update 2024-06-19 03:24:21

This commit is contained in:
actions-user 2024-06-19 03:24:21 +08:00
parent 292c2aec88
commit 8d4618ff23
42 changed files with 4 additions and 80424 deletions

View File

@ -7,17 +7,16 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=lua-maxminddb PKG_NAME:=lua-maxminddb
PKG_VERSION:=0.2 PKG_VERSION:=0.2
PKG_RELEASE:=$(AUTORELEASE) PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/fabled/lua-maxminddb.git PKG_SOURCE_URL:=https://github.com/fabled/lua-maxminddb.git
PKG_SOURCE_DATE:=2019-03-14 PKG_SOURCE_DATE:=2019-03-14
PKG_SOURCE_VERSION:=93da9f4e6c814c3a23044dd2cdd22d4a6b4f665b PKG_SOURCE_VERSION:=93da9f4e6c814c3a23044dd2cdd22d4a6b4f665b
PKG_MIRROR_HASH:=b99ef18516b705b3e73b15a9d5ddc99add359299b52639fe3c81dd761591d9d9 PKG_MIRROR_HASH:=e70dd8843c3688b58f66fff5320a93d5789b79114bcb36a94d5b554664439f04
PKG_LICENSE:=MIT PKG_LICENSE:=MIT
PKG_LICENSE_FILE:=LICENSE PKG_LICENSE_FILES:=LICENSE
PKG_MAINTAINER:=fabled
PKG_BUILD_PARALLEL:=1 PKG_BUILD_PARALLEL:=1
@ -28,7 +27,7 @@ define Package/lua-maxminddb
SECTION:=lang SECTION:=lang
CATEGORY:=Languages CATEGORY:=Languages
TITLE:=libmaxminddb bindings for lua TITLE:=libmaxminddb bindings for lua
URL:=https://github.com/jerrykuku/lua-maxminddb URL:=https://github.com/fabled/lua-maxminddb
DEPENDS:=+lua +libmaxminddb DEPENDS:=+lua +libmaxminddb
endef endef

View File

@ -1,3 +0,0 @@
# MaxMind DB Reader for Lua
Embed in openwrt

View File

@ -1,95 +0,0 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-koolproxyR
PKG_VERSION:=3.8.4
PKG_RELEASE:=5
PKG_MAINTAINER:=panda-mute <wxuzju@gmail.com>
PKG_LICENSE:=GPLv3
PKG_LICENSE_FILES:=LICENSE
PKG_BUILD_PARALLEL:=1
RSTRIP:=true
include $(INCLUDE_DIR)/package.mk
define Package/luci-app-koolproxyR
SECTION:=luci
CATEGORY:=LuCI
SUBMENU:=3. Applications
TITLE:=LuCI support for koolproxyR
DEPENDS:=+openssl-util +ipset +dnsmasq-full +@BUSYBOX_CONFIG_DIFF +iptables-mod-nat-extra +wget
MAINTAINER:=panda-mute
endef
define Package/luci-app-koolproxyR/description
This package contains LuCI configuration pages for koolproxy.
endef
define Build/Compile
endef
define Package/luci-app-koolproxyR/postinst
#!/bin/sh
if [ -z "$${IPKG_INSTROOT}" ]; then
( . /etc/uci-defaults/luci-koolproxy ) && rm -f /etc/uci-defaults/luci-koolproxy
rm -f /tmp/luci-indexcache
fi
exit 0
endef
define Package/luci-app-koolproxyR/install
$(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_DIR) $(1)/etc/adblocklist
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_DIR) $(1)/lib/upgrade/keep.d
$(INSTALL_DIR) $(1)/usr/lib/lua/luci/i18n/
$(INSTALL_DIR) $(1)/usr/lib/lua/luci/controller
$(INSTALL_DIR) $(1)/usr/lib/lua/luci/model/cbi/koolproxy
$(INSTALL_DIR) $(1)/usr/lib/lua/luci/view
$(INSTALL_DIR) $(1)/usr/lib/lua/luci/view/koolproxy
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_DIR) $(1)/usr/share/koolproxy
$(INSTALL_DIR) $(1)/usr/share/koolproxy/data
$(INSTALL_DIR) $(1)/usr/share/koolproxy/data/rules/
$(INSTALL_BIN) ./files/etc/uci-defaults/luci-koolproxy $(1)/etc/uci-defaults/luci-koolproxy
$(INSTALL_BIN) ./files/etc/init.d/* $(1)/etc/init.d/
$(INSTALL_DATA) ./files/etc/config/* $(1)/etc/config/
$(INSTALL_DATA) ./files/etc/adblocklist/* $(1)/etc/adblocklist/
$(INSTALL_DATA) ./files/lib/upgrade/keep.d/koolproxy $(1)/lib/upgrade/keep.d/
$(INSTALL_DATA) ./files/usr/lib/lua/luci/model/cbi/koolproxy/global.lua $(1)/usr/lib/lua/luci/model/cbi/koolproxy/global.lua
$(INSTALL_DATA) ./files/usr/lib/lua/luci/model/cbi/koolproxy/rss_rule.lua $(1)/usr/lib/lua/luci/model/cbi/koolproxy/rss_rule.lua
$(INSTALL_DATA) ./files/usr/lib/lua/luci/controller/koolproxy.lua $(1)/usr/lib/lua/luci/controller/koolproxy.lua
$(INSTALL_DATA) ./files/usr/lib/lua/luci/view/koolproxy/* $(1)/usr/lib/lua/luci/view/koolproxy/
$(INSTALL_DATA) ./files/usr/lib/lua/luci/i18n/koolproxy.zh-cn.lmo $(1)/usr/lib/lua/luci/i18n/koolproxy.zh-cn.lmo
$(INSTALL_BIN) ./files/usr/sbin/* $(1)/usr/sbin/
$(INSTALL_BIN) ./files/usr/share/koolproxy/data/gen_ca.sh $(1)/usr/share/koolproxy/data/
$(INSTALL_DATA) ./files/usr/share/koolproxy/data/openssl.cnf $(1)/usr/share/koolproxy/data/
$(INSTALL_DATA) ./files/usr/share/koolproxy/data/user.txt $(1)/usr/share/koolproxy/data/
$(INSTALL_DATA) ./files/usr/share/koolproxy/data/source.list $(1)/usr/share/koolproxy/data/
$(INSTALL_DATA) ./files/usr/share/koolproxy/data/rules/* $(1)/usr/share/koolproxy/data/rules/
$(INSTALL_BIN) ./files/usr/share/koolproxy/camanagement $(1)/usr/share/koolproxy/camanagement
$(INSTALL_BIN) ./files/usr/share/koolproxy/kpupdate $(1)/usr/share/koolproxy/kpupdate
$(INSTALL_DATA) ./files/usr/share/koolproxy/koolproxy_ipset.conf $(1)/usr/share/koolproxy/koolproxy_ipset.conf
$(INSTALL_DATA) ./files/usr/share/koolproxy/dnsmasq.adblock $(1)/usr/share/koolproxy/dnsmasq.adblock
ifeq ($(ARCH),mipsel)
$(INSTALL_BIN) ./files/bin/mipsel $(1)/usr/share/koolproxy/koolproxy
endif
ifeq ($(ARCH),mips)
$(INSTALL_BIN) ./files/bin/mips $(1)/usr/share/koolproxy/koolproxy
endif
ifeq ($(ARCH),i386)
$(INSTALL_BIN) ./files/bin/i386 $(1)/usr/share/koolproxy/koolproxy
endif
ifeq ($(ARCH),x86_64)
$(INSTALL_BIN) ./files/bin/x86_64 $(1)/usr/share/koolproxy/koolproxy
endif
ifeq ($(ARCH),arm)
$(INSTALL_BIN) ./files/bin/arm $(1)/usr/share/koolproxy/koolproxy
endif
endef
$(eval $(call BuildPackage,luci-app-koolproxyR))

View File

@ -1,33 +0,0 @@
修改了kpupdate使其可以直接更新easylist、fanboy和yhost的规则。
## 准备工作:
先运行:</br>
`opkg install openssl-util ipset dnsmasq-full diffutils iptables-mod-nat-extra wget ca-bundle ca-certificates libustream-openssl`</br>
手动安装以上依赖包</br>
* 如果没有 **openssl** 就不能正常生成证书导致https过滤失败
* 如果没有 **ipset, dnsmasq-full, diffutils**黑名单模式也会出现问题ipset 需要版本6,如果你的固件的busybox带有支持diff支持那么diffutils包可以不安装
* 如果没有 **iptables-mod-nat-extra** 会导致mac过滤失效
* 如果没有 **wget, ca-bundle, ca-certificates, libustream-openssl** 会导致规则文件更新失败host规则条数变为0,如果你的固件的busybox带有支持https的wget那么这几个包可以不安装
## 使用方法
```Brach
#源码根目录进入package文件夹
cd package
#下载源码
git clone https://github.com/jefferymvp/luci-app-koolproxyR
#回到源码根目录
cd ..
make menuconfig
#编译
make package/luci-app-koolproxyR/{clean,compile} V=s

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -1 +0,0 @@
61.160.200.252

View File

@ -1 +0,0 @@
v2ex.com

View File

@ -1,17 +0,0 @@
config global
option time_update '4'
option koolproxy_port '0'
option startup_delay '5'
option koolproxy_acl_default '0'
option koolproxy_mode '2'
option koolproxy_host '1'
option koolproxy_rules 'fanboy.txt easylistchina.txt yhosts.txt kp.dat user.txt'
option enabled '0'
option koolproxy_ipv6 '0'
config rss_rule
option load '1'
option name 'kpr_our_rule.txt'
option url 'https://github.com/user1121114685/koolproxyR_rule_list/raw/master/kpr_our_rule.txt'
option file 'kpr_our_rule.txt'

View File

@ -1,475 +0,0 @@
#!/bin/sh /etc/rc.common
#
# Copyright (C) 2015 OpenWrt-dist
# Copyright (C) 2016 fw867 <ffkykzs@gmail.com>
#
# This is free software, licensed under the GNU General Public License v3.
# See /LICENSE for more information.
#
START=99
USE_PROCD=1
CONFIG=koolproxy
KP_DIR=/usr/share/koolproxy
TMP_DIR=/tmp
alias echo_date='echo $(date +%Y年%m月%d日\ %X):'
config_n_get() {
local ret=$(uci get $CONFIG.$1.$2 2>/dev/null)
echo ${ret:=$3}
}
config_t_get() {
local index=0
[ -n "$4" ] && index=$4
local ret=$(uci get $CONFIG.@$1[$index].$2 2>/dev/null)
echo ${ret:=$3}
}
add_ipset_conf() {
if [ -s /etc/adblocklist/adbypass ]; then
echo_date 添加白名单软连接...
cat /etc/adblocklist/adbypass | sed "s/,/\n/g" | sed "s/^/ipset=&\/./g" | sed "s/$/\/white_kp_list/g" >> /tmp/adbypass.conf
rm -rf /tmp/dnsmasq.d/adbypass.conf
ln -sf /tmp/adbypass.conf /tmp/dnsmasq.d/adbypass.conf
dnsmasq_restart=1
fi
if [ "$koolproxy_mode" == "2" ]; then
if [ "$koolproxy_host" == "1" ];then
echo_date 添加Adblock Plus Host软连接...
ln -sf $KP_DIR/dnsmasq.adblock /tmp/dnsmasq.d/dnsmasq.adblock
fi
echo_date 添加黑名单软连接...
rm -rf /tmp/dnsmasq.d/koolproxy_ipset.conf
ln -sf $KP_DIR/koolproxy_ipset.conf /tmp/dnsmasq.d/koolproxy_ipset.conf
echo_date 添加自定义黑名单软连接...
if [ -s /etc/adblocklist/adblock ]; then
cat /etc/adblocklist/adblock | sed "s/,/\n/g" | sed "s/^/ipset=&\/./g" | sed "s/$/\/black_koolproxy/g" >> /tmp/adblock.conf
rm -rf /tmp/dnsmasq.d/adblock.conf
ln -sf /tmp/adblock.conf /tmp/dnsmasq.d/adblock.conf
fi
dnsmasq_restart=1
fi
}
remove_ipset_conf() {
if [ -L "/tmp/dnsmasq.d/adbypass.conf" ]; then
echo_date 移除白名单软连接...
rm -rf /tmp/adbypass.conf
rm -rf /tmp/dnsmasq.d/adbypass.conf
dnsmasq_restart=1
fi
if [ -L "/tmp/dnsmasq.d/koolproxy_ipset.conf" ]; then
echo_date 移除黑名单软连接...
rm -rf /tmp/dnsmasq.d/koolproxy_ipset.conf
dnsmasq_restart=1
fi
if [ -L "/tmp/dnsmasq.d/adblock.conf" ]; then
echo_date 移除自定义黑名单软连接...
rm -rf /tmp/dnsmasq.d/adblock.conf
rm -rf /tmp/adblock.conf
dnsmasq_restart=1
fi
if [ -L "/tmp/dnsmasq.d/dnsmasq.adblock" ]; then
echo_date 移除Adblock Plus Host软连接...
rm -rf /tmp/dnsmasq.d/dnsmasq.adblock
dnsmasq_restart=1
fi
}
restart_dnsmasq() {
if [ "$dnsmasq_restart" == "1" ]; then
echo_date 重启dnsmasq进程...
