mirror of
https://github.com/kenzok8/openwrt-packages
synced 2025-01-07 07:06:45 +08:00
update 2024-06-19 03:24:21
This commit is contained in:
parent
292c2aec88
commit
8d4618ff23
@ -7,17 +7,16 @@ include $(TOPDIR)/rules.mk
|
|||||||
|
|
||||||
PKG_NAME:=lua-maxminddb
|
PKG_NAME:=lua-maxminddb
|
||||||
PKG_VERSION:=0.2
|
PKG_VERSION:=0.2
|
||||||
PKG_RELEASE:=$(AUTORELEASE)
|
PKG_RELEASE:=2
|
||||||
|
|
||||||
PKG_SOURCE_PROTO:=git
|
PKG_SOURCE_PROTO:=git
|
||||||
PKG_SOURCE_URL:=https://github.com/fabled/lua-maxminddb.git
|
PKG_SOURCE_URL:=https://github.com/fabled/lua-maxminddb.git
|
||||||
PKG_SOURCE_DATE:=2019-03-14
|
PKG_SOURCE_DATE:=2019-03-14
|
||||||
PKG_SOURCE_VERSION:=93da9f4e6c814c3a23044dd2cdd22d4a6b4f665b
|
PKG_SOURCE_VERSION:=93da9f4e6c814c3a23044dd2cdd22d4a6b4f665b
|
||||||
PKG_MIRROR_HASH:=b99ef18516b705b3e73b15a9d5ddc99add359299b52639fe3c81dd761591d9d9
|
PKG_MIRROR_HASH:=e70dd8843c3688b58f66fff5320a93d5789b79114bcb36a94d5b554664439f04
|
||||||
|
|
||||||
PKG_LICENSE:=MIT
|
PKG_LICENSE:=MIT
|
||||||
PKG_LICENSE_FILE:=LICENSE
|
PKG_LICENSE_FILES:=LICENSE
|
||||||
PKG_MAINTAINER:=fabled
|
|
||||||
|
|
||||||
PKG_BUILD_PARALLEL:=1
|
PKG_BUILD_PARALLEL:=1
|
||||||
|
|
||||||
@ -28,7 +27,7 @@ define Package/lua-maxminddb
|
|||||||
SECTION:=lang
|
SECTION:=lang
|
||||||
CATEGORY:=Languages
|
CATEGORY:=Languages
|
||||||
TITLE:=libmaxminddb bindings for lua
|
TITLE:=libmaxminddb bindings for lua
|
||||||
URL:=https://github.com/jerrykuku/lua-maxminddb
|
URL:=https://github.com/fabled/lua-maxminddb
|
||||||
DEPENDS:=+lua +libmaxminddb
|
DEPENDS:=+lua +libmaxminddb
|
||||||
endef
|
endef
|
||||||
|
|
||||||
|
@ -1,3 +0,0 @@
|
|||||||
# MaxMind DB Reader for Lua
|
|
||||||
|
|
||||||
Embed in openwrt
|
|
@ -1,95 +0,0 @@
|
|||||||
include $(TOPDIR)/rules.mk
|
|
||||||
|
|
||||||
PKG_NAME:=luci-app-koolproxyR
|
|
||||||
PKG_VERSION:=3.8.4
|
|
||||||
PKG_RELEASE:=5
|
|
||||||
|
|
||||||
PKG_MAINTAINER:=panda-mute <wxuzju@gmail.com>
|
|
||||||
PKG_LICENSE:=GPLv3
|
|
||||||
PKG_LICENSE_FILES:=LICENSE
|
|
||||||
|
|
||||||
PKG_BUILD_PARALLEL:=1
|
|
||||||
|
|
||||||
RSTRIP:=true
|
|
||||||
|
|
||||||
include $(INCLUDE_DIR)/package.mk
|
|
||||||
|
|
||||||
define Package/luci-app-koolproxyR
|
|
||||||
SECTION:=luci
|
|
||||||
CATEGORY:=LuCI
|
|
||||||
SUBMENU:=3. Applications
|
|
||||||
TITLE:=LuCI support for koolproxyR
|
|
||||||
DEPENDS:=+openssl-util +ipset +dnsmasq-full +@BUSYBOX_CONFIG_DIFF +iptables-mod-nat-extra +wget
|
|
||||||
MAINTAINER:=panda-mute
|
|
||||||
endef
|
|
||||||
|
|
||||||
define Package/luci-app-koolproxyR/description
|
|
||||||
This package contains LuCI configuration pages for koolproxy.
|
|
||||||
endef
|
|
||||||
|
|
||||||
define Build/Compile
|
|
||||||
endef
|
|
||||||
|
|
||||||
define Package/luci-app-koolproxyR/postinst
|
|
||||||
#!/bin/sh
|
|
||||||
if [ -z "$${IPKG_INSTROOT}" ]; then
|
|
||||||
( . /etc/uci-defaults/luci-koolproxy ) && rm -f /etc/uci-defaults/luci-koolproxy
|
|
||||||
rm -f /tmp/luci-indexcache
|
|
||||||
fi
|
|
||||||
exit 0
|
|
||||||
endef
|
|
||||||
|
|
||||||
define Package/luci-app-koolproxyR/install
|
|
||||||
$(INSTALL_DIR) $(1)/etc/uci-defaults
|
|
||||||
$(INSTALL_DIR) $(1)/etc/config
|
|
||||||
$(INSTALL_DIR) $(1)/etc/adblocklist
|
|
||||||
$(INSTALL_DIR) $(1)/etc/init.d
|
|
||||||
$(INSTALL_DIR) $(1)/lib/upgrade/keep.d
|
|
||||||
$(INSTALL_DIR) $(1)/usr/lib/lua/luci/i18n/
|
|
||||||
$(INSTALL_DIR) $(1)/usr/lib/lua/luci/controller
|
|
||||||
$(INSTALL_DIR) $(1)/usr/lib/lua/luci/model/cbi/koolproxy
|
|
||||||
$(INSTALL_DIR) $(1)/usr/lib/lua/luci/view
|
|
||||||
$(INSTALL_DIR) $(1)/usr/lib/lua/luci/view/koolproxy
|
|
||||||
$(INSTALL_DIR) $(1)/usr/sbin
|
|
||||||
$(INSTALL_DIR) $(1)/usr/share/koolproxy
|
|
||||||
$(INSTALL_DIR) $(1)/usr/share/koolproxy/data
|
|
||||||
$(INSTALL_DIR) $(1)/usr/share/koolproxy/data/rules/
|
|
||||||
|
|
||||||
$(INSTALL_BIN) ./files/etc/uci-defaults/luci-koolproxy $(1)/etc/uci-defaults/luci-koolproxy
|
|
||||||
$(INSTALL_BIN) ./files/etc/init.d/* $(1)/etc/init.d/
|
|
||||||
$(INSTALL_DATA) ./files/etc/config/* $(1)/etc/config/
|
|
||||||
$(INSTALL_DATA) ./files/etc/adblocklist/* $(1)/etc/adblocklist/
|
|
||||||
$(INSTALL_DATA) ./files/lib/upgrade/keep.d/koolproxy $(1)/lib/upgrade/keep.d/
|
|
||||||
$(INSTALL_DATA) ./files/usr/lib/lua/luci/model/cbi/koolproxy/global.lua $(1)/usr/lib/lua/luci/model/cbi/koolproxy/global.lua
|
|
||||||
$(INSTALL_DATA) ./files/usr/lib/lua/luci/model/cbi/koolproxy/rss_rule.lua $(1)/usr/lib/lua/luci/model/cbi/koolproxy/rss_rule.lua
|
|
||||||
$(INSTALL_DATA) ./files/usr/lib/lua/luci/controller/koolproxy.lua $(1)/usr/lib/lua/luci/controller/koolproxy.lua
|
|
||||||
$(INSTALL_DATA) ./files/usr/lib/lua/luci/view/koolproxy/* $(1)/usr/lib/lua/luci/view/koolproxy/
|
|
||||||
$(INSTALL_DATA) ./files/usr/lib/lua/luci/i18n/koolproxy.zh-cn.lmo $(1)/usr/lib/lua/luci/i18n/koolproxy.zh-cn.lmo
|
|
||||||
$(INSTALL_BIN) ./files/usr/sbin/* $(1)/usr/sbin/
|
|
||||||
$(INSTALL_BIN) ./files/usr/share/koolproxy/data/gen_ca.sh $(1)/usr/share/koolproxy/data/
|
|
||||||
$(INSTALL_DATA) ./files/usr/share/koolproxy/data/openssl.cnf $(1)/usr/share/koolproxy/data/
|
|
||||||
$(INSTALL_DATA) ./files/usr/share/koolproxy/data/user.txt $(1)/usr/share/koolproxy/data/
|
|
||||||
$(INSTALL_DATA) ./files/usr/share/koolproxy/data/source.list $(1)/usr/share/koolproxy/data/
|
|
||||||
$(INSTALL_DATA) ./files/usr/share/koolproxy/data/rules/* $(1)/usr/share/koolproxy/data/rules/
|
|
||||||
$(INSTALL_BIN) ./files/usr/share/koolproxy/camanagement $(1)/usr/share/koolproxy/camanagement
|
|
||||||
$(INSTALL_BIN) ./files/usr/share/koolproxy/kpupdate $(1)/usr/share/koolproxy/kpupdate
|
|
||||||
$(INSTALL_DATA) ./files/usr/share/koolproxy/koolproxy_ipset.conf $(1)/usr/share/koolproxy/koolproxy_ipset.conf
|
|
||||||
$(INSTALL_DATA) ./files/usr/share/koolproxy/dnsmasq.adblock $(1)/usr/share/koolproxy/dnsmasq.adblock
|
|
||||||
ifeq ($(ARCH),mipsel)
|
|
||||||
$(INSTALL_BIN) ./files/bin/mipsel $(1)/usr/share/koolproxy/koolproxy
|
|
||||||
endif
|
|
||||||
ifeq ($(ARCH),mips)
|
|
||||||
$(INSTALL_BIN) ./files/bin/mips $(1)/usr/share/koolproxy/koolproxy
|
|
||||||
endif
|
|
||||||
ifeq ($(ARCH),i386)
|
|
||||||
$(INSTALL_BIN) ./files/bin/i386 $(1)/usr/share/koolproxy/koolproxy
|
|
||||||
endif
|
|
||||||
ifeq ($(ARCH),x86_64)
|
|
||||||
$(INSTALL_BIN) ./files/bin/x86_64 $(1)/usr/share/koolproxy/koolproxy
|
|
||||||
endif
|
|
||||||
ifeq ($(ARCH),arm)
|
|
||||||
$(INSTALL_BIN) ./files/bin/arm $(1)/usr/share/koolproxy/koolproxy
|
|
||||||
endif
|
|
||||||
endef
|
|
||||||
|
|
||||||
$(eval $(call BuildPackage,luci-app-koolproxyR))
|
|
@ -1,33 +0,0 @@
|
|||||||
|
|
||||||
修改了kpupdate,使其可以直接更新easylist、fanboy和yhost的规则。
|
|
||||||
|
|
||||||
## 准备工作:
|
|
||||||
先运行:</br>
|
|
||||||
`opkg install openssl-util ipset dnsmasq-full diffutils iptables-mod-nat-extra wget ca-bundle ca-certificates libustream-openssl`</br>
|
|
||||||
手动安装以上依赖包</br>
|
|
||||||
* 如果没有 **openssl** ,就不能正常生成证书,导致https过滤失败!
|
|
||||||
* 如果没有 **ipset, dnsmasq-full, diffutils**,黑名单模式也会出现问题!(ipset 需要版本6),如果你的固件的busybox带有支持diff支持,那么diffutils包可以不安装
|
|
||||||
* 如果没有 **iptables-mod-nat-extra** ,会导致mac过滤失效!
|
|
||||||
* 如果没有 **wget, ca-bundle, ca-certificates, libustream-openssl** ,会导致规则文件更新失败,host规则条数变为0,如果你的固件的busybox带有支持https的wget,那么这几个包可以不安装
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## 使用方法
|
|
||||||
```Brach
|
|
||||||
#源码根目录,进入package文件夹
|
|
||||||
cd package
|
|
||||||
#下载源码
|
|
||||||
git clone https://github.com/jefferymvp/luci-app-koolproxyR
|
|
||||||
#回到源码根目录
|
|
||||||
cd ..
|
|
||||||
make menuconfig
|
|
||||||
#编译
|
|
||||||
make package/luci-app-koolproxyR/{clean,compile} V=s
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -1 +0,0 @@
|
|||||||
61.160.200.252
|
|
@ -1 +0,0 @@
|
|||||||
v2ex.com
|
|
@ -1,17 +0,0 @@
|
|||||||
config global
|
|
||||||
option time_update '4'
|
|
||||||
option koolproxy_port '0'
|
|
||||||
option startup_delay '5'
|
|
||||||
option koolproxy_acl_default '0'
|
|
||||||
option koolproxy_mode '2'
|
|
||||||
option koolproxy_host '1'
|
|
||||||
option koolproxy_rules 'fanboy.txt easylistchina.txt yhosts.txt kp.dat user.txt'
|
|
||||||
option enabled '0'
|
|
||||||
option koolproxy_ipv6 '0'
|
|
||||||
|
|
||||||
config rss_rule
|
|
||||||
option load '1'
|
|
||||||
option name 'kpr_our_rule.txt'
|
|
||||||
option url 'https://github.com/user1121114685/koolproxyR_rule_list/raw/master/kpr_our_rule.txt'
|
|
||||||
option file 'kpr_our_rule.txt'
|
|
||||||
|
|
@ -1,475 +0,0 @@
|
|||||||
#!/bin/sh /etc/rc.common
|
|
||||||
#
|
|
||||||
# Copyright (C) 2015 OpenWrt-dist
|
|
||||||
# Copyright (C) 2016 fw867 <ffkykzs@gmail.com>
|
|
||||||
#
|
|
||||||
# This is free software, licensed under the GNU General Public License v3.
|
|
||||||
# See /LICENSE for more information.
|
|
||||||
#
|
|
||||||
|
|
||||||
START=99
|
|
||||||
USE_PROCD=1
|
|
||||||
|
|
||||||
CONFIG=koolproxy
|
|
||||||
KP_DIR=/usr/share/koolproxy
|
|
||||||
TMP_DIR=/tmp
|
|
||||||
|
|
||||||
alias echo_date='echo $(date +%Y年%m月%d日\ %X):'
|
|
||||||
|
|
||||||
config_n_get() {
|
|
||||||
local ret=$(uci get $CONFIG.$1.$2 2>/dev/null)
|
|
||||||
echo ${ret:=$3}
|
|
||||||
}
|
|
||||||
|
|
||||||
config_t_get() {
|
|
||||||
local index=0
|
|
||||||
[ -n "$4" ] && index=$4
|
|
||||||
local ret=$(uci get $CONFIG.@$1[$index].$2 2>/dev/null)
|
|
||||||
echo ${ret:=$3}
|
|
||||||
}
|
|
||||||
|
|
||||||
add_ipset_conf() {
|
|
||||||
if [ -s /etc/adblocklist/adbypass ]; then
|
|
||||||
echo_date 添加白名单软连接...
|
|
||||||
cat /etc/adblocklist/adbypass | sed "s/,/\n/g" | sed "s/^/ipset=&\/./g" | sed "s/$/\/white_kp_list/g" >> /tmp/adbypass.conf
|
|
||||||
rm -rf /tmp/dnsmasq.d/adbypass.conf
|
|
||||||
ln -sf /tmp/adbypass.conf /tmp/dnsmasq.d/adbypass.conf
|
|
||||||
|
|
||||||
dnsmasq_restart=1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "$koolproxy_mode" == "2" ]; then
|
|
||||||
if [ "$koolproxy_host" == "1" ];then
|
|
||||||
echo_date 添加Adblock Plus Host软连接...
|
|
||||||
ln -sf $KP_DIR/dnsmasq.adblock /tmp/dnsmasq.d/dnsmasq.adblock
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo_date 添加黑名单软连接...
|
|
||||||
rm -rf /tmp/dnsmasq.d/koolproxy_ipset.conf
|
|
||||||
ln -sf $KP_DIR/koolproxy_ipset.conf /tmp/dnsmasq.d/koolproxy_ipset.conf
|
|
||||||
|
|
||||||
echo_date 添加自定义黑名单软连接...
|
|
||||||
if [ -s /etc/adblocklist/adblock ]; then
|
|
||||||
cat /etc/adblocklist/adblock | sed "s/,/\n/g" | sed "s/^/ipset=&\/./g" | sed "s/$/\/black_koolproxy/g" >> /tmp/adblock.conf
|
|
||||||
rm -rf /tmp/dnsmasq.d/adblock.conf
|
|
||||||
ln -sf /tmp/adblock.conf /tmp/dnsmasq.d/adblock.conf
|
|
||||||
fi
|
|
||||||
|
|
||||||
dnsmasq_restart=1
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
remove_ipset_conf() {
|
|
||||||
if [ -L "/tmp/dnsmasq.d/adbypass.conf" ]; then
|
|
||||||
echo_date 移除白名单软连接...
|
|
||||||
rm -rf /tmp/adbypass.conf
|
|
||||||
rm -rf /tmp/dnsmasq.d/adbypass.conf
|
|
||||||
dnsmasq_restart=1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -L "/tmp/dnsmasq.d/koolproxy_ipset.conf" ]; then
|
|
||||||
echo_date 移除黑名单软连接...
|
|
||||||
rm -rf /tmp/dnsmasq.d/koolproxy_ipset.conf
|
|
||||||
dnsmasq_restart=1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -L "/tmp/dnsmasq.d/adblock.conf" ]; then
|
|
||||||
echo_date 移除自定义黑名单软连接...
|
|
||||||
rm -rf /tmp/dnsmasq.d/adblock.conf
|
|
||||||
rm -rf /tmp/adblock.conf
|
|
||||||
dnsmasq_restart=1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -L "/tmp/dnsmasq.d/dnsmasq.adblock" ]; then
|
|
||||||
echo_date 移除Adblock Plus Host软连接...
