mirror of
https://github.com/roacn/openwrt-packages.git
synced 2025-01-09 04:18:08 +08:00
🎄 Sync 2023-04-23 20:36
This commit is contained in:
github-actions[bot]
parent
1c743e6ce8
commit
48e84c1edd
@ -6,7 +6,7 @@
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=luci-app-passwall
|
||||
PKG_VERSION:=4.65-1
|
||||
PKG_VERSION:=4.65-2
|
||||
PKG_RELEASE:=
|
||||
|
||||
PKG_CONFIG_DEPENDS:= \
|
||||
|
||||
@ -400,7 +400,7 @@ end
|
||||
o = s:taboption("DNS", Button, "clear_ipset", translate("Clear IPSET"), translate("Try this feature if the rule modification does not take effect."))
|
||||
o.inputstyle = "remove"
|
||||
function o.write(e, e)
|
||||
luci.sys.call("[ -n \"$(nft list sets 2>/dev/null | grep \"gfwlist\")\" ] && /usr/share/" .. appname .. "/nftables.sh flush_nftset || /usr/share/" .. appname .. "/iptables.sh flush_ipset > /dev/null 2>&1 &")
|
||||
luci.sys.call("[ -n \"$(nft list sets 2>/dev/null | grep \"gfwlist\")\" ] && sh /usr/share/" .. appname .. "/nftables.sh flush_nftset || sh /usr/share/" .. appname .. "/iptables.sh flush_ipset > /dev/null 2>&1 &")
|
||||
luci.http.redirect(api.url("log"))
|
||||
end
|
||||
|
||||
|
||||
@ -29,6 +29,15 @@ EOF
|
||||
|
||||
[ ! -s "/etc/config/passwall" ] && cp -f /usr/share/passwall/0_default_config /etc/config/passwall
|
||||
touch /etc/config/passwall_show >/dev/null 2>&1
|
||||
|
||||
[ "$(opkg list-installed | grep "firewall4")" ] && [ "$(opkg list-installed | grep "nftables")" ] && {
|
||||
[ "$(opkg list-installed | grep "kmod\-nft\-socket")" ] && [ "$(opkg list-installed | grep "kmod\-nft\-tproxy")" ] && [ "$(opkg list-installed | grep "kmod\-nft\-nat")" ] && {
|
||||
uci -q set passwall.@global_forwarding[0].use_nft=1
|
||||
uci -q commit passwall
|
||||
sed -i "s#use_nft '0'#use_nft '1'#g" /usr/share/passwall/0_default_config
|
||||
}
|
||||
}
|
||||
|
||||
rm -f /tmp/luci-indexcache
|
||||
rm -rf /tmp/luci-modulecache/
|
||||
killall -HUP rpcd 2>/dev/null
|
||||
|
||||
@ -416,14 +416,22 @@ run_chinadns_ng() {
|
||||
[ -s "${RULES_PATH}/chnlist" ] && {
|
||||
local _chnlist_file="${TMP_PATH}/chinadns_chnlist"
|
||||
cp -a "${RULES_PATH}/chnlist" "${_chnlist_file}"
|
||||
_extra_param="${_extra_param} -m ${_chnlist_file} -M -a"
|
||||
local chnroute4_set="chnroute"
|
||||
local chnroute6_set="chnroute6"
|
||||
[ "$nftflag" = "1" ] && {
|
||||
chnroute4_set="inet@fw4@chnroute"
|
||||
chnroute6_set="inet@fw4@chnroute6"
|
||||
}
|
||||
_extra_param="${_extra_param} -4 ${chnroute4_set} -6 ${chnroute6_set} -m ${_chnlist_file} -M -a"
|
||||
}
|
||||
}
|
||||
|
||||
([ -n "$_chnlist" ] || [ -n "$_gfwlist" ]) && [ -s "${RULES_PATH}/gfwlist" ] && {
|
||||
local _gfwlist_file="${TMP_PATH}/chinadns_gfwlist"
|
||||
cp -a "${RULES_PATH}/gfwlist" "${_gfwlist_file}"
|
||||
_extra_param="${_extra_param} -g ${_gfwlist_file} -A gfwlist,gfwlist6"
|
||||
local gfwlist_set="gfwlist,gfwlist6"
|
||||
[ "$nftflag" = "1" ] && gfwlist_set="inet@fw4@gfwlist,inet@fw4@gfwlist6"
|
||||
_extra_param="${_extra_param} -g ${_gfwlist_file} -A ${gfwlist_set}"
|
||||
#当只有使用gfwlist模式时设置默认DNS为本地直连
|
||||
[ -n "$_gfwlist" ] && [ -z "$_chnlist" ] && _default_tag="chn"
|
||||
}
|
||||
|
||||
@ -5,8 +5,8 @@
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=luci-app-passwall2
|
||||
PKG_VERSION:=1.11
|
||||
PKG_RELEASE:=3
|
||||
PKG_VERSION:=1.12-1
|
||||
PKG_RELEASE:=
|
||||
|
||||
PKG_CONFIG_DEPENDS:= \
|
||||
CONFIG_PACKAGE_$(PKG_NAME)_Transparent_Proxy \
|
||||
|
||||
@ -233,10 +233,6 @@ o:value("udp", "UDP")
|
||||
o:value("fakedns", "FakeDNS")
|
||||
o:depends({ node = "default", ['!reverse'] = true })
|
||||
|
||||
o = s:option(Flag, "only_proxy_fakedns", translate("Only Proxy FakeDNS"), translate("When selected, only FakeDNS domain to proxy."))