/etc/init.d/dnsmasq restart > /dev/null 2>&1
fi
}
creat_ipset() {
echo_date 创建ipset名单
# Load ipset netfilter kernel modules and kernel modules
ipset -! create white_kp_list nethash
ipset -! create black_koolproxy iphash
cat $KP_DIR/data/rules/yhosts.txt $KP_DIR/data/rules/easylistchina.txt $KP_DIR/data/rules/fanboy.txt $KP_DIR/data/rules/user.txt | grep -Eo "(.\w+\:[1-9][0-9]{1,4})/" | grep -Eo "([0-9]{1,5})" | sort -un | sed -e '$a\80' -e '$a\443' | sed -e "s/^/-A kp_full_port &/g" -e "1 i\-N kp_full_port bitmap:port range 0-65535 " | ipset -R -!
}
add_white_black_ip() {
echo_date 添加ipset名单
ip_lan="0.0.0.0/8 10.0.0.0/8 100.64.0.0/10 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16 224.0.0.0/4 240.0.0.0/4"
for ip in $ip_lan
do
ipset -A white_kp_list $ip >/dev/null 2>&1
done
sed -e "s/^/add white_kp_list &/g" /etc/adblocklist/adbypassip | awk '{print $0} END{print "COMMIT"}' | ipset -R 2>/dev/null
ipset -A black_koolproxy 110.110.110.110 >/dev/null 2>&1
sed -e "s/^/add black_koolproxy &/g" /etc/adblocklist/adblockip | awk '{print $0} END{print "COMMIT"}' | ipset -R 2>/dev/null
}
load_config() {
ENABLED=$(config_t_get global enabled 0)
[ $ENABLED -ne 1 ] && return 0
koolproxy_mode=$(config_t_get global koolproxy_mode 1)
koolproxy_host=$(config_t_get global koolproxy_host 0)
koolproxy_acl_default=$(config_t_get global koolproxy_acl_default 1)
koolproxy_port=$(config_t_get global koolproxy_port 0)
koolproxy_bp_port=$(config_t_get global koolproxy_bp_port)
koolproxy_ipv6=$(config_t_get global koolproxy_ipv6 0)
config_load $CONFIG
return 1
}
__load_lan_acl() {
local mac
local ipaddr
local proxy_mode
config_get mac $1 mac
config_get ipaddr $1 ipaddr
config_get proxy_mode $1 proxy_mode
[ -n "$ipaddr" ] && [ -z "$mac" ] && echo_date 加载ACL规则【$ipaddr】模式为$(get_mode_name $proxy_mode)
[ -z "$ipaddr" ] && [ -n "$mac" ] && echo_date 加载ACL规则【$mac】模式为$(get_mode_name $proxy_mode)
[ -n "$ipaddr" ] && [ -n "$mac" ] && echo_date 加载ACL规则【$ipaddr】【$mac】模式为$(get_mode_name $proxy_mode)
#echo iptables -t nat -A KOOLPROXY $(factor $ipaddr "-s") $(factor $mac "-m mac --mac-source") -p tcp $(get_jump_mode $proxy_mode) $(get_action_chain $proxy_mode)
iptables -t nat -A KOOLPROXY $(factor $ipaddr "-s") $(factor $mac "-m mac --mac-source") -p tcp $(get_jump_mode $proxy_mode) $(get_action_chain $proxy_mode)
acl_nu=`expr $acl_nu + 1`
}
lan_acess_control() {
acl_nu=0
[ -z "$koolproxy_acl_default" ] && koolproxy_acl_default=1
config_foreach __load_lan_acl acl_rule
if [ $acl_nu -ne 0 ]; then
echo_date 加载ACL规则其余主机模式为$(get_mode_name $koolproxy_acl_default)
else
echo_date 加载ACL规则所有模式为$(get_mode_name $koolproxy_acl_default)
fi
}
__load_exrule() {
local file
local exrule
local enable
config_get file $1 file
config_get exrule $1 url
config_get enable $1 load
if [ -n "$exrule" ]; then
if [ $enable -ne 1 ]; then
[ -n "$file" ] && [ -f $KP_DIR/data/rules/$file ] && rm -f $KP_DIR/data/rules/$file
uci set koolproxy.$1.time=""
uci commit koolproxy
return
fi
if [ -z "$file" ]; then
file=$(echo $exrule |awk -F "/" '{print $NF}')
uci set koolproxy.$1.file="$file"
uci commit koolproxy
fi
if [ ! -f $KP_DIR/data/rules/$file ]; then
wget-ssl --quiet --timeout=5 --no-check-certificate $exrule -O $TMP_DIR/$file
if [ "$?" == "0" ]; then
uci set koolproxy.$1.time="`date +%Y-%m-%d" "%H:%M`"
uci commit koolproxy
mv $TMP_DIR/$file $KP_DIR/data/rules/$file
else
echo "koolproxy download rule $file failed!"
[ -f $TMP_DIR/$file ] && rm -f $TMP_DIR/$file
fi
fi
cat $KP_DIR/data/rules/$file >>$KP_DIR/data/rules/user.txt
fi
}
load_user_rules() {
cp $KP_DIR/data/user.txt $KP_DIR/data/rules/user.txt
config_foreach __load_exrule rss_rule
}
load_rules() {
sed -i '1,7s/1/0/g' $KP_DIR/data/source.list
local rulelist="$(uci -q get koolproxy.@global[0].koolproxy_rules)"
for rule in $rulelist
do
case "$rule" in
yhosts.txt)
sed -i '1s/0/1/g' $KP_DIR/data/source.list
;;
kp.dat)
sed -i '2s/0/1/g' $KP_DIR/data/source.list
;;
user.txt)
sed -i '3s/0/1/g' $KP_DIR/data/source.list
;;
easylistchina.txt)
sed -i '4s/0/1/g' $KP_DIR/data/source.list
;;
fanboy.txt)
sed -i '5s/0/1/g' $KP_DIR/data/source.list
;;
esac
done
local rulelist="$(uci -q get koolproxy.@global[0].thirdparty_rules)"
for rule in $rulelist
do
case "$rule" in
easylistchina.txt)
sed -i '5s/0/1/g' $KP_DIR/data/source.list
;;
chengfeng.txt)
sed -i '6s/0/1/g' $KP_DIR/data/source.list
;;
fanboy.txt)
sed -i '7s/0/1/g' $KP_DIR/data/source.list
;;
esac
done
}
get_mode_name() {
case "$1" in
0)
echo "不过滤"
;;
1)
echo "http模式"
;;
2)
echo "http + https"
;;
3)
echo "full port"
;;
esac
}
get_jump_mode() {
case "$1" in
0)
echo "-j"
;;
*)
echo "-g"
;;
esac
}
get_action_chain() {
case "$1" in
0)
echo "RETURN"
;;
1)
echo "KP_HTTP"
;;
2)
echo "KP_HTTPS"
;;
3)
echo "KP_ALL_PORT"
;;
esac
}
factor() {
if [ -z "$1" ] || [ -z "$2" ]; then
echo ""
else
echo "$2 $1"
fi
}
load_nat() {
echo_date 加载nat规则
#----------------------BASIC RULES---------------------
echo_date 写入iptables规则到nat表中...
# 创建KOOLPROXY nat rule
iptables -t nat -N KOOLPROXY
# 局域网地址不走KP
iptables -t nat -A KOOLPROXY -m set --match-set white_kp_list dst -j RETURN
# 生成对应CHAIN
iptables -t nat -N KP_HTTP
iptables -t nat -A KP_HTTP -p tcp -m multiport --dport 80 -j REDIRECT --to-ports 3000
iptables -t nat -N KP_HTTPS
iptables -t nat -A KP_HTTPS -p tcp -m multiport --dport 80,443 -j REDIRECT --to-ports 3000
iptables -t nat -N KP_ALL_PORT
#iptables -t nat -A KP_ALL_PORT -p tcp -j REDIRECT --to-ports 3000
# 端口控制
if [ "$koolproxy_port" == "1" ]; then
echo_date 开启端口控制:【$koolproxy_bp_port】
if [ -n "$koolproxy_bp_port" ]; then
iptables -t nat -A KP_ALL_PORT -p tcp -m multiport ! --dport $koolproxy_bp_port -m set --match-set kp_full_port dst -j REDIRECT --to-ports 3000
else
iptables -t nat -A KP_ALL_PORT -p tcp -m set --match-set kp_full_port dst -j REDIRECT --to-ports 3000
fi
else
iptables -t nat -A KP_ALL_PORT -p tcp -m set --match-set kp_full_port dst -j REDIRECT --to-ports 3000
fi
[ "$koolproxy_ipv6" == "1" ] && ip6tables -t nat -I PREROUTING -p tcp -j REDIRECT --to-ports 3000
# 局域网控制
lan_acess_control
# 剩余流量转发到缺省规则定义的链中
iptables -t nat -A KOOLPROXY -p tcp -j $(get_action_chain $koolproxy_acl_default)
# 重定所有流量到 KOOLPROXY
# 全局模式和视频模式
[ "$koolproxy_mode" == "1" ] || [ "$koolproxy_mode" == "3" ] && iptables -t nat -I PREROUTING 1 -p tcp -j KOOLPROXY
# ipset 黑名单模式
[ "$koolproxy_mode" == "2" ] && iptables -t nat -I PREROUTING 1 -p tcp -m set --match-set black_koolproxy dst -j KOOLPROXY
}
add_cru() {
time=$(config_t_get global time_update)
wirtecron=$(cat /etc/crontabs/root | grep "00 $time * * *" | grep kpupdate)
if [ -z "$wirtecron" ];then
sed -i '/kpupdate/d' /etc/crontabs/root >/dev/null 2>&1
echo "0 $time * * * /usr/share/koolproxy/kpupdate" >> /etc/crontabs/root
fi
}
del_cru() {
sed -i '/kpupdate/d' /etc/crontabs/root >/dev/null 2>&1
}
detect_cert(){
if [ ! -f $KP_DIR/data/private/ca.key.pem -o ! -f $KP_DIR/data/cert/ca.crt ]; then
echo_date 开始生成koolproxy证书用于https过滤
cd $KP_DIR/data && sh gen_ca.sh
fi
}
flush_nat() {
echo_date 移除nat规则...
cd $TMP_DIR
iptables -t nat -S | grep -E "KOOLPROXY|KP_HTTP|KP_HTTPS|KP_ALL_PORT" | sed 's/-A/iptables -t nat -D/g'|sed 1,4d > clean.sh && chmod 777 clean.sh && ./clean.sh
[ -f $TMP_DIR/clean.sh ] && rm -f $TMP_DIR/clean.sh
iptables -t nat -X KOOLPROXY > /dev/null 2>&1
iptables -t nat -X KP_HTTP > /dev/null 2>&1
iptables -t nat -X KP_HTTPS > /dev/null 2>&1
iptables -t nat -X KP_ALL_PORT > /dev/null 2>&1
ipset -F black_koolproxy > /dev/null 2>&1 && ipset -X black_koolproxy > /dev/null 2>&1
ipset -F white_kp_list > /dev/null 2>&1 && ipset -X white_kp_list > /dev/null 2>&1
ip6tables -t nat -D PREROUTING -p tcp -j REDIRECT --to-ports 3000 > /dev/null 2>&1
}
export_ipt_rules() {
FWI=$(uci get firewall.koolproxy.path 2>/dev/null)
[ -n "$FWI" ] || return 0
cat <<-CAT >>$FWI
iptables-save -c | grep -v -E "KOOLPROXY|KP" | iptables-restore -c
iptables-restore -n <<-EOF
$(iptables-save | grep -E "KOOLPROXY|KP|^\*|^COMMIT" |\
sed -e "s/^-A \(PREROUTING\)/-I \1 1/")
EOF
CAT
return $?