|
|
||||||
rm -rf /tmp/dnsmasq.d/dnsmasq.adblock
|
|
||||||
dnsmasq_restart=1
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
restart_dnsmasq() {
|
|
||||||
if [ "$dnsmasq_restart" == "1" ]; then
|
|
||||||
echo_date 重启dnsmasq进程...
|
|
||||||
/etc/init.d/dnsmasq restart > /dev/null 2>&1
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
creat_ipset() {
|
|
||||||
echo_date 创建ipset名单
|
|
||||||
# Load ipset netfilter kernel modules and kernel modules
|
|
||||||
ipset -! create white_kp_list nethash
|
|
||||||
ipset -! create black_koolproxy iphash
|
|
||||||
cat $KP_DIR/data/rules/yhosts.txt $KP_DIR/data/rules/easylistchina.txt $KP_DIR/data/rules/fanboy.txt $KP_DIR/data/rules/user.txt | grep -Eo "(.\w+\:[1-9][0-9]{1,4})/" | grep -Eo "([0-9]{1,5})" | sort -un | sed -e '$a\80' -e '$a\443' | sed -e "s/^/-A kp_full_port &/g" -e "1 i\-N kp_full_port bitmap:port range 0-65535 " | ipset -R -!
|
|
||||||
}
|
|
||||||
|
|
||||||
add_white_black_ip() {
|
|
||||||
echo_date 添加ipset名单
|
|
||||||
ip_lan="0.0.0.0/8 10.0.0.0/8 100.64.0.0/10 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16 224.0.0.0/4 240.0.0.0/4"
|
|
||||||
for ip in $ip_lan
|
|
||||||
do
|
|
||||||
ipset -A white_kp_list $ip >/dev/null 2>&1
|
|
||||||
|
|
||||||
done
|
|
||||||
sed -e "s/^/add white_kp_list &/g" /etc/adblocklist/adbypassip | awk '{print $0} END{print "COMMIT"}' | ipset -R 2>/dev/null
|
|
||||||
ipset -A black_koolproxy 110.110.110.110 >/dev/null 2>&1
|
|
||||||
sed -e "s/^/add black_koolproxy &/g" /etc/adblocklist/adblockip | awk '{print $0} END{print "COMMIT"}' | ipset -R 2>/dev/null
|
|
||||||
}
|
|
||||||
|
|
||||||
load_config() {
|
|
||||||
ENABLED=$(config_t_get global enabled 0)
|
|
||||||
[ $ENABLED -ne 1 ] && return 0
|
|
||||||
koolproxy_mode=$(config_t_get global koolproxy_mode 1)
|
|
||||||
koolproxy_host=$(config_t_get global koolproxy_host 0)
|
|
||||||
koolproxy_acl_default=$(config_t_get global koolproxy_acl_default 1)
|
|
||||||
koolproxy_port=$(config_t_get global koolproxy_port 0)
|
|
||||||
koolproxy_bp_port=$(config_t_get global koolproxy_bp_port)
|
|
||||||
koolproxy_ipv6=$(config_t_get global koolproxy_ipv6 0)
|
|
||||||
config_load $CONFIG
|
|
||||||
return 1
|
|
||||||
}
|
|
||||||
|
|
||||||
__load_lan_acl() {
|
|
||||||
local mac
|
|
||||||
local ipaddr
|
|
||||||
local proxy_mode
|
|
||||||
config_get mac $1 mac
|
|
||||||
config_get ipaddr $1 ipaddr
|
|
||||||
config_get proxy_mode $1 proxy_mode
|
|
||||||
[ -n "$ipaddr" ] && [ -z "$mac" ] && echo_date 加载ACL规则:【$ipaddr】模式为:$(get_mode_name $proxy_mode)
|
|
||||||
[ -z "$ipaddr" ] && [ -n "$mac" ] && echo_date 加载ACL规则:【$mac】模式为:$(get_mode_name $proxy_mode)
|
|
||||||
[ -n "$ipaddr" ] && [ -n "$mac" ] && echo_date 加载ACL规则:【$ipaddr】【$mac】模式为:$(get_mode_name $proxy_mode)
|
|
||||||
#echo iptables -t nat -A KOOLPROXY $(factor $ipaddr "-s") $(factor $mac "-m mac --mac-source") -p tcp $(get_jump_mode $proxy_mode) $(get_action_chain $proxy_mode)
|
|
||||||
iptables -t nat -A KOOLPROXY $(factor $ipaddr "-s") $(factor $mac "-m mac --mac-source") -p tcp $(get_jump_mode $proxy_mode) $(get_action_chain $proxy_mode)
|
|
||||||
|
|
||||||
acl_nu=`expr $acl_nu + 1`
|
|
||||||
}
|
|
||||||
|
|
||||||
lan_acess_control() {
|
|
||||||
acl_nu=0
|
|
||||||
[ -z "$koolproxy_acl_default" ] && koolproxy_acl_default=1
|
|
||||||
config_foreach __load_lan_acl acl_rule
|
|
||||||
if [ $acl_nu -ne 0 ]; then
|
|
||||||
echo_date 加载ACL规则:其余主机模式为:$(get_mode_name $koolproxy_acl_default)
|
|
||||||
else
|
|
||||||
echo_date 加载ACL规则:所有模式为:$(get_mode_name $koolproxy_acl_default)
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
__load_exrule() {
|
|
||||||
local file
|
|
||||||
local exrule
|
|
||||||
local enable
|
|
||||||
config_get file $1 file
|
|
||||||
config_get exrule $1 url
|
|
||||||
config_get enable $1 load
|
|
||||||
if [ -n "$exrule" ]; then
|
|
||||||
if [ $enable -ne 1 ]; then
|
|
||||||
[ -n "$file" ] && [ -f $KP_DIR/data/rules/$file ] && rm -f $KP_DIR/data/rules/$file
|
|
||||||
uci set koolproxy.$1.time=""
|
|
||||||
uci commit koolproxy
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -z "$file" ]; then
|
|
||||||
file=$(echo $exrule |awk -F "/" '{print $NF}')
|
|
||||||
uci set koolproxy.$1.file="$file"
|
|
||||||
uci commit koolproxy
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ ! -f $KP_DIR/data/rules/$file ]; then
|
|
||||||
wget-ssl --quiet --timeout=5 --no-check-certificate $exrule -O $TMP_DIR/$file
|
|
||||||
if [ "$?" == "0" ]; then
|
|
||||||
uci set koolproxy.$1.time="`date +%Y-%m-%d" "%H:%M`"
|
|
||||||
uci commit koolproxy
|
|
||||||
mv $TMP_DIR/$file $KP_DIR/data/rules/$file
|
|
||||||
else
|
|
||||||
echo "koolproxy download rule $file failed!"
|
|
||||||
[ -f $TMP_DIR/$file ] && rm -f $TMP_DIR/$file
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
cat $KP_DIR/data/rules/$file >>$KP_DIR/data/rules/user.txt
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
load_user_rules() {
|
|
||||||
cp $KP_DIR/data/user.txt $KP_DIR/data/rules/user.txt
|
|
||||||
config_foreach __load_exrule rss_rule
|
|
||||||
}
|
|
||||||
|
|
||||||
load_rules() {
|
|
||||||
sed -i '1,7s/1/0/g' $KP_DIR/data/source.list
|
|
||||||
|
|
||||||
local rulelist="$(uci -q get koolproxy.@global[0].koolproxy_rules)"
|
|
||||||
for rule in $rulelist
|
|
||||||
do
|
|
||||||
case "$rule" in
|
|
||||||
yhosts.txt)
|
|
||||||
sed -i '1s/0/1/g' $KP_DIR/data/source.list
|
|
||||||
;;
|
|
||||||
kp.dat)
|
|
||||||
sed -i '2s/0/1/g' $KP_DIR/data/source.list
|
|
||||||
;;
|
|
||||||
user.txt)
|
|
||||||
sed -i '3s/0/1/g' $KP_DIR/data/source.list
|
|
||||||
;;
|
|
||||||
easylistchina.txt)
|
|
||||||
sed -i '4s/0/1/g' $KP_DIR/data/source.list
|
|
||||||
;;
|
|
||||||
fanboy.txt)
|
|
||||||
sed -i '5s/0/1/g' $KP_DIR/data/source.list
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
|
|
||||||
local rulelist="$(uci -q get koolproxy.@global[0].thirdparty_rules)"
|
|
||||||
for rule in $rulelist
|
|
||||||
do
|
|
||||||
case "$rule" in
|
|
||||||
easylistchina.txt)
|
|
||||||
sed -i '5s/0/1/g' $KP_DIR/data/source.list
|
|
||||||
;;
|
|
||||||
chengfeng.txt)
|
|
||||||
sed -i '6s/0/1/g' $KP_DIR/data/source.list
|
|
||||||
;;
|
|
||||||
fanboy.txt)
|
|
||||||
sed -i '7s/0/1/g' $KP_DIR/data/source.list
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
get_mode_name() {
|
|
||||||
case "$1" in
|
|
||||||
0)
|
|
||||||
echo "不过滤"
|
|
||||||
;;
|
|
||||||
1)
|
|
||||||
echo "http模式"
|
|
||||||
;;
|
|
||||||
2)
|
|
||||||
echo "http + https"
|
|
||||||
;;
|
|
||||||
3)
|
|
||||||
echo "full port"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
}
|
|
||||||
|
|
||||||
get_jump_mode() {
|
|
||||||
case "$1" in
|
|
||||||
0)
|
|
||||||
echo "-j"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "-g"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
}
|
|
||||||
|
|
||||||
get_action_chain() {
|
|
||||||
case "$1" in
|
|
||||||
0)
|
|
||||||
echo "RETURN"
|
|
||||||
;;
|
|
||||||
1)
|
|
||||||
echo "KP_HTTP"
|
|
||||||
;;
|
|
||||||
2)
|
|
||||||
echo "KP_HTTPS"
|
|
||||||
;;
|
|
||||||
3)
|
|
||||||
echo "KP_ALL_PORT"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
}
|
|
||||||
|
|
||||||
factor() {
|
|
||||||
if [ -z "$1" ] || [ -z "$2" ]; then
|
|
||||||
echo ""
|
|
||||||
else
|
|
||||||
echo "$2 $1"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
load_nat() {
|
|
||||||
echo_date 加载nat规则!
|
|
||||||
#----------------------BASIC RULES---------------------
|
|
||||||
echo_date 写入iptables规则到nat表中...
|
|
||||||
# 创建KOOLPROXY nat rule
|
|
||||||
iptables -t nat -N KOOLPROXY
|
|
||||||
# 局域网地址不走KP
|
|
||||||
iptables -t nat -A KOOLPROXY -m set --match-set white_kp_list dst -j RETURN
|
|
||||||
# 生成对应CHAIN
|
|
||||||
iptables -t nat -N KP_HTTP
|
|
||||||
iptables -t nat -A KP_HTTP -p tcp -m multiport --dport 80 -j REDIRECT --to-ports 3000
|
|
||||||
iptables -t nat -N KP_HTTPS
|
|
||||||
iptables -t nat -A KP_HTTPS -p tcp -m multiport --dport 80,443 -j REDIRECT --to-ports 3000
|
|
||||||
iptables -t nat -N KP_ALL_PORT
|
|
||||||
#iptables -t nat -A KP_ALL_PORT -p tcp -j REDIRECT --to-ports 3000
|
|
||||||
# 端口控制
|
|
||||||
if [ "$koolproxy_port" == "1" ]; then
|
|
||||||
echo_date 开启端口控制:【$koolproxy_bp_port】
|
|
||||||
if [ -n "$koolproxy_bp_port" ]; then
|
|
||||||
iptables -t nat -A KP_ALL_PORT -p tcp -m multiport ! --dport $koolproxy_bp_port -m set --match-set kp_full_port dst -j REDIRECT --to-ports 3000
|
|
||||||
else
|
|
||||||
iptables -t nat -A KP_ALL_PORT -p tcp -m set --match-set kp_full_port dst -j REDIRECT --to-ports 3000
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
iptables -t nat -A KP_ALL_PORT -p tcp -m set --match-set kp_full_port dst -j REDIRECT --to-ports 3000
|
|
||||||
fi
|
|
||||||
[ "$koolproxy_ipv6" == "1" ] && ip6tables -t nat -I PREROUTING -p tcp -j REDIRECT --to-ports 3000
|
|
||||||
# 局域网控制
|
|
||||||
lan_acess_control
|
|
||||||
# 剩余流量转发到缺省规则定义的链中
|
|
||||||
iptables -t nat -A KOOLPROXY -p tcp -j $(get_action_chain $koolproxy_acl_default)
|
|
||||||
# 重定所有流量到 KOOLPROXY
|
|
||||||
# 全局模式和视频模式
|
|
||||||
[ "$koolproxy_mode" == "1" ] || [ "$koolproxy_mode" == "3" ] && iptables -t nat -I PREROUTING 1 -p tcp -j KOOLPROXY
|
|
||||||
# ipset 黑名单模式
|
|
||||||
[ "$koolproxy_mode" == "2" ] && iptables -t nat -I PREROUTING 1 -p tcp -m set --match-set black_koolproxy dst -j KOOLPROXY
|
|
||||||
}
|
|
||||||
|
|
||||||
add_cru() {
|
|
||||||
time=$(config_t_get global time_update)
|
|
||||||
wirtecron=$(cat /etc/crontabs/root | grep "00 $time * * *" | grep kpupdate)
|
|
||||||
if [ -z "$wirtecron" ];then
|
|
||||||
sed -i '/kpupdate/d' /etc/crontabs/root >/dev/null 2>&1
|
|
||||||
echo "0 $time * * * /usr/share/koolproxy/kpupdate" >> /etc/crontabs/root
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
del_cru() {
|
|
||||||
sed -i '/kpupdate/d' /etc/crontabs/root >/dev/null 2>&1
|
|
||||||
}
|
|
||||||
|
|
||||||
detect_cert(){
|
|
||||||
if [ ! -f $KP_DIR/data/private/ca.key.pem -o ! -f $KP_DIR/data/cert/ca.crt ]; then
|
|
||||||
echo_date 开始生成koolproxy证书,用于https过滤!
|
|
||||||
cd $KP_DIR/data && sh gen_ca.sh
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
flush_nat() {
|
|
||||||
echo_date 移除nat规则...
|
|
||||||
cd $TMP_DIR
|
|
||||||
iptables -t nat -S | grep -E "KOOLPROXY|KP_HTTP|KP_HTTPS|KP_ALL_PORT" | sed 's/-A/iptables -t nat -D/g'|sed 1,4d > clean.sh && chmod 777 clean.sh && ./clean.sh
|
|
||||||
[ -f $TMP_DIR/clean.sh ] && rm -f $TMP_DIR/clean.sh
|
|
||||||
iptables -t nat -X KOOLPROXY > /dev/null 2>&1
|
|
||||||
iptables -t nat -X KP_HTTP > /dev/null 2>&1
|
|
||||||
iptables -t nat -X KP_HTTPS > /dev/null 2>&1
|
|
||||||
iptables -t nat -X KP_ALL_PORT > /dev/null 2>&1
|
|
||||||
ipset -F black_koolproxy > /dev/null 2>&1 && ipset -X black_koolproxy > /dev/null 2>&1
|
|
||||||
ipset -F white_kp_list > /dev/null 2>&1 && ipset -X white_kp_list > /dev/null 2>&1
|
|
||||||
ip6tables -t nat -D PREROUTING -p tcp -j REDIRECT --to-ports 3000 > /dev/null 2>&1
|
|
||||||
}
|
|
||||||
|
|
||||||
export_ipt_rules() {
|
|
||||||
FWI=$(uci get firewall.koolproxy.path 2>/dev/null)
|
|
||||||
[ -n "$FWI" ] || return 0
|
|
||||||
cat <<-CAT >>$FWI
|
|
||||||
iptables-save -c | grep -v -E "KOOLPROXY|KP" | iptables-restore -c
|
|
||||||
iptables-restore -n <<-EOF
|
|
||||||
$(iptables-save | grep -E "KOOLPROXY|KP|^\*|^COMMIT" |\
|
|
||||||
sed -e "s/^-A \(PREROUTING\)/-I \1 1/")
|
|
||||||
EOF
|
|
||||||
CAT
|
|
||||||
return $?
|
|
||||||
}
|
|
||||||
|
|
||||||
flush_ipt_rules() {
|
|
||||||
FWI=$(uci get firewall.koolproxy.path 2>/dev/null)
|
|
||||||
[ -n "$FWI" ] && echo '# firewall include file' >$FWI
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
pre_start() {
|
|
||||||
load_config
|
|
||||||
[ $? -ne 1 ] && return 0
|
|
||||||
iptables -t nat -C PREROUTING -p tcp -j KOOLPROXY 2>/dev/null && [ $? -eq 0 ] && return 0;
|
|
||||||
detect_cert
|
|
||||||
load_rules
|
|
||||||
load_user_rules
|
|
||||||
add_ipset_conf && restart_dnsmasq
|
|
||||||
creat_ipset
|
|
||||||
add_white_black_ip
|
|
||||||
load_nat
|
|
||||||
flush_ipt_rules && export_ipt_rules
|
|
||||||
add_cru
|
|
||||||
[ "$koolproxy_mode" == "1" ] && echo_date 选择【全局过滤模式】
|
|
||||||
[ "$koolproxy_mode" == "2" ] && echo_date 选择【IPSET过滤模式】
|
|
||||||
if [ "$koolproxy_mode" == "3" ]; then
|
|
||||||
echo_date 选择【视频过滤模式】
|
|
||||||
sed -i '1s/1/0/g;2s/1/0/g' $KP_DIR/data/source.list
|
|
||||||
fi
|
|
||||||
return 1
|
|
||||||
}
|
|
||||||
|
|
||||||
post_stop() {
|
|
||||||
load_config
|
|
||||||
[ $? -ne 1 ] && NO_RESTART_DNSMASQ=false
|
|
||||||
if [ $NO_RESTART_DNSMASQ ]; then
|
|
||||||
remove_ipset_conf
|
|
||||||
else
|
|
||||||
remove_ipset_conf && restart_dnsmasq
|
|
||||||
fi
|
|
||||||
flush_ipt_rules
|
|
||||||
flush_nat
|
|
||||||
del_cru
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
start_service() {
|
|
||||||
echo_date ================== koolproxy启用 ================
|
|
||||||
pre_start
|
|
||||||
[ $? -ne 1 ] && return 0
|
|
||||||
|
|
||||||
procd_open_instance
|
|
||||||
procd_set_param command /usr/share/koolproxy/koolproxy
|
|
||||||
procd_append_param command --mark
|
|
||||||
procd_append_param command --ttl 160
|
|
||||||
procd_append_param command --ipv6
|
|
||||||
|
|
||||||
procd_set_param respawn
|
|
||||||
|
|
||||||
procd_set_param file /etc/adblocklist/adblock
|
|
||||||
procd_set_param file /etc/adblocklist/adblockip
|
|
||||||
procd_set_param file /usr/share/koolproxy/data/user.txt
|
|
||||||
procd_set_param stdout 1
|
|
||||||
procd_set_param stderr 1
|
|
||||||
procd_close_instance
|
|
||||||
|
|
||||||
logger "koolproxy has started."
