color='red'><%:Invalid Share URL Format%></font>";
@ -820,7 +835,6 @@ local has_xray = api.is_finded("xray")
} else if (ssu[0] === "brook") {
var stype = "Brook";
var m = parseNodeUrl(ssrurl);
console.log(m);
var from_protocol = m.host;
var protocol = from_protocol.split('server').join('client');
@ -869,6 +883,37 @@ local has_xray = api.is_finded("xray")
opt.set('port', server[1]);
}
if (m.hash) {
opt.set('remarks', decodeURI(m.hash.substr(1)));
}
} else if (ssu[0] === "hysteria") {
var stype = "Hysteria";
var m = parseNodeUrl(ssrurl);
var queryParam = {};
if (m.search.length > 1) {
var query = m.search.split('?');
var queryParams = query[1];
var queryArray = queryParams.split('&');
var params;
for (i = 0; i < queryArray.length; i++) {
params = queryArray[i].split('=');
queryParam[decodeURIComponent(params[0])] = decodeURIComponent(params[1] || '');
}
}
opt.set('address', m.hostname);
opt.set('port', m.port || "443");
opt.set('type', stype);
opt.set('hysteria_protocol', queryParam.protocol);
opt.set('hysteria_obfs', queryParam.obfsParam);
opt.set('hysteria_auth_type', "string");
opt.set('hysteria_auth_password', queryParam.auth);
opt.set('tls_serverName', queryParam.peer);
if (queryParam.insecure && queryParam.insecure == "1") {
opt.set('tls_allowInsecure', true);
}
opt.set('hysteria_alpn', queryParam.alpn);
opt.set('hysteria_up_mbps', queryParam.upmbps);
opt.set('hysteria_down_mbps', queryParam.downmbps);
if (m.hash) {
opt.set('remarks', decodeURI(m.hash.substr(1)));
}

36
luci-app-passwall/po/zh-cn/passwall.po
View File

@ -205,21 +205,12 @@ msgstr "用于 DNS 查询时通知 DNS 服务器,客户端所在的地理位
msgid "This feature requires the DNS server to support the Edns Client Subnet (RFC7871)."
msgstr "此功能需要 DNS 服务器支持 EDNS Client SubnetRFC7871。"
msgid "Query Strategy"
msgstr "查询策略"
msgid "When the accessed domain name does not exist in the rule list, the default DNS used."
msgstr "当访问的域名不存在规则列表中使用的默认DNS。"
msgid "The effect is better, but will increase the memory."
msgstr "效果更好,但会增加内存使用。"
msgid "Filter Proxy Host IPv6"
msgstr "过滤代理域名 IPv6"
msgid "Experimental feature."
msgstr "实验性功能。"
msgid "Clear IPSET"
msgstr "清空 IPSET"
@ -337,11 +328,11 @@ msgstr "添加节点"
msgid "Add the node via the link"
msgstr "通过链接添加节点"
msgid "SS/SSR/Vmess/VLESS/Trojan Link"
msgstr "SS/SSR/Vmess/VLESS/Trojan链接"
msgid "SS/SSR/Vmess/VLESS/Trojan/Hysteria Link"
msgstr "SS/SSR/Vmess/VLESS/Trojan/Hysteria 链接"
msgid "Please enter the correct link, ss:// ssr:// vmess:// vless:// trojan://"
msgstr "请输入正确的链接ss:// ssr:// vmess:// vless:// trojan://"
msgid "Please enter the correct link."
msgstr "请输入正确的链接"
msgid "Clear all nodes"
msgstr "清空所有节点"
@ -622,6 +613,12 @@ msgstr "UDP不转发端口"
msgid "Fill in the ports you don't want to be forwarded by the agent, with the highest priority."
msgstr "填写你不希望被代理转发的端口,优先级最高。"
msgid "TCP Proxy Drop Ports"
msgstr "TCP转发屏蔽端口"
msgid "UDP Proxy Drop Ports"
msgstr "UDP转发屏蔽端口"
msgid "TCP Redir Ports"
msgstr "TCP转发端口"
@ -658,8 +655,17 @@ msgstr "劫持ICMP (PING)"
msgid "Hijacking ICMPv6 (IPv6 PING)"
msgstr "劫持ICMPv6 (IPv6 PING)"
msgid "Sniffing Route Only (V2Ray/Xray)"
msgstr "流量嗅探只供路由使用 (V2Ray/Xray)"
msgid "Sniffing (V2Ray/Xray)"
msgstr "流量嗅探 (V2ray/Xray)"
msgid "When using the V2ray/Xray shunt, must be enabled, otherwise the shunt will invalid."
msgstr "使用 V2Ray/Xray 分流时,必须启用,否则分流将无效。"
msgid "Sniffing Route Only (Xray)"
msgstr "流量嗅探只供路由使用 (Xray)"
msgid "When enabled, the server not will resolve the domain name again."
msgstr "启用后,服务器不会再次解析域名。"
msgid "TCP Proxy Way"
msgstr "TCP代理方式"

6
luci-app-passwall/root/usr/share/passwall/0_default_config
View File

@ -6,7 +6,6 @@ config global
option udp_node 'nil'
option dns_mode 'pdnsd'
option dns_forward '1.1.1.1'
option filter_proxy_ipv6 '0'
option tcp_proxy_mode 'chnroute'
option udp_proxy_mode 'chnroute'
option localhost_tcp_proxy_mode 'default'
@ -27,12 +26,15 @@ config global_delay
config global_forwarding
option process '0'
option tcp_no_redir_ports 'disable'
option udp_no_redir_ports '53,80,443'
option udp_no_redir_ports '53'
option tcp_proxy_drop_ports 'disable'
option udp_proxy_drop_ports '80,443'
option tcp_redir_ports '22,25,53,143,465,587,853,993,995,80,443'
option udp_redir_ports '1:65535'
option accept_icmp '0'
option tcp_proxy_way 'redirect'
option ipv6_tproxy '0'
option sniffing '1'
option route_only '1'
config global_other