}
flush_ipt_rules() {
FWI=$(uci get firewall.koolproxy.path 2>/dev/null)
[ -n "$FWI" ] && echo '# firewall include file' >$FWI
return 0
}
pre_start() {
load_config
[ $? -ne 1 ] && return 0
iptables -t nat -C PREROUTING -p tcp -j KOOLPROXY 2>/dev/null && [ $? -eq 0 ] && return 0;
detect_cert
load_rules
load_user_rules
add_ipset_conf && restart_dnsmasq
creat_ipset
add_white_black_ip
load_nat
flush_ipt_rules && export_ipt_rules
add_cru
[ "$koolproxy_mode" == "1" ] && echo_date 选择【全局过滤模式】
[ "$koolproxy_mode" == "2" ] && echo_date 选择【IPSET过滤模式】
if [ "$koolproxy_mode" == "3" ]; then
echo_date 选择【视频过滤模式】
sed -i '1s/1/0/g;2s/1/0/g' $KP_DIR/data/source.list
fi
return 1
}
post_stop() {
load_config
[ $? -ne 1 ] && NO_RESTART_DNSMASQ=false
if [ $NO_RESTART_DNSMASQ ]; then
remove_ipset_conf
else
remove_ipset_conf && restart_dnsmasq
fi
flush_ipt_rules
flush_nat
del_cru
return 0
}
start_service() {
echo_date ================== koolproxy启用 ================
pre_start
[ $? -ne 1 ] && return 0
procd_open_instance
procd_set_param command /usr/share/koolproxy/koolproxy
procd_append_param command --mark
procd_append_param command --ttl 160
procd_append_param command --ipv6
procd_set_param respawn
procd_set_param file /etc/adblocklist/adblock
procd_set_param file /etc/adblocklist/adblockip
procd_set_param file /usr/share/koolproxy/data/user.txt
procd_set_param stdout 1
procd_set_param stderr 1
procd_close_instance
logger "koolproxy has started."
echo_date =================================================
}
stop_service() {
echo_date ====================== 关闭 =====================
post_stop
logger "koolproxy has stopped."
echo_date =================================================
}
reload_service() {
logger "koolproxy reload service."
NO_RESTART_DNSMASQ=true
stop
start
}
service_triggers() {
procd_add_reload_trigger "koolproxy"
}
restart() {
logger "koolproxy restart service."
NO_RESTART_DNSMASQ=true
stop
start
}
boot() {
local delay=$(config_t_get global startup_delay 0)
(sleep $delay && start >/dev/null 2>&1) &
return 0
}

View File

@ -1,17 +0,0 @@
#!/bin/sh
uci -q batch <<-EOF >/dev/null
delete ucitrack.@koolproxy[-1]
add ucitrack koolproxy
set ucitrack.@koolproxy[-1].init=koolproxy
commit ucitrack
delete firewall.koolproxy
set firewall.koolproxy=include
set firewall.koolproxy.type=script
set firewall.koolproxy.path=/var/etc/koolproxy.include
set firewall.koolproxy.reload=1
commit firewall
EOF
rm -f /tmp/luci-indexcache
exit 0

View File

@ -1,3 +0,0 @@
/usr/share/koolproxy/data/certs/ca.crt
/usr/share/koolproxy/data/private/base.key.pem
/usr/share/koolproxy/data/private/ca.key.pem

View File

@ -1,8 +0,0 @@
module("luci.controller.koolproxy",package.seeall)
function index()
if not nixio.fs.access("/etc/config/koolproxy")then
return
end
entry({"admin","services","koolproxy"},cbi("koolproxy/global"),_("KoolProxyR plus+"),1).dependent=true
entry({"admin","services","koolproxy","rss_rule"},cbi("koolproxy/rss_rule"), nil).leaf=true
end

View File

@ -1,392 +0,0 @@
-- Copyright 2018 Nick Peng (pymumu@gmail.com)
require ("nixio.fs")
require ("luci.http")
require ("luci.dispatcher")
require ("nixio.fs")
local fs = require "nixio.fs"
local sys = require "luci.sys"
local http = require "luci.http"
local o,t,e
local v=luci.sys.exec("/usr/share/koolproxy/koolproxy -v")
local s=luci.sys.exec("grep -v !x /usr/share/koolproxy/data/rules/easylistchina.txt | wc -l")
local u=luci.sys.exec("grep -v !x /usr/share/koolproxy/data/rules/fanboy.txt | wc -l")
local p=luci.sys.exec("grep -v !x /usr/share/koolproxy/data/rules/yhosts.txt | wc -l")
local h=luci.sys.exec("grep -v '^!' /usr/share/koolproxy/data/rules/user.txt | wc -l")
local i=luci.sys.exec("cat /usr/share/koolproxy/dnsmasq.adblock | wc -l")
if luci.sys.call("pidof koolproxy >/dev/null") == 0 then
status = translate("<strong><font color=\"green\">KoolProxyR plus+ 运行中</font></strong>")
else
status = translate("<strong><font color=\"red\">KoolProxyR plus+ 已停止</font></strong>")
end
o = Map("koolproxy", translate("KoolProxyR plus+ "), translate("KoolProxyR plus+是能识别adblock规则的免费开源软件,追求体验更快、更清洁的网络,屏蔽烦人的广告 <br /><font color=\"red\"><br /></font>"))
t = o:section(TypedSection, "global")
t.anonymous = true
t.description = translate(string.format("%s<br /><br />", status))
t:tab("base",translate("Basic Settings"))
e = t:taboption("base", Flag, "enabled", translate("Enable"))
e.default = 0
e.rmempty = false
e = t:taboption("base", DummyValue, "koolproxy_status", translate("程序版本"))
e.value = string.format("[ %s ]", v)
e = t:taboption("base", Value, "startup_delay", translate("Startup Delay"))
e:value(0, translate("Not enabled"))
for _, v in ipairs({5, 10, 15, 25, 40}) do
e:value(v, translate("%u seconds") %{v})
end
e.datatype = "uinteger"
e.default = 0
e.rmempty = false
e = t:taboption("base", ListValue, "koolproxy_mode", translate("Filter Mode"))
e.default = 1
e.rmempty = false
e:value(1, translate("全局模式"))
e:value(2, translate("IPSET模式"))
e:value(3, translate("视频模式"))
e = t:taboption("base", MultiValue, "koolproxy_rules", translate("内置规则"))
e.optional = false
e.rmempty = false
e:value("easylistchina.txt", translate("ABP规则"))
e:value("fanboy.txt", translate("fanboy规则"))
e:value("yhosts.txt", translate("yhosts规则"))
e:value("kp.dat", translate("视频规则"))
e:value("user.txt", translate("自定义规则"))
e = t:taboption("base", ListValue, "koolproxy_port", translate("端口控制"))
e.default = 0
e.rmempty = false
e:value(0, translate("关闭"))
e:value(1, translate("开启"))
e = t:taboption("base", ListValue, "koolproxy_ipv6", translate("IPv6支持"))
e.default = 0
e.rmempty = false
e:value(0, translate("关闭"))
e:value(1, translate("开启"))
e = t:taboption("base", Value, "koolproxy_bp_port", translate("例外端口"))
e:depends("koolproxy_port", "1")
e.rmempty = false
e.description = translate(string.format("<font color=\"red\"><strong>单端口:80&nbsp;&nbsp;多端口:80,443</strong></font>"))
e=t:taboption("base",Flag,"koolproxy_host",translate("开启Adblock Plus Hosts"))
e.default=0
e:depends("koolproxy_mode","2")
e = t:taboption("base", ListValue, "koolproxy_acl_default", translate("默认访问控制"))
e.default = 1
e.rmempty = false
e:value(0, translate("不过滤"))
e:value(1, translate("过滤HTTP协议"))
e:value(2, translate("过滤HTTP(S)协议"))
e:value(3, translate("全部过滤"))
e.description = translate(string.format("<font color=\"blue\"><strong>访问控制设置中其他主机的默认规则</strong></font>"))
e = t:taboption("base", ListValue, "time_update", translate("定时更新"))
for t = 0,23 do
e:value(t,translate("每天"..t..""))
end
e.default = 0
e.rmempty = false
e.description = translate(string.format("<font color=\"red\"><strong>定时更新订阅规则与Adblock Plus Hosts</strong></font>"))
e = t:taboption("base", Button, "restart", translate("规则状态"))
e.inputtitle = translate("更新规则")
e.inputstyle = "reload"
e.write = function()
luci.sys.call("/usr/share/koolproxy/kpupdate 2>&1 >/dev/null")
luci.http.redirect(luci.dispatcher.build_url("admin","services","koolproxy"))
end
e.description = translate(string.format("<font color=\"red\"><strong>更新订阅规则与Adblock Plus Hosts</strong></font><br /><font color=\"green\">ABP规则: %s条<br />fanboy规则: %s条<br />yhosts规则: %s条<br />自定义规则: %s条<br />Host: %s条</font><br />", s, u, p, h, i))
t:tab("cert",translate("Certificate Management"))
e=t:taboption("cert",DummyValue,"c1status",translate("<div align=\"left\">Certificate Restore</div>"))
e=t:taboption("cert",FileUpload,"")
e.template="koolproxy/caupload"
e=t:taboption("cert",DummyValue,"",nil)
e.template="koolproxy/cadvalue"
if nixio.fs.access("/usr/share/koolproxy/data/certs/ca.crt")then
e=t:taboption("cert",DummyValue,"c2status",translate("<div align=\"left\">Certificate Backup</div>"))
e=t:taboption("cert",Button,"certificate")
e.inputtitle=translate("Backup Download")
e.inputstyle="reload"
e.write=function()
luci.sys.call("/usr/share/koolproxy/camanagement backup 2>&1 >/dev/null")
Download()
luci.http.redirect(luci.dispatcher.build_url("admin","services","koolproxy"))
end
end
t:tab("white_weblist",translate("网站白名单设置"))
local i = "/etc/adblocklist/adbypass"
e = t:taboption("white_weblist", TextValue, "adbypass_domain")
e.description = translate("这些已经加入的网站将不会使用过滤器。请输入网站的域名每行只能输入一个网站域名。例如google.com。")
e.rows = 28
e.wrap = "off"
e.rmempty = false
function e.cfgvalue()
return fs.readfile(i) or ""
end
function e.write(self, section, value)
if value then
value = value:gsub("\r\n", "\n")
else
value = ""
end
fs.writefile("/tmp/adbypass", value)
if (luci.sys.call("cmp -s /tmp/adbypass /etc/adblocklist/adbypass") == 1) then
fs.writefile(i, value)
end
fs.remove("/tmp/adbypass")
end
t:tab("weblist",translate("Set Backlist Of Websites"))
local i = "/etc/adblocklist/adblock"
e = t:taboption("weblist", TextValue, "adblock_domain")
e.description = translate("加入的网址将走广告过滤端口。只针对黑名单模式。只能输入WEB地址google.com每个地址一行。")
e.rows = 28
e.wrap = "off"
e.rmempty = false
function e.cfgvalue()
return fs.readfile(i) or ""
end
function e.write(self, section, value)
if value then
value = value:gsub("\r\n", "\n")
else
value = ""
end
fs.writefile("/tmp/adblock", value)
if (luci.sys.call("cmp -s /tmp/adblock /etc/adblocklist/adblock") == 1) then
fs.writefile(i, value)
end
fs.remove("/tmp/adblock")
end
t:tab("white_iplist",translate("IP白名单设置"))
local i = "/etc/adblocklist/adbypassip"
e = t:taboption("white_iplist", TextValue, "adbypass_ip")
e.description = translate("这些已加入的ip地址将使用代理但只有GFW型号。请输入ip地址或ip地址段每行只能输入一个ip地址。例如112.123.134.145 / 24或112.123.134.145。")
e.rows = 28
e.wrap = "off"
e.rmempty = false
function e.cfgvalue()
return fs.readfile(i) or ""
end
function e.write(self, section, value)
if value then
value = value:gsub("\r\n", "\n")
else
value = ""
end
fs.writefile("/tmp/adbypassip", value)
if (luci.sys.call("cmp -s /tmp/adbypassip /etc/adblocklist/adbypassip") == 1) then
fs.writefile(i, value)
end
fs.remove("/tmp/adbypassip")
end
t:tab("iplist",translate("IP黑名单设置"))
local i = "/etc/adblocklist/adblockip"
e = t:taboption("iplist", TextValue, "adblock_ip")
e.description = translate("这些已经加入的ip地址不会使用filter.Please输入ip地址或ip地址段每行只能输入一个ip地址。例如112.123.134.145 / 24或112.123.134.145。")
e.rows = 28
e.wrap = "off"
e.rmempty = false
function e.cfgvalue()
return fs.readfile(i) or ""
end
function e.write(self, section, value)
if value then
value = value:gsub("\r\n", "\n")
else
value = ""
end
fs.writefile("/tmp/adblockip", value)
if (luci.sys.call("cmp -s /tmp/adblockip /etc/adblocklist/adblockip") == 1) then
fs.writefile(i, value)
end
fs.remove("/tmp/adblockip")
end
t:tab("customlist", translate("Set Backlist Of custom"))
local i = "/usr/share/koolproxy/data/user.txt"
e = t:taboption("customlist", TextValue, "user_rule")
e.description = translate("Enter your custom rules, each row.")