|
||||
o.default = "0"
|
||||
o:depends("remote_dns_protocol", "fakedns")
|
||||
|
||||
---- DNS Forward
|
||||
o = s:option(Value, "remote_dns", translate("Remote DNS"))
|
||||
o.datatype = "or(ipaddr,ipaddrport)"
|
||||
|
||||
@ -217,10 +217,6 @@ o:value("doh", "DoH")
|
||||
o:value("udp", "UDP")
|
||||
o:value("fakedns", "FakeDNS")
|
||||
|
||||
o = s:taboption("DNS", Flag, "only_proxy_fakedns", translate("Only Proxy FakeDNS"), translate("When selected, only FakeDNS domain to proxy."))
|
||||
o.default = "0"
|
||||
o:depends("remote_dns_protocol", "fakedns")
|
||||
|
||||
---- DNS Forward
|
||||
o = s:taboption("DNS", Value, "remote_dns", translate("Remote DNS"))
|
||||
o.datatype = "or(ipaddr,ipaddrport)"
|
||||
|
||||
@ -648,7 +648,7 @@ wireguard_mtu.default = "1420"
|
||||
wireguard_mtu:depends({ type = "Xray", protocol = "wireguard" })
|
||||
|
||||
if api.compare_versions(api.get_xray_version(), ">=", "1.8.0") then
|
||||
wireguard_reserved = s:option(Value, "wireguard_reserved", translate("Reserved"))
|
||||
wireguard_reserved = s:option(Value, "wireguard_reserved", translate("Reserved"), translate("Decimal numbers separated by \",\" or Base64-encoded strings."))
|
||||
wireguard_reserved:depends({ type = "Xray", protocol = "wireguard" })
|
||||
end
|
||||
|
||||
@ -812,11 +812,21 @@ mux:depends({ type = "Xray", protocol = "socks" })
|
||||
mux:depends({ type = "Xray", protocol = "shadowsocks" })
|
||||
mux:depends({ type = "Xray", protocol = "trojan" })
|
||||
|
||||
-- [[ XUDP Mux ]]--
|
||||
xmux = s:option(Flag, "xmux", translate("Mux"))
|
||||
xmux.default = 1
|
||||
xmux:depends({ type = "Xray", protocol = "vless", tlsflow = "xtls-rprx-vision" })
|
||||
xmux:depends({ type = "Xray", protocol = "vless", tlsflow = "xtls-rprx-vision-udp443" })
|
||||
|
||||
mux_concurrency = s:option(Value, "mux_concurrency", translate("Mux concurrency"))
|
||||
mux_concurrency.default = 8
|
||||
mux_concurrency:depends("mux", true)
|
||||
mux_concurrency:depends("smux", true)
|
||||
|
||||
xudp_concurrency = s:option(Value, "xudp_concurrency", translate("XUDP Mux concurrency"))
|
||||
xudp_concurrency.default = 8
|
||||
xudp_concurrency:depends("xmux", true)
|
||||
|
||||
smux_idle_timeout = s:option(Value, "smux_idle_timeout", translate("Mux idle timeout"))
|
||||
smux_idle_timeout.default = 60
|
||||
smux_idle_timeout:depends("smux", true)
|
||||
|
||||
@ -1,4 +1,5 @@
|
||||
module("luci.passwall2.api", package.seeall)
|
||||
bin = require "nixio".bin
|
||||
fs = require "nixio.fs"
|
||||
sys = require "luci.sys"
|
||||
uci = require"luci.model.uci".cursor()
|
||||
|
||||
@ -108,9 +108,16 @@ function gen_outbound(flag, node, tag, proxy_table)
|
||||
|
||||
if node.protocol == "wireguard" and node.wireguard_reserved then
|
||||
local bytes = {}
|
||||
node.wireguard_reserved:gsub("[^,]+", function(b)
|
||||
bytes[#bytes+1] = tonumber(b)
|
||||
end)
|
||||
if not node.wireguard_reserved:match("[^%d,]+") then
|
||||
node.wireguard_reserved:gsub("%d+", function(b)
|
||||
bytes[#bytes + 1] = tonumber(b)
|
||||
end)
|
||||
else
|
||||