27
luci-app-passwall/root/usr/share/passwall/app.sh
View File

@ -647,15 +647,18 @@ run_redir() {
UDP_NODE="nil"
}
_extra_param="${_extra_param} ${proto}"
local route_only=$(config_t_get global_forwarding route_only 1)
[ "${route_only}" = "1" ] && _extra_param="${_extra_param} -route_only 1"
local sniffing=$(config_t_get global_forwarding sniffing 1)
[ "${sniffing}" = "1" ] && {
_extra_param="${_extra_param} -sniffing 1"
local route_only=$(config_t_get global_forwarding route_only 1)
[ "${route_only}" = "1" ] && _extra_param="${_extra_param} -route_only 1"
}
[ "${DNS_MODE}" = "v2ray" -o "${DNS_MODE}" = "xray" ] && {
local v2ray_dns_mode=$(config_t_get global v2ray_dns_mode tcp)
[ "$(config_t_get global dns_by)" = "tcp" -o "${v2ray_dns_mode}" = "fakedns" ] && {
config_file=$(echo $config_file | sed "s/.json/_DNS.json/g")
resolve_dns=1
local dns_query_strategy=$(config_t_get global dns_query_strategy UseIPv4)
_extra_param="${_extra_param} -dns_query_strategy ${dns_query_strategy}"
_extra_param="${_extra_param} -dns_query_strategy ${DNS_QUERY_STRATEGY}"
local _dns_client_ip=$(config_t_get global dns_client_ip)
[ -n "${_dns_client_ip}" ] && _extra_param="${_extra_param} -dns_client_ip ${_dns_client_ip}"
[ "${DNS_CACHE}" == "0" ] && _extra_param="${_extra_param} -dns_cache 0"
@ -1060,8 +1063,7 @@ start_dns() {
xray)
[ "${resolve_dns}" == "0" ] && {
[ "${DNS_CACHE}" == "0" ] && local _extra_param="-dns_cache 0"
local dns_query_strategy=$(config_t_get global dns_query_strategy UseIPv4)
_extra_param="${_extra_param} -dns_query_strategy ${dns_query_strategy}"
_extra_param="${_extra_param} -dns_query_strategy ${DNS_QUERY_STRATEGY}"
local _dns_client_ip=$(config_t_get global dns_client_ip)
[ -n "${_dns_client_ip}" ] && _extra_param="${_extra_param} -dns_client_ip ${_dns_client_ip}"
local dns_by=$(config_t_get global dns_by "tcp")
@ -1127,7 +1129,7 @@ start_dns() {
smartdns)
local group_domestic=$(config_t_get global group_domestic)
CHINADNS_NG=0
source $APP_PATH/helper_smartdns.sh add DNS_MODE=$DNS_MODE SMARTDNS_CONF=/tmp/etc/smartdns/$CONFIG.conf REMOTE_FAKEDNS=$fakedns DEFAULT_DNS=$DEFAULT_DNS LOCAL_GROUP=$group_domestic TUN_DNS=$TUN_DNS TCP_NODE=$TCP_NODE PROXY_MODE=${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE} NO_PROXY_IPV6=${filter_proxy_ipv6}
source $APP_PATH/helper_smartdns.sh add DNS_MODE=$DNS_MODE SMARTDNS_CONF=/tmp/etc/smartdns/$CONFIG.conf REMOTE_FAKEDNS=$fakedns DEFAULT_DNS=$DEFAULT_DNS LOCAL_GROUP=$group_domestic TUN_DNS=$TUN_DNS TCP_NODE=$TCP_NODE PROXY_MODE=${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE} NO_PROXY_IPV6=${NO_PROXY_IPV6}
source $APP_PATH/helper_smartdns.sh restart
echolog " - 域名解析使用SmartDNS请确保配置正常。"
;;
@ -1162,7 +1164,7 @@ start_dns() {
[ "$DNS_SHUNT" = "dnsmasq" ] && {
source $APP_PATH/helper_dnsmasq.sh stretch
source $APP_PATH/helper_dnsmasq.sh add DNS_MODE=$DNS_MODE TMP_DNSMASQ_PATH=$TMP_DNSMASQ_PATH DNSMASQ_CONF_FILE=/tmp/dnsmasq.d/dnsmasq-passwall.conf REMOTE_FAKEDNS=$fakedns DEFAULT_DNS=$DEFAULT_DNS LOCAL_DNS=$LOCAL_DNS TUN_DNS=$TUN_DNS CHINADNS_DNS=$china_ng_listen TCP_NODE=$TCP_NODE PROXY_MODE=${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE} NO_PROXY_IPV6=${filter_proxy_ipv6}
source $APP_PATH/helper_dnsmasq.sh add DNS_MODE=$DNS_MODE TMP_DNSMASQ_PATH=$TMP_DNSMASQ_PATH DNSMASQ_CONF_FILE=/tmp/dnsmasq.d/dnsmasq-passwall.conf REMOTE_FAKEDNS=$fakedns DEFAULT_DNS=$DEFAULT_DNS LOCAL_DNS=$LOCAL_DNS TUN_DNS=$TUN_DNS CHINADNS_DNS=$china_ng_listen TCP_NODE=$TCP_NODE PROXY_MODE=${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE} NO_PROXY_IPV6=${NO_PROXY_IPV6}
}
}
@ -1451,6 +1453,8 @@ TCP_REDIR_PORTS=$(config_t_get global_forwarding tcp_redir_ports '80,443')
UDP_REDIR_PORTS=$(config_t_get global_forwarding udp_redir_ports '1:65535')
TCP_NO_REDIR_PORTS=$(config_t_get global_forwarding tcp_no_redir_ports 'disable')
UDP_NO_REDIR_PORTS=$(config_t_get global_forwarding udp_no_redir_ports 'disable')
TCP_PROXY_DROP_PORTS=$(config_t_get global_forwarding tcp_proxy_drop_ports 'disable')
UDP_PROXY_DROP_PORTS=$(config_t_get global_forwarding udp_proxy_drop_ports '80,443')
TCP_PROXY_MODE=$(config_t_get global tcp_proxy_mode chnroute)
UDP_PROXY_MODE=$(config_t_get global udp_proxy_mode chnroute)
LOCALHOST_TCP_PROXY_MODE=$(config_t_get global localhost_tcp_proxy_mode default)
@ -1467,7 +1471,6 @@ DNS_MODE=$(config_t_get global dns_mode pdnsd)
DNS_FORWARD=$(config_t_get global dns_forward 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')
DNS_CACHE=$(config_t_get global dns_cache 0)
CHINADNS_NG=$(config_t_get global chinadns_ng 0)
filter_proxy_ipv6=$(config_t_get global filter_proxy_ipv6 0)
dns_listen_port=${DNS_PORT}
DEFAULT_DNS=$(uci show dhcp | grep "@dnsmasq" | grep "\.server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' '\n' | grep -v "\/" | head -2 | sed ':label;N;s/\n/,/;b label')
@ -1475,6 +1478,12 @@ DEFAULT_DNS=$(uci show dhcp | grep "@dnsmasq" | grep "\.server=" | awk -F '=' '{
LOCAL_DNS="${DEFAULT_DNS:-119.29.29.29}"
PROXY_IPV6=$(config_t_get global_forwarding ipv6_tproxy 0)
NO_PROXY_IPV6=1
DNS_QUERY_STRATEGY="UseIPv4"
[ "$PROXY_IPV6" = "1" ] && {
NO_PROXY_IPV6=0
DNS_QUERY_STRATEGY="UseIP"
}
export V2RAY_LOCATION_ASSET=$(config_t_get global_rules v2ray_location_asset "/usr/share/v2ray/")
export XRAY_LOCATION_ASSET=$V2RAY_LOCATION_ASSET