e.rows = 28
e.wrap = "off"
e.rmempty = false
function e.cfgvalue()
return fs.readfile(i) or ""
end
function e.write(self, section, value)
if value then
value = value:gsub("\r\n", "\n")
else
value = ""
end
fs.writefile("/tmp/user.txt", value)
if (luci.sys.call("cmp -s /tmp/user.txt /usr/share/koolproxy/data/user.txt") == 1) then
fs.writefile(i, value)
end
fs.remove("/tmp/user.txt")
end
t:tab("logs",translate("View the logs"))
local i = "/var/log/koolproxy.log"
e = t:taboption("logs", TextValue, "kpupdate_log")
e.description = translate("Koolproxy Logs")
e.rows = 28
e.wrap = "off"
e.rmempty = false
function e.cfgvalue()
return fs.readfile(i) or ""
end
function e.write(self, section, value)
end
t=o:section(TypedSection,"acl_rule",translate("KoolProxyR 访问控制"),
translate("ACLs is a tools which used to designate specific IP filter mode,The MAC addresses added to the list will be filtered using https"))
t.template="cbi/tblsection"
t.sortable=true
t.anonymous=true
t.addremove=true
e=t:option(Value,"remarks",translate("Client Remarks"))
e.width="30%"
e.rmempty=true
e=t:option(Value,"ipaddr",translate("IP Address"))
e.width="20%"
e.datatype="ip4addr"
luci.ip.neighbors({family = 4}, function(neighbor)
if neighbor.reachable then
e:value(neighbor.dest:string(), "%s (%s)" %{neighbor.dest:string(), neighbor.mac})
end
end)
e=t:option(Value,"mac",translate("MAC Address"))
e.width="20%"
e.rmempty=true
e.datatype="macaddr"
luci.ip.neighbors({family = 4}, function(neighbor)
if neighbor.reachable then
e:value(neighbor.mac, "%s (%s)" %{neighbor.mac, neighbor.dest:string()})
end
end)
e=t:option(ListValue,"proxy_mode",translate("访问控制"))
e.width="20%"
e.default=1
e.rmempty=false
e:value(0,translate("不过滤"))
e:value(1,translate("http only"))
e:value(2,translate("http + https"))
e:value(3,translate("full port"))
t=o:section(TypedSection,"rss_rule",translate("KoolProxyR 规则订阅"), translate("请确保订阅规则的兼容性"))
t.anonymous=true
t.addremove=true
t.sortable=true
t.template="cbi/tblsection"
t.extedit=luci.dispatcher.build_url("admin/services/koolproxy/rss_rule/%s")
t.create=function(...)
local sid=TypedSection.create(...)
if sid then
luci.http.redirect(t.extedit % sid)
return
end
end
e=t:option(Flag,"load",translate("启用"))
e.default=0
e.rmempty=false
e=t:option(DummyValue,"name",translate("规则名称"))
function e.cfgvalue(...)
return Value.cfgvalue(...) or translate("None")
end
e=t:option(DummyValue,"url",translate("规则地址"))
function e.cfgvalue(...)
return Value.cfgvalue(...) or translate("None")
end
e=t:option(DummyValue,"time",translate("更新时间"))
function Download()
local t,e
t=nixio.open("/tmp/upload/koolproxyca.tar.gz","r")
luci.http.header('Content-Disposition','attachment; filename="koolproxyCA.tar.gz"')
luci.http.prepare_content("application/octet-stream")
while true do
e=t:read(nixio.const.buffersize)
if(not e)or(#e==0)then
break
else
luci.http.write(e)
end
end
t:close()
luci.http.close()
end
local t,e
t="/tmp/upload/"
nixio.fs.mkdir(t)
luci.http.setfilehandler(
function(o,a,i)
if not e then
if not o then return end
e=nixio.open(t..o.file,"w")
if not e then
return
end
end
if a and e then
e:write(a)
end
if i and e then
e:close()
e=nil
luci.sys.call("/usr/share/koolproxy/camanagement restore 2>&1 >/dev/null")
end
end
)
return o

View File

@ -1,36 +0,0 @@
local m, s, o
local koolproxy = "koolproxy"
local sid = arg[1]
m = Map(koolproxy, "%s - %s" %{translate("koolproxy"), translate("编辑规则")})
m.redirect = luci.dispatcher.build_url("admin/services/koolproxy")
if not arg[1] or m.uci:get(koolproxy, sid) ~= "rss_rule" then
luci.http.redirect(m.redirect)
return
end
-- [[ Edit Rule ]]--
s = m:section(NamedSection, sid, "rss_rule")
s.anonymous = true
s.addremove = true
o=s:option(Flag,"load",translate("启用"))
o.default=0
o.rmempty=false
o=s:option(Value,"name",translate("规则描述"))
o.rmempty=true
o=s:option(Value,"url",translate("规则地址"))
o.rmempty=false
o.placeholder="[https|http|ftp]://[Hostname]/[File]"
function o.validate(self, value)
if not value then
return nil
else
return value
end
end
return m

View File

@ -1,8 +0,0 @@
<%+cbi/valueheader%>
<span style="color: green">
<%
local val = self:cfgvalue(section) or self.default or ""
write(pcdata(val))
%>
</span>
<%+cbi/valuefooter%>

View File

@ -1,5 +0,0 @@
<%+cbi/valueheader%>
<label class="cbi-value" style="display:inline-block; width: 400px" for="ulfile"><font color="red"><%:Upload backup file,The file name must be koolproxyCA.tar.gz%></font></label><br />
<input class="cbi-input-file" style="width: 400px" type="file" id="ulfile" name="ulfile" />
<input type="submit" class="cbi-button cbi-input-apply" name="upload" value="<%:Upload Restore%>" />
<%+cbi/valuefooter%>

View File

@ -1,3 +0,0 @@
<%+cbi/valueheader%>
<span class="koolproxy_status"><%=pcdata(self:cfgvalue(section) or self.default or "")%></span>
<%+cbi/valuefooter%>

View File

@ -1,16 +0,0 @@
<%#
Copyright 2016 Chen RuiWei <crwbak@gmail.com>
Licensed to the public under the Apache License 2.0.
-%>
<% include("cbi/map") %>
<script type="text/javascript">//<![CDATA[
XHR.poll(2, '<%=luci.dispatcher.build_url("admin", "services", "koolproxy", "status")%>', null,
function(x, result)
{
var status = document.getElementsByClassName('koolproxy_status');
status[0].innerHTML = result.koolproxy?'<b><font color=green><%=translate("RUNNING")%></font></b>':'<b><font color=red><%=translate("NOT RUNNING")%></font></b>';
}
);
//]]>
</script>

View File

@ -1,23 +0,0 @@
#!/bin/sh
echo "$(date "+%F %T"): 正在下载adblockplus规则..."
wget-ssl --quiet --no-check-certificate https://easylist-downloads.adblockplus.org/easylistchina+easylist.txt -O /tmp/adlist.txt
if [ "$?" == "0" ]; then
grep ^\|\|[^\*]*\^$ /tmp/adlist.txt | sed -e 's:||:address\=\/:' -e 's:\^:/0\.0\.0\.0:' > /tmp/dnsmasq.adblock
rm -f /tmp/adlist.txt
diff /tmp/dnsmasq.adblock /usr/share/koolproxy/dnsmasq.adblock >/dev/null
[ $? = 0 ] && echo "$(date "+%F %T"): adblockplus本地规则和服务器规则相同无需更新!" && rm -f /tmp/dnsmasq.adblock && return 1
echo "$(date "+%F %T"): 检测到adblockplus规则有更新开始转换规则"
sed -i '/youku/d' /tmp/dnsmasq.adblock >/dev/null 2>&1
sed -i '/[1-9]\{1,3\}\.[1-9]\{1,3\}\.[1-9]\{1,3\}\.[1-9]\{1,3\}/d' /tmp/dnsmasq.adblock >/dev/null 2>&1
mv /tmp/dnsmasq.adblock /usr/share/koolproxy/dnsmasq.adblock
echo "$(date "+%F %T"): adblockplus规则转换完成应用新规则。"
echo ""
echo "$(date "+%F %T"): 重启dnsmasq进程"
/etc/init.d/dnsmasq restart > /dev/null 2>&1
return 0
else
echo "$(date "+%F %T"): 获取在线版本时出现错误! "
[ -f /tmp/adlist.txt ] && rm -f /tmp/adlist.txt
return 1
fi

View File

@ -1,66 +0,0 @@
#!/bin/sh
kpfolder="/usr/share/koolproxy/data"
kplogfile="/var/log/koolproxy.log"
readyfolder="/tmp/upload/koolproxy"
backup() {
if [ ! -f $kpfolder/private/ca.key.pem ]; then
echo "未找到ca.key.pem请先运行Koolproxy一次" > $kplogfile
exit 1
fi
if [ ! -f $kpfolder/private/base.key.pem ]; then
echo "未找到base.key.pem请先运行Koolproxy一次" > $kplogfile
exit 1
fi
if [ ! -f $kpfolder/certs/ca.crt ]; then
echo "未找到ca.crt请先运行Koolproxy一次" > $kplogfile
exit 1
fi
mkdir -p /tmp/upload
cd $kpfolder
tar czf /tmp/upload/koolproxyca.tar.gz private/ca.key.pem private/base.key.pem certs/ca.crt
[ -f /tmp/upload/koolproxyca.tar.gz ] && echo "证书备份已成功生成。" > $kplogfile
}
restore() {
if [ ! -f /tmp/upload/koolproxyCA.tar.gz ]; then
echo "未找到备份文件文件名必须为koolproxyCA.tar.gz或已损坏请检查备份文件" >> $kplogfile
else
mkdir -p $readyfolder
cd $readyfolder
tar xzf /tmp/upload/koolproxyCA.tar.gz
fi
if [ ! -f $readyfolder/private/ca.key.pem ]; then
echo "未找到ca.key.pem,备份文件不正确或已损坏,请检查备份文件!" > $kplogfile
exit 1
fi
if [ ! -f $readyfolder/private/base.key.pem ]; then
echo "未找到base.key.pem备份文件不正确或已损坏请检查备份文件" > $kplogfile
exit 1
fi
if [ ! -f $readyfolder/certs/ca.crt ]; then
echo "未找到ca.crt备份文件不正确或已损坏请检查备份文件" > $kplogfile
exit 1
fi
mv -f $readyfolder/private/ca.key.pem $kpfolder/private/ca.key.pem
mv -f $readyfolder/private/base.key.pem $kpfolder/private/base.key.pem
mv -f $readyfolder/certs/ca.crt $kpfolder/certs/ca.crt
rm -rf $readyfolder
rm -f /tmp/upload/koolproxyCA.tar.gz
echo "证书成功还原重启Koolproxy。" > $kplogfile
/etc/init.d/koolproxy restart
}
case "$*" in
"backup")
backup
;;
"restore")
restore
;;
"help")
echo "use backup or restore"
;;
esac

View File

@ -1,29 +0,0 @@
#!/bin/sh
alias echo_date='echo $(date +%Y年%m月%d日\ %X):'
if [ ! -f openssl.cnf ]; then
echo_date "Cannot found openssl.cnf"
exit 1
fi
if [ -f /usr/share/koolproxy/data/private/ca.key.pem ]; then
echo_date "已经有证书了!"
else
echo_date "生成证书中..."
#step 1, root ca
mkdir -p certs private
rm -f serial private/ca.key.pem
chmod 700 private
echo 1000 > serial
openssl genrsa -aes256 -passout pass:koolshare -out private/ca.key.pem 2048
chmod 400 private/ca.key.pem
openssl req -config openssl.cnf -passin pass:koolshare \
-subj "/C=CN/ST=Beijing/L=KP/O=KoolProxy inc/CN=koolproxy.com" \
-key private/ca.key.pem \
-new -x509 -days 7300 -sha256 -extensions v3_ca \
-out certs/ca.crt
#step 2, domain rsa key
openssl genrsa -aes256 -passout pass:koolshare -out private/base.key.pem 2048
echo_date "证书生成完毕..."