|
|
||||||
echo_date =================================================
|
|
||||||
}
|
|
||||||
|
|
||||||
stop_service() {
|
|
||||||
echo_date ====================== 关闭 =====================
|
|
||||||
post_stop
|
|
||||||
logger "koolproxy has stopped."
|
|
||||||
echo_date =================================================
|
|
||||||
}
|
|
||||||
|
|
||||||
reload_service() {
|
|
||||||
logger "koolproxy reload service."
|
|
||||||
NO_RESTART_DNSMASQ=true
|
|
||||||
stop
|
|
||||||
start
|
|
||||||
}
|
|
||||||
|
|
||||||
service_triggers() {
|
|
||||||
procd_add_reload_trigger "koolproxy"
|
|
||||||
}
|
|
||||||
|
|
||||||
restart() {
|
|
||||||
logger "koolproxy restart service."
|
|
||||||
NO_RESTART_DNSMASQ=true
|
|
||||||
stop
|
|
||||||
start
|
|
||||||
}
|
|
||||||
|
|
||||||
boot() {
|
|
||||||
local delay=$(config_t_get global startup_delay 0)
|
|
||||||
(sleep $delay && start >/dev/null 2>&1) &
|
|
||||||
return 0
|
|
||||||
}
|
|
@ -1,17 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
uci -q batch <<-EOF >/dev/null
|
|
||||||
delete ucitrack.@koolproxy[-1]
|
|
||||||
add ucitrack koolproxy
|
|
||||||
set ucitrack.@koolproxy[-1].init=koolproxy
|
|
||||||
commit ucitrack
|
|
||||||
delete firewall.koolproxy
|
|
||||||
set firewall.koolproxy=include
|
|
||||||
set firewall.koolproxy.type=script
|
|
||||||
set firewall.koolproxy.path=/var/etc/koolproxy.include
|
|
||||||
set firewall.koolproxy.reload=1
|
|
||||||
commit firewall
|
|
||||||
EOF
|
|
||||||
|
|
||||||
rm -f /tmp/luci-indexcache
|
|
||||||
exit 0
|
|
@ -1,3 +0,0 @@
|
|||||||
/usr/share/koolproxy/data/certs/ca.crt
|
|
||||||
/usr/share/koolproxy/data/private/base.key.pem
|
|
||||||
/usr/share/koolproxy/data/private/ca.key.pem
|
|
@ -1,8 +0,0 @@
|
|||||||
module("luci.controller.koolproxy",package.seeall)
|
|
||||||
function index()
|
|
||||||
if not nixio.fs.access("/etc/config/koolproxy")then
|
|
||||||
return
|
|
||||||
end
|
|
||||||
entry({"admin","services","koolproxy"},cbi("koolproxy/global"),_("KoolProxyR plus+"),1).dependent=true
|
|
||||||
entry({"admin","services","koolproxy","rss_rule"},cbi("koolproxy/rss_rule"), nil).leaf=true
|
|
||||||
end
|
|
Binary file not shown.
@ -1,392 +0,0 @@
|
|||||||
-- Copyright 2018 Nick Peng (pymumu@gmail.com)
|
|
||||||
|
|
||||||
require ("nixio.fs")
|
|
||||||
require ("luci.http")
|
|
||||||
require ("luci.dispatcher")
|
|
||||||
require ("nixio.fs")
|
|
||||||
|
|
||||||
local fs = require "nixio.fs"
|
|
||||||
local sys = require "luci.sys"
|
|
||||||
local http = require "luci.http"
|
|
||||||
|
|
||||||
|
|
||||||
local o,t,e
|
|
||||||
local v=luci.sys.exec("/usr/share/koolproxy/koolproxy -v")
|
|
||||||
local s=luci.sys.exec("grep -v !x /usr/share/koolproxy/data/rules/easylistchina.txt | wc -l")
|
|
||||||
local u=luci.sys.exec("grep -v !x /usr/share/koolproxy/data/rules/fanboy.txt | wc -l")
|
|
||||||
local p=luci.sys.exec("grep -v !x /usr/share/koolproxy/data/rules/yhosts.txt | wc -l")
|
|
||||||
local h=luci.sys.exec("grep -v '^!' /usr/share/koolproxy/data/rules/user.txt | wc -l")
|
|
||||||
local i=luci.sys.exec("cat /usr/share/koolproxy/dnsmasq.adblock | wc -l")
|
|
||||||
|
|
||||||
if luci.sys.call("pidof koolproxy >/dev/null") == 0 then
|
|
||||||
status = translate("<strong><font color=\"green\">KoolProxyR plus+ 运行中</font></strong>")
|
|
||||||
else
|
|
||||||
status = translate("<strong><font color=\"red\">KoolProxyR plus+ 已停止</font></strong>")
|
|
||||||
end
|
|
||||||
|
|
||||||
o = Map("koolproxy", translate("KoolProxyR plus+ "), translate("KoolProxyR plus+是能识别adblock规则的免费开源软件,追求体验更快、更清洁的网络,屏蔽烦人的广告 <br /><font color=\"red\"><br /></font>"))
|
|
||||||
|
|
||||||
|
|
||||||
t = o:section(TypedSection, "global")
|
|
||||||
t.anonymous = true
|
|
||||||
t.description = translate(string.format("%s<br /><br />", status))
|
|
||||||
|
|
||||||
t:tab("base",translate("Basic Settings"))
|
|
||||||
|
|
||||||
e = t:taboption("base", Flag, "enabled", translate("Enable"))
|
|
||||||
e.default = 0
|
|
||||||
e.rmempty = false
|
|
||||||
|
|
||||||
e = t:taboption("base", DummyValue, "koolproxy_status", translate("程序版本"))
|
|
||||||
e.value = string.format("[ %s ]", v)
|
|
||||||
|
|
||||||
e = t:taboption("base", Value, "startup_delay", translate("Startup Delay"))
|
|
||||||
e:value(0, translate("Not enabled"))
|
|
||||||
for _, v in ipairs({5, 10, 15, 25, 40}) do
|
|
||||||
e:value(v, translate("%u seconds") %{v})
|
|
||||||
end
|
|
||||||
e.datatype = "uinteger"
|
|
||||||
e.default = 0
|
|
||||||
e.rmempty = false
|
|
||||||
|
|
||||||
e = t:taboption("base", ListValue, "koolproxy_mode", translate("Filter Mode"))
|
|
||||||
e.default = 1
|
|
||||||
e.rmempty = false
|
|
||||||
e:value(1, translate("全局模式"))
|
|
||||||
e:value(2, translate("IPSET模式"))
|
|
||||||
e:value(3, translate("视频模式"))
|
|
||||||
|
|
||||||
e = t:taboption("base", MultiValue, "koolproxy_rules", translate("内置规则"))
|
|
||||||
e.optional = false
|
|
||||||
e.rmempty = false
|
|
||||||
e:value("easylistchina.txt", translate("ABP规则"))
|
|
||||||
e:value("fanboy.txt", translate("fanboy规则"))
|
|
||||||
e:value("yhosts.txt", translate("yhosts规则"))
|
|
||||||
e:value("kp.dat", translate("视频规则"))
|
|
||||||
e:value("user.txt", translate("自定义规则"))
|
|
||||||
|
|
||||||
e = t:taboption("base", ListValue, "koolproxy_port", translate("端口控制"))
|
|
||||||
e.default = 0
|
|
||||||
e.rmempty = false
|
|
||||||
e:value(0, translate("关闭"))
|
|
||||||
e:value(1, translate("开启"))
|
|
||||||
|
|
||||||
e = t:taboption("base", ListValue, "koolproxy_ipv6", translate("IPv6支持"))
|
|
||||||
e.default = 0
|
|
||||||
e.rmempty = false
|
|
||||||
e:value(0, translate("关闭"))
|
|
||||||
e:value(1, translate("开启"))
|
|
||||||
|
|
||||||
e = t:taboption("base", Value, "koolproxy_bp_port", translate("例外端口"))
|
|
||||||
e:depends("koolproxy_port", "1")
|
|
||||||
e.rmempty = false
|
|
||||||
e.description = translate(string.format("<font color=\"red\"><strong>单端口:80 多端口:80,443</strong></font>"))
|
|
||||||
|
|
||||||
e=t:taboption("base",Flag,"koolproxy_host",translate("开启Adblock Plus Hosts"))
|
|
||||||
e.default=0
|
|
||||||
e:depends("koolproxy_mode","2")
|
|
||||||
|
|
||||||
|
|
||||||
e = t:taboption("base", ListValue, "koolproxy_acl_default", translate("默认访问控制"))
|
|
||||||
e.default = 1
|
|
||||||
e.rmempty = false
|
|
||||||
e:value(0, translate("不过滤"))
|
|
||||||
e:value(1, translate("过滤HTTP协议"))
|
|
||||||
e:value(2, translate("过滤HTTP(S)协议"))
|
|
||||||
e:value(3, translate("全部过滤"))
|
|
||||||
e.description = translate(string.format("<font color=\"blue\"><strong>访问控制设置中其他主机的默认规则</strong></font>"))
|
|
||||||
|
|
||||||
e = t:taboption("base", ListValue, "time_update", translate("定时更新"))
|
|
||||||
for t = 0,23 do
|
|
||||||
e:value(t,translate("每天"..t.."点"))
|
|
||||||
end
|
|
||||||
e.default = 0
|
|
||||||
e.rmempty = false
|
|
||||||
e.description = translate(string.format("<font color=\"red\"><strong>定时更新订阅规则与Adblock Plus Hosts</strong></font>"))
|
|
||||||
|
|
||||||
e = t:taboption("base", Button, "restart", translate("规则状态"))
|
|
||||||
e.inputtitle = translate("更新规则")
|
|
||||||
e.inputstyle = "reload"
|
|
||||||
e.write = function()
|
|
||||||
luci.sys.call("/usr/share/koolproxy/kpupdate 2>&1 >/dev/null")
|
|
||||||
luci.http.redirect(luci.dispatcher.build_url("admin","services","koolproxy"))
|
|
||||||
end
|
|
||||||
e.description = translate(string.format("<font color=\"red\"><strong>更新订阅规则与Adblock Plus Hosts</strong></font><br /><font color=\"green\">ABP规则: %s条<br />fanboy规则: %s条<br />yhosts规则: %s条<br />自定义规则: %s条<br />Host: %s条</font><br />", s, u, p, h, i))
|
|
||||||
t:tab("cert",translate("Certificate Management"))
|
|
||||||
|
|
||||||
e=t:taboption("cert",DummyValue,"c1status",translate("<div align=\"left\">Certificate Restore</div>"))
|
|
||||||
e=t:taboption("cert",FileUpload,"")
|
|
||||||
e.template="koolproxy/caupload"
|
|
||||||
e=t:taboption("cert",DummyValue,"",nil)
|
|
||||||
e.template="koolproxy/cadvalue"
|
|
||||||
if nixio.fs.access("/usr/share/koolproxy/data/certs/ca.crt")then
|
|
||||||
e=t:taboption("cert",DummyValue,"c2status",translate("<div align=\"left\">Certificate Backup</div>"))
|
|
||||||
e=t:taboption("cert",Button,"certificate")
|
|
||||||
e.inputtitle=translate("Backup Download")
|
|
||||||
e.inputstyle="reload"
|
|
||||||
e.write=function()
|
|
||||||
luci.sys.call("/usr/share/koolproxy/camanagement backup 2>&1 >/dev/null")
|
|
||||||
Download()
|
|
||||||
luci.http.redirect(luci.dispatcher.build_url("admin","services","koolproxy"))
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
|
|
||||||
t:tab("white_weblist",translate("网站白名单设置"))
|
|
||||||
|
|
||||||
local i = "/etc/adblocklist/adbypass"
|
|
||||||
e = t:taboption("white_weblist", TextValue, "adbypass_domain")
|
|
||||||
e.description = translate("这些已经加入的网站将不会使用过滤器。请输入网站的域名,每行只能输入一个网站域名。例如google.com。")
|
|
||||||
e.rows = 28
|
|
||||||
e.wrap = "off"
|
|
||||||
e.rmempty = false
|
|
||||||
|
|
||||||
function e.cfgvalue()
|
|
||||||
return fs.readfile(i) or ""
|
|
||||||
end
|
|
||||||
|
|
||||||
function e.write(self, section, value)
|
|
||||||
if value then
|
|
||||||
value = value:gsub("\r\n", "\n")
|
|
||||||
else
|
|
||||||
value = ""
|
|
||||||
end
|
|
||||||
fs.writefile("/tmp/adbypass", value)
|
|
||||||
if (luci.sys.call("cmp -s /tmp/adbypass /etc/adblocklist/adbypass") == 1) then
|
|
||||||
fs.writefile(i, value)
|
|
||||||
end
|
|
||||||
fs.remove("/tmp/adbypass")
|
|
||||||
end
|
|
||||||
|
|
||||||
t:tab("weblist",translate("Set Backlist Of Websites"))
|
|
||||||
|
|
||||||
local i = "/etc/adblocklist/adblock"
|
|
||||||
e = t:taboption("weblist", TextValue, "adblock_domain")
|
|
||||||
e.description = translate("加入的网址将走广告过滤端口。只针对黑名单模式。只能输入WEB地址,如:google.com,每个地址一行。")
|
|
||||||
e.rows = 28
|
|
||||||
e.wrap = "off"
|
|
||||||
e.rmempty = false
|
|
||||||
|
|
||||||
function e.cfgvalue()
|
|
||||||
return fs.readfile(i) or ""
|
|
||||||
end
|
|
||||||
|
|
||||||
function e.write(self, section, value)
|
|
||||||
if value then
|
|
||||||
value = value:gsub("\r\n", "\n")
|
|
||||||
else
|
|
||||||
value = ""
|
|
||||||
end
|
|
||||||
fs.writefile("/tmp/adblock", value)
|
|
||||||
if (luci.sys.call("cmp -s /tmp/adblock /etc/adblocklist/adblock") == 1) then
|
|
||||||
fs.writefile(i, value)
|
|
||||||
end
|
|
||||||
fs.remove("/tmp/adblock")
|
|
||||||
end
|
|
||||||
|
|
||||||
t:tab("white_iplist",translate("IP白名单设置"))
|
|
||||||
|
|
||||||
local i = "/etc/adblocklist/adbypassip"
|
|
||||||
e = t:taboption("white_iplist", TextValue, "adbypass_ip")
|
|
||||||
e.description = translate("这些已加入的ip地址将使用代理,但只有GFW型号。请输入ip地址或ip地址段,每行只能输入一个ip地址。例如,112.123.134.145 / 24或112.123.134.145。")
|
|
||||||
e.rows = 28
|
|
||||||
e.wrap = "off"
|
|
||||||
e.rmempty = false
|
|
||||||
|
|
||||||
function e.cfgvalue()
|
|
||||||
return fs.readfile(i) or ""
|
|
||||||
end
|
|
||||||
|
|
||||||
function e.write(self, section, value)
|
|
||||||
if value then
|
|
||||||
value = value:gsub("\r\n", "\n")
|
|
||||||
else
|
|
||||||
value = ""
|
|
||||||
end
|
|
||||||
fs.writefile("/tmp/adbypassip", value)
|
|
||||||
if (luci.sys.call("cmp -s /tmp/adbypassip /etc/adblocklist/adbypassip") == 1) then
|
|
||||||
fs.writefile(i, value)
|
|
||||||
end
|
|
||||||
fs.remove("/tmp/adbypassip")
|
|
||||||
end
|
|
||||||
|
|
||||||
t:tab("iplist",translate("IP黑名单设置"))
|
|
||||||
|
|
||||||
local i = "/etc/adblocklist/adblockip"
|
|
||||||
e = t:taboption("iplist", TextValue, "adblock_ip")
|
|
||||||
e.description = translate("这些已经加入的ip地址不会使用filter.Please输入ip地址或ip地址段,每行只能输入一个ip地址。例如,112.123.134.145 / 24或112.123.134.145。")
|
|
||||||
e.rows = 28
|
|
||||||
e.wrap = "off"
|
|
||||||
e.rmempty = false
|
|
||||||
|
|
||||||
function e.cfgvalue()
|
|
||||||
return fs.readfile(i) or ""
|
|
||||||
end
|
|
||||||
|
|
||||||
function e.write(self, section, value)
|
|
||||||
if value then
|
|
||||||
value = value:gsub("\r\n", "\n")
|
|
||||||
else
|
|
||||||
value = ""
|
|
||||||
end
|
|
||||||
fs.writefile("/tmp/adblockip", value)
|
|
||||||
if (luci.sys.call("cmp -s /tmp/adblockip /etc/adblocklist/adblockip") == 1) then
|
|
||||||
fs.writefile(i, value)
|
|
||||||
end
|
|
||||||
fs.remove("/tmp/adblockip")
|
|
||||||
end
|
|
||||||
|
|
||||||
t:tab("customlist", translate("Set Backlist Of custom"))
|
|
||||||
|
|
||||||
local i = "/usr/share/koolproxy/data/user.txt"
|
|
||||||
e = t:taboption("customlist", TextValue, "user_rule")
|
|
||||||
e.description = translate("Enter your custom rules, each row.")