93
luci-app-passwall/root/usr/share/passwall/iptables.sh
View File

@ -85,6 +85,20 @@ REDIRECT() {
echo $s
}
get_ipset_ipt() {
case "$1" in
gfwlist)
echo "$(dst $IPSET_GFW)"
;;
chnroute)
echo "$(dst $IPSET_CHN !)"
;;
returnhome)
echo "$(dst $IPSET_CHN)"
;;
esac
}
get_redirect_ipt() {
case "$1" in
disable)
@ -196,7 +210,7 @@ load_acl() {
dnsmasq_port=11400
echolog "访问控制:"
for item in $items; do
local enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_redir_ports udp_redir_ports tcp_node udp_node dns_mode dns_forward v2ray_dns_mode dns_doh dns_client_ip dns_query_strategy
local enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node dns_mode dns_forward v2ray_dns_mode dns_doh dns_client_ip
local _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark config_file
sid=$(uci -q show "${CONFIG}.${item}" | grep "=acl_rule" | awk -F '=' '{print $1}' | awk -F '.' '{print $2}')
eval $(uci -q show "${CONFIG}.${item}" | cut -d'.' -sf 3-)
@ -224,6 +238,8 @@ load_acl() {
udp_proxy_mode=${udp_proxy_mode:-default}
tcp_no_redir_ports=${tcp_no_redir_ports:-default}
udp_no_redir_ports=${udp_no_redir_ports:-default}
tcp_proxy_drop_ports=${tcp_proxy_drop_ports:-default}
udp_proxy_drop_ports=${udp_proxy_drop_ports:-default}
tcp_redir_ports=${tcp_redir_ports:-default}
udp_redir_ports=${udp_redir_ports:-default}
tcp_node=${tcp_node:-default}
@ -237,6 +253,8 @@ load_acl() {
[ "$udp_proxy_mode" = "default" ] && udp_proxy_mode=$UDP_PROXY_MODE
[ "$tcp_no_redir_ports" = "default" ] && tcp_no_redir_ports=$TCP_NO_REDIR_PORTS
[ "$udp_no_redir_ports" = "default" ] && udp_no_redir_ports=$UDP_NO_REDIR_PORTS
[ "$tcp_proxy_drop_ports" = "default" ] && tcp_proxy_drop_ports=$TCP_PROXY_DROP_PORTS
[ "$udp_proxy_drop_ports" = "default" ] && udp_proxy_drop_ports=$UDP_PROXY_DROP_PORTS
[ "$tcp_redir_ports" = "default" ] && tcp_redir_ports=$TCP_REDIR_PORTS
[ "$udp_redir_ports" = "default" ] && udp_redir_ports=$UDP_REDIR_PORTS
[ "$tcp_node" != "nil" ] && {
@ -255,7 +273,7 @@ load_acl() {
run_dns2socks flag=acl_${sid} socks_address=127.0.0.1 socks_port=$socks_port listen_address=0.0.0.0 listen_port=${_dns_port} dns=$dns_forward cache=1
elif [ "$dns_mode" = "v2ray" -o "$dns_mode" = "xray" ]; then
config_file=$TMP_ACL_PATH/${tcp_node}_SOCKS_${socks_port}_DNS.json
run_v2ray_dns_socks flag=acl_${sid} type=$dns_mode socks_address=127.0.0.1 socks_port=$socks_port listen_address=0.0.0.0 listen_port=${_dns_port} dns_proto=${v2ray_dns_mode} dns_tcp_server=${dns_forward} doh="${dns_forward}" dns_client_ip=${dns_client_ip} dns_query_strategy=${dns_query_strategy} config_file=$config_file
run_v2ray_dns_socks flag=acl_${sid} type=$dns_mode socks_address=127.0.0.1 socks_port=$socks_port listen_address=0.0.0.0 listen_port=${_dns_port} dns_proto=${v2ray_dns_mode} dns_tcp_server=${dns_forward} doh="${dns_forward}" dns_client_ip=${dns_client_ip} dns_query_strategy=${DNS_QUERY_STRATEGY} config_file=$config_file
fi
eval node_${tcp_node}_$(echo -n "${dns_forward}" | md5sum | cut -d " " -f1)=${_dns_port}
}
@ -268,7 +286,7 @@ load_acl() {
d_server=127.0.0.1
[ "$tcp_proxy_mode" = "global" ] && d_server=${d_server}#${_dns_port}
echo "server=${d_server}" >> $TMP_ACL_PATH/$sid/dnsmasq.conf
source $APP_PATH/helper_${DNS_N}.sh add DNS_MODE=$dns_mode TMP_DNSMASQ_PATH=$TMP_ACL_PATH/$sid/dnsmasq.d DNSMASQ_CONF_FILE=/dev/null LOCAL_DNS=$LOCAL_DNS TUN_DNS=127.0.0.1#${_dns_port} TCP_NODE=$tcp_node PROXY_MODE=${tcp_proxy_mode} NO_LOGIC_LOG=1 NO_PROXY_IPV6=${filter_proxy_ipv6}
source $APP_PATH/helper_${DNS_N}.sh add DNS_MODE=$dns_mode TMP_DNSMASQ_PATH=$TMP_ACL_PATH/$sid/dnsmasq.d DNSMASQ_CONF_FILE=/dev/null LOCAL_DNS=$LOCAL_DNS TUN_DNS=127.0.0.1#${_dns_port} TCP_NODE=$tcp_node PROXY_MODE=${tcp_proxy_mode} NO_LOGIC_LOG=1 NO_PROXY_IPV6=${NO_PROXY_IPV6}
ln_run "$(first_type dnsmasq)" "dnsmasq_${sid}" "/dev/null" -C $TMP_ACL_PATH/$sid/dnsmasq.conf -x $TMP_ACL_PATH/$sid/dnsmasq.pid
eval node_${tcp_node}_$(echo -n "${tcp_proxy_mode}${dns_forward}" | md5sum | cut -d " " -f1)=${dnsmasq_port}
}
@ -391,12 +409,22 @@ load_acl() {
else
msg2="${msg2}(REDIRECT:${tcp_port})代理"
fi
[ "$tcp_no_redir_ports" != "disable" ] && {
$ipt_tmp -A PSW $(comment "$remarks") ${_ipt_source} -p tcp -m multiport --dport $tcp_no_redir_ports -j RETURN
$ip6t_m -A PSW $(comment "$remarks") ${_ipt_source} -p tcp -m multiport --dport $tcp_no_redir_ports -j RETURN 2>/dev/null
msg2="${msg2}[$?]除${tcp_no_redir_ports}外的"
}
msg2="${msg2}所有端口"
[ "$tcp_proxy_drop_ports" != "disable" ] && {
$ipt_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "-m multiport --dport") -d $FAKE_IP -j DROP
$ipt_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST) -j DROP
$ipt_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j DROP
[ "$tcp_proxy_mode" != "direct/proxy" ] && $ipt_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "-m multiport --dport") $(get_ipset_ipt $tcp_proxy_mode) -j DROP
msg2="${msg2}[$?]屏蔽代理TCP 端口:${tcp_proxy_drop_ports}"
}
$ipt_tmp -A PSW $(comment "$remarks") -p tcp ${_ipt_source} -d $FAKE_IP $(REDIRECT $tcp_port $is_tproxy)
$ipt_tmp -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $tcp_port $is_tproxy)
$ipt_tmp -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $tcp_port $is_tproxy)
@ -410,13 +438,13 @@ load_acl() {
}
if [ "$PROXY_IPV6" == "1" ]; then
$ip6t_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST6) $(REDIRECT $tcp_port TPROXY)
$ip6t_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST6) $(REDIRECT $tcp_port TPROXY)
$ip6t_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(get_redirect_ip6t $tcp_proxy_mode $tcp_port TPROXY)
$ip6t_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST6) $(REDIRECT $tcp_port TPROXY) 2>/dev/null
$ip6t_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST6) $(REDIRECT $tcp_port TPROXY) 2>/dev/null
$ip6t_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(get_redirect_ip6t $tcp_proxy_mode $tcp_port TPROXY) 2>/dev/null
[ "$accept_icmpv6" = "1" ] && {
$ip6t_n -A PSW $(comment "$remarks") -p ipv6-icmp ${_ipt_source} $(dst $IPSET_SHUNTLIST6) $(REDIRECT)
$ip6t_n -A PSW $(comment "$remarks") -p ipv6-icmp ${_ipt_source} $(dst $IPSET_BLACKLIST6) $(REDIRECT)
$ip6t_n -A PSW $(comment "$remarks") -p ipv6-icmp ${_ipt_source} $(get_redirect_ip6t $tcp_proxy_mode)
$ip6t_n -A PSW $(comment "$remarks") -p ipv6-icmp ${_ipt_source} $(dst $IPSET_SHUNTLIST6) $(REDIRECT) 2>/dev/null
$ip6t_n -A PSW $(comment "$remarks") -p ipv6-icmp ${_ipt_source} $(dst $IPSET_BLACKLIST6) $(REDIRECT) 2>/dev/null
$ip6t_n -A PSW $(comment "$remarks") -p ipv6-icmp ${_ipt_source} $(get_redirect_ip6t $tcp_proxy_mode) 2>/dev/null
}
fi
else
@ -427,6 +455,14 @@ load_acl() {
$ipt_tmp -A PSW $(comment "$remarks") ${_ipt_source} -p tcp -j RETURN
$ip6t_m -A PSW $(comment "$remarks") ${_ipt_source} -p tcp -j RETURN 2>/dev/null
[ "$udp_proxy_drop_ports" != "disable" ] && {
$ipt_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_proxy_drop_ports "-m multiport --dport") -d $FAKE_IP -j DROP