local result = api.bin.b64decode(node.wireguard_reserved)
|
||||
for i = 1, #result do
|
||||
bytes[i] = result:byte(i)
|
||||
end
|
||||
end
|
||||
node.wireguard_reserved = #bytes > 0 and bytes or nil
|
||||
end
|
||||
|
||||
@ -122,8 +129,9 @@ function gen_outbound(flag, node, tag, proxy_table)
|
||||
proxySettings = node.proxySettings or nil,
|
||||
protocol = node.protocol,
|
||||
mux = {
|
||||
enabled = (node.mux == "1") and true or false,
|
||||
concurrency = (node.mux_concurrency) and tonumber(node.mux_concurrency) or 8
|
||||
enabled = (node.mux == "1" or node.xmux == "1") and true or false,
|
||||
concurrency = (node.mux == "1" and ((node.mux_concurrency) and tonumber(node.mux_concurrency) or 8)) or ((node.xmux == "1") and -1) or nil,
|
||||
xudpConcurrency = (node.xmux == "1" and ((node.xudp_concurrency) and tonumber(node.xudp_concurrency) or 8)) or nil
|
||||
} or nil,
|
||||
-- 底层传输配置
|
||||
streamSettings = (node.streamSettings or node.protocol == "vmess" or node.protocol == "vless" or node.protocol == "socks" or node.protocol == "shadowsocks" or node.protocol == "trojan") and {
|
||||
|
||||
@ -118,12 +118,6 @@ msgstr "直连 DNS EDNS Client Subnet"
|
||||
msgid "Remote DNS Protocol"
|
||||
msgstr "远程 DNS 协议"
|
||||
|
||||
msgid "Only Proxy FakeDNS"
|
||||
msgstr "仅代理 FakeDNS"
|
||||
|
||||
msgid "When selected, only FakeDNS domain to proxy."
|
||||
msgstr "当勾选时,只会代理 FakeDNS 域名。"
|
||||
|
||||
msgid "Remote DNS"
|
||||
msgstr "远程 DNS"
|
||||
|
||||
@ -943,6 +937,9 @@ msgstr "额外的对称加密密钥"
|
||||
msgid "Local Address"
|
||||
msgstr "本地地址"
|
||||
|
||||
msgid "Decimal numbers separated by \",\" or Base64-encoded strings."
|
||||
msgstr "用“,”隔开的十进制数字或 Base64 编码字符串。"
|
||||
|
||||
msgid "Camouflage Type"
|
||||
msgstr "伪装类型"
|
||||
|
||||
@ -1165,6 +1162,9 @@ msgstr "无法移动新文件到:%s"
|
||||
msgid "Mux concurrency"
|
||||
msgstr "最大并发连接数"
|
||||
|
||||
msgid "XUDP Mux concurrency"
|
||||
msgstr "XUDP 最大并发连接数"
|
||||
|
||||
msgid "Mux idle timeout"
|
||||
msgstr "最大闲置时间"
|
||||
|
||||
|
||||
@ -796,7 +796,7 @@ acl_app() {
|
||||
echolog "访问控制:"
|
||||
for item in $items; do
|
||||
index=$(expr $index + 1)
|
||||
local enabled sid remarks sources node direct_dns_protocol direct_dns direct_dns_doh direct_dns_client_ip direct_dns_query_strategy remote_dns_protocol only_proxy_fakedns remote_dns remote_dns_doh remote_dns_client_ip remote_dns_query_strategy
|
||||
local enabled sid remarks sources node direct_dns_protocol direct_dns direct_dns_doh direct_dns_client_ip direct_dns_query_strategy remote_dns_protocol remote_dns remote_dns_doh remote_dns_client_ip remote_dns_query_strategy
|
||||
local _ip _mac _iprange _ipset _ip_or_mac rule_list config_file
|
||||
sid=$(uci -q show "${CONFIG}.${item}" | grep "=acl_rule" | awk -F '=' '{print $1}' | awk -F '.' '{print $2}')
|
||||
eval $(uci -q show "${CONFIG}.${item}" | cut -d'.' -sf 3-)
|
||||
@ -901,8 +901,8 @@ start() {
|
||||
start_socks
|
||||
|
||||
local USE_TABLES="iptables"
|
||||
if [ -z "$(command -v iptables-legacy || command -v iptables)" ] || [ -z "$(command -v ipset)" ]; then
|
||||
echolog "系统未安装iptables或ipset,无法透明代理!"