|
|
||||||
e.rows = 28
|
|
||||||
e.wrap = "off"
|
|
||||||
e.rmempty = false
|
|
||||||
|
|
||||||
function e.cfgvalue()
|
|
||||||
return fs.readfile(i) or ""
|
|
||||||
end
|
|
||||||
|
|
||||||
function e.write(self, section, value)
|
|
||||||
if value then
|
|
||||||
value = value:gsub("\r\n", "\n")
|
|
||||||
else
|
|
||||||
value = ""
|
|
||||||
end
|
|
||||||
fs.writefile("/tmp/user.txt", value)
|
|
||||||
if (luci.sys.call("cmp -s /tmp/user.txt /usr/share/koolproxy/data/user.txt") == 1) then
|
|
||||||
fs.writefile(i, value)
|
|
||||||
end
|
|
||||||
fs.remove("/tmp/user.txt")
|
|
||||||
end
|
|
||||||
|
|
||||||
t:tab("logs",translate("View the logs"))
|
|
||||||
|
|
||||||
local i = "/var/log/koolproxy.log"
|
|
||||||
e = t:taboption("logs", TextValue, "kpupdate_log")
|
|
||||||
e.description = translate("Koolproxy Logs")
|
|
||||||
e.rows = 28
|
|
||||||
e.wrap = "off"
|
|
||||||
e.rmempty = false
|
|
||||||
|
|
||||||
function e.cfgvalue()
|
|
||||||
return fs.readfile(i) or ""
|
|
||||||
end
|
|
||||||
|
|
||||||
function e.write(self, section, value)
|
|
||||||
end
|
|
||||||
|
|
||||||
t=o:section(TypedSection,"acl_rule",translate("KoolProxyR 访问控制"),
|
|
||||||
translate("ACLs is a tools which used to designate specific IP filter mode,The MAC addresses added to the list will be filtered using https"))
|
|
||||||
t.template="cbi/tblsection"
|
|
||||||
t.sortable=true
|
|
||||||
t.anonymous=true
|
|
||||||
t.addremove=true
|
|
||||||
e=t:option(Value,"remarks",translate("Client Remarks"))
|
|
||||||
e.width="30%"
|
|
||||||
e.rmempty=true
|
|
||||||
e=t:option(Value,"ipaddr",translate("IP Address"))
|
|
||||||
e.width="20%"
|
|
||||||
e.datatype="ip4addr"
|
|
||||||
luci.ip.neighbors({family = 4}, function(neighbor)
|
|
||||||
if neighbor.reachable then
|
|
||||||
e:value(neighbor.dest:string(), "%s (%s)" %{neighbor.dest:string(), neighbor.mac})
|
|
||||||
end
|
|
||||||
end)
|
|
||||||
e=t:option(Value,"mac",translate("MAC Address"))
|
|
||||||
e.width="20%"
|
|
||||||
e.rmempty=true
|
|
||||||
e.datatype="macaddr"
|
|
||||||
luci.ip.neighbors({family = 4}, function(neighbor)
|
|
||||||
if neighbor.reachable then
|
|
||||||
e:value(neighbor.mac, "%s (%s)" %{neighbor.mac, neighbor.dest:string()})
|
|
||||||
end
|
|
||||||
end)
|
|
||||||
e=t:option(ListValue,"proxy_mode",translate("访问控制"))
|
|
||||||
e.width="20%"
|
|
||||||
e.default=1
|
|
||||||
e.rmempty=false
|
|
||||||
e:value(0,translate("不过滤"))
|
|
||||||
e:value(1,translate("http only"))
|
|
||||||
e:value(2,translate("http + https"))
|
|
||||||
e:value(3,translate("full port"))
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
t=o:section(TypedSection,"rss_rule",translate("KoolProxyR 规则订阅"), translate("请确保订阅规则的兼容性"))
|
|
||||||
t.anonymous=true
|
|
||||||
t.addremove=true
|
|
||||||
t.sortable=true
|
|
||||||
t.template="cbi/tblsection"
|
|
||||||
t.extedit=luci.dispatcher.build_url("admin/services/koolproxy/rss_rule/%s")
|
|
||||||
|
|
||||||
t.create=function(...)
|
|
||||||
local sid=TypedSection.create(...)
|
|
||||||
if sid then
|
|
||||||
luci.http.redirect(t.extedit % sid)
|
|
||||||
return
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
e=t:option(Flag,"load",translate("启用"))
|
|
||||||
e.default=0
|
|
||||||
e.rmempty=false
|
|
||||||
|
|
||||||
e=t:option(DummyValue,"name",translate("规则名称"))
|
|
||||||
function e.cfgvalue(...)
|
|
||||||
return Value.cfgvalue(...) or translate("None")
|
|
||||||
end
|
|
||||||
|
|
||||||
e=t:option(DummyValue,"url",translate("规则地址"))
|
|
||||||
function e.cfgvalue(...)
|
|
||||||
return Value.cfgvalue(...) or translate("None")
|
|
||||||
end
|
|
||||||
|
|
||||||
e=t:option(DummyValue,"time",translate("更新时间"))
|
|
||||||
|
|
||||||
function Download()
|
|
||||||
local t,e
|
|
||||||
t=nixio.open("/tmp/upload/koolproxyca.tar.gz","r")
|
|
||||||
luci.http.header('Content-Disposition','attachment; filename="koolproxyCA.tar.gz"')
|
|
||||||
luci.http.prepare_content("application/octet-stream")
|
|
||||||
while true do
|
|
||||||
e=t:read(nixio.const.buffersize)
|
|
||||||
if(not e)or(#e==0)then
|
|
||||||
break
|
|
||||||
else
|
|
||||||
luci.http.write(e)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
t:close()
|
|
||||||
luci.http.close()
|
|
||||||
end
|
|
||||||
local t,e
|
|
||||||
t="/tmp/upload/"
|
|
||||||
nixio.fs.mkdir(t)
|
|
||||||
luci.http.setfilehandler(
|
|
||||||
function(o,a,i)
|
|
||||||
if not e then
|
|
||||||
if not o then return end
|
|
||||||
e=nixio.open(t..o.file,"w")
|
|
||||||
if not e then
|
|
||||||
return
|
|
||||||
end
|
|
||||||
end
|
|
||||||
if a and e then
|
|
||||||
e:write(a)
|
|
||||||
end
|
|
||||||
if i and e then
|
|
||||||
e:close()
|
|
||||||
e=nil
|
|
||||||
luci.sys.call("/usr/share/koolproxy/camanagement restore 2>&1 >/dev/null")
|
|
||||||
end
|
|
||||||
end
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
return o
|
|
@ -1,36 +0,0 @@
|
|||||||
local m, s, o
|
|
||||||
local koolproxy = "koolproxy"
|
|
||||||
local sid = arg[1]
|
|
||||||
|
|
||||||
m = Map(koolproxy, "%s - %s" %{translate("koolproxy"), translate("编辑规则")})
|
|
||||||
m.redirect = luci.dispatcher.build_url("admin/services/koolproxy")
|
|
||||||
|
|
||||||
if not arg[1] or m.uci:get(koolproxy, sid) ~= "rss_rule" then
|
|
||||||
luci.http.redirect(m.redirect)
|
|
||||||
return
|
|
||||||
end
|
|
||||||
|
|
||||||
-- [[ Edit Rule ]]--
|
|
||||||
s = m:section(NamedSection, sid, "rss_rule")
|
|
||||||
s.anonymous = true
|
|
||||||
s.addremove = true
|
|
||||||
|
|
||||||
o=s:option(Flag,"load",translate("启用"))
|
|
||||||
o.default=0
|
|
||||||
o.rmempty=false
|
|
||||||
|
|
||||||
o=s:option(Value,"name",translate("规则描述"))
|
|
||||||
o.rmempty=true
|
|
||||||
|
|
||||||
o=s:option(Value,"url",translate("规则地址"))
|
|
||||||
o.rmempty=false
|
|
||||||
o.placeholder="[https|http|ftp]://[Hostname]/[File]"
|
|
||||||
function o.validate(self, value)
|
|
||||||
if not value then
|
|
||||||
return nil
|
|
||||||
else
|
|
||||||
return value
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
return m
|
|
@ -1,8 +0,0 @@
|
|||||||
<%+cbi/valueheader%>
|
|
||||||
<span style="color: green">
|
|
||||||
<%
|
|
||||||
local val = self:cfgvalue(section) or self.default or ""
|
|
||||||
write(pcdata(val))
|
|
||||||
%>
|
|
||||||
</span>
|
|
||||||
<%+cbi/valuefooter%>
|
|
@ -1,5 +0,0 @@
|
|||||||
<%+cbi/valueheader%>
|
|
||||||
<label class="cbi-value" style="display:inline-block; width: 400px" for="ulfile"><font color="red"><%:Upload backup file,The file name must be koolproxyCA.tar.gz%></font></label><br />
|
|
||||||
<input class="cbi-input-file" style="width: 400px" type="file" id="ulfile" name="ulfile" />
|
|
||||||
<input type="submit" class="cbi-button cbi-input-apply" name="upload" value="<%:Upload Restore%>" />
|
|
||||||
<%+cbi/valuefooter%>
|
|
@ -1,3 +0,0 @@
|
|||||||
<%+cbi/valueheader%>
|
|
||||||
<span class="koolproxy_status"><%=pcdata(self:cfgvalue(section) or self.default or "")%></span>
|
|
||||||
<%+cbi/valuefooter%>
|
|
@ -1,16 +0,0 @@
|
|||||||
<%#
|
|
||||||
Copyright 2016 Chen RuiWei <crwbak@gmail.com>
|
|
||||||
Licensed to the public under the Apache License 2.0.
|
|
||||||
-%>
|
|
||||||
|
|
||||||
<% include("cbi/map") %>
|
|
||||||
<script type="text/javascript">//<![CDATA[
|
|
||||||
XHR.poll(2, '<%=luci.dispatcher.build_url("admin", "services", "koolproxy", "status")%>', null,
|
|
||||||
function(x, result)
|
|
||||||
{
|
|
||||||
var status = document.getElementsByClassName('koolproxy_status');
|
|
||||||
status[0].innerHTML = result.koolproxy?'<b><font color=green><%=translate("RUNNING")%></font></b>':'<b><font color=red><%=translate("NOT RUNNING")%></font></b>';
|
|
||||||
}
|
|
||||||
);
|
|
||||||
//]]>
|
|
||||||
</script>
|
|
@ -1,23 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
echo "$(date "+%F %T"): 正在下载adblockplus规则..."
|
|
||||||
wget-ssl --quiet --no-check-certificate https://easylist-downloads.adblockplus.org/easylistchina+easylist.txt -O /tmp/adlist.txt
|
|
||||||
if [ "$?" == "0" ]; then
|
|
||||||
grep ^\|\|[^\*]*\^$ /tmp/adlist.txt | sed -e 's:||:address\=\/:' -e 's:\^:/0\.0\.0\.0:' > /tmp/dnsmasq.adblock
|
|
||||||
rm -f /tmp/adlist.txt
|
|
||||||
diff /tmp/dnsmasq.adblock /usr/share/koolproxy/dnsmasq.adblock >/dev/null
|
|
||||||
[ $? = 0 ] && echo "$(date "+%F %T"): adblockplus本地规则和服务器规则相同,无需更新!" && rm -f /tmp/dnsmasq.adblock && return 1
|
|
||||||
echo "$(date "+%F %T"): 检测到adblockplus规则有更新,开始转换规则!"
|
|
||||||
sed -i '/youku/d' /tmp/dnsmasq.adblock >/dev/null 2>&1
|
|
||||||
sed -i '/[1-9]\{1,3\}\.[1-9]\{1,3\}\.[1-9]\{1,3\}\.[1-9]\{1,3\}/d' /tmp/dnsmasq.adblock >/dev/null 2>&1
|
|
||||||
mv /tmp/dnsmasq.adblock /usr/share/koolproxy/dnsmasq.adblock
|
|
||||||
echo "$(date "+%F %T"): adblockplus规则转换完成,应用新规则。"
|
|
||||||
echo ""
|
|
||||||
echo "$(date "+%F %T"): 重启dnsmasq进程"
|
|
||||||
/etc/init.d/dnsmasq restart > /dev/null 2>&1
|
|
||||||
|
|
||||||
return 0
|
|
||||||
else
|
|
||||||
echo "$(date "+%F %T"): 获取在线版本时出现错误! "
|
|
||||||
[ -f /tmp/adlist.txt ] && rm -f /tmp/adlist.txt
|
|
||||||
return 1
|
|
||||||
fi
|
|
@ -1,66 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
kpfolder="/usr/share/koolproxy/data"
|
|
||||||
kplogfile="/var/log/koolproxy.log"
|
|
||||||
readyfolder="/tmp/upload/koolproxy"
|
|
||||||
|
|
||||||
backup() {
|
|
||||||
if [ ! -f $kpfolder/private/ca.key.pem ]; then
|
|
||||||
echo "未找到ca.key.pem,请先运行Koolproxy一次!" > $kplogfile
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
if [ ! -f $kpfolder/private/base.key.pem ]; then
|
|
||||||
echo "未找到base.key.pem,请先运行Koolproxy一次!" > $kplogfile
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
if [ ! -f $kpfolder/certs/ca.crt ]; then
|
|
||||||
echo "未找到ca.crt,请先运行Koolproxy一次!" > $kplogfile
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
mkdir -p /tmp/upload
|
|
||||||
cd $kpfolder
|
|
||||||
tar czf /tmp/upload/koolproxyca.tar.gz private/ca.key.pem private/base.key.pem certs/ca.crt
|
|
||||||
[ -f /tmp/upload/koolproxyca.tar.gz ] && echo "证书备份已成功生成。" > $kplogfile
|
|
||||||
}
|
|
||||||
|
|
||||||
restore() {
|
|
||||||
if [ ! -f /tmp/upload/koolproxyCA.tar.gz ]; then
|
|
||||||
echo "未找到备份文件,文件名必须为koolproxyCA.tar.gz或已损坏,请检查备份文件!" >> $kplogfile
|
|
||||||
else
|
|
||||||
mkdir -p $readyfolder
|
|
||||||
cd $readyfolder
|
|
||||||
tar xzf /tmp/upload/koolproxyCA.tar.gz
|
|
||||||
fi
|
|
||||||
if [ ! -f $readyfolder/private/ca.key.pem ]; then
|
|
||||||
echo "未找到ca.key.pem,备份文件不正确或已损坏,请检查备份文件!" > $kplogfile
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
if [ ! -f $readyfolder/private/base.key.pem ]; then
|
|
||||||
echo "未找到base.key.pem,备份文件不正确或已损坏,请检查备份文件!" > $kplogfile
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
if [ ! -f $readyfolder/certs/ca.crt ]; then
|
|
||||||
echo "未找到ca.crt,备份文件不正确或已损坏,请检查备份文件!" > $kplogfile
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
mv -f $readyfolder/private/ca.key.pem $kpfolder/private/ca.key.pem
|
|
||||||
mv -f $readyfolder/private/base.key.pem $kpfolder/private/base.key.pem
|
|
||||||
mv -f $readyfolder/certs/ca.crt $kpfolder/certs/ca.crt
|
|
||||||
rm -rf $readyfolder
|
|
||||||
rm -f /tmp/upload/koolproxyCA.tar.gz
|
|
||||||
echo "证书成功还原,重启Koolproxy。" > $kplogfile
|
|
||||||
/etc/init.d/koolproxy restart
|
|
||||||
}
|
|
||||||
|
|
||||||
case "$*" in
|
|
||||||
"backup")
|
|
||||||
backup
|
|
||||||
;;
|
|
||||||
"restore")
|
|
||||||
restore
|
|
||||||
;;
|
|
||||||
"help")
|
|
||||||
echo "use backup or restore"
|
|
||||||
;;
|
|
||||||
esac
|
|
@ -1,29 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
alias echo_date='echo $(date +%Y年%m月%d日\ %X):'
|
|
||||||
|
|
||||||
if [ ! -f openssl.cnf ]; then
|
|
||||||
echo_date "Cannot found openssl.cnf"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
if [ -f /usr/share/koolproxy/data/private/ca.key.pem ]; then
|
|
||||||
echo_date "已经有证书了!"
|
|
||||||
else
|
|
||||||
echo_date "生成证书中..."
|
|
||||||
|
|
||||||
#step 1, root ca
|
|
||||||
mkdir -p certs private
|
|
||||||
rm -f serial private/ca.key.pem
|
|
||||||
chmod 700 private
|
|
||||||
echo 1000 > serial
|
|
||||||
openssl genrsa -aes256 -passout pass:koolshare -out private/ca.key.pem 2048
|
|
||||||
chmod 400 private/ca.key.pem
|
|
||||||
openssl req -config openssl.cnf -passin pass:koolshare \
|
|
||||||
-subj "/C=CN/ST=Beijing/L=KP/O=KoolProxy inc/CN=koolproxy.com" \
|
|
||||||
-key private/ca.key.pem \
|
|
||||||
-new -x509 -days 7300 -sha256 -extensions v3_ca \
|
|
||||||
-out certs/ca.crt
|
|
||||||
|
|
||||||
#step 2, domain rsa key
|
|
||||||
openssl genrsa -aes256 -passout pass:koolshare -out private/base.key.pem 2048
|
|
||||||
echo_date "证书生成完毕..."