$ipt_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_proxy_drop_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST) -j DROP
$ipt_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_proxy_drop_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j DROP
[ "$udp_proxy_mode" != "direct/proxy" ] && $ipt_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_proxy_drop_ports "-m multiport --dport") $(get_ipset_ipt $udp_proxy_mode) -j DROP
msg2="${msg2}[$?]屏蔽代理UDP 端口:${udp_proxy_drop_ports}"
}
[ -n "$udp_port" ] && {
if [ "$udp_proxy_mode" != "disable" ]; then
@ -438,6 +474,7 @@ load_acl() {
msg2="${msg2}[$?]除${udp_no_redir_ports}外的"
}
msg2="${msg2}所有端口"
$ipt_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} -d $FAKE_IP $(REDIRECT $udp_port TPROXY)
$ipt_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $udp_port TPROXY)
$ipt_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $udp_port TPROXY)
@ -456,7 +493,7 @@ load_acl() {
$ipt_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -j RETURN
$ip6t_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -j RETURN 2>/dev/null
done
unset enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_redir_ports udp_redir_ports tcp_node udp_node dns_mode dns_forward v2ray_dns_mode dns_doh dns_client_ip dns_query_strategy
unset enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node dns_mode dns_forward v2ray_dns_mode dns_doh dns_client_ip
unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark config_file
unset ipt_tmp msg msg2
unset redirect_dns_port
@ -466,6 +503,12 @@ load_acl() {
}
# 加载TCP默认代理模式
[ "$TCP_PROXY_DROP_PORTS" != "disable" ] && {
$ipt_m -A PSW $(comment "默认") -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") -d $FAKE_IP -j DROP
$ipt_m -A PSW $(comment "默认") -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) -j DROP
$ipt_m -A PSW $(comment "默认") -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j DROP
[ "$TCP_PROXY_MODE" != "direct/proxy" ] && $ipt_m -A PSW $(comment "默认") -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") $(get_ipset_ipt $TCP_PROXY_MODE) -j DROP
}
local ipt_tmp=$ipt_n
if [ "$TCP_PROXY_MODE" != "disable" ]; then
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && {
@ -482,8 +525,10 @@ load_acl() {
else
msg="${msg}(REDIRECT:${TCP_REDIR_PORT})代理"
fi
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && msg="${msg}${TCP_NO_REDIR_PORTS}外的"
msg="${msg}所有端口"
$ipt_tmp -A PSW $(comment "默认") -p tcp -d $FAKE_IP $(REDIRECT $TCP_REDIR_PORT $is_tproxy)
$ipt_tmp -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $TCP_REDIR_PORT $is_tproxy)
$ipt_tmp -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $TCP_REDIR_PORT $is_tproxy)
@ -515,6 +560,12 @@ load_acl() {
$ip6t_m -A PSW $(comment "默认") -p tcp -j RETURN
# 加载UDP默认代理模式
[ "$UDP_PROXY_DROP_PORTS" != "disable" ] && {
$ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") -d $FAKE_IP -j DROP
$ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) -j DROP
$ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j DROP
[ "$UDP_PROXY_MODE" != "direct/proxy" ] && $ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") $(get_ipset_ipt $UDP_PROXY_MODE) -j DROP
}
if [ "$UDP_PROXY_MODE" != "disable" ]; then
[ "$UDP_NO_REDIR_PORTS" != "disable" ] && {
$ipt_m -A PSW $(comment "默认") -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN
@ -524,8 +575,10 @@ load_acl() {
[ "$UDP_NODE" != "nil" -o "$TCP_UDP" = "1" ] && {
[ "$TCP_UDP" = "1" ] && [ "$UDP_NODE" = "nil" ] && UDP_NODE=$TCP_NODE
msg="UDP默认代理使用UDP节点[$(config_n_get $UDP_NODE remarks)] [$(get_action_chain_name $UDP_PROXY_MODE)](TPROXY:${UDP_REDIR_PORT})代理"
[ "$UDP_NO_REDIR_PORTS" != "disable" ] && msg="${msg}${UDP_NO_REDIR_PORTS}外的"
msg="${msg}所有端口"
$ipt_m -A PSW $(comment "默认") -p udp -d $FAKE_IP $(REDIRECT $UDP_REDIR_PORT TPROXY)
$ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $UDP_REDIR_PORT TPROXY)
$ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $UDP_REDIR_PORT TPROXY)
@ -814,6 +867,7 @@ add_firewall_rule() {
$ipt_m -A PSW_OUTPUT $(dst $IPSET_WHITELIST) -j RETURN
$ipt_m -A PSW_OUTPUT -m mark --mark 0xff -j RETURN
$ipt_m -A PSW_OUTPUT $(dst $IPSET_BLOCKLIST) -j DROP
$ipt_m -A OUTPUT -j PSW_OUTPUT
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
@ -878,6 +932,8 @@ add_firewall_rule() {
ipt_tmp=$ipt_m
blist_r=$(REDIRECT 1 MARK)
p_r=$(get_redirect_ipt $LOCALHOST_TCP_PROXY_MODE 1 MARK)
else
$ipt_n -A OUTPUT -p tcp -j PSW_OUTPUT
fi
[ "$accept_icmp" = "1" ] && {
@ -912,7 +968,6 @@ add_firewall_rule() {
}
[ "$use_tcp_node_resolve_dns" == 1 ] && hosts_foreach DNS_FORWARD _proxy_tcp_access 53
$ipt_tmp -A OUTPUT -p tcp -j PSW_OUTPUT
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && {
$ipt_tmp -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
$ipt_tmp -A PSW_OUTPUT -p tcp -m multiport --sport $TCP_NO_REDIR_PORTS -j RETURN
@ -920,6 +975,13 @@ add_firewall_rule() {
$ip6t_m -A PSW_OUTPUT -p tcp -m multiport --sport $TCP_NO_REDIR_PORTS -j RETURN
echolog " - [$?]不代理TCP 端口:$TCP_NO_REDIR_PORTS"
}
[ "$TCP_PROXY_DROP_PORTS" != "disable" ] && {
$ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") -d $FAKE_IP -j DROP
$ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) -j DROP
$ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j DROP
[ "$LOCALHOST_TCP_PROXY_MODE" != "direct/proxy" ] && $ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") $(get_ipset_ipt $LOCALHOST_TCP_PROXY_MODE) -j DROP
echolog " - [$?]屏蔽代理TCP 端口:$TCP_PROXY_DROP_PORTS"
}
$ipt_tmp -A PSW_OUTPUT -p tcp -d $FAKE_IP $blist_r
$ipt_tmp -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $blist_r
@ -987,6 +1049,13 @@ add_firewall_rule() {
done
# 加载路由器自身代理 UDP
[ "$UDP_PROXY_DROP_PORTS" != "disable" ] && {
$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") -d $FAKE_IP -j DROP
$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) -j DROP
$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j DROP
[ "$LOCALHOST_UDP_PROXY_MODE" != "direct/proxy" ] && $ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") $(get_ipset_ipt $LOCALHOST_UDP_PROXY_MODE) -j DROP
echolog " - [$?]屏蔽代理UDP 端口:$UDP_PROXY_DROP_PORTS"
}
if [ "$UDP_NODE" != "nil" -o "$TCP_UDP" = "1" ]; then
echolog "加载路由器自身 UDP 代理..."
_proxy_udp_access() {
@ -1001,7 +1070,6 @@ add_firewall_rule() {
echolog " - [$?]将上游 DNS 服务器 ${2}:${3} 加入到路由器自身代理的 UDP 转发链"
}
[ "$use_udp_node_resolve_dns" == 1 ] && hosts_foreach DNS_FORWARD _proxy_udp_access 53
$ipt_m -A OUTPUT -p udp -j PSW_OUTPUT
[ "$UDP_NO_REDIR_PORTS" != "disable" ] && {
$ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN
$ipt_m -A PSW_OUTPUT -p udp -m multiport --sport $UDP_NO_REDIR_PORTS -j RETURN
@ -1009,6 +1077,7 @@ add_firewall_rule() {
$ip6t_m -A PSW_OUTPUT -p udp -m multiport --sport $UDP_NO_REDIR_PORTS -j RETURN
echolog " - [$?]不代理 UDP 端口:$UDP_NO_REDIR_PORTS"
}
$ipt_m -A PSW_OUTPUT -p udp -d $FAKE_IP $(REDIRECT 1 MARK)
$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT 1 MARK)
$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT 1 MARK)