fi

View File

@ -1,132 +0,0 @@
# OpenSSL root CA configuration file.
# Copy to `/root/ca/openssl.cnf`.
[ ca ]
# `man ca`
default_ca = CA_default
[ CA_default ]
# Directory and file locations.
dir = ./ca
certs = $dir/certs
crl_dir = $dir/crl
new_certs_dir = $dir/newcerts
database = $dir/index.txt
serial = $dir/serial
RANDFILE = $dir/private/.rand
# The root key and root certificate.
private_key = $dir/private/ca.key.pem
certificate = $dir/certs/ca.cert.pem
# For certificate revocation lists.
crlnumber = $dir/crlnumber
crl = $dir/crl/ca.crl.pem
crl_extensions = crl_ext
default_crl_days = 30
# SHA-1 is deprecated, so use SHA-2 instead.
default_md = sha256
name_opt = ca_default
cert_opt = ca_default
default_days = 375
preserve = no
policy = policy_strict
[ policy_strict ]
# The root CA should only sign intermediate certificates that match.
# See the POLICY FORMAT section of `man ca`.
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ policy_loose ]
# Allow the intermediate CA to sign a more diverse range of certificates.
# See the POLICY FORMAT section of the `ca` man page.
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
# Options for the `req` tool (`man req`).
default_bits = 2048
distinguished_name = req_distinguished_name
string_mask = utf8only
# SHA-1 is deprecated, so use SHA-2 instead.
default_md = sha256
# Extension to add when the -x509 option is used.
x509_extensions = v3_ca
[ req_distinguished_name ]
# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
countryName = Country Name (2 letter code)
stateOrProvinceName = State or Province Name
localityName = Locality Name
0.organizationName = Organization Name
organizationalUnitName = Organizational Unit Name
commonName = Common Name
emailAddress = Email Address
# Optionally, specify some defaults.
countryName_default = GB
stateOrProvinceName_default = England
localityName_default =
0.organizationName_default = Alice Ltd
organizationalUnitName_default =
emailAddress_default =
[ v3_ca ]
# Extensions for a typical CA (`man x509v3_config`).
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = critical, CA:true
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
[ v3_intermediate_ca ]
# Extensions for a typical intermediate CA (`man x509v3_config`).
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = critical, CA:true, pathlen:0
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
[ usr_cert ]
# Extensions for client certificates (`man x509v3_config`).
basicConstraints = CA:FALSE
nsCertType = client, email
nsComment = "OpenSSL Generated Client Certificate"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth, emailProtection
[ server_cert ]
# Extensions for server certificates (`man x509v3_config`).
basicConstraints = CA:FALSE
nsCertType = server
nsComment = "OpenSSL Generated Server Certificate"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
[ crl_ext ]
# Extension for CRLs (`man x509v3_config`).
authorityKeyIdentifier=keyid:always
[ ocsp ]
# Extension for OCSP signing certificates (`man ocsp`).
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
keyUsage = critical, digitalSignature
extendedKeyUsage = critical, OCSPSigning

File diff suppressed because one or more lines are too long

View File

@ -1,49 +0,0 @@
! ******************************* koolproxyR 自定义过滤语法简表 *******************************
! ------------------------ 规则基于adblock规则并进行了语法部分的扩展 ------------------------
! ABP规则请参考https://adblockplus.org/zh_CN/filters下面为大致摘要
! "!" 为行注释符,注释行以该符号起始作为一行注释语义,用于规则描述
! "@@" 为白名单符,白名单具有最高优先级,放行过滤的网站,例如:@@||taobao.com
! "@@@@" 超级白名单比白名单符拥有更高的优先级主要用于放行https网站例如:@@@@||https://taobao.com
! ------------------------------------------------------------------------------------------
! "*" 为字符通配符能够匹配0长度或任意长度的字符串该通配符不能与正则语法混用。
! "^" 为分隔符,可以是除了字母、数字或者 _ - . % 之外的任何字符。
! "~" 为排除标识符,通配符能过滤大多数广告,但同时存在误杀, 可以通过排除标识符修正误杀链接。
! 注:通配符仅在 url 规则中支持html 规则中不支持
! ------------------------------------------------------------------------------------------
! "|" 为管线符号,来表示地址的最前端或最末端
! "||" 为子域通配符,方便匹配主域名下的所有子域
! 用法及例子如下:(以下等号表示等价于)
! ||xx.com/ad = http://xx.com/ad* || http://*.xx.com/ad*
! ||http://xx.com/ad = http://xx.com/ad* || http://*.xx.com/ad*
! ||https://xx.com/ad = https://xx.com/ad* || https://*.xx.com/ad*
! |xx.com/ad = http://xx.com/ad*
! |http://xx.com/ad = http://xx.com/ad*
! |https://xx.com/ad = https://xx.com/ad*
! ad = http://*ad*
! http://ad = http://*ad*
! https://ad = 不支持,需要指定域名,如下例
! https://xx.com/ad = |https://xx.com/ad = https://xx.com/ad*
! [同时可以表示两个以及两个以上的域名]如下例子
! https://xx.ad.com 和 https://xxx.xx.ad.com = ||https://ad.com (注意! 由于https的原因使用要非常谨慎,不可以大范围使用)
! ------------------------------------------------------------------------------------------
! 兼容adblock规则的html规则语法例如
! fulldls.com,torrentzap.com##.tp_reccomend_banner
! 但是推荐写成以下标准写法:
! ||fulldls.com##.tp_reccomend_banner
! ||torrentzap.com##.tp_reccomend_banner
! 如果一个网站html规则有多条可以合并为这样
! ||torrentzap.com##.tp_reccomend_banner,.ad_top,[class="ad_right"]......
! ------------------------------------------------------------------------------------------
! 文本替换语法:$s@匹配内容@替换内容@
! 非标准端口过滤语法:||abc.com:8081/ad.html或者|http://adb.com:8081/
! 文本替换例子:|http://cdn.pcbeta.js.inimc.com/data/cache/common.js?$s@old@new@
! 重定向语法:$r@匹配内容@替换内容@
! 重定向例子:|http://koolshare.cn$r@http://koolshare.cn/*@http://www.qq.com@
! 注:文本替换语法及重定向语法中的匹配内容不仅支持通配符功能,而且额外支持以下功能
! 支持通配符 * 和 ? 表示单个字符
! 支持全正则匹配,/正则内容/ 表示应用正则匹配
! 正则替换:替换内容支持 $1 $2 这样的符号
! 普通替换:替换内容支持 * 这样的符号,表示把命中的内容复制到替换的内容。(类似 $1 $2但是 * 号会自动计算数字)
! ------------------------------------------------------------------------------------------
! 未来将逐步添加相关语法兼容adblock puls的更多语法敬请期待。
! ******************************************************************************************

View File

@ -1,5 +0,0 @@
0|yhosts.txt||yhosts规则
0|kp.dat||视频规则
0|user.txt||自定义规则
0|easylistchina.txt||ABP规则
0|fanboy.txt||Fanboy规则

View File

@ -1,49 +0,0 @@
! ******************************* koolproxyR 自定义过滤语法简表 *******************************
! ------------------------ 规则基于adblock规则并进行了语法部分的扩展 ------------------------
! ABP规则请参考https://adblockplus.org/zh_CN/filters下面为大致摘要
! "!" 为行注释符,注释行以该符号起始作为一行注释语义,用于规则描述
! "@@" 为白名单符,白名单具有最高优先级,放行过滤的网站,例如:@@||taobao.com
! "@@@@" 超级白名单比白名单符拥有更高的优先级主要用于放行https网站例如:@@@@||https://taobao.com
! ------------------------------------------------------------------------------------------
! "*" 为字符通配符能够匹配0长度或任意长度的字符串该通配符不能与正则语法混用。
! "^" 为分隔符,可以是除了字母、数字或者 _ - . % 之外的任何字符。
! "~" 为排除标识符,通配符能过滤大多数广告,但同时存在误杀, 可以通过排除标识符修正误杀链接。
! 注:通配符仅在 url 规则中支持html 规则中不支持
! ------------------------------------------------------------------------------------------
! "|" 为管线符号,来表示地址的最前端或最末端
! "||" 为子域通配符,方便匹配主域名下的所有子域
! 用法及例子如下:(以下等号表示等价于)
! ||xx.com/ad = http://xx.com/ad* || http://*.xx.com/ad*
! ||http://xx.com/ad = http://xx.com/ad* || http://*.xx.com/ad*
! ||https://xx.com/ad = https://xx.com/ad* || https://*.xx.com/ad*
! |xx.com/ad = http://xx.com/ad*
! |http://xx.com/ad = http://xx.com/ad*
! |https://xx.com/ad = https://xx.com/ad*
! ad = http://*ad*
! http://ad = http://*ad*
! https://ad = 不支持,需要指定域名,如下例
! https://xx.com/ad = |https://xx.com/ad = https://xx.com/ad*
! [同时可以表示两个以及两个以上的域名]如下例子
! https://xx.ad.com 和 https://xxx.xx.ad.com = ||https://ad.com (注意! 由于https的原因使用要非常谨慎,不可以大范围使用)
! ------------------------------------------------------------------------------------------
! 兼容adblock规则的html规则语法例如
! fulldls.com,torrentzap.com##.tp_reccomend_banner
! 但是推荐写成以下标准写法:
! ||fulldls.com##.tp_reccomend_banner
! ||torrentzap.com##.tp_reccomend_banner
! 如果一个网站html规则有多条可以合并为这样
! ||torrentzap.com##.tp_reccomend_banner,.ad_top,[class="ad_right"]......
! ------------------------------------------------------------------------------------------
! 文本替换语法:$s@匹配内容@替换内容@
! 非标准端口过滤语法:||abc.com:8081/ad.html或者|http://adb.com:8081/
! 文本替换例子:|http://cdn.pcbeta.js.inimc.com/data/cache/common.js?$s@old@new@
! 重定向语法:$r@匹配内容@替换内容@
! 重定向例子:|http://koolshare.cn$r@http://koolshare.cn/*@http://www.qq.com@
! 注:文本替换语法及重定向语法中的匹配内容不仅支持通配符功能,而且额外支持以下功能
! 支持通配符 * 和 ? 表示单个字符
! 支持全正则匹配,/正则内容/ 表示应用正则匹配
! 正则替换:替换内容支持 $1 $2 这样的符号
! 普通替换:替换内容支持 * 这样的符号,表示把命中的内容复制到替换的内容。(类似 $1 $2但是 * 号会自动计算数字)
! ------------------------------------------------------------------------------------------
! 未来将逐步添加相关语法兼容adblock puls的更多语法敬请期待。
! ******************************************************************************************

File diff suppressed because it is too large Load Diff

View File

@ -1,602 +0,0 @@
#!/bin/sh
# set -x
. /lib/functions.sh
CONFIG=koolproxy
KP_DIR=/usr/share/koolproxy
TMP_DIR=/tmp/koolproxy
LOGFILE="/var/log/koolproxy.log"
KSROOT=/usr/share
#source $KSROOT/scripts/base.sh
#eval `dbus export koolproxyR_`
alias echo_date='echo $(date +%Y年%m月%d日\ %X):'
url_cjx="https://shaoxia1991.coding.net/p/cjxlist/d/cjxlist/git/raw/master/cjx-annoyance.txt"
url_kp="https://raw.githubusercontent.com/houzi-/CDN/master/kp.dat"
url_kp_md5="https://raw.githubusercontent.com/houzi-/CDN/master/kp.dat.md5"
url_easylist="https://easylist-downloads.adblockplus.org/easylistchina.txt"
url_yhosts="https://shaoxia1991.coding.net/p/yhosts/d/yhosts/git/raw/master/hosts"
url_yhosts1="https://shaoxia1991.coding.net/p/yhosts/d/yhosts/git/raw/master/data/tvbox.txt"
kpr_our_rule="https://shaoxia1991.coding.net/p/koolproxyR_rule_list/d/koolproxyR_rule_list/git/raw/master/kpr_our_rule.txt"
url_fanboy="https://secure.fanboy.co.nz/fanboy-annoyance.txt"
#在订阅中的用户地址改为这个地址速度更快https://dev.tencent.com/u/shaoxia1991/p/koolproxyR_rule_list/git/raw/master/kpr_our_rule.txt
config_t_get() {
local index=0
[ -n "$4" ] && index=$4
local ret=$(uci get $CONFIG.@$1[$index].$2 2>/dev/null)
echo ${ret:=$3}
}
limit_log() {
local log=$1
[ ! -f "$log" ] && return
local sc=100
[ -n "$2" ] && sc=$2
local count=$(grep -c "" $log)
if [ $count -gt $sc ];then
let count=count-$sc
sed -i "1,$count d" $log
fi
}
init_env() {
rm -rf "$TMP_DIR"
mkdir -p "$TMP_DIR"
}
restart_koolproxy() {
/etc/init.d/koolproxy restart
}
__compare_file() {
local descript=$1
local localPath=$2
local remoteUrl=$3
echo $(date "+%F %T"): ------------------- $descript更新 ------------------- >>$LOGFILE
local filename=`basename $localPath`
local remotePath="$TMP_DIR/$filename"
wget-ssl -qT5 --no-check-certificate "$remoteUrl" -O "$remotePath"
if [ "$?" == "0" ]; then
if [ -f "$localPath" ]; then
localMD5=`md5sum "$localPath" | awk '{print $1}'`
localNum=`cat "$localPath" | grep -v '^!' | wc -l`
else
localMD5="文件不存在"
localNum="0"
fi
remoteMD5=`md5sum "$remotePath" | awk '{print $1}'`
remoteNum=`cat "$remotePath" | grep -v '^!' | wc -l`
echo $(date "+%F %T"): 本地版本MD5$localMD5 >>$LOGFILE
echo $(date "+%F %T"): 本地版本条数:$localNum >>$LOGFILE
echo $(date "+%F %T"): 在线版本MD5$remoteMD5 >>$LOGFILE
echo $(date "+%F %T"): 在线版本条数:$remoteNum >>$LOGFILE
if [ "$localMD5" != "$remoteMD5" ];then
echo $(date "+%F %T"): 检测到更新,开始更新规则! >>$LOGFILE
mv -f "$remotePath" "$localPath"
echo $(date "+%F %T"): 更新成功! >>$LOGFILE
return 0
fi
else
echo "$(date "+%F %T"): 获取在线版本时出现错误! " >>$LOGFILE
fi
return 1
}
__update_rule() {
local name
local file
local exrule
local enable
config_get name $1 name
config_get file $1 file
config_get exrule $1 url
config_get enable $1 load
if [ -n "$file" ] && [ -n "$exrule" ]; then
if [ $enable -ne 1 ]; then
return
fi
__compare_file "$name" "$KP_DIR/data/rules/$file" "$exrule"
if [ "$?" == "0" ]; then
uci set koolproxy.$1.time="`date +%Y-%m-%d" "%H:%M`"
uci commit koolproxy
RESTART_KOOLPROXY=true
fi
cat $KP_DIR/data/rules/$file >>$KP_DIR/data/rules/user.txt
fi
}
kpr_update_rules() {
echo $(date "+%F %T"): ------------------- 内置规则更新 ------------------- >>$LOGFILE
echo_date =======================================================================================================
echo_date 开始更新koolproxyR的规则请等待...