|
|
||||||
fi
|
|
@ -1,132 +0,0 @@
|
|||||||
# OpenSSL root CA configuration file.
|
|
||||||
# Copy to `/root/ca/openssl.cnf`.
|
|
||||||
|
|
||||||
[ ca ]
|
|
||||||
# `man ca`
|
|
||||||
default_ca = CA_default
|
|
||||||
|
|
||||||
[ CA_default ]
|
|
||||||
# Directory and file locations.
|
|
||||||
dir = ./ca
|
|
||||||
certs = $dir/certs
|
|
||||||
crl_dir = $dir/crl
|
|
||||||
new_certs_dir = $dir/newcerts
|
|
||||||
database = $dir/index.txt
|
|
||||||
serial = $dir/serial
|
|
||||||
RANDFILE = $dir/private/.rand
|
|
||||||
|
|
||||||
# The root key and root certificate.
|
|
||||||
private_key = $dir/private/ca.key.pem
|
|
||||||
certificate = $dir/certs/ca.cert.pem
|
|
||||||
|
|
||||||
# For certificate revocation lists.
|
|
||||||
crlnumber = $dir/crlnumber
|
|
||||||
crl = $dir/crl/ca.crl.pem
|
|
||||||
crl_extensions = crl_ext
|
|
||||||
default_crl_days = 30
|
|
||||||
|
|
||||||
# SHA-1 is deprecated, so use SHA-2 instead.
|
|
||||||
default_md = sha256
|
|
||||||
|
|
||||||
name_opt = ca_default
|
|
||||||
cert_opt = ca_default
|
|
||||||
default_days = 375
|
|
||||||
preserve = no
|
|
||||||
policy = policy_strict
|
|
||||||
|
|
||||||
[ policy_strict ]
|
|
||||||
# The root CA should only sign intermediate certificates that match.
|
|
||||||
# See the POLICY FORMAT section of `man ca`.
|
|
||||||
countryName = match
|
|
||||||
stateOrProvinceName = match
|
|
||||||
organizationName = match
|
|
||||||
organizationalUnitName = optional
|
|
||||||
commonName = supplied
|
|
||||||
emailAddress = optional
|
|
||||||
|
|
||||||
[ policy_loose ]
|
|
||||||
# Allow the intermediate CA to sign a more diverse range of certificates.
|
|
||||||
# See the POLICY FORMAT section of the `ca` man page.
|
|
||||||
countryName = optional
|
|
||||||
stateOrProvinceName = optional
|
|
||||||
localityName = optional
|
|
||||||
organizationName = optional
|
|
||||||
organizationalUnitName = optional
|
|
||||||
commonName = supplied
|
|
||||||
emailAddress = optional
|
|
||||||
|
|
||||||
[ req ]
|
|
||||||
# Options for the `req` tool (`man req`).
|
|
||||||
default_bits = 2048
|
|
||||||
distinguished_name = req_distinguished_name
|
|
||||||
string_mask = utf8only
|
|
||||||
|
|
||||||
# SHA-1 is deprecated, so use SHA-2 instead.
|
|
||||||
default_md = sha256
|
|
||||||
|
|
||||||
# Extension to add when the -x509 option is used.
|
|
||||||
x509_extensions = v3_ca
|
|
||||||
|
|
||||||
[ req_distinguished_name ]
|
|
||||||
# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
|
|
||||||
countryName = Country Name (2 letter code)
|
|
||||||
stateOrProvinceName = State or Province Name
|
|
||||||
localityName = Locality Name
|
|
||||||
0.organizationName = Organization Name
|
|
||||||
organizationalUnitName = Organizational Unit Name
|
|
||||||
commonName = Common Name
|
|
||||||
emailAddress = Email Address
|
|
||||||
|
|
||||||
# Optionally, specify some defaults.
|
|
||||||
countryName_default = GB
|
|
||||||
stateOrProvinceName_default = England
|
|
||||||
localityName_default =
|
|
||||||
0.organizationName_default = Alice Ltd
|
|
||||||
organizationalUnitName_default =
|
|
||||||
emailAddress_default =
|
|
||||||
|
|
||||||
[ v3_ca ]
|
|
||||||
# Extensions for a typical CA (`man x509v3_config`).
|
|
||||||
subjectKeyIdentifier = hash
|
|
||||||
authorityKeyIdentifier = keyid:always,issuer
|
|
||||||
basicConstraints = critical, CA:true
|
|
||||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
|
||||||
|
|
||||||
[ v3_intermediate_ca ]
|
|
||||||
# Extensions for a typical intermediate CA (`man x509v3_config`).
|
|
||||||
subjectKeyIdentifier = hash
|
|
||||||
authorityKeyIdentifier = keyid:always,issuer
|
|
||||||
basicConstraints = critical, CA:true, pathlen:0
|
|
||||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
|
||||||
|
|
||||||
[ usr_cert ]
|
|
||||||
# Extensions for client certificates (`man x509v3_config`).
|
|
||||||
basicConstraints = CA:FALSE
|
|
||||||
nsCertType = client, email
|
|
||||||
nsComment = "OpenSSL Generated Client Certificate"
|
|
||||||
subjectKeyIdentifier = hash
|
|
||||||
authorityKeyIdentifier = keyid,issuer
|
|
||||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
|
||||||
extendedKeyUsage = clientAuth, emailProtection
|
|
||||||
|
|
||||||
[ server_cert ]
|
|
||||||
# Extensions for server certificates (`man x509v3_config`).
|
|
||||||
basicConstraints = CA:FALSE
|
|
||||||
nsCertType = server
|
|
||||||
nsComment = "OpenSSL Generated Server Certificate"
|
|
||||||
subjectKeyIdentifier = hash
|
|
||||||
authorityKeyIdentifier = keyid,issuer:always
|
|
||||||
keyUsage = critical, digitalSignature, keyEncipherment
|
|
||||||
extendedKeyUsage = serverAuth
|
|
||||||
|
|
||||||
[ crl_ext ]
|
|
||||||
# Extension for CRLs (`man x509v3_config`).
|
|
||||||
authorityKeyIdentifier=keyid:always
|
|
||||||
|
|
||||||
[ ocsp ]
|
|
||||||
# Extension for OCSP signing certificates (`man ocsp`).
|
|
||||||
basicConstraints = CA:FALSE
|
|
||||||
subjectKeyIdentifier = hash
|
|
||||||
authorityKeyIdentifier = keyid,issuer
|
|
||||||
keyUsage = critical, digitalSignature
|
|
||||||
extendedKeyUsage = critical, OCSPSigning
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because one or more lines are too long
Binary file not shown.
@ -1,49 +0,0 @@
|
|||||||
! ******************************* koolproxyR 自定义过滤语法简表 *******************************
|
|
||||||
! ------------------------ 规则基于adblock规则,并进行了语法部分的扩展 ------------------------
|
|
||||||
! ABP规则请参考https://adblockplus.org/zh_CN/filters,下面为大致摘要
|
|
||||||
! "!" 为行注释符,注释行以该符号起始作为一行注释语义,用于规则描述
|
|
||||||
! "@@" 为白名单符,白名单具有最高优先级,放行过滤的网站,例如:@@||taobao.com
|
|
||||||
! "@@@@" 超级白名单,比白名单符拥有更高的优先级,主要用于放行https网站,例如:@@@@||https://taobao.com
|
|
||||||
! ------------------------------------------------------------------------------------------
|
|
||||||
! "*" 为字符通配符,能够匹配0长度或任意长度的字符串,该通配符不能与正则语法混用。
|
|
||||||
! "^" 为分隔符,可以是除了字母、数字或者 _ - . % 之外的任何字符。
|
|
||||||
! "~" 为排除标识符,通配符能过滤大多数广告,但同时存在误杀, 可以通过排除标识符修正误杀链接。
|
|
||||||
! 注:通配符仅在 url 规则中支持,html 规则中不支持
|
|
||||||
! ------------------------------------------------------------------------------------------
|
|
||||||
! "|" 为管线符号,来表示地址的最前端或最末端
|
|
||||||
! "||" 为子域通配符,方便匹配主域名下的所有子域
|
|
||||||
! 用法及例子如下:(以下等号表示等价于)
|
|
||||||
! ||xx.com/ad = http://xx.com/ad* || http://*.xx.com/ad*
|
|
||||||
! ||http://xx.com/ad = http://xx.com/ad* || http://*.xx.com/ad*
|
|
||||||
! ||https://xx.com/ad = https://xx.com/ad* || https://*.xx.com/ad*
|
|
||||||
! |xx.com/ad = http://xx.com/ad*
|
|
||||||
! |http://xx.com/ad = http://xx.com/ad*
|
|
||||||
! |https://xx.com/ad = https://xx.com/ad*
|
|
||||||
! ad = http://*ad*
|
|
||||||
! http://ad = http://*ad*
|
|
||||||
! https://ad = 不支持,需要指定域名,如下例
|
|
||||||
! https://xx.com/ad = |https://xx.com/ad = https://xx.com/ad*
|
|
||||||
! [同时可以表示两个以及两个以上的域名]如下例子
|
|
||||||
! https://xx.ad.com 和 https://xxx.xx.ad.com = ||https://ad.com (注意! 由于https的原因使用要非常谨慎,不可以大范围使用)
|
|
||||||
! ------------------------------------------------------------------------------------------
|
|
||||||
! 兼容adblock规则的html规则语法,例如:
|
|
||||||
! fulldls.com,torrentzap.com##.tp_reccomend_banner
|
|
||||||
! 但是推荐写成以下标准写法:
|
|
||||||
! ||fulldls.com##.tp_reccomend_banner
|
|
||||||
! ||torrentzap.com##.tp_reccomend_banner
|
|
||||||
! 如果一个网站html规则有多条,可以合并为这样:
|
|
||||||
! ||torrentzap.com##.tp_reccomend_banner,.ad_top,[class="ad_right"]......
|
|
||||||
! ------------------------------------------------------------------------------------------
|
|
||||||
! 文本替换语法:$s@匹配内容@替换内容@
|
|
||||||
! 非标准端口过滤语法:||abc.com:8081/ad.html或者|http://adb.com:8081/
|
|
||||||
! 文本替换例子:|http://cdn.pcbeta.js.inimc.com/data/cache/common.js?$s@old@new@
|
|
||||||
! 重定向语法:$r@匹配内容@替换内容@
|
|
||||||
! 重定向例子:|http://koolshare.cn$r@http://koolshare.cn/*@http://www.qq.com@
|
|
||||||
! 注:文本替换语法及重定向语法中的匹配内容不仅支持通配符功能,而且额外支持以下功能
|
|
||||||
! 支持通配符 * 和 ? 表示单个字符
|
|
||||||
! 支持全正则匹配,/正则内容/ 表示应用正则匹配
|
|
||||||
! 正则替换:替换内容支持 $1 $2 这样的符号
|
|
||||||
! 普通替换:替换内容支持 * 这样的符号,表示把命中的内容复制到替换的内容。(类似 $1 $2,但是 * 号会自动计算数字)
|
|
||||||
! ------------------------------------------------------------------------------------------
|
|
||||||
! 未来将逐步添加相关语法,兼容adblock puls的更多语法,敬请期待。
|
|
||||||
! ******************************************************************************************
|
|
File diff suppressed because it is too large
Load Diff
@ -1,5 +0,0 @@
|
|||||||
0|yhosts.txt||yhosts规则
|
|
||||||
0|kp.dat||视频规则
|
|
||||||
0|user.txt||自定义规则
|
|
||||||
0|easylistchina.txt||ABP规则
|
|
||||||
0|fanboy.txt||Fanboy规则
|
|
@ -1,49 +0,0 @@
|
|||||||
! ******************************* koolproxyR 自定义过滤语法简表 *******************************
|
|
||||||
! ------------------------ 规则基于adblock规则,并进行了语法部分的扩展 ------------------------
|
|
||||||
! ABP规则请参考https://adblockplus.org/zh_CN/filters,下面为大致摘要
|
|
||||||
! "!" 为行注释符,注释行以该符号起始作为一行注释语义,用于规则描述
|
|
||||||
! "@@" 为白名单符,白名单具有最高优先级,放行过滤的网站,例如:@@||taobao.com
|
|
||||||
! "@@@@" 超级白名单,比白名单符拥有更高的优先级,主要用于放行https网站,例如:@@@@||https://taobao.com
|
|
||||||
! ------------------------------------------------------------------------------------------
|
|
||||||
! "*" 为字符通配符,能够匹配0长度或任意长度的字符串,该通配符不能与正则语法混用。
|
|
||||||
! "^" 为分隔符,可以是除了字母、数字或者 _ - . % 之外的任何字符。
|
|
||||||
! "~" 为排除标识符,通配符能过滤大多数广告,但同时存在误杀, 可以通过排除标识符修正误杀链接。
|
|
||||||
! 注:通配符仅在 url 规则中支持,html 规则中不支持
|
|
||||||
! ------------------------------------------------------------------------------------------
|
|
||||||
! "|" 为管线符号,来表示地址的最前端或最末端
|
|
||||||
! "||" 为子域通配符,方便匹配主域名下的所有子域
|
|
||||||
! 用法及例子如下:(以下等号表示等价于)
|
|
||||||
! ||xx.com/ad = http://xx.com/ad* || http://*.xx.com/ad*
|
|
||||||
! ||http://xx.com/ad = http://xx.com/ad* || http://*.xx.com/ad*
|
|
||||||
! ||https://xx.com/ad = https://xx.com/ad* || https://*.xx.com/ad*
|
|
||||||
! |xx.com/ad = http://xx.com/ad*
|
|
||||||
! |http://xx.com/ad = http://xx.com/ad*
|
|
||||||
! |https://xx.com/ad = https://xx.com/ad*
|
|
||||||
! ad = http://*ad*
|
|
||||||
! http://ad = http://*ad*
|
|
||||||
! https://ad = 不支持,需要指定域名,如下例
|
|
||||||
! https://xx.com/ad = |https://xx.com/ad = https://xx.com/ad*
|
|
||||||
! [同时可以表示两个以及两个以上的域名]如下例子
|
|
||||||
! https://xx.ad.com 和 https://xxx.xx.ad.com = ||https://ad.com (注意! 由于https的原因使用要非常谨慎,不可以大范围使用)
|
|
||||||
! ------------------------------------------------------------------------------------------
|
|
||||||
! 兼容adblock规则的html规则语法,例如:
|
|
||||||
! fulldls.com,torrentzap.com##.tp_reccomend_banner
|
|
||||||
! 但是推荐写成以下标准写法:
|
|
||||||
! ||fulldls.com##.tp_reccomend_banner
|
|
||||||
! ||torrentzap.com##.tp_reccomend_banner
|
|
||||||
! 如果一个网站html规则有多条,可以合并为这样:
|
|
||||||
! ||torrentzap.com##.tp_reccomend_banner,.ad_top,[class="ad_right"]......