445
luci-app-passwall/root/usr/share/passwall/rules/chnlist
View File

File diff suppressed because it is too large Load Diff

12
luci-app-passwall/root/usr/share/passwall/rules/chnroute
View File

@ -750,7 +750,6 @@
103.157.254.0/23
103.157.30.0/23
103.158.0.0/23
103.158.13.0/24
103.158.16.0/23
103.158.190.0/23
103.158.200.0/23
@ -862,6 +861,8 @@
103.18.224.0/22
103.180.108.0/23
103.180.226.0/23
103.181.164.0/23
103.181.234.0/23
103.19.12.0/22
103.19.232.0/22
103.19.40.0/22
@ -1161,7 +1162,6 @@
103.206.148.0/22
103.206.44.0/22
103.207.104.0/22
103.207.164.0/22
103.207.184.0/22
103.207.188.0/22
103.207.192.0/22
@ -3096,7 +3096,6 @@
103.83.64.0/22
103.83.72.0/22
103.84.0.0/22
103.84.108.0/22
103.84.12.0/22
103.84.136.0/22
103.84.16.0/22
@ -3825,7 +3824,10 @@
118.26.0.0/19
118.26.112.0/21
118.26.120.0/21
118.26.128.0/20
118.26.128.0/22
118.26.133.0/24
118.26.134.0/23
118.26.136.0/21
118.26.160.0/20
118.26.188.0/22
118.26.192.0/18
@ -4330,6 +4332,7 @@
140.75.0.0/16
142.70.0.0/16
142.86.0.0/16
143.64.0.0/16
144.0.0.0/16
144.12.0.0/16
144.123.0.0/16
@ -4547,7 +4550,6 @@
175.176.156.0/22
175.176.176.0/22
175.176.188.0/22
175.176.192.0/22
175.178.0.0/16
175.184.128.0/18
175.185.0.0/16

4
luci-app-passwall/root/usr/share/passwall/rules/chnroute6
View File

@ -190,6 +190,7 @@
2400:5840::/32
2400:5a00::/32
2400:5a40::/32
2400:5a60::/32
2400:5ac0::/32
2400:5b40::/32
2400:5bc0::/32
@ -270,7 +271,6 @@
2400:9600::/32
2400:98c0::/32
2400:9a00::/32
2400:9dc0::/32
2400:9e00::/32
2400:a040::/32
2400:a380::/32
@ -1666,7 +1666,6 @@
2406:aa80::/32
2406:aac0::/32
2406:ab80::/32
2406:abc0::/32
2406:ac80::/32
2406:acc0::/32
2406:ad40::/32
@ -1812,7 +1811,6 @@
2407:9f00::/32
2407:9f80::/32
2407:a040::/32
2407:a480::/32
2407:a640::/32
2407:a7c0::/32
2407:a880::/32