# 赋予文件夹权限
chmod -R 777 $KSROOT/koolproxy/data/rules
# update 中国简易列表 2.0
if [[ "1" == "1" ]]; then
echo_date " ---------------------------------------------------------------------------------------"
# wget --no-check-certificate --timeout=8 -qO - $url_easylist > /tmp/easylistchina.txt
for i in {1..5}; do
wget -4 -a /tmp/upload/kpr_log.txt -O /tmp/easylistchina.txt $url_easylist
easylistchina_rule_nu_local=`grep -E -v "^!" /tmp/easylistchina.txt | wc -l`
if [[ "$easylistchina_rule_nu_local" -gt 5000 ]]; then
break
else
echo_date easylistchina规则文件下载失败
koolproxyR_basic_easylist_failed=1
fi
done
for i in {1..5}; do
wget -4 -a /tmp/upload/kpr_log.txt -O /tmp/cjx-annoyance.txt $url_cjx
cjx_rule_nu_local=`grep -E -v "^!" /tmp/cjx-annoyance.txt | wc -l`
if [[ "$cjx_rule_nu_local" -gt 500 ]]; then
break
else
echo_date cjx-annoyance规则文件下载失败
koolproxyR_basic_easylist_failed=1
fi
done
#for i in {1..5}; do
# wget -4 -a /tmp/upload/kpr_log.txt -O $KSROOT/koolproxy/data/rules/kpr_our_rule.txt $kpr_our_rule
# kpr_our_rule_nu_local=`grep -E -v "^!" $KSROOT/koolproxy/data/rules/kpr_our_rule.txt | wc -l`
# if [[ "$kpr_our_rule_nu_local" -gt 500 ]]; then
# break
# else
# echo_date kpr_our_rule规则文件下载失败
# koolproxyR_basic_easylist_failed=1
# fi
#done
# expr 进行运算,将统计到的规则条数相加 如果条数大于 10000 条就说明下载完毕
#easylistchina_rule_local=`expr $kpr_our_rule_nu_local + $cjx_rule_nu_local + $easylistchina_rule_nu_local`
easylistchina_rule_local=`expr $cjx_rule_nu_local + $easylistchina_rule_nu_local`
cat /tmp/cjx-annoyance.txt >> /tmp/easylistchina.txt
rm /tmp/cjx-annoyance.txt
easylist_rules_local=`cat $KSROOT/koolproxy/data/rules/easylistchina.txt | sed -n '3p'|awk '{print $3,$4}'`
easylist_rules_local1=`cat /tmp/easylistchina.txt | sed -n '3p'|awk '{print $3,$4}'`
echo_date KPR主规则的本地版本号 $easylist_rules_local
echo_date KPR主规则的在线版本号 $easylist_rules_local1
if [[ "$koolproxyR_basic_easylist_failed" != "1" ]]; then
if [[ "$easylistchina_rule_local" -gt 10000 ]]; then
if [[ "$easylist_rules_local" != "$easylist_rules_local1" ]]; then
echo_date 检测到 KPR主规则 已更新,现在开始更新...
echo_date 将临时的KPR主规则文件移动到指定位置
mv /tmp/easylistchina.txt $KSROOT/koolproxy/data/rules/easylistchina.txt
koolproxyR_https_ChinaList=1
else
echo_date 检测到 KPR主规则本地版本号和在线版本号相同那还更新个毛啊!
fi
fi
else
echo_date KPR主规则文件下载失败
fi
else
echo_date 未打开 KPR主规则 的更新开关!
fi
# update 补充规则
if [[ "1" == "1" ]]; then
echo_date " ---------------------------------------------------------------------------------------"
for i in {1..5}; do
wget -4 -a /tmp/upload/kpr_log.txt -O /tmp/yhosts.txt $url_yhosts
wget -4 -a /tmp/upload/kpr_log.txt -O /tmp/tvbox.txt $url_yhosts1
cat /tmp/tvbox.txt >> /tmp/yhosts.txt
replenish_rules_local=`cat $KSROOT/koolproxy/data/rules/yhosts.txt | sed -n '2p' | cut -d "=" -f2`
replenish_rules_local1=`cat /tmp/yhosts.txt | sed -n '2p' | cut -d "=" -f2`
mobile_nu_local=`grep -E -v "^!" /tmp/yhosts.txt | wc -l`
echo_date 补充规则本地版本号: $replenish_rules_local
echo_date 补充规则在线版本号: $replenish_rules_local1
if [[ "$mobile_nu_local" -gt 5000 ]]; then
if [[ "$replenish_rules_local" != "$replenish_rules_local1" ]]; then
echo_date 将临时文件覆盖到原始 补充规则 文件
mv /tmp/yhosts.txt $KSROOT/koolproxy/data/rules/yhosts.txt
koolproxyR_https_mobile=1
break
else
echo_date 检测到 补充规则 本地版本号和在线版本号相同,那还更新个毛啊!
fi
else
echo_date 补充规则文件下载失败!
fi
done
else
echo_date 未打开 补充规则 的更新开关!
fi
# update 视频规则
if [[ "1" == "1" ]] || [[ -n "$1" ]]; then
echo_date " ---------------------------------------------------------------------------------------"
for i in {1..5}; do
kpr_video_md5=`md5sum $KSROOT/koolproxy/data/rules/kp.dat | awk '{print $1}'`
wget -4 -a /tmp/upload/kpr_log.txt -O /tmp/kp.dat.md5 $url_kp_md5
kpr_video_new_md5=`cat /tmp/kp.dat.md5 | sed -n '1p'`
echo_date 远程视频规则md5$kpr_video_new_md5
echo_date 您本地视频规则md5$kpr_video_md5
if [[ "$kpr_video_md5" != "$kpr_video_new_md5" ]]; then
echo_date 检测到新版视频规则.开始更新..........
wget -4 -a /tmp/upload/kpr_log.txt -O /tmp/kp.dat $url_kp
kpr_video_download_md5=`md5sum /tmp/kp.dat | awk '{print $1}'`
echo_date 您下载的视频规则md5$kpr_video_download_md5
if [[ "$kpr_video_download_md5" == "$kpr_video_new_md5" ]]; then
echo_date 将临时文件覆盖到原始 视频规则 文件
mv /tmp/kp.dat $KSROOT/koolproxy/data/rules/kp.dat
mv /tmp/kp.dat.md5 $KSROOT/koolproxy/data/rules/kp.dat.md5
break
else
echo_date 视频规则md5校验不通过...
fi
else
echo_date 检测到 视频规则 本地版本号和在线版本号相同,那还更新个毛啊!
fi
done
else
echo_date 未打开 视频规则 的更新开关!
fi
# update fanboy规则
if [[ "1" == "1" ]]; then
echo_date " ---------------------------------------------------------------------------------------"
for i in {1..5}; do
wget -4 -a /tmp/upload/kpr_log.txt -O /tmp/fanboy-annoyance.txt $url_fanboy
# wget --no-check-certificate --timeout=8 -qO - $url_fanboy > /tmp/fanboy-annoyance.txt
# 检测是否开启fanboy 全规则版本
if [[ "$koolproxyR_fanboy_all_rules" == "1" ]]; then
fanboy_rules_local=`cat $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt | sed -n '4p'|awk '{print $3,$4}'`
fanboy_rules_local1=`cat /tmp/fanboy-annoyance.txt | sed -n '4p'|awk '{print $3,$4}'`
else
fanboy_rules_local=`cat $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt | sed -n '3p'|awk '{print $3,$4}'`
fanboy_rules_local1=`cat /tmp/fanboy-annoyance.txt | sed -n '3p'|awk '{print $3,$4}'`
fi
fanboy_nu_local=`grep -E -v "^!" /tmp/fanboy-annoyance.txt | wc -l`
echo_date fanboy规则本地版本号 $fanboy_rules_local
echo_date fanboy规则在线版本号 $fanboy_rules_local1
if [[ "$fanboy_nu_local" -gt 15000 ]]; then
if [[ "$fanboy_rules_local" != "$fanboy_rules_local1" ]]; then
echo_date 检测到新版本 fanboy规则 列表,开始更新...
echo_date 将临时文件覆盖到原始 fanboy规则 文件
mv /tmp/fanboy-annoyance.txt $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
koolproxyR_https_fanboy=1
break
else
echo_date 检测到 fanboy规则 本地版本号和在线版本号相同,那还更新个毛啊!
fi
else
echo_date fanboy规则 文件下载失败!
fi
done
else
echo_date 未打开 fanboy规则 的更新开关!
fi
rm -rf /tmp/fanboy-annoyance.txt
rm -rf /tmp/yhosts.txt
rm -rf /tmp/easylistchina.txt
if [[ "$koolproxyR_https_fanboy" == "1" ]]; then
echo_date 正在优化 fanboy规则。。。。。
# 删除导致KP崩溃的规则
# 听说高手?都打的很多、这样才能体现技术
sed -i '/^\$/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
sed -i '/\*\$/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
# 给三大视频网站放行 由kp.dat负责
sed -i '/youku.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
sed -i '/iqiyi.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
sed -i '/qq.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
sed -i '/g.alicdn.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
sed -i '/tudou.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
sed -i '/gtimg.cn/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
# 给知乎放行
sed -i '/zhihu.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
# 将规则转化成kp能识别的https
cat $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt | grep "^||" | sed 's#^||#||https://#g' >> $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
# 移出https不支持规则domain=
sed -i 's/\(,domain=\).*//g' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
sed -i 's/\(\$domain=\).*//g' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
sed -i 's/\(domain=\).*//g' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
sed -i '/\^$/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
sed -i '/\^\*\.gif/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
sed -i '/\^\*\.jpg/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
cat $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt | grep "^||" | sed 's#^||#||http://#g' >> $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
cat $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt | grep -i '^[0-9a-z]'| grep -v '^http'| sed 's#^#https://#g' >> $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
cat $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt | grep -i '^[0-9a-z]'| grep -v '^http'| sed 's#^#http://#g' >> $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
cat $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt | grep -i '^[0-9a-z]'| grep -i '^http' >> $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
# 给github放行
sed -i '/github/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
# 给api.twitter.com的https放行
sed -i '/twitter.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
# 给facebook.com的https放行
sed -i '/facebook.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
sed -i '/fbcdn.net/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
# 给 instagram.com 放行
sed -i '/instagram.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
# 给 twitch.tv 放行
sed -i '/twitch.tv/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
# 删除可能导致卡顿的HTTPS规则
sed -i '/\.\*\//d' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
# 给国内三大电商平台放行
sed -i '/jd.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
sed -i '/taobao.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
sed -i '/tmall.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
# 删除不必要信息重新打包 15 表示从第15行开始 $表示结束
sed -i '15,$d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
# 合二归一
cat $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt >> $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
# 删除可能导致kpr卡死的神奇规则
sed -i '/https:\/\/\*/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
# 给 netflix.com 放行
sed -i '/netflix.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
# 给 tvbs.com 放行
sed -i '/tvbs.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
sed -i '/googletagmanager.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
# 给 microsoft.com 放行
sed -i '/microsoft.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
# 给apple的https放行
sed -i '/apple.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
sed -i '/mzstatic.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
# 终极 https 卡顿优化 grep -n 显示行号 awk -F 分割数据 sed -i "${del_rule}d" 需要""" 和{}引用变量
# 当 koolproxyR_del_rule 是1的时候就一直循环除非 del_rule 变量为空了。
koolproxyR_del_rule=1
while [ $koolproxyR_del_rule = 1 ];do
del_rule=`cat $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt | grep -n 'https://' | grep '\*' | grep -v '/\*'| grep -v '\^\*' | grep -v '\*\=' | grep -v '\$s\@' | grep -v '\$r\@'| awk -F":" '{print $1}' | sed -n '1p'`
if [[ "$del_rule" != "" ]]; then
sed -i "${del_rule}d" $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
else
koolproxyR_del_rule=0
fi
done
cp $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt $KSROOT/koolproxy/data/rules/fanboy.txt
else
echo_date 跳过优化 fanboy规则。。。。。
fi
if [[ "$koolproxyR_https_ChinaList" == "1" ]]; then
echo_date 正在优化 KPR主规则。。。。。
sed -i '/^\$/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
sed -i '/\*\$/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
# 给btbtt.替换过滤规则。
sed -i 's#btbtt.\*#\*btbtt.\*#g' $KSROOT/koolproxy/data/rules/easylistchina.txt
# 给手机百度图片放行
sed -i '/baidu.com\/it\/u/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