|
|
||||||
! ------------------------------------------------------------------------------------------
|
|
||||||
! 文本替换语法:$s@匹配内容@替换内容@
|
|
||||||
! 非标准端口过滤语法:||abc.com:8081/ad.html或者|http://adb.com:8081/
|
|
||||||
! 文本替换例子:|http://cdn.pcbeta.js.inimc.com/data/cache/common.js?$s@old@new@
|
|
||||||
! 重定向语法:$r@匹配内容@替换内容@
|
|
||||||
! 重定向例子:|http://koolshare.cn$r@http://koolshare.cn/*@http://www.qq.com@
|
|
||||||
! 注:文本替换语法及重定向语法中的匹配内容不仅支持通配符功能,而且额外支持以下功能
|
|
||||||
! 支持通配符 * 和 ? 表示单个字符
|
|
||||||
! 支持全正则匹配,/正则内容/ 表示应用正则匹配
|
|
||||||
! 正则替换:替换内容支持 $1 $2 这样的符号
|
|
||||||
! 普通替换:替换内容支持 * 这样的符号,表示把命中的内容复制到替换的内容。(类似 $1 $2,但是 * 号会自动计算数字)
|
|
||||||
! ------------------------------------------------------------------------------------------
|
|
||||||
! 未来将逐步添加相关语法,兼容adblock puls的更多语法,敬请期待。
|
|
||||||
! ******************************************************************************************
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -1,602 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
# set -x
|
|
||||||
|
|
||||||
. /lib/functions.sh
|
|
||||||
|
|
||||||
CONFIG=koolproxy
|
|
||||||
KP_DIR=/usr/share/koolproxy
|
|
||||||
TMP_DIR=/tmp/koolproxy
|
|
||||||
LOGFILE="/var/log/koolproxy.log"
|
|
||||||
KSROOT=/usr/share
|
|
||||||
#source $KSROOT/scripts/base.sh
|
|
||||||
#eval `dbus export koolproxyR_`
|
|
||||||
alias echo_date='echo $(date +%Y年%m月%d日\ %X):'
|
|
||||||
|
|
||||||
url_cjx="https://shaoxia1991.coding.net/p/cjxlist/d/cjxlist/git/raw/master/cjx-annoyance.txt"
|
|
||||||
url_kp="https://raw.githubusercontent.com/houzi-/CDN/master/kp.dat"
|
|
||||||
url_kp_md5="https://raw.githubusercontent.com/houzi-/CDN/master/kp.dat.md5"
|
|
||||||
url_easylist="https://easylist-downloads.adblockplus.org/easylistchina.txt"
|
|
||||||
url_yhosts="https://shaoxia1991.coding.net/p/yhosts/d/yhosts/git/raw/master/hosts"
|
|
||||||
url_yhosts1="https://shaoxia1991.coding.net/p/yhosts/d/yhosts/git/raw/master/data/tvbox.txt"
|
|
||||||
kpr_our_rule="https://shaoxia1991.coding.net/p/koolproxyR_rule_list/d/koolproxyR_rule_list/git/raw/master/kpr_our_rule.txt"
|
|
||||||
url_fanboy="https://secure.fanboy.co.nz/fanboy-annoyance.txt"
|
|
||||||
|
|
||||||
#在订阅中的用户地址改为,这个地址速度更快:https://dev.tencent.com/u/shaoxia1991/p/koolproxyR_rule_list/git/raw/master/kpr_our_rule.txt
|
|
||||||
|
|
||||||
config_t_get() {
|
|
||||||
local index=0
|
|
||||||
[ -n "$4" ] && index=$4
|
|
||||||
local ret=$(uci get $CONFIG.@$1[$index].$2 2>/dev/null)
|
|
||||||
echo ${ret:=$3}
|
|
||||||
}
|
|
||||||
|
|
||||||
limit_log() {
|
|
||||||
local log=$1
|
|
||||||
[ ! -f "$log" ] && return
|
|
||||||
local sc=100
|
|
||||||
[ -n "$2" ] && sc=$2
|
|
||||||
local count=$(grep -c "" $log)
|
|
||||||
if [ $count -gt $sc ];then
|
|
||||||
let count=count-$sc
|
|
||||||
sed -i "1,$count d" $log
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
init_env() {
|
|
||||||
rm -rf "$TMP_DIR"
|
|
||||||
mkdir -p "$TMP_DIR"
|
|
||||||
}
|
|
||||||
|
|
||||||
restart_koolproxy() {
|
|
||||||
/etc/init.d/koolproxy restart
|
|
||||||
}
|
|
||||||
|
|
||||||
__compare_file() {
|
|
||||||
local descript=$1
|
|
||||||
local localPath=$2
|
|
||||||
local remoteUrl=$3
|
|
||||||
|
|
||||||
echo $(date "+%F %T"): ------------------- $descript更新 ------------------- >>$LOGFILE
|
|
||||||
local filename=`basename $localPath`
|
|
||||||
local remotePath="$TMP_DIR/$filename"
|
|
||||||
wget-ssl -qT5 --no-check-certificate "$remoteUrl" -O "$remotePath"
|
|
||||||
if [ "$?" == "0" ]; then
|
|
||||||
if [ -f "$localPath" ]; then
|
|
||||||
localMD5=`md5sum "$localPath" | awk '{print $1}'`
|
|
||||||
localNum=`cat "$localPath" | grep -v '^!' | wc -l`
|
|
||||||
else
|
|
||||||
localMD5="文件不存在"
|
|
||||||
localNum="0"
|
|
||||||
fi
|
|
||||||
remoteMD5=`md5sum "$remotePath" | awk '{print $1}'`
|
|
||||||
remoteNum=`cat "$remotePath" | grep -v '^!' | wc -l`
|
|
||||||
|
|
||||||
echo $(date "+%F %T"): 本地版本MD5:$localMD5 >>$LOGFILE
|
|
||||||
echo $(date "+%F %T"): 本地版本条数:$localNum >>$LOGFILE
|
|
||||||
|
|
||||||
echo $(date "+%F %T"): 在线版本MD5:$remoteMD5 >>$LOGFILE
|
|
||||||
echo $(date "+%F %T"): 在线版本条数:$remoteNum >>$LOGFILE
|
|
||||||
|
|
||||||
|
|
||||||
if [ "$localMD5" != "$remoteMD5" ];then
|
|
||||||
echo $(date "+%F %T"): 检测到更新,开始更新规则! >>$LOGFILE
|
|
||||||
mv -f "$remotePath" "$localPath"
|
|
||||||
echo $(date "+%F %T"): 更新成功! >>$LOGFILE
|
|
||||||
|
|
||||||
return 0
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
echo "$(date "+%F %T"): 获取在线版本时出现错误! " >>$LOGFILE
|
|
||||||
|
|
||||||
fi
|
|
||||||
return 1
|
|
||||||
}
|
|
||||||
|
|
||||||
__update_rule() {
|
|
||||||
local name
|
|
||||||
local file
|
|
||||||
local exrule
|
|
||||||
local enable
|
|
||||||
config_get name $1 name
|
|
||||||
config_get file $1 file
|
|
||||||
config_get exrule $1 url
|
|
||||||
config_get enable $1 load
|
|
||||||
if [ -n "$file" ] && [ -n "$exrule" ]; then
|
|
||||||
if [ $enable -ne 1 ]; then
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
__compare_file "$name" "$KP_DIR/data/rules/$file" "$exrule"
|
|
||||||
if [ "$?" == "0" ]; then
|
|
||||||
uci set koolproxy.$1.time="`date +%Y-%m-%d" "%H:%M`"
|
|
||||||
uci commit koolproxy
|
|
||||||
RESTART_KOOLPROXY=true
|
|
||||||
fi
|
|
||||||
cat $KP_DIR/data/rules/$file >>$KP_DIR/data/rules/user.txt
|
|
||||||
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
kpr_update_rules() {
|
|
||||||
echo $(date "+%F %T"): ------------------- 内置规则更新 ------------------- >>$LOGFILE
|
|
||||||
echo_date =======================================================================================================
|
|
||||||
echo_date 开始更新koolproxyR的规则,请等待...
|
|
||||||
# 赋予文件夹权限
|
|
||||||
chmod -R 777 $KSROOT/koolproxy/data/rules
|
|
||||||
# update 中国简易列表 2.0
|
|
||||||
if [[ "1" == "1" ]]; then
|
|
||||||
echo_date " ---------------------------------------------------------------------------------------"
|
|
||||||
# wget --no-check-certificate --timeout=8 -qO - $url_easylist > /tmp/easylistchina.txt
|
|
||||||
for i in {1..5}; do
|
|
||||||
wget -4 -a /tmp/upload/kpr_log.txt -O /tmp/easylistchina.txt $url_easylist
|
|
||||||
easylistchina_rule_nu_local=`grep -E -v "^!" /tmp/easylistchina.txt | wc -l`
|
|
||||||
if [[ "$easylistchina_rule_nu_local" -gt 5000 ]]; then
|
|
||||||
break
|
|
||||||
else
|
|
||||||
echo_date easylistchina规则文件下载失败
|
|
||||||
koolproxyR_basic_easylist_failed=1
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
for i in {1..5}; do
|
|
||||||
wget -4 -a /tmp/upload/kpr_log.txt -O /tmp/cjx-annoyance.txt $url_cjx
|
|
||||||
cjx_rule_nu_local=`grep -E -v "^!" /tmp/cjx-annoyance.txt | wc -l`
|
|
||||||
if [[ "$cjx_rule_nu_local" -gt 500 ]]; then
|
|
||||||
break
|
|
||||||
else
|
|
||||||
echo_date cjx-annoyance规则文件下载失败
|
|
||||||
koolproxyR_basic_easylist_failed=1
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
#for i in {1..5}; do
|
|
||||||
# wget -4 -a /tmp/upload/kpr_log.txt -O $KSROOT/koolproxy/data/rules/kpr_our_rule.txt $kpr_our_rule
|
|
||||||
# kpr_our_rule_nu_local=`grep -E -v "^!" $KSROOT/koolproxy/data/rules/kpr_our_rule.txt | wc -l`
|
|
||||||
# if [[ "$kpr_our_rule_nu_local" -gt 500 ]]; then
|
|
||||||
# break
|
|
||||||
# else
|
|
||||||
# echo_date kpr_our_rule规则文件下载失败
|
|
||||||
# koolproxyR_basic_easylist_failed=1
|
|
||||||
# fi
|
|
||||||
#done
|
|
||||||
|
|
||||||
# expr 进行运算,将统计到的规则条数相加 如果条数大于 10000 条就说明下载完毕
|
|
||||||
#easylistchina_rule_local=`expr $kpr_our_rule_nu_local + $cjx_rule_nu_local + $easylistchina_rule_nu_local`
|
|
||||||
easylistchina_rule_local=`expr $cjx_rule_nu_local + $easylistchina_rule_nu_local`
|
|
||||||
cat /tmp/cjx-annoyance.txt >> /tmp/easylistchina.txt
|
|
||||||
rm /tmp/cjx-annoyance.txt
|
|
||||||
easylist_rules_local=`cat $KSROOT/koolproxy/data/rules/easylistchina.txt | sed -n '3p'|awk '{print $3,$4}'`
|
|
||||||
easylist_rules_local1=`cat /tmp/easylistchina.txt | sed -n '3p'|awk '{print $3,$4}'`
|
|
||||||
|
|
||||||
echo_date KPR主规则的本地版本号: $easylist_rules_local
|
|
||||||
echo_date KPR主规则的在线版本号: $easylist_rules_local1
|
|
||||||
if [[ "$koolproxyR_basic_easylist_failed" != "1" ]]; then
|
|
||||||
if [[ "$easylistchina_rule_local" -gt 10000 ]]; then
|
|
||||||
if [[ "$easylist_rules_local" != "$easylist_rules_local1" ]]; then
|
|
||||||
echo_date 检测到 KPR主规则 已更新,现在开始更新...
|
|
||||||
echo_date 将临时的KPR主规则文件移动到指定位置
|
|
||||||
mv /tmp/easylistchina.txt $KSROOT/koolproxy/data/rules/easylistchina.txt
|
|
||||||
koolproxyR_https_ChinaList=1
|
|
||||||
else
|
|
||||||
echo_date 检测到 KPR主规则本地版本号和在线版本号相同,那还更新个毛啊!
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
echo_date KPR主规则文件下载失败!
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
echo_date 未打开 KPR主规则 的更新开关!
|
|
||||||
fi
|
|
||||||
|
|
||||||
# update 补充规则
|
|
||||||
if [[ "1" == "1" ]]; then
|
|
||||||
echo_date " ---------------------------------------------------------------------------------------"
|
|
||||||
for i in {1..5}; do
|
|
||||||
wget -4 -a /tmp/upload/kpr_log.txt -O /tmp/yhosts.txt $url_yhosts
|
|
||||||
wget -4 -a /tmp/upload/kpr_log.txt -O /tmp/tvbox.txt $url_yhosts1
|
|
||||||
cat /tmp/tvbox.txt >> /tmp/yhosts.txt
|
|
||||||
replenish_rules_local=`cat $KSROOT/koolproxy/data/rules/yhosts.txt | sed -n '2p' | cut -d "=" -f2`
|
|
||||||
replenish_rules_local1=`cat /tmp/yhosts.txt | sed -n '2p' | cut -d "=" -f2`
|
|
||||||
mobile_nu_local=`grep -E -v "^!" /tmp/yhosts.txt | wc -l`
|
|
||||||
echo_date 补充规则本地版本号: $replenish_rules_local
|
|
||||||
echo_date 补充规则在线版本号: $replenish_rules_local1
|
|
||||||
if [[ "$mobile_nu_local" -gt 5000 ]]; then
|
|
||||||
if [[ "$replenish_rules_local" != "$replenish_rules_local1" ]]; then
|
|
||||||
echo_date 将临时文件覆盖到原始 补充规则 文件
|
|
||||||
mv /tmp/yhosts.txt $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
koolproxyR_https_mobile=1
|
|
||||||
break
|
|
||||||
else
|
|
||||||
echo_date 检测到 补充规则 本地版本号和在线版本号相同,那还更新个毛啊!
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
echo_date 补充规则文件下载失败!
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
else
|
|
||||||
echo_date 未打开 补充规则 的更新开关!
|
|
||||||
fi
|
|
||||||
|
|
||||||
# update 视频规则
|
|
||||||
if [[ "1" == "1" ]] || [[ -n "$1" ]]; then
|
|
||||||
echo_date " ---------------------------------------------------------------------------------------"
|
|
||||||
for i in {1..5}; do
|
|
||||||
kpr_video_md5=`md5sum $KSROOT/koolproxy/data/rules/kp.dat | awk '{print $1}'`
|
|
||||||
wget -4 -a /tmp/upload/kpr_log.txt -O /tmp/kp.dat.md5 $url_kp_md5
|
|
||||||
kpr_video_new_md5=`cat /tmp/kp.dat.md5 | sed -n '1p'`
|
|
||||||
echo_date 远程视频规则md5:$kpr_video_new_md5
|
|
||||||
echo_date 您本地视频规则md5:$kpr_video_md5
|
|
||||||
|
|
||||||
if [[ "$kpr_video_md5" != "$kpr_video_new_md5" ]]; then
|
|
||||||
echo_date 检测到新版视频规则.开始更新..........
|
|
||||||
wget -4 -a /tmp/upload/kpr_log.txt -O /tmp/kp.dat $url_kp
|
|
||||||
kpr_video_download_md5=`md5sum /tmp/kp.dat | awk '{print $1}'`
|
|
||||||
echo_date 您下载的视频规则md5:$kpr_video_download_md5
|
|
||||||
if [[ "$kpr_video_download_md5" == "$kpr_video_new_md5" ]]; then
|
|
||||||
echo_date 将临时文件覆盖到原始 视频规则 文件
|
|
||||||
mv /tmp/kp.dat $KSROOT/koolproxy/data/rules/kp.dat
|
|
||||||
mv /tmp/kp.dat.md5 $KSROOT/koolproxy/data/rules/kp.dat.md5
|
|
||||||
break
|
|
||||||
else
|
|
||||||
echo_date 视频规则md5校验不通过...
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
echo_date 检测到 视频规则 本地版本号和在线版本号相同,那还更新个毛啊!
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
else
|
|
||||||
echo_date 未打开 视频规则 的更新开关!
|
|
||||||
fi
|
|
||||||
|
|
||||||
# update fanboy规则
|
|
||||||
if [[ "1" == "1" ]]; then
|
|
||||||
echo_date " ---------------------------------------------------------------------------------------"
|
|
||||||
for i in {1..5}; do
|
|
||||||
wget -4 -a /tmp/upload/kpr_log.txt -O /tmp/fanboy-annoyance.txt $url_fanboy
|
|
||||||
# wget --no-check-certificate --timeout=8 -qO - $url_fanboy > /tmp/fanboy-annoyance.txt
|
|
||||||
# 检测是否开启fanboy 全规则版本
|
|
||||||
if [[ "$koolproxyR_fanboy_all_rules" == "1" ]]; then
|
|
||||||
fanboy_rules_local=`cat $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt | sed -n '4p'|awk '{print $3,$4}'`
|
|
||||||
fanboy_rules_local1=`cat /tmp/fanboy-annoyance.txt | sed -n '4p'|awk '{print $3,$4}'`
|
|
||||||
else
|
|
||||||
fanboy_rules_local=`cat $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt | sed -n '3p'|awk '{print $3,$4}'`
|
|
||||||
fanboy_rules_local1=`cat /tmp/fanboy-annoyance.txt | sed -n '3p'|awk '{print $3,$4}'`
|
|
||||||
fi
|
|
||||||
fanboy_nu_local=`grep -E -v "^!" /tmp/fanboy-annoyance.txt | wc -l`
|
|
||||||
|
|
||||||
echo_date fanboy规则本地版本号: $fanboy_rules_local
|
|
||||||
echo_date fanboy规则在线版本号: $fanboy_rules_local1
|
|
||||||
if [[ "$fanboy_nu_local" -gt 15000 ]]; then
|
|
||||||
if [[ "$fanboy_rules_local" != "$fanboy_rules_local1" ]]; then
|
|
||||||
echo_date 检测到新版本 fanboy规则 列表,开始更新...
|
|
||||||
echo_date 将临时文件覆盖到原始 fanboy规则 文件
|
|
||||||
mv /tmp/fanboy-annoyance.txt $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
|
|
||||||
koolproxyR_https_fanboy=1
|
|
||||||
break
|
|
||||||
else
|
|
||||||
echo_date 检测到 fanboy规则 本地版本号和在线版本号相同,那还更新个毛啊!
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
echo_date fanboy规则 文件下载失败!
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
else
|
|
||||||
echo_date 未打开 fanboy规则 的更新开关!