100
luci-app-passwall/root/usr/share/passwall/rules/gfwlist
View File

@ -119,6 +119,7 @@ a.kslive.tv
a0pple.net
a2z.com
aaagradeheadphones.com
aacrjournals.org
aaex.uk
aanaan.com
aapl.tw
@ -147,6 +148,7 @@ aboutmcdonalds.com
aboutyourmini.com
abow.jp
ac-pocketcamp.com
academic.eb.com
academynetriders.com
accbusiness.com
accessfacebookfromschool.com
@ -277,9 +279,11 @@ afpforum.com
agendaweek.com
agzy1.com
ahmia.fi
aiaa.org
aiasahi.jp
aibaobei.me
aimei133.com
aimsciences.org
air-nike-shoes.com
air-watch.com
airav.cc
@ -406,6 +410,7 @@ akatns.net
albeats.com
alchemysynth.com
alexa.com
alexanderstreet.com
alfera.com.hk
alfera.com.my
alfera.in
@ -551,6 +556,7 @@ amazonvideodirect.com
amazonworkdocs.com
amd.com
amdfanstore.com
amdigital.co.uk
ameba.jp
amebame.com
amebaownd.com
@ -570,6 +576,7 @@ amplifyframework.com
ampproject.com
ampproject.net
ampproject.org
ams.org
ams02.space
amytele.com
amzn.com
@ -580,12 +587,14 @@ anaconda.com
anaconda.org
analytictech.com
anandtech.com
anatomy.tv
anb.org
android.com
androidify.com
andysparis.com
anfutong.com
angelbeats.jp
angle.com.tw
angulardart.org
anidom.com
anigema.jp
@ -947,6 +956,7 @@ aps.org
aptoide.com
apture.com
apyle.com
arabidopsis.org
aranzadi.es
arcgis.com
arcgisonline.com
@ -966,6 +976,7 @@ arphic.com.cn
arphic.com.tw
artstation.com
artstationmedia.com
artstor.org
arxiv.org
as-hp.ca
asagaku.com
@ -973,20 +984,28 @@ asahi.com
asahicom.jp
asahishimbun.sc.omtrdc.net
asakonet.co.jp
ascelibrary.org
asebay.com
asha.org
asianpornmovies.com
askfacebook.net
askfacebook.org
askubuntu.com
asm.org
asme.org
asminternational.org
asn-online.org
asp-cc.com
asp.net
aspbjournals.org
aspenpublishing.com
aspnetcdn.com
asproex.com
asproexapi.com
assetsadobe.com
associates-amazon.com
assylum.com
astm.org
asto.re
asus.com
atandt.com
@ -1150,6 +1169,7 @@ babyzone.com
badaas.com
badgen.net
bag-glasses1.com
bahamut.akamaized.net
bahamut.com.tw
baicaonetwork.com
baltimorebmw.com
@ -1483,6 +1503,7 @@ beatswirelesscuffie.com
beatthatquote.com
beautyandthebeastmusical.co.uk
bebepremium3.com.bo
beck-online.beck.de
becomeindex.com
beddit.tv
beeg.com
@ -1493,6 +1514,7 @@ beijingnike.com
bejeweledstars.com
bejewled-stars.com
bellsouth.net
benghuai.com
benliton.com
bentobox.tv
berkanawireless.com
@ -1545,6 +1567,7 @@ bextbuy.com
beyondcore.com
bgov.com
bgr.in
bh3.com
bidbay.com
bidi.net.uk
bidorbuyindia.com
@ -1603,7 +1626,9 @@ bingvisualsearch.com
bingworld.com
binoculus.com
bintray.com
biologists.com
biomedcentral.com
bioone.org
biorxiv.org
bioware.com
biowarestore.com
@ -1761,6 +1786,8 @@ bloombergtv.mn
bloombergvault.com
bloombergview.com
bloommicroventures.com
bloomsburycollections.com
bloomsburydesignlibrary.com
blpcareers.com
blpevents.com
blpprofessional.com
@ -1776,6 +1803,7 @@ blzddistkr1-a.akamaihd.net
blzmedia-a.akamaihd.net
blznav.akamaized.net
bmia.org
bmj.com
bml.info
bmw-abudhabi.com
bmw-adventskalender.com
@ -2189,6 +2217,7 @@ booking.com
bookmybridgestonetyre.com
bookonsky.net
books.com.tw
booksinprint.com
bookstagram.com
booth.pm
bootstrapcdn.com
@ -2227,6 +2256,7 @@ brazilpartneruniversity.com
brazzers.com
breakdown.me
breitbart.com
brepolis.net
brew.sh
brewmp.com
briantreepayments.net
@ -2369,6 +2399,7 @@ buypass.se
buyshoponly.com
buzzardflapper.com
buzzav.com
bvdinfo.com
bwbx.io
bwh1.net
bwh8.net
@ -2386,6 +2417,7 @@ cabletvdirectv.com
cafr.ca
caijinglengyan.com
caime.xyz
cairn.info
cairnspost.com.au
calendarserver.org
calgon.at
@ -2492,6 +2524,7 @@ canonfoundation.org
canonical.com
canonproprinters.com
capitalgames.com
capitaliq.com
carbon.com
carcare-and-tireshop.jp
card.io
@ -2502,6 +2535,7 @@ careersatfb.com
carekit.org
cargigileads.com
carstagram.com
cas.org
cash.app
cash2.com
cashbycashapp.com
@ -2547,6 +2581,7 @@ cbspressexpress.com
cbssports.com
cbsstatic.com
cbssvideo.com
ccdc.cam.ac.uk
cciernslabs.com
cciesecuritylabs.com
ccievoicelabs.com
@ -2648,6 +2683,7 @@ cheapshoesvip.com
cheapwireless04.com
cheapwirelessbeats.com
cheerwholesale.us
chemnetbase.com
chicagolandbmw.com
chickstagram.com
chihair-straightener.com
@ -2664,6 +2700,7 @@ chinatimes.com
chinatimes.com.tw
chips.com
chocolatey.org
choicereviews.org
chomp.com
chrome.com
chromebook.com
@ -2679,6 +2716,7 @@ ciattackers.com
cilk.com
cilk.net
cinemax.com
cios.org
cisco-returns.com
cisco-warrantyfinder.com
cisco.com
@ -2735,6 +2773,7 @@ clearlinux.org
click-url.com
clickedu.co.uk
clickserver.googleads.com
clinicalkey.com
clojure.org
cloudapp.net
cloudappsecurity.com
@ -2806,6 +2845,7 @@ cnshopin.com
cnyes.com
cobatt.com
cobrasearch.com
cochranelibrary.com
code.org
codecademy.com
codei.sh
@ -3001,6 +3041,7 @@ darwinsourcecode.com
dashwood360.com
dat.foundation
data.com
databank.worldbank.org
database.asahi.com
dataliberation.org
datalore.io
@ -3318,12 +3359,14 @@ dkk37.com
dkr.com
dkrecttv.com
dl-iphone.com
dl.begellhouse.com
dlercloud.com
dlercloud.me
dlercloud.org
dleris.best
dlfacebook.com
dlgarenanow-a.akamaihd.net
dlib.eastview.com
dlmobilegarena-a.akamaihd.net
dmed.technology
dmgmediaprivacy.co.uk
@ -3780,6 +3823,8 @@ ebayy.com
ebc.net.tw
ebi.ac.uk
ebookforipad.com
ebsco.com
ebscohost.com
ebuyheadphones.com
ecapi-pchome.cdn.hinet.net
ecgapp.net
@ -3819,11 +3864,13 @@ elasticbeanstalk.com
elderscrolls.com
electrek.co
electricluxury.com
electrochem.org
electronicarts.com
electronicarts.fr
electronjs.org
element.io
elephantsdream.org
elgaronline.com
elib.maruzen.co.jp
elifesciences.org
elite.com
@ -3836,6 +3883,7 @@ elsevier.io
emac.co.in
emac.in
emagic.de
embase.com
embed-cdn.com
embed.ly
embedly.com
@ -3847,8 +3895,10 @@ embl.org
emblstatic.net
embs.org
emcs.org
emerald.com
emojipedia.org
emome.net
ems-ph.org
enablementadobe.com
enanyang.my
encoretvb.com
@ -3968,6 +4018,7 @@ etvonline.hk
etwealth.com
eu-consumer-empowerment.com
eubluecardvisa.com
eurekaselect.com
euroipad.com
europalibera.org
europepmc.org
@ -4231,6 +4282,7 @@ facnbook.com
facrbook.com
factograph.info
factwire.org
facultyopinions.com
facvebook.com
facwebook.com