# # 给手机百度放行
# sed -i '/mbd.baidu.comd' $KSROOT/koolproxy/data/rules/easylistchina.txt
# 给知乎放行
sed -i '/zhihu.com/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
# 给apple的https放行
sed -i '/apple.com/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
sed -i '/mzstatic.com/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
# 将规则转化成kp能识别的https
cat $KSROOT/koolproxy/data/rules/easylistchina.txt | grep "^||" | sed 's#^||#||https://#g' >> $KSROOT/koolproxy/data/rules/easylistchina_https.txt
# 移出https不支持规则domain=
sed -i 's/\(,domain=\).*//g' $KSROOT/koolproxy/data/rules/easylistchina_https.txt
sed -i 's/\(\$domain=\).*//g' $KSROOT/koolproxy/data/rules/easylistchina_https.txt
sed -i 's/\(domain=\).*//g' $KSROOT/koolproxy/data/rules/easylistchina_https.txt
sed -i '/\^$/d' $KSROOT/koolproxy/data/rules/easylistchina_https.txt
sed -i '/\^\*\.gif/d' $KSROOT/koolproxy/data/rules/easylistchina_https.txt
sed -i '/\^\*\.jpg/d' $KSROOT/koolproxy/data/rules/easylistchina_https.txt
cat $KSROOT/koolproxy/data/rules/easylistchina.txt | grep "^||" | sed 's#^||#||http://#g' >> $KSROOT/koolproxy/data/rules/easylistchina_https.txt
cat $KSROOT/koolproxy/data/rules/easylistchina.txt | grep -i '^[0-9a-z]'| grep -v '^http'| sed 's#^#https://#g' >> $KSROOT/koolproxy/data/rules/easylistchina_https.txt
cat $KSROOT/koolproxy/data/rules/easylistchina.txt | grep -i '^[0-9a-z]'| grep -v '^http'| sed 's#^#http://#g' >> $KSROOT/koolproxy/data/rules/easylistchina_https.txt
cat $KSROOT/koolproxy/data/rules/easylistchina.txt | grep -i '^[0-9a-z]'| grep -i '^http' >> $KSROOT/koolproxy/data/rules/easylistchina_https.txt
# 给facebook.com的https放行
sed -i '/facebook.com/d' $KSROOT/koolproxy/data/rules/easylistchina_https.txt
sed -i '/fbcdn.net/d' $KSROOT/koolproxy/data/rules/easylistchina_https.txt
# 删除可能导致卡顿的HTTPS规则
sed -i '/\.\*\//d' $KSROOT/koolproxy/data/rules/easylistchina_https.txt
# 删除不必要信息重新打包 15 表示从第15行开始 $表示结束
sed -i '6,$d' $KSROOT/koolproxy/data/rules/easylistchina.txt
# 合二归一
cat $KSROOT/koolproxy/data/rules/easylistchina_https.txt >> $KSROOT/koolproxy/data/rules/easylistchina.txt
# 给三大视频网站放行 由kp.dat负责
sed -i '/youku.com/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
sed -i '/iqiyi.com/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
sed -i '/g.alicdn.com/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
sed -i '/tudou.com/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
sed -i '/gtimg.cn/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
# 给https://qq.com的html规则放行
sed -i '/qq.com/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
# 删除可能导致kpr卡死的神奇规则
sed -i '/https:\/\/\*/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
# 给国内三大电商平台放行
sed -i '/jd.com/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
sed -i '/taobao.com/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
sed -i '/tmall.com/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
# 给 netflix.com 放行
sed -i '/netflix.com/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
# 给 tvbs.com 放行
sed -i '/tvbs.com/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
sed -i '/googletagmanager.com/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
# 给 microsoft.com 放行
sed -i '/microsoft.com/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
# 终极 https 卡顿优化 grep -n 显示行号 awk -F 分割数据 sed -i "${del_rule}d" 需要""" 和{}引用变量
# 当 koolproxyR_del_rule 是1的时候就一直循环除非 del_rule 变量为空了。
koolproxyR_del_rule=1
while [ $koolproxyR_del_rule = 1 ];do
del_rule=`cat $KSROOT/koolproxy/data/rules/easylistchina.txt | grep -n 'https://' | grep '\*' | grep -v '/\*'| grep -v '\^\*' | grep -v '\*\=' | grep -v '\$s\@' | grep -v '\$r\@'| awk -F":" '{print $1}' | sed -n '1p'`
if [[ "$del_rule" != "" ]]; then
sed -i "${del_rule}d" $KSROOT/koolproxy/data/rules/easylistchina.txt
else
koolproxyR_del_rule=0
fi
done
#cat $KSROOT/koolproxy/data/rules/kpr_our_rule.txt >> $KSROOT/koolproxy/data/rules/easylistchina.txt
else
echo_date 跳过优化 KPR主规则。。。。。
fi
if [[ "$koolproxyR_https_mobile" == "1" ]]; then
# 删除不必要信息重新打包 0-11行 表示从第15行开始 $表示结束
# sed -i '1,11d' $KSROOT/koolproxy/data/rules/yhosts.txt
echo_date 正在优化 补充规则yhosts。。。。。
# 开始Kpr规则化处理
cat $KSROOT/koolproxy/data/rules/yhosts.txt > $KSROOT/koolproxy/data/rules/yhosts_https.txt
sed -i 's/^127.0.0.1\ /||https:\/\//g' $KSROOT/koolproxy/data/rules/yhosts_https.txt
cat $KSROOT/koolproxy/data/rules/yhosts.txt >> $KSROOT/koolproxy/data/rules/yhosts_https.txt
sed -i 's/^127.0.0.1\ /||http:\/\//g' $KSROOT/koolproxy/data/rules/yhosts_https.txt
# 处理tvbox.txt本身规则。
sed -i 's/^127.0.0.1\ /||/g' /tmp/tvbox.txt
# 合二归一
cat $KSROOT/koolproxy/data/rules/yhosts_https.txt > $KSROOT/koolproxy/data/rules/yhosts.txt
cat /tmp/tvbox.txt >> $KSROOT/koolproxy/data/rules/yhosts.txt
rm -rf /tmp/tvbox.txt
# 此处对yhosts进行单独处理
sed -i 's/^@/!/g' $KSROOT/koolproxy/data/rules/yhosts.txt
sed -i 's/^#/!/g' $KSROOT/koolproxy/data/rules/yhosts.txt
sed -i '/localhost/d' $KSROOT/koolproxy/data/rules/yhosts.txt
sed -i '/broadcasthost/d' $KSROOT/koolproxy/data/rules/yhosts.txt
sed -i '/broadcasthost/d' $KSROOT/koolproxy/data/rules/yhosts.txt
sed -i '/cn.bing.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
# 给三大视频网站放行 由kp.dat负责
sed -i '/youku.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
sed -i '/iqiyi.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
sed -i '/g.alicdn.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
sed -i '/tudou.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
sed -i '/gtimg.cn/d' $KSROOT/koolproxy/data/rules/yhosts.txt
# 给知乎放行
sed -i '/zhihu.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
# 给https://qq.com的html规则放行
sed -i '/qq.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
# 给github的https放行
sed -i '/github/d' $KSROOT/koolproxy/data/rules/yhosts.txt
# 给apple的https放行
sed -i '/apple.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
sed -i '/mzstatic.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
# 给api.twitter.com的https放行
sed -i '/twitter.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
# 给facebook.com的https放行
sed -i '/facebook.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
sed -i '/fbcdn.net/d' $KSROOT/koolproxy/data/rules/yhosts.txt
# 给 instagram.com 放行
sed -i '/instagram.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
# 删除可能导致kpr卡死的神奇规则
sed -i '/https:\/\/\*/d' $KSROOT/koolproxy/data/rules/yhosts.txt
# 给国内三大电商平台放行
sed -i '/jd.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
sed -i '/taobao.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
sed -i '/tmall.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
# 给 netflix.com 放行
sed -i '/netflix.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
# 给 tvbs.com 放行
sed -i '/tvbs.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
sed -i '/googletagmanager.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
# 给 microsoft.com 放行
sed -i '/microsoft.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
# 终极 https 卡顿优化 grep -n 显示行号 awk -F 分割数据 sed -i "${del_rule}d" 需要""" 和{}引用变量
# 当 koolproxyR_del_rule 是1的时候就一直循环除非 del_rule 变量为空了。
koolproxyR_del_rule=1
while [ $koolproxyR_del_rule = 1 ];do
del_rule=`cat $KSROOT/koolproxy/data/rules/yhosts.txt | grep -n 'https://' | grep '\*' | grep -v '/\*'| grep -v '\^\*' | grep -v '\*\=' | grep -v '\$s\@' | grep -v '\$r\@'| awk -F":" '{print $1}' | sed -n '1p'`
if [[ "$del_rule" != "" ]]; then
sed -i "${del_rule}d" $KSROOT/koolproxy/data/rules/yhosts.txt
else
koolproxyR_del_rule=0
fi
done
else
echo_date 跳过优化 补充规则yhosts。。。。。
fi
# 删除临时文件
rm -rf $KSROOT/koolproxy/data/rules/*_https.txt
#rm $KSROOT/koolproxy/data/rules/kpr_our_rule.txt
echo_date 所有规则更新并优化完毕!
echo_date =======================================================================================================
easylist_rules_local=`cat /usr/share/koolproxy/data/rules/easylistchina.txt | sed -n '3p'|awk '{print $3,$4}'`
fanboy_rules_local=`cat /usr/share/koolproxy/data/rules/fanboy.txt | sed -n '3p'|awk '{print $3,$4}'`
replenish_rules_local=`cat /usr/share/koolproxy/data/rules/yhosts.txt | sed -n '2p' | cut -d "=" -f2`
echo $(date "+%F %T"): -------------------easylist version $easylist_rules_local >>$LOGFILE
echo $(date "+%F %T"): -------------------fanboy version $fanboy_rules_local >>$LOGFILE
echo $(date "+%F %T"): -------------------yhosts version $replenish_rules_local >>$LOGFILE
echo $(date "+%F %T"): ------------------- 内置规则更新成功! ------------------- >>$LOGFILE
RESTART_KOOLPROXY=true
}
update_rss_rules() {
cp $KP_DIR/data/user.txt $KP_DIR/data/rules/user.txt
config_load $CONFIG
config_foreach __update_rule rss_rule
}
update_adb_host() {
/usr/sbin/adblockplus >>$LOGFILE 2>&1 &
if [ "$?" == "0" ]; then
RESTART_DNSMASQ=true
fi
}
# main process
init_env
limit_log $LOGFILE
#update_kpr_rules
kpr_update_rules
# update user rules
update_rss_rules
koolproxy_mode=$(config_t_get global koolproxy_mode 1)
koolproxy_host=$(config_t_get global koolproxy_host 0)
# update ADB Plus Host
if [ "$koolproxy_mode" == "2" ] && [ "$koolproxy_host" == "1" ];then
update_adb_host
fi
if [ $RESTART_KOOLPROXY ]; then
restart_koolproxy
echo $(date "+%F %T"): 重启koolproxy进程 >>$LOGFILE
echo >>$LOGFILE
fi
init_env

View File

@ -1,194 +0,0 @@
koolproxy插件/固件开发文档1.3
更新日期2017年7月7日koolproxy 3.6.1
================================================================================================
声明:
KoolProxy 是一个免费软件,著作权归属 KoolProxy.com用户可以非商业性地复制和使用 KoolProxy但禁止将 KoolProxy 用于商业用途。
KoolProxy 可以对 https 网络数据进行识别代理,使用 https 功能的用户需要自己提供相关证书,本程序提供的证书生成脚本仅供用户参考,证书的保密工作由用户自行负责。
使用本软件的风险由用户自行承担在适用法律允许的最大范围内对因使用本产品所产生的损害及风险包括但不限于直接或间接的个人损害、商业赢利的丧失、贸易中断、商业信息的丢失或任何其它经济损失KoolProxy.com 不承担任何责任。
================================================================================================
KoolProxy By Xiaobao & Crwnet v3.6.1
USAGE:
koolproxy [options] [arguments...]
OPTIONS:
-p value listen port, default value is 3000
-l value log level (0:DEBUG, 1:INFO, 2:AD, 3:WARNING, 4:ERROR), default value is ERROR
-c value thread count, default value is the number of cpus
-b value data path, default value is './data'
-d run as daemon mode
-v show version
-h show help
ADVANCED:
--cert generate ssl cert
--ipv6 enable ipv6, works for ipv6 nat mode
--video | -e video mode, load video rules only
--mark mark mode, set the socket mark(src ip) when connect to remote host. requires the CAP_NET_ADMIN capability
--ttl value ttl mode, set the socket ttl when connect to remote host. default value is 0 (disable)
================================================================================================
交流地址:
1 QQ群1 595300867
2 QQ群2 203726739
3 TG群 https://t.me/joinchat/AAAAAD-tO7GPvfOU131_vg
4 更新日志http://koolshare.cn/thread-64086-1-1.html
================================================================================================
#koolproxy部署文件目录参考1使用openssl生成证书
.