|
|
||||||
fi
|
|
||||||
|
|
||||||
rm -rf /tmp/fanboy-annoyance.txt
|
|
||||||
rm -rf /tmp/yhosts.txt
|
|
||||||
rm -rf /tmp/easylistchina.txt
|
|
||||||
|
|
||||||
if [[ "$koolproxyR_https_fanboy" == "1" ]]; then
|
|
||||||
echo_date 正在优化 fanboy规则。。。。。
|
|
||||||
# 删除导致KP崩溃的规则
|
|
||||||
# 听说高手?都打的很多、这样才能体现技术
|
|
||||||
sed -i '/^\$/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
|
|
||||||
sed -i '/\*\$/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
|
|
||||||
# 给三大视频网站放行 由kp.dat负责
|
|
||||||
sed -i '/youku.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
|
|
||||||
sed -i '/iqiyi.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
|
|
||||||
sed -i '/qq.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
|
|
||||||
sed -i '/g.alicdn.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
|
|
||||||
sed -i '/tudou.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
|
|
||||||
sed -i '/gtimg.cn/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
|
|
||||||
# 给知乎放行
|
|
||||||
sed -i '/zhihu.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
|
|
||||||
|
|
||||||
|
|
||||||
# 将规则转化成kp能识别的https
|
|
||||||
cat $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt | grep "^||" | sed 's#^||#||https://#g' >> $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
|
|
||||||
# 移出https不支持规则domain=
|
|
||||||
sed -i 's/\(,domain=\).*//g' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
|
|
||||||
sed -i 's/\(\$domain=\).*//g' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
|
|
||||||
sed -i 's/\(domain=\).*//g' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
|
|
||||||
sed -i '/\^$/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
|
|
||||||
sed -i '/\^\*\.gif/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
|
|
||||||
sed -i '/\^\*\.jpg/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
|
|
||||||
|
|
||||||
cat $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt | grep "^||" | sed 's#^||#||http://#g' >> $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
|
|
||||||
|
|
||||||
cat $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt | grep -i '^[0-9a-z]'| grep -v '^http'| sed 's#^#https://#g' >> $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
|
|
||||||
cat $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt | grep -i '^[0-9a-z]'| grep -v '^http'| sed 's#^#http://#g' >> $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
|
|
||||||
cat $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt | grep -i '^[0-9a-z]'| grep -i '^http' >> $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
|
|
||||||
|
|
||||||
|
|
||||||
# 给github放行
|
|
||||||
sed -i '/github/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
|
|
||||||
# 给api.twitter.com的https放行
|
|
||||||
sed -i '/twitter.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
|
|
||||||
# 给facebook.com的https放行
|
|
||||||
sed -i '/facebook.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
|
|
||||||
sed -i '/fbcdn.net/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
|
|
||||||
# 给 instagram.com 放行
|
|
||||||
sed -i '/instagram.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
|
|
||||||
# 给 twitch.tv 放行
|
|
||||||
sed -i '/twitch.tv/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
|
|
||||||
# 删除可能导致卡顿的HTTPS规则
|
|
||||||
sed -i '/\.\*\//d' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
|
|
||||||
# 给国内三大电商平台放行
|
|
||||||
sed -i '/jd.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
|
|
||||||
sed -i '/taobao.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
|
|
||||||
sed -i '/tmall.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt
|
|
||||||
|
|
||||||
# 删除不必要信息重新打包 15 表示从第15行开始 $表示结束
|
|
||||||
sed -i '15,$d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
|
|
||||||
# 合二归一
|
|
||||||
cat $KSROOT/koolproxy/data/rules/fanboy-annoyance_https.txt >> $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
|
|
||||||
# 删除可能导致kpr卡死的神奇规则
|
|
||||||
sed -i '/https:\/\/\*/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
|
|
||||||
# 给 netflix.com 放行
|
|
||||||
sed -i '/netflix.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
|
|
||||||
# 给 tvbs.com 放行
|
|
||||||
sed -i '/tvbs.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
|
|
||||||
sed -i '/googletagmanager.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
|
|
||||||
# 给 microsoft.com 放行
|
|
||||||
sed -i '/microsoft.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
|
|
||||||
# 给apple的https放行
|
|
||||||
sed -i '/apple.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
|
|
||||||
sed -i '/mzstatic.com/d' $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
|
|
||||||
# 终极 https 卡顿优化 grep -n 显示行号 awk -F 分割数据 sed -i "${del_rule}d" 需要""" 和{}引用变量
|
|
||||||
# 当 koolproxyR_del_rule 是1的时候就一直循环,除非 del_rule 变量为空了。
|
|
||||||
koolproxyR_del_rule=1
|
|
||||||
while [ $koolproxyR_del_rule = 1 ];do
|
|
||||||
del_rule=`cat $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt | grep -n 'https://' | grep '\*' | grep -v '/\*'| grep -v '\^\*' | grep -v '\*\=' | grep -v '\$s\@' | grep -v '\$r\@'| awk -F":" '{print $1}' | sed -n '1p'`
|
|
||||||
if [[ "$del_rule" != "" ]]; then
|
|
||||||
sed -i "${del_rule}d" $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt
|
|
||||||
else
|
|
||||||
koolproxyR_del_rule=0
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
cp $KSROOT/koolproxy/data/rules/fanboy-annoyance.txt $KSROOT/koolproxy/data/rules/fanboy.txt
|
|
||||||
else
|
|
||||||
echo_date 跳过优化 fanboy规则。。。。。
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
if [[ "$koolproxyR_https_ChinaList" == "1" ]]; then
|
|
||||||
echo_date 正在优化 KPR主规则。。。。。
|
|
||||||
sed -i '/^\$/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
|
|
||||||
sed -i '/\*\$/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
|
|
||||||
# 给btbtt.替换过滤规则。
|
|
||||||
sed -i 's#btbtt.\*#\*btbtt.\*#g' $KSROOT/koolproxy/data/rules/easylistchina.txt
|
|
||||||
# 给手机百度图片放行
|
|
||||||
sed -i '/baidu.com\/it\/u/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
|
|
||||||
# # 给手机百度放行
|
|
||||||
# sed -i '/mbd.baidu.comd' $KSROOT/koolproxy/data/rules/easylistchina.txt
|
|
||||||
# 给知乎放行
|
|
||||||
sed -i '/zhihu.com/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
|
|
||||||
# 给apple的https放行
|
|
||||||
sed -i '/apple.com/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
|
|
||||||
sed -i '/mzstatic.com/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# 将规则转化成kp能识别的https
|
|
||||||
cat $KSROOT/koolproxy/data/rules/easylistchina.txt | grep "^||" | sed 's#^||#||https://#g' >> $KSROOT/koolproxy/data/rules/easylistchina_https.txt
|
|
||||||
# 移出https不支持规则domain=
|
|
||||||
sed -i 's/\(,domain=\).*//g' $KSROOT/koolproxy/data/rules/easylistchina_https.txt
|
|
||||||
sed -i 's/\(\$domain=\).*//g' $KSROOT/koolproxy/data/rules/easylistchina_https.txt
|
|
||||||
sed -i 's/\(domain=\).*//g' $KSROOT/koolproxy/data/rules/easylistchina_https.txt
|
|
||||||
sed -i '/\^$/d' $KSROOT/koolproxy/data/rules/easylistchina_https.txt
|
|
||||||
sed -i '/\^\*\.gif/d' $KSROOT/koolproxy/data/rules/easylistchina_https.txt
|
|
||||||
sed -i '/\^\*\.jpg/d' $KSROOT/koolproxy/data/rules/easylistchina_https.txt
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
cat $KSROOT/koolproxy/data/rules/easylistchina.txt | grep "^||" | sed 's#^||#||http://#g' >> $KSROOT/koolproxy/data/rules/easylistchina_https.txt
|
|
||||||
|
|
||||||
cat $KSROOT/koolproxy/data/rules/easylistchina.txt | grep -i '^[0-9a-z]'| grep -v '^http'| sed 's#^#https://#g' >> $KSROOT/koolproxy/data/rules/easylistchina_https.txt
|
|
||||||
cat $KSROOT/koolproxy/data/rules/easylistchina.txt | grep -i '^[0-9a-z]'| grep -v '^http'| sed 's#^#http://#g' >> $KSROOT/koolproxy/data/rules/easylistchina_https.txt
|
|
||||||
cat $KSROOT/koolproxy/data/rules/easylistchina.txt | grep -i '^[0-9a-z]'| grep -i '^http' >> $KSROOT/koolproxy/data/rules/easylistchina_https.txt
|
|
||||||
# 给facebook.com的https放行
|
|
||||||
sed -i '/facebook.com/d' $KSROOT/koolproxy/data/rules/easylistchina_https.txt
|
|
||||||
sed -i '/fbcdn.net/d' $KSROOT/koolproxy/data/rules/easylistchina_https.txt
|
|
||||||
# 删除可能导致卡顿的HTTPS规则
|
|
||||||
sed -i '/\.\*\//d' $KSROOT/koolproxy/data/rules/easylistchina_https.txt
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# 删除不必要信息重新打包 15 表示从第15行开始 $表示结束
|
|
||||||
sed -i '6,$d' $KSROOT/koolproxy/data/rules/easylistchina.txt
|
|
||||||
# 合二归一
|
|
||||||
cat $KSROOT/koolproxy/data/rules/easylistchina_https.txt >> $KSROOT/koolproxy/data/rules/easylistchina.txt
|
|
||||||
# 给三大视频网站放行 由kp.dat负责
|
|
||||||
sed -i '/youku.com/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
|
|
||||||
sed -i '/iqiyi.com/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
|
|
||||||
sed -i '/g.alicdn.com/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
|
|
||||||
sed -i '/tudou.com/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
|
|
||||||
sed -i '/gtimg.cn/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
|
|
||||||
# 给https://qq.com的html规则放行
|
|
||||||
sed -i '/qq.com/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
|
|
||||||
# 删除可能导致kpr卡死的神奇规则
|
|
||||||
sed -i '/https:\/\/\*/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
|
|
||||||
# 给国内三大电商平台放行
|
|
||||||
sed -i '/jd.com/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
|
|
||||||
sed -i '/taobao.com/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
|
|
||||||
sed -i '/tmall.com/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
|
|
||||||
# 给 netflix.com 放行
|
|
||||||
sed -i '/netflix.com/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
|
|
||||||
# 给 tvbs.com 放行
|
|
||||||
sed -i '/tvbs.com/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
|
|
||||||
sed -i '/googletagmanager.com/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
|
|
||||||
# 给 microsoft.com 放行
|
|
||||||
sed -i '/microsoft.com/d' $KSROOT/koolproxy/data/rules/easylistchina.txt
|
|
||||||
# 终极 https 卡顿优化 grep -n 显示行号 awk -F 分割数据 sed -i "${del_rule}d" 需要""" 和{}引用变量
|
|
||||||
# 当 koolproxyR_del_rule 是1的时候就一直循环,除非 del_rule 变量为空了。
|
|
||||||
koolproxyR_del_rule=1
|
|
||||||
while [ $koolproxyR_del_rule = 1 ];do
|
|
||||||
del_rule=`cat $KSROOT/koolproxy/data/rules/easylistchina.txt | grep -n 'https://' | grep '\*' | grep -v '/\*'| grep -v '\^\*' | grep -v '\*\=' | grep -v '\$s\@' | grep -v '\$r\@'| awk -F":" '{print $1}' | sed -n '1p'`
|
|
||||||
if [[ "$del_rule" != "" ]]; then
|
|
||||||
sed -i "${del_rule}d" $KSROOT/koolproxy/data/rules/easylistchina.txt
|
|
||||||
else
|
|
||||||
koolproxyR_del_rule=0
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
#cat $KSROOT/koolproxy/data/rules/kpr_our_rule.txt >> $KSROOT/koolproxy/data/rules/easylistchina.txt
|
|
||||||
|
|
||||||
else
|
|
||||||
echo_date 跳过优化 KPR主规则。。。。。
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
if [[ "$koolproxyR_https_mobile" == "1" ]]; then
|
|
||||||
# 删除不必要信息重新打包 0-11行 表示从第15行开始 $表示结束
|
|
||||||
# sed -i '1,11d' $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
echo_date 正在优化 补充规则yhosts。。。。。
|
|
||||||
|
|
||||||
# 开始Kpr规则化处理
|
|
||||||
cat $KSROOT/koolproxy/data/rules/yhosts.txt > $KSROOT/koolproxy/data/rules/yhosts_https.txt
|
|
||||||
sed -i 's/^127.0.0.1\ /||https:\/\//g' $KSROOT/koolproxy/data/rules/yhosts_https.txt
|
|
||||||
cat $KSROOT/koolproxy/data/rules/yhosts.txt >> $KSROOT/koolproxy/data/rules/yhosts_https.txt
|
|
||||||
sed -i 's/^127.0.0.1\ /||http:\/\//g' $KSROOT/koolproxy/data/rules/yhosts_https.txt
|
|
||||||
# 处理tvbox.txt本身规则。
|
|
||||||
sed -i 's/^127.0.0.1\ /||/g' /tmp/tvbox.txt
|
|
||||||
# 合二归一
|
|
||||||
cat $KSROOT/koolproxy/data/rules/yhosts_https.txt > $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
cat /tmp/tvbox.txt >> $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
rm -rf /tmp/tvbox.txt
|
|
||||||
|
|
||||||
|
|
||||||
# 此处对yhosts进行单独处理
|
|
||||||
sed -i 's/^@/!/g' $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
sed -i 's/^#/!/g' $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
sed -i '/localhost/d' $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
sed -i '/broadcasthost/d' $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
sed -i '/broadcasthost/d' $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
sed -i '/cn.bing.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
# 给三大视频网站放行 由kp.dat负责
|
|
||||||
sed -i '/youku.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
sed -i '/iqiyi.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
sed -i '/g.alicdn.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
sed -i '/tudou.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
sed -i '/gtimg.cn/d' $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
|
|
||||||
|
|
||||||
# 给知乎放行
|
|
||||||
sed -i '/zhihu.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
# 给https://qq.com的html规则放行
|
|
||||||
sed -i '/qq.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
# 给github的https放行
|
|
||||||
sed -i '/github/d' $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
# 给apple的https放行
|
|
||||||
sed -i '/apple.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
sed -i '/mzstatic.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
# 给api.twitter.com的https放行
|
|
||||||
sed -i '/twitter.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
# 给facebook.com的https放行
|
|
||||||
sed -i '/facebook.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
sed -i '/fbcdn.net/d' $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
# 给 instagram.com 放行
|
|
||||||
sed -i '/instagram.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
# 删除可能导致kpr卡死的神奇规则
|
|
||||||
sed -i '/https:\/\/\*/d' $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
# 给国内三大电商平台放行
|
|
||||||
sed -i '/jd.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
sed -i '/taobao.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
sed -i '/tmall.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
# 给 netflix.com 放行
|
|
||||||
sed -i '/netflix.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
# 给 tvbs.com 放行
|
|
||||||
sed -i '/tvbs.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
sed -i '/googletagmanager.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
# 给 microsoft.com 放行
|
|
||||||
sed -i '/microsoft.com/d' $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
# 终极 https 卡顿优化 grep -n 显示行号 awk -F 分割数据 sed -i "${del_rule}d" 需要""" 和{}引用变量
|
|
||||||
# 当 koolproxyR_del_rule 是1的时候就一直循环,除非 del_rule 变量为空了。
|
|
||||||
koolproxyR_del_rule=1
|
|
||||||
while [ $koolproxyR_del_rule = 1 ];do
|
|
||||||
del_rule=`cat $KSROOT/koolproxy/data/rules/yhosts.txt | grep -n 'https://' | grep '\*' | grep -v '/\*'| grep -v '\^\*' | grep -v '\*\=' | grep -v '\$s\@' | grep -v '\$r\@'| awk -F":" '{print $1}' | sed -n '1p'`
|
|
||||||
if [[ "$del_rule" != "" ]]; then
|
|
||||||
sed -i "${del_rule}d" $KSROOT/koolproxy/data/rules/yhosts.txt
|
|
||||||
else
|
|
||||||
koolproxyR_del_rule=0
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
|
|
||||||
else
|
|
||||||
echo_date 跳过优化 补充规则yhosts。。。。。
|
|
||||||
fi
|
|
||||||
# 删除临时文件
|
|
||||||
rm -rf $KSROOT/koolproxy/data/rules/*_https.txt
|
|
||||||
#rm $KSROOT/koolproxy/data/rules/kpr_our_rule.txt
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
echo_date 所有规则更新并优化完毕!
|
|
||||||
echo_date =======================================================================================================
|
|
||||||
easylist_rules_local=`cat /usr/share/koolproxy/data/rules/easylistchina.txt | sed -n '3p'|awk '{print $3,$4}'`
|
|
||||||
fanboy_rules_local=`cat /usr/share/koolproxy/data/rules/fanboy.txt | sed -n '3p'|awk '{print $3,$4}'`
|
|
||||||
replenish_rules_local=`cat /usr/share/koolproxy/data/rules/yhosts.txt | sed -n '2p' | cut -d "=" -f2`
|
|
||||||
echo $(date "+%F %T"): -------------------easylist version $easylist_rules_local >>$LOGFILE
|
|
||||||
echo $(date "+%F %T"): -------------------fanboy version $fanboy_rules_local >>$LOGFILE
|
|
||||||
echo $(date "+%F %T"): -------------------yhosts version $replenish_rules_local >>$LOGFILE
|
|
||||||
|
|
||||||
echo $(date "+%F %T"): ------------------- 内置规则更新成功! ------------------- >>$LOGFILE
|
|
||||||
|
|
||||||
RESTART_KOOLPROXY=true
|
|
||||||
}
|
|
||||||
|
|
||||||
update_rss_rules() {
|
|
||||||
cp $KP_DIR/data/user.txt $KP_DIR/data/rules/user.txt
|
|
||||||
config_load $CONFIG
|
|
||||||
config_foreach __update_rule rss_rule
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
update_adb_host() {
|
|
||||||
/usr/sbin/adblockplus >>$LOGFILE 2>&1 &
|
|
||||||
if [ "$?" == "0" ]; then
|
|
||||||
RESTART_DNSMASQ=true
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# main process
|
|
||||||
init_env
|
|
||||||
limit_log $LOGFILE
|
|
||||||
|
|
||||||
#update_kpr_rules
|
|
||||||
kpr_update_rules
|
|
||||||
|
|
||||||
|
|
||||||
# update user rules
|
|
||||||
update_rss_rules
|
|
||||||
|
|
||||||
|
|
||||||
koolproxy_mode=$(config_t_get global koolproxy_mode 1)
|
|
||||||
koolproxy_host=$(config_t_get global koolproxy_host 0)
|
|
||||||
|
|
||||||
# update ADB Plus Host
|
|
||||||
if [ "$koolproxy_mode" == "2" ] && [ "$koolproxy_host" == "1" ];then
|
|
||||||
update_adb_host
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ $RESTART_KOOLPROXY ]; then
|
|
||||||
restart_koolproxy
|
|
||||||
echo $(date "+%F %T"): 重启koolproxy进程 >>$LOGFILE
|
|
||||||
echo >>$LOGFILE
|
|
||||||
fi
|
|
||||||
|
|
||||||
init_env
|
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -1,194 +0,0 @@
|
|||||||
koolproxy插件/固件开发文档1.3
|
|
||||||
更新日期:2017年7月7日(koolproxy 3.6.1)
|
|
||||||
|
|
||||||
================================================================================================
|
|
||||||
声明:
|
|
||||||
KoolProxy 是一个免费软件,著作权归属 KoolProxy.com,用户可以非商业性地复制和使用 KoolProxy,但禁止将 KoolProxy 用于商业用途。
|
|
||||||
KoolProxy 可以对 https 网络数据进行识别代理,使用 https 功能的用户需要自己提供相关证书,本程序提供的证书生成脚本仅供用户参考,证书的保密工作由用户自行负责。
|
|
||||||
使用本软件的风险由用户自行承担,在适用法律允许的最大范围内,对因使用本产品所产生的损害及风险,包括但不限于直接或间接的个人损害、商业赢利的丧失、贸易中断、商业信息的丢失或任何其它经济损失,KoolProxy.com 不承担任何责任。
|
|
||||||
|
|
||||||
================================================================================================
|
|
||||||
KoolProxy By Xiaobao & Crwnet v3.6.1
|
|
||||||
|
|
||||||
USAGE:
|
|
||||||
koolproxy [options] [arguments...]