facxebook.com
@ -4442,6 +4494,7 @@ firestonetire.ca
firestonetire.com
firewire.cl
firewire.eu
firstsearch.oclc.org
fixtracking.com
flathub.org
flatmates.com.au
@ -4725,6 +4778,7 @@ fuchsia.dev
fujinkoron.jp
fundaiphone5s.com
fundfire.com
fundinginstitutional.com
fundpaypal.com
fundraisingwithfacebook.com
funimation.com
@ -4920,6 +4974,7 @@ gitstar.net
gittigidiyor.net
gittigidiyorsikayet.com
glasamerike.net
global-sci.org
globaledu.org
globalriskregulator.com
globalsecurity.org
@ -5282,6 +5337,7 @@ gvt5.com
gvt6.com
gvt7.com
gvt9.com
gwiki.net
gwktravelex.nl
hackday.com.au
hackerfacebook.com
@ -5358,6 +5414,7 @@ heaven-burns-red.com
heavy-r.com
hebiphone.com
hegre.com
heinonline.org
hellokittybeats.com
hellosmartbook.com
hentaiathome.net
@ -5387,6 +5444,9 @@ hifacebook.info
highbolt.net
highdefinitionbeatsbydre.com
hightopnikes.com
highwirepress.com
himalaya-exchange.zendesk.com
himalaya.exchange
hindawi.com
hindiweb.com
hinet.net
@ -5430,6 +5490,7 @@ homephoneplus.com
hometrack.com.au
honawalaan.com
hongkongfp.com
honkaistarrail.com
hooloo.tv
hoolu.com
hoolu.tv
@ -5446,6 +5507,8 @@ housing.com
housingcdn.com
howtogetmo.co.uk
howtohackfacebook-account.com
hoyolab.com
hoyoverse.com
hp-imagine.com
hp-infolab.com
hp-invent.com
@ -5674,6 +5737,7 @@ ibookpartner.com
ibooksauthor.com
ic.ac.uk
icashpassport.com.mx
icevirtuallibrary.com
ichat.co.in
ichineseporn.com
icloud-content.com
@ -5713,6 +5777,7 @@ icloudos.net
icloudpay.net
icloudsecure.net
icloudsetup.com
icsd.fiz-karlsruhe.de
idelreal.org
identrust.co.uk
identrust.com
@ -5767,12 +5832,14 @@ ietf.org
ifontcloud.com
ig.me
igcdn.com
igi-global.com
ign.jp
ignites.com
ignitesasia.com
igniteseurope.com
igoogle.com
igoshopping.net
igpublish.com
igsonar.com
igtv.com
iijav.com
@ -6294,6 +6361,7 @@ itunesu.com
itunesu.net
ius.io
iutunes.com
iwaponline.com
iwara.tv
iwork.com
iwork.se
@ -6367,6 +6435,7 @@ joinclubhouse.com
joinmaidez.com
joox.com
jos.com
jove.com
jquery.com
jquerymobile.com
jqueryui.com
@ -6399,6 +6468,7 @@ kamisama-maeda-lab.com
kannewyork.com
kanzhongguo.com
kanzhongguo.eu
karger.com
kastatic.org
kavkazr.com
keepmovingwithmovefree.com
@ -6527,6 +6597,7 @@ legaltracker.com
lencr.org
letmejerk.com
letsencrypt.org
lexisnexis.com
lexuemei.com
lfai.foundation
lg.com
@ -6957,6 +7028,7 @@ mediafiles-cisco.com
mediawiki.org
medium.com
medium.systems
medone-education.thieme.com
medrxiv.org
meet.new
meetfasttrack.com
@ -6967,6 +7039,7 @@ mega.io
mega.nz
megaphone.fm
meijinsen.jp
mendeley.com
menshin-channel.com
mepn.com
meraki-go.com
@ -7093,6 +7166,8 @@ microsoftuwp.com
micstl.com
midatlanticbmwmotorcycles.com
midentsolutions.com
mihayou.com
mihoyo.com
miitomo.com
miiverse.com
miktex.org
@ -7451,6 +7526,7 @@ monstershopcheapbeats.net
moodstocks.com
moov.hk
moreheadphones.com
morganclaypool.com
morisawa.co.jp
morphcharts.com
mortein.co.in
@ -7538,6 +7614,7 @@ multicurrencycashpassport.com
multiplydiversity.com
muncloud.dog
muscdn.com
muse.jhu.edu
mushymush.tv
musical.ly
musicbay.net
@ -7661,6 +7738,7 @@ nationalgeographicpartners.com
nativeincolour.com.au
naturalvoices.com
nature.com
naturemag.org
naver.com
naver.jp
naver.net
@ -7674,6 +7752,7 @@ nbcsports.com
nbcudigitaladops.com
nbcuni.com
nbcuniversal.com
ncl.edu.tw
near.by
nebay.net
neborder.com
@ -8164,6 +8243,7 @@ oculusforbusiness.com
oculusrift.com
oculusvr.com
odysee.com
oecd-ilibrary.org
oed.com
offerairjordanlebron.com
office.com
@ -8255,6 +8335,7 @@ openwrt.org
opgg-static.akamaized.net
opinionjournal.com
optanedifference.com
optica.org
opticsforthecloud.net
optimumssl.com
oracle.com
@ -8274,6 +8355,7 @@ orithegame.com
orl.ly
orlandohurricane.com
osakamotion.net
osapublishing.org
osdn.net
osm.org
osmfoundation.org
@ -8761,6 +8843,7 @@ polymer-project.org
polymerproject.org
popcap.com
popjav.tv
porn.com
pornacho.com
pornbest.org
pornbrb.com
@ -8848,6 +8931,7 @@ product.co.jp
projectapex.com
projectara.com
projectbaseline.com
projecteuclid.org
projectmurphy.net
projectsangam.com
promonsterbeatsbydre.com
@ -9071,6 +9155,7 @@ realtype.co.jp
realtype.jp
realvision.com
reastatic.net
reaxys.com
rebates.jp
rebrandly.com
reckitt.net
@ -9186,6 +9271,7 @@ rumble.com
run.app
runnike.com
runningnike.com
rupress.org
rust-lang.org
rustup.rs
ruten.com.tw
@ -9201,6 +9287,7 @@ s.team
s2stagehance.com
s81c.com
sa78gs.wpc.edgecastcdn.net
sae.org
safechat.com
saffrontech.com
sagepub.com
@ -9359,6 +9446,7 @@ sci-hub.mksa.top
sci-hub.se
sci-hub.st
sci.hubg.org
science.com
science.org
sciencedirect.com
sciencedirectassets.com
@ -9366,6 +9454,7 @@ sciencemag.org
scientificamerican.com
scientificlinux.org
scitation.org
scival.com
scmp.com
scnshop.cc
scnsrc.me
@ -9470,6 +9559,7 @@ shorturl.at
shotwithgeforce.com
shp.ee
shuziyimin.org
siam.org
sibreal.org
siege-amazon.com
sign.new
@ -10194,6 +10284,9 @@ theuab.net
theverge.com
theweek.in
thewonderful101.com
thieme-connect.com
thieme-connect.de
thieme.de
thinkboxsoftware.com
thinkdifferent.us
thinkofliving.com
@ -10265,6 +10358,7 @@ torproject.org
torrentkitty.tv
torrindex.net
tospo-keiba.jp
totalmateria.com
touchid.tv
touchid.wang
touchsmartpc.com
@ -10409,6 +10503,7 @@ ukipad.com
ukwhoswho.com
ulifestyle.com.hk
ulol.com
ulrichsweb.serialssolutions.com
ultimaforever.com
ultimaonline.com
umagazine.com.hk
@ -11250,6 +11345,7 @@ welcometobestbuy.ca
weltweitwachsen.de
wenzhao.ca
westerndigital.com
westlaw.com
weverse.io
wfm.com
what-fan.net
@ -11369,6 +11465,7 @@ woflthenewsstation.com
wogx.com
wolfatbestbuy.com
wolfatbestbuy.net
wolterskluwer.com
womensnikeshox.com
womenwill.com
womenwill.com.br
@ -11397,6 +11494,7 @@ worldflipper.akamaized.net
worldflipper.jp
worldhack.com
worldofwarcraft.com
worldscientific.com
worldsecureemail.com
worldsecuresystems.com
worldsfastestgamer.net
@ -11404,6 +11502,7 @@ wp-themes.com
wp.com
wpewebkit.org
wpvip.com
wrds-www.wharton.upenn.edu
wrenchead.com
wsj.com
wsj.jobs
@ -11941,6 +12040,7 @@ youtubemobilesupport.com
ysm.yahoo.com
yt.be
ytimg.com
yuanshen.com
yzzk.com
z5.app
z5.com