├── data
│   ├── gen_ca.sh #证书生成脚本
│   ├── koolproxy_ipset.conf #ipset名单
│   ├── openssl.cnf #证书生成所用配置文件
│   ├── rules #规则存放文件夹
│   │   ├── kp.dat #视频规则
│   │   ├── koolproxy.txt #静态规则
│   │   ├── daily.txt #每日规则
│   │   └── user.txt #自定义规则
│   └── version #插件版本号(merlin)
└── koolproxy #koolproxy二进制(为了保证二进制顺利更新,请保证目录可写)
1 证书生成使用命令 sh gen_ca.sh该脚本会调用系统内的openssl来生成证书运行成功后会自动创建data/private data/cert目录
私钥和公钥会分别存在data/private data/cert目录下使用http://110.110.110.110会下载路由器内的证书
------------------------------------------------------------------------------------------------
#koolproxy部署文件目录参考2使用koolproxy生成证书
.
└── koolproxy #koolproxy二进制(为了保证二进制顺利更新,请保证目录可写)
1 因为规则文件会由koolproxy自动下载,下载后会自动创建data/rules目录
2 使用koolproxy --cert命令可以生成证书运行成功后会自动创建data/private data/cert目录
私钥和公钥会分别存在data/private data/cert目录下使用http://110.110.110.110会下载路由器内的证书
因为mbedtls性能原因在非软路由机器上用koolproxy --cert生成证书需要时间较长请耐心等待
================================================================================================
说明:
1 koolproxy启动会自动检测规则更新如果没有./data/rules文件夹会自己创建并下载规则到此处
2 koolproxy启动后会检测二进制文件更新如果有更新会替换./koolproxy并且由父进程重启koolproxy以后每20分钟检测一次更新
3 现在不支持规则订阅了只能识别kp.dat, koolproxy.txt, user.txt,daily.txt需要自定义规则的可以修改user.txt
# 二进制下载固定地址
https://koolproxy.com/downloads/i386
https://koolproxy.com/downloads/x86_64
https://koolproxy.com/downloads/arm
https://koolproxy.com/downloads/mips
https://koolproxy.com/downloads/mipsel
# 规则下载固定地址
https://kprule.com/koolproxy.txt
https://kprule.com/daily.txt
https://kprule.com/kp.dat
https://kprule.com/user.txt
# 规则下载对应的CDN地址
https://kprules.b0.upaiyun.com/koolproxy.txt
https://kprules.b0.upaiyun.com/daily.txt
https://kprules.b0.upaiyun.com/kp.dat
https://kprules.b0.upaiyun.com/user.txt
# 二进制文件和规则 github备份地址
二进制https://github.com/koolproxy/koolproxy-bin (已作废)
规则https://github.com/koolproxy/koolproxy_rules (已作废)
1 建议从上面的链接获取最新的二进制和基本的规则文件,然后按照上面的目录结构来部署
2 如果不需要https过滤只需要一个koolproxy程序就足够了data文件夹和rules文件夹都会自己创建。
3 koolproxy.txt内有视频规则、静态规则、每日规则的更新日期可以用于提取并显示到界面
================================================================================================
koolproxy运行
1 在koolproxy主程序目录运行例如merlin固件下运行cd /koolshare/koolproxy && koolproxy -d
2 不在koolproxy主程序目录运行例如将koolproxy放在环境变量中例如merlin固件下运行koolproxy -b /koolshare/koolproxy -d -b为data路径
其它运行方式可能会造成koolproxy识别不到data目录而无法加载规则
koolproxy运行后默认会使用端口3000作为透明代理端口需要利用iptables将数据导到端口3000才能发挥作用。
视频模式:
1 使用命令koolproxy -e 即可开启
2 开启后只会加载视频规则kp.dat和user.txt
调试模式:
1 使用命令koolproxy -l0 即可开启l后面的数字代表不同的日志详细程度
2 需要检查规则命中行数可以需要使用-l2
ttl功能
1 使用命令koolproxy --ttl 160 即可开启ttl功能后面的数值代表ttl大小
2 ttl功能开启后koolproxy会对经过它的所有数据ttl进行调整可以利用iptables的match ttl功能数据进行匹配
mark功能
1 使用命令koolproxy --mark 即可开启mark功能
2 mark功能开启后koolproxy会对经过它的所有数据打上标记mark值等于该数据的源ip转换为十六进制的值
3 例如局域网内192.168.1.100的数据将会被打上0xc0a80164的mark192 = c0, 168 = a8, 1 = 01, 100 = 64
4 开发者可以用此功和SS配合达到既科学上网又能过滤这些科学上网的流量还不影响科学上网访问控制的功能
5 ip转换为mark值参考命令echo 192.168.1.100 | awk -F "." '{printf ("0x%02x", $1)} {printf ("%02x", $2)} {printf ("%02x", $3)} {printf ("%02x\n", $4)}'
================================================================================================
ss + kp过滤方案2017年7月7日
方案1优先SS其次KP不推荐
1 在NAT PREROUTING链内SS在前KP在后流量将先走SS经过SS分流后国外流量走ss-redir实现翻墙
2 而剩下国内流量在PREROUTING链内继续往下匹配到koolrpxy规则流量最终走koolproxy实现过滤。
结果koolproxy只能过滤国内流量SS剩下的
方案2优先KP其次SS不推荐;
1 在NAT PREROUTING链内KP在前SS在后流量将先走KP实现过滤
2 为了SS能拿到KP过滤后的数据使用match ttl匹配在OUTPUT链内将流量全部给SS实现翻墙
结果因为在OUTPUT链内没有源ip信息流量给SS后无法匹配到源ip因此SS失去了acl访问控制功能。
方案3 (优先kp其次SS推荐)
为便于理解以下iptables配置只展示流量经过顺序不是iptables的创建顺序PREROUTING内规则的创建实际上应该在最后
0 koolproxy默认开启ttl和mark功能 KoolProxy --ttl 160 --mark -d固件不支持ttl的仅开启mark也行: KoolProxy --mark -d
1 在NAT PREROUTING链内KP在前SS在后KP开启--mark流量将先走KP80,443实现过滤过滤后每个主机会被打上不同的mark
#KP在前所有tcp流量全部交给KOOLPROXY链
-A PREROUTING -p tcp -j KOOLPROXY
#SS在后在kp开启的时候只能拿到非80,443的流量在kp关闭后可以拿到所有端口的流量
-A PREROUTING -p tcp -j SHADOWSOCKS
2 例如局域网内192.168.1.100主机的数据经过kp过滤后将会被打上0xc0a80164的mark192 = c0, 168 = a8, 1 = 01, 100 = 64
#创建KOOLPROXY链用于白名单和访问控制
-N KOOLPROXY
#创建KOOLPROXY_HTTP链用于过滤http流量
-N KOOLPROXY_HTTP
#创建KOOLPROXY_HTTPS链用于过滤https流量
-N KOOLPROXY_HTTPS
#局域网和保留地址不走kp
-A KOOLPROXY -m set --match-set white_kp_list dst -j RETURN
#主机192.168.1.100需要https过滤
-A KOOLPROXY -s 192.168.1.100/32 -p tcp -g KOOLPROXY_HTTPS
#其它主机过滤http流量
-A KOOLPROXY -p tcp -j KOOLPROXY_HTTP
3 为了SS能拿到数据在NAT OUTPUT链中使用match ttl匹配在OUTPUT链内将流量全部给SHADOWSOCKS_EXT链
#创建SHADOWSOCKS_EXT链用于开启kp情况下ss的访问控制实现
-N SHADOWSOCKS_EXT
#使用ttl匹配将KP过滤后的数据转到SHADOWSOCKS_EXT链如果固件不支持ttl匹配使用下面的命令
-A OUTPUT -p tcp -m ttl --ttl-eq 160 -j SHADOWSOCKS_EXT
#如果固件不支持ttl match可以用mark匹配ip地址的前三位用0xffffff00作为掩码的形式来将KP过滤后的数据转到SHADOWSOCKS_EXT链
# echo 192.168.1 | awk -F "." '{printf ("0x%02x", $1)} {printf ("%02x", $2)} {printf ("%02x", $3)} {printf ("00/0xffffff00\n")}' = 0xc0a80100/0xffffff00
-A OUTPUT -p tcp -m mark --mark 0xc0a80100/0xffffff00 -j SHADOWSOCKS_EXT
4 如果开启了acl比如需要192.168.1.75不走SS全端口192.168.1.246走gfwlist模式80,443端口192.168.1.214走大陆白名单模式22,80,443端口剩余主机全部走大陆白名单模式全端口
#主机192.168.1.750xc0a8014b流量经过KP过滤后并打上mark后通过OUTPUT链进入SHADOWSOCKS_EXT链而未能翻墙RETURN
-A SHADOWSOCKS_EXT -p tcp -m mark --mark 0xc0a8014b -j RETURN
#主机192.168.1.2460xc0a801f6流量经过KP过滤后并打上mark后通过OUTPUT链进入SHADOWSOCKS_EXT链在此流量被导向了SHADOWSOCKS_GFW链实现gfwlist模式翻墙80,443端口
-A SHADOWSOCKS_EXT -p tcp -m multiport --dports 80,443 -m mark --mark 0xc0a801f6 -g SHADOWSOCKS_GFW
#主机192.168.1.2140xc0a801f6流量经过KP过滤后并打上mark后通过OUTPUT链进入SHADOWSOCKS_EXT链在此流量被导向了SHADOWSOCKS_CHN链实现大陆白名单模式翻墙22,80,443端口
-A SHADOWSOCKS_EXT -p tcp -m multiport --dports 22,,80,443 -m mark --mark 0xc0a801d6 -g SHADOWSOCKS_CHN
#剩余的主机流量经过KP过滤后并打上mark后通过OUTPUT链进入SHADOWSOCKS_EXT链在此流量被导向了SHADOWSOCKS_CHN链实现大陆白名单模式翻墙全端口
-A SHADOWSOCKS_EXT -p tcp -j SHADOWSOCKS_CHN
情形:
1 当SS开启kp未开启所有流量走ss PREROUTING过经过分流后国内的流量在经过OUTPUT的时候因为KP没开数据不会匹配到ttl值或者没匹配到mark值所以不会过滤广告翻墙正常
2 当KP开启SS未开启所有流量走kp PREROUTING过广告过滤正常
3 当SS开启翻墙和acl工作正常的时候开启KPKP在PREROUTING内插入到SS前面会先得到流量广告过滤正常
4 当KP开启过滤广告正常的时候开启SSSS从原来的从PREROUTING拿流量变成从OUTPUT内拿流量翻墙和acl会同样正常
5 当KP和SS都开启此时关闭SSkp过滤广告正常
6 当KP和SS都开启此时关闭KPss翻墙和acl正常
总结:
使用 ttl + mark 或者纯mark的方式可以实现原先很难实现的过滤经过SS流量的广告
主要的改动在于给SS预置好OUTPUT和SHADOWSOCKS_EXT规则链当kp启用时它们就会工作kp关闭时不会影响正常数据
次要的改动就是给koolproxy默认开启ttl + mark或者纯mark功能
================================================================================================

View File

@ -1,13 +0,0 @@
wget 'https://raw.githubusercontent.com/user1121114685/koolproxyR_rule_list/master/kp.dat' -O files/usr/share/koolproxy/data/rules/kp.dat
wget 'https://raw.githubusercontent.com/user1121114685/koolproxyR/master/koolproxyR/koolproxyR/data/rules/yhosts.txt' -O files/usr/share/koolproxy/data/rules/yhosts.txt
wget 'https://dev.tencent.com/u/shaoxia1991/p/cjxlist/git/raw/master/cjx-annoyance.txt' -O files/usr/share/koolproxy/data/rules/fanboy.txt
wget 'https://easylist-downloads.adblockplus.org/easylistchina.txt' -O files/usr/share/koolproxy/data/rules/easylistchina.txt
wget 'https://raw.githubusercontent.com/user1121114685/koolproxyR/master/koolproxyR/koolproxyR/data/rules/user.txt' -O files/usr/share/koolproxy/data/user.txt
cp files/usr/share/koolproxy/data/user.txt files/usr/share/koolproxy/data/rules/user.txt
wget 'https://raw.githubusercontent.com/user1121114685/koolproxyR/master/koolproxyR/koolproxyR/data/koolproxyR_ipset.conf' -O files/usr/share/koolproxy/koolproxy_ipset.conf
wget https://easylist-downloads.adblockplus.org/easylistchina+easylist.txt -O- | grep ^\|\|[^\*]*\^$ | sed -e 's:||:address\=\/:' -e 's:\^:/0\.0\.0\.0:' > files/usr/share/koolproxy/dnsmasq.adblock
sed -i '/youku/d' files/usr/share/koolproxy/dnsmasq.adblock
sed -i '/[1-9]\{1,3\}\.[1-9]\{1,3\}\.[1-9]\{1,3\}\.[1-9]\{1,3\}/d' files/usr/share/koolproxy/dnsmasq.adblock