|
|
||||||
|
|
||||||
OPTIONS:
|
|
||||||
-p value listen port, default value is 3000
|
|
||||||
-l value log level (0:DEBUG, 1:INFO, 2:AD, 3:WARNING, 4:ERROR), default value is ERROR
|
|
||||||
-c value thread count, default value is the number of cpus
|
|
||||||
-b value data path, default value is './data'
|
|
||||||
-d run as daemon mode
|
|
||||||
-v show version
|
|
||||||
-h show help
|
|
||||||
|
|
||||||
ADVANCED:
|
|
||||||
--cert generate ssl cert
|
|
||||||
--ipv6 enable ipv6, works for ipv6 nat mode
|
|
||||||
--video | -e video mode, load video rules only
|
|
||||||
--mark mark mode, set the socket mark(src ip) when connect to remote host. requires the CAP_NET_ADMIN capability
|
|
||||||
--ttl value ttl mode, set the socket ttl when connect to remote host. default value is 0 (disable)
|
|
||||||
|
|
||||||
================================================================================================
|
|
||||||
交流地址:
|
|
||||||
1 QQ群1: 595300867
|
|
||||||
2 QQ群2: 203726739
|
|
||||||
3 TG群: https://t.me/joinchat/AAAAAD-tO7GPvfOU131_vg
|
|
||||||
4 更新日志:http://koolshare.cn/thread-64086-1-1.html
|
|
||||||
|
|
||||||
================================================================================================
|
|
||||||
#koolproxy部署文件目录参考1(使用openssl生成证书)
|
|
||||||
.
|
|
||||||
├── data
|
|
||||||
│ ├── gen_ca.sh #证书生成脚本
|
|
||||||
│ ├── koolproxy_ipset.conf #ipset名单
|
|
||||||
│ ├── openssl.cnf #证书生成所用配置文件
|
|
||||||
│ ├── rules #规则存放文件夹
|
|
||||||
│ │ ├── kp.dat #视频规则
|
|
||||||
│ │ ├── koolproxy.txt #静态规则
|
|
||||||
│ │ ├── daily.txt #每日规则
|
|
||||||
│ │ └── user.txt #自定义规则
|
|
||||||
│ └── version #插件版本号(merlin)
|
|
||||||
└── koolproxy #koolproxy二进制(为了保证二进制顺利更新,请保证目录可写)
|
|
||||||
|
|
||||||
1 证书生成使用命令 sh gen_ca.sh,该脚本会调用系统内的openssl来生成证书,运行成功后会自动创建data/private data/cert目录
|
|
||||||
私钥和公钥会分别存在data/private data/cert目录下,使用http://110.110.110.110会下载路由器内的证书
|
|
||||||
|
|
||||||
------------------------------------------------------------------------------------------------
|
|
||||||
#koolproxy部署文件目录参考2(使用koolproxy生成证书)
|
|
||||||
.
|
|
||||||
└── koolproxy #koolproxy二进制(为了保证二进制顺利更新,请保证目录可写)
|
|
||||||
1 因为规则文件会由koolproxy自动下载,下载后会自动创建data/rules目录
|
|
||||||
2 使用koolproxy --cert命令可以生成证书,运行成功后会自动创建data/private data/cert目录
|
|
||||||
私钥和公钥会分别存在data/private data/cert目录下,使用http://110.110.110.110会下载路由器内的证书
|
|
||||||
因为mbedtls性能原因,在非软路由机器上用koolproxy --cert生成证书需要时间较长,请耐心等待
|
|
||||||
|
|
||||||
================================================================================================
|
|
||||||
说明:
|
|
||||||
1 koolproxy启动会自动检测规则更新,如果没有./data/rules文件夹,会自己创建并下载规则到此处
|
|
||||||
2 koolproxy启动后会检测二进制文件更新,如果有更新,会替换./koolproxy,并且由父进程重启koolproxy,以后每20分钟检测一次更新
|
|
||||||
3 现在不支持规则订阅了,只能识别kp.dat, koolproxy.txt, user.txt,daily.txt,需要自定义规则的可以修改user.txt
|
|
||||||
|
|
||||||
# 二进制下载固定地址
|
|
||||||
https://koolproxy.com/downloads/i386
|
|
||||||
https://koolproxy.com/downloads/x86_64
|
|
||||||
https://koolproxy.com/downloads/arm
|
|
||||||
https://koolproxy.com/downloads/mips
|
|
||||||
https://koolproxy.com/downloads/mipsel
|
|
||||||
|
|
||||||
# 规则下载固定地址
|
|
||||||
https://kprule.com/koolproxy.txt
|
|
||||||
https://kprule.com/daily.txt
|
|
||||||
https://kprule.com/kp.dat
|
|
||||||
https://kprule.com/user.txt
|
|
||||||
|
|
||||||
# 规则下载对应的CDN地址
|
|
||||||
https://kprules.b0.upaiyun.com/koolproxy.txt
|
|
||||||
https://kprules.b0.upaiyun.com/daily.txt
|
|
||||||
https://kprules.b0.upaiyun.com/kp.dat
|
|
||||||
https://kprules.b0.upaiyun.com/user.txt
|
|
||||||
|
|
||||||
# 二进制文件和规则 github备份地址:
|
|
||||||
二进制:https://github.com/koolproxy/koolproxy-bin (已作废)
|
|
||||||
规则:https://github.com/koolproxy/koolproxy_rules (已作废)
|
|
||||||
|
|
||||||
|
|
||||||
1 建议从上面的链接获取最新的二进制和基本的规则文件,然后按照上面的目录结构来部署
|
|
||||||
2 如果不需要https过滤,只需要一个koolproxy程序就足够了,data文件夹和rules文件夹都会自己创建。
|
|
||||||
3 koolproxy.txt内有视频规则、静态规则、每日规则的更新日期,可以用于提取并显示到界面
|
|
||||||
|
|
||||||
================================================================================================
|
|
||||||
koolproxy运行:
|
|
||||||
|
|
||||||
1 在koolproxy主程序目录运行,例如merlin固件下运行:cd /koolshare/koolproxy && koolproxy -d
|
|
||||||
2 不在koolproxy主程序目录运行(例如将koolproxy放在环境变量中),例如merlin固件下运行:koolproxy -b /koolshare/koolproxy -d -b为data路径
|
|
||||||
其它运行方式可能会造成koolproxy识别不到data目录而无法加载规则
|
|
||||||
koolproxy运行后默认会使用端口3000作为透明代理端口,需要利用iptables将数据导到端口3000才能发挥作用。
|
|
||||||
|
|
||||||
视频模式:
|
|
||||||
1 使用命令koolproxy -e 即可开启
|
|
||||||
2 开启后只会加载视频规则kp.dat和user.txt
|
|
||||||
|
|
||||||
调试模式:
|
|
||||||
1 使用命令koolproxy -l0 即可开启,l后面的数字代表不同的日志详细程度
|
|
||||||
2 需要检查规则命中行数可以需要使用-l2
|
|
||||||
|
|
||||||
ttl功能:
|
|
||||||
1 使用命令koolproxy --ttl 160 即可开启ttl功能,后面的数值代表ttl大小
|
|
||||||
2 ttl功能开启后,koolproxy会对经过它的所有数据ttl进行调整,可以利用iptables的match ttl功能数据进行匹配
|
|
||||||
|
|
||||||
mark功能:
|
|
||||||
1 使用命令koolproxy --mark 即可开启mark功能
|
|
||||||
2 mark功能开启后,koolproxy会对经过它的所有数据打上标记,mark值等于该数据的源ip转换为十六进制的值
|
|
||||||
3 例如局域网内192.168.1.100的数据,将会被打上0xc0a80164的mark(192 = c0, 168 = a8, 1 = 01, 100 = 64 )
|
|
||||||
4 开发者可以用此功和SS配合,达到既科学上网,又能过滤这些科学上网的流量,还不影响科学上网访问控制的功能
|
|
||||||
5 ip转换为mark值参考命令:echo 192.168.1.100 | awk -F "." '{printf ("0x%02x", $1)} {printf ("%02x", $2)} {printf ("%02x", $3)} {printf ("%02x\n", $4)}'
|
|
||||||
|
|
||||||
================================================================================================
|
|
||||||
ss + kp过滤方案(2017年7月7日):
|
|
||||||
|
|
||||||
方案1(优先SS,其次KP,不推荐):
|
|
||||||
1 在NAT PREROUTING链内,SS在前,KP在后,流量将先走SS,经过SS分流后,国外流量走ss-redir,实现翻墙;
|
|
||||||
2 而剩下国内流量在PREROUTING链内继续往下匹配到koolrpxy规则,流量最终走koolproxy,实现过滤。
|
|
||||||
结果:koolproxy只能过滤国内流量(SS剩下的)。
|
|
||||||
|
|
||||||
方案2(优先KP,其次SS,不推荐);
|
|
||||||
1 在NAT PREROUTING链内,KP在前,SS在后,流量将先走KP,实现过滤;
|
|
||||||
2 为了SS能拿到KP过滤后的数据,使用match ttl匹配,在OUTPUT链内将流量全部给SS,实现翻墙;
|
|
||||||
结果:因为在OUTPUT链内没有源ip信息,流量给SS后无法匹配到源ip,因此SS失去了acl(访问控制)功能。
|
|
||||||
|
|
||||||
方案3 (优先kp,其次SS,推荐);
|
|
||||||
为便于理解,以下iptables配置只展示流量经过顺序,不是iptables的创建顺序,PREROUTING内规则的创建实际上应该在最后
|
|
||||||
0 koolproxy默认开启ttl和mark功能 KoolProxy --ttl 160 --mark -d(固件不支持ttl的仅开启mark也行: KoolProxy --mark -d)
|
|
||||||
1 在NAT PREROUTING链内,KP在前,SS在后,KP开启--mark,流量将先走KP(80,443),实现过滤,过滤后每个主机会被打上不同的mark;
|
|
||||||
#KP在前,所有tcp流量全部交给KOOLPROXY链
|
|
||||||
-A PREROUTING -p tcp -j KOOLPROXY
|
|
||||||
#SS在后,在kp开启的时候,只能拿到非80,443的流量,在kp关闭后,可以拿到所有端口的流量
|
|
||||||
-A PREROUTING -p tcp -j SHADOWSOCKS
|
|
||||||
|
|
||||||
2 例如局域网内192.168.1.100主机的数据经过kp过滤后,将会被打上0xc0a80164的mark(192 = c0, 168 = a8, 1 = 01, 100 = 64 );
|
|
||||||
#创建KOOLPROXY链,用于白名单和访问控制
|
|
||||||
-N KOOLPROXY
|
|
||||||
#创建KOOLPROXY_HTTP链,用于过滤http流量
|
|
||||||
-N KOOLPROXY_HTTP
|
|
||||||
#创建KOOLPROXY_HTTPS链,用于过滤https流量
|
|
||||||
-N KOOLPROXY_HTTPS
|
|
||||||
#局域网和保留地址不走kp
|
|
||||||
-A KOOLPROXY -m set --match-set white_kp_list dst -j RETURN
|
|
||||||
#主机192.168.1.100需要https过滤
|
|
||||||
-A KOOLPROXY -s 192.168.1.100/32 -p tcp -g KOOLPROXY_HTTPS
|
|
||||||
#其它主机过滤http流量
|
|
||||||
-A KOOLPROXY -p tcp -j KOOLPROXY_HTTP
|
|
||||||
|
|
||||||
3 为了SS能拿到数据,在NAT OUTPUT链中,使用match ttl匹配,在OUTPUT链内将流量全部给SHADOWSOCKS_EXT链;
|
|
||||||
#创建SHADOWSOCKS_EXT链,用于开启kp情况下ss的访问控制实现
|
|
||||||
-N SHADOWSOCKS_EXT
|
|
||||||
#使用ttl匹配将KP过滤后的数据转到SHADOWSOCKS_EXT链(如果固件不支持ttl匹配,使用下面的命令)
|
|
||||||
-A OUTPUT -p tcp -m ttl --ttl-eq 160 -j SHADOWSOCKS_EXT
|
|
||||||
#如果固件不支持ttl match,可以用mark匹配ip地址的前三位(用0xffffff00作为掩码的形式),来将KP过滤后的数据转到SHADOWSOCKS_EXT链
|
|
||||||
# echo 192.168.1 | awk -F "." '{printf ("0x%02x", $1)} {printf ("%02x", $2)} {printf ("%02x", $3)} {printf ("00/0xffffff00\n")}' = 0xc0a80100/0xffffff00
|
|
||||||
-A OUTPUT -p tcp -m mark --mark 0xc0a80100/0xffffff00 -j SHADOWSOCKS_EXT
|
|
||||||
|
|
||||||
4 如果开启了acl,比如需要192.168.1.75不走SS(全端口),192.168.1.246走gfwlist模式(80,443端口),192.168.1.214走大陆白名单模式(22,80,443端口),剩余主机全部走大陆白名单模式(全端口):
|
|
||||||
#主机192.168.1.75(0xc0a8014b),流量经过KP过滤后并打上mark后,通过OUTPUT链进入SHADOWSOCKS_EXT链,而未能翻墙(RETURN)
|
|
||||||
-A SHADOWSOCKS_EXT -p tcp -m mark --mark 0xc0a8014b -j RETURN
|
|
||||||
#主机192.168.1.246(0xc0a801f6),流量经过KP过滤后并打上mark后,通过OUTPUT链进入SHADOWSOCKS_EXT链,在此流量被导向了SHADOWSOCKS_GFW链,实现gfwlist模式翻墙(80,443端口)
|
|
||||||
-A SHADOWSOCKS_EXT -p tcp -m multiport --dports 80,443 -m mark --mark 0xc0a801f6 -g SHADOWSOCKS_GFW
|
|
||||||
#主机192.168.1.214(0xc0a801f6),流量经过KP过滤后并打上mark后,通过OUTPUT链进入SHADOWSOCKS_EXT链,在此流量被导向了SHADOWSOCKS_CHN链,实现大陆白名单模式翻墙(22,80,443端口)
|
|
||||||
-A SHADOWSOCKS_EXT -p tcp -m multiport --dports 22,,80,443 -m mark --mark 0xc0a801d6 -g SHADOWSOCKS_CHN
|
|
||||||
#剩余的主机,流量经过KP过滤后并打上mark后,通过OUTPUT链进入SHADOWSOCKS_EXT链,在此流量被导向了SHADOWSOCKS_CHN链,实现大陆白名单模式翻墙(全端口)
|
|
||||||
-A SHADOWSOCKS_EXT -p tcp -j SHADOWSOCKS_CHN
|
|
||||||
|
|
||||||
情形:
|
|
||||||
1 当SS开启,kp未开启:所有流量走ss PREROUTING过,经过分流后,国内的流量在经过OUTPUT的时候,因为KP没开,数据不会匹配到ttl值(或者没匹配到mark值),所以不会过滤广告,翻墙正常
|
|
||||||
2 当KP开启,SS未开启,所有流量走kp PREROUTING过,广告过滤正常
|
|
||||||
3 当SS开启,翻墙和acl工作正常的时候,开启KP:KP在PREROUTING内插入到SS前面,会先得到流量,广告过滤正常
|
|
||||||
4 当KP开启,过滤广告正常的时候,开启SS:SS从原来的从PREROUTING拿流量变成从OUTPUT内拿流量,翻墙和acl会同样正常
|
|
||||||
5 当KP和SS都开启,此时关闭SS,kp过滤广告正常
|
|
||||||
6 当KP和SS都开启,此时关闭KP,ss翻墙和acl正常
|
|
||||||
|
|
||||||
总结:
|
|
||||||
使用 ttl + mark (或者纯mark)的方式,可以实现原先很难实现的过滤经过SS流量的广告
|
|
||||||
主要的改动在于给SS预置好OUTPUT和SHADOWSOCKS_EXT规则链,当kp启用时,它们就会工作,kp关闭时,不会影响正常数据
|
|
||||||
次要的改动就是给koolproxy默认开启ttl + mark(或者纯mark)功能
|
|
||||||
================================================================================================
|
|
@ -1,13 +0,0 @@
|
|||||||
wget 'https://raw.githubusercontent.com/user1121114685/koolproxyR_rule_list/master/kp.dat' -O files/usr/share/koolproxy/data/rules/kp.dat
|
|
||||||
wget 'https://raw.githubusercontent.com/user1121114685/koolproxyR/master/koolproxyR/koolproxyR/data/rules/yhosts.txt' -O files/usr/share/koolproxy/data/rules/yhosts.txt
|
|
||||||
wget 'https://dev.tencent.com/u/shaoxia1991/p/cjxlist/git/raw/master/cjx-annoyance.txt' -O files/usr/share/koolproxy/data/rules/fanboy.txt
|
|
||||||
wget 'https://easylist-downloads.adblockplus.org/easylistchina.txt' -O files/usr/share/koolproxy/data/rules/easylistchina.txt
|
|
||||||
|
|
||||||
wget 'https://raw.githubusercontent.com/user1121114685/koolproxyR/master/koolproxyR/koolproxyR/data/rules/user.txt' -O files/usr/share/koolproxy/data/user.txt
|
|
||||||
cp files/usr/share/koolproxy/data/user.txt files/usr/share/koolproxy/data/rules/user.txt
|
|
||||||
wget 'https://raw.githubusercontent.com/user1121114685/koolproxyR/master/koolproxyR/koolproxyR/data/koolproxyR_ipset.conf' -O files/usr/share/koolproxy/koolproxy_ipset.conf
|
|
||||||
|
|
||||||
wget https://easylist-downloads.adblockplus.org/easylistchina+easylist.txt -O- | grep ^\|\|[^\*]*\^$ | sed -e 's:||:address\=\/:' -e 's:\^:/0\.0\.0\.0:' > files/usr/share/koolproxy/dnsmasq.adblock
|
|
||||||
sed -i '/youku/d' files/usr/share/koolproxy/dnsmasq.adblock
|
|
||||||
sed -i '/[1-9]\{1,3\}\.[1-9]\{1,3\}\.[1-9]\{1,3\}\.[1-9]\{1,3\}/d' files/usr/share/koolproxy/dnsmasq.adblock
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user