32
luci-app-passwall/root/usr/share/passwall/subscribe.lua
View File

@ -766,6 +766,38 @@ local function processData(szType, content, add_mode, add_from)
result.port = port
result.tls_allowInsecure = allowInsecure_default and "1" or "0"
end
elseif szType == 'hysteria' then
local alias = ""
if content:find("#") then
local idx_sp = content:find("#")
alias = content:sub(idx_sp + 1, -1)
content = content:sub(0, idx_sp - 1)
end
result.remarks = UrlDecode(alias)
result.type = "Hysteria"
local dat = split(content, '%?')
local hostInfo = split(dat[1], ':')
result.address = hostInfo[1]
result.port = hostInfo[2]
local params = {}
for _, v in pairs(split(dat[2], '&')) do
local t = split(v, '=')
if #t > 0 then
params[t[1]] = t[2]
end
end
result.hysteria_protocol = params.protocol
result.hysteria_obfs = params.obfsParam
result.hysteria_auth_type = "string"
result.hysteria_auth_password = params.auth
result.tls_serverName = params.peer
if params.insecure and params.insecure == "1" then
result.tls_allowInsecure = "1"
end
result.hysteria_alpn = params.alpn
result.hysteria_up_mbps = params.upmbps
result.hysteria_down_mbps = params.downmbps
else
log('暂时不支持' .. szType .. "类型的节点订阅,跳过此节点。")
return nil

4
luci-app-ssr-plus/Makefile
View File

@ -24,8 +24,8 @@ LUCI_TITLE:=SS/SSR/V2Ray/Trojan/NaiveProxy/Socks5/Tun LuCI interface
LUCI_PKGARCH:=all
LUCI_DEPENDS:= \
@(PACKAGE_libustream-mbedtls||PACKAGE_libustream-openssl||PACKAGE_libustream-wolfssl) \
+coreutils +coreutils-base64 +dns2socks +dnsmasq-full +ipset \
+kmod-ipt-nat +ip-full +iptables-mod-tproxy +lua +libuci-lua +microsocks \
+coreutils +coreutils-base64 +dns2socks +dnsmasq-full +ipset +kmod-ipt-nat \
+ip-full +iptables-mod-tproxy +lua +libuci-lua +microsocks +pdnsd-alt \
+tcping +resolveip +shadowsocksr-libev-ssr-check +uclient-fetch \
+PACKAGE_$(PKG_NAME)_INCLUDE_Kcptun:kcptun-client \
+PACKAGE_$(PKG_NAME)_INCLUDE_NaiveProxy:naiveproxy \

7
luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua
View File

@ -302,13 +302,6 @@ o:depends("type", "ssr")
o = s:option(Value, "obfs_param", translate("Obfs param(optional)"))
o:depends("type", "ssr")
-- AlterId
o = s:option(Value, "alter_id", translate("AlterId"))
o.datatype = "port"
o.default = 16
o.rmempty = true
o:depends({type = "v2ray", v2ray_protocol = "vmess"})
-- VmessId
o = s:option(Value, "vmess_id", translate("Vmess/VLESS ID (UUID)"))
o.rmempty = true

1
luci-app-ssr-plus/luasrc/view/shadowsocksr/ssrurl.htm
View File

@ -242,7 +242,6 @@ function import_ssr_url(btn, urlname, sid) {
document.getElementsByName('cbid.shadowsocksr.' + sid + '.alias')[0].value = ssm.ps;
document.getElementsByName('cbid.shadowsocksr.' + sid + '.server')[0].value = ssm.add;
document.getElementsByName('cbid.shadowsocksr.' + sid + '.server_port')[0].value = ssm.port;
document.getElementsByName('cbid.shadowsocksr.' + sid + '.alter_id')[0].value = ssm.aid;
document.getElementsByName('cbid.shadowsocksr.' + sid + '.vmess_id')[0].value = ssm.id;
document.getElementsByName('cbid.shadowsocksr.' + sid + '.transport')[0].value = ssm.net;
document.getElementsByName('cbid.shadowsocksr.' + sid + '.transport')[0].dispatchEvent(event);

1
luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua
View File

@ -15,7 +15,6 @@ function vmess_vless()
users = {
{
id = server.vmess_id,
alterId = (server.v2ray_protocol == "vmess" or not server.v2ray_protocol) and tonumber(server.alter_id) or nil,
security = (server.v2ray_protocol == "vmess" or not server.v2ray_protocol) and server.security or nil,
encryption = (server.v2ray_protocol == "vless") and server.vless_encryption or nil,
flow = (server.xtls == '1') and (server.vless_flow and server.vless_flow or "xtls-rprx-splice") or nil

1
luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua
View File

@ -163,7 +163,6 @@ local function processData(szType, content)
result.server = info.add
result.server_port = info.port
result.transport = info.net
result.alter_id = info.aid
result.vmess_id = info.id
result.alias = info.ps
-- result.mux = 1