|
||||
if [ -z "$(command -v iptables-legacy || command -v iptables)" ] || [ -z "$(command -v ipset)" ] || [ -z "$(dnsmasq --version | grep 'Compile time options:.* ipset')" ]; then
|
||||
echolog "系统未安装iptables或ipset或Dnsmasq没有开启ipset支持,无法透明代理!"
|
||||
fi
|
||||
|
||||
[ "$ENABLED_DEFAULT_ACL" == 1 ] && run_global
|
||||
|
||||
@ -228,12 +228,12 @@ load_acl() {
|
||||
|
||||
[ "$accept_icmp" = "1" ] && {
|
||||
$ipt_n -A PSW2 $(comment "$remarks") -p icmp ${_ipt_source} -d $FAKE_IP $(REDIRECT)
|
||||
[ "$only_proxy_fakedns" != "1" ] && $ipt_n -A PSW2 $(comment "$remarks") -p icmp ${_ipt_source} $(REDIRECT)
|
||||
$ipt_n -A PSW2 $(comment "$remarks") -p icmp ${_ipt_source} $(REDIRECT)
|
||||
}
|
||||
|
||||
[ "$accept_icmpv6" = "1" ] && [ "$PROXY_IPV6" == "1" ] && {
|
||||
$ip6t_n -A PSW2 $(comment "$remarks") -p ipv6-icmp ${_ipt_source} -d $FAKE_IP_6 $(REDIRECT) 2>/dev/null
|
||||
[ "$only_proxy_fakedns" != "1" ] && $ip6t_n -A PSW2 $(comment "$remarks") -p ipv6-icmp ${_ipt_source} $(REDIRECT) 2>/dev/null
|
||||
$ip6t_n -A PSW2 $(comment "$remarks") -p ipv6-icmp ${_ipt_source} $(REDIRECT) 2>/dev/null
|
||||
}
|
||||
|
||||
[ "$tcp_no_redir_ports" != "disable" ] && {
|
||||
@ -245,16 +245,16 @@ load_acl() {
|
||||
|
||||
if [ "${ipt_tmp}" = "${ipt_n}" ]; then
|
||||
$ipt_n -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} -d $FAKE_IP $(REDIRECT $redir_port)
|
||||
[ "$only_proxy_fakedns" != "1" ] && $ipt_n -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(REDIRECT $redir_port)
|
||||
$ipt_n -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(REDIRECT $redir_port)
|
||||
else
|
||||
$ipt_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} -d $FAKE_IP -j PSW2_RULE
|
||||
[ "$only_proxy_fakedns" != "1" ] && $ipt_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") -j PSW2_RULE
|
||||
[ "$only_proxy_fakedns" != "1" ] && $ipt_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(REDIRECT $redir_port TPROXY)
|
||||
$ipt_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") -j PSW2_RULE
|
||||
$ipt_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(REDIRECT $redir_port TPROXY)
|
||||
fi
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
$ip6t_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} -d $FAKE_IP_6 -j PSW2_RULE 2>/dev/null
|
||||
[ "$only_proxy_fakedns" != "1" ] && $ip6t_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") -j PSW2_RULE 2>/dev/null
|
||||
[ "$only_proxy_fakedns" != "1" ] && $ip6t_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(REDIRECT $redir_port TPROXY) 2>/dev/null
|
||||
$ip6t_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") -j PSW2_RULE 2>/dev/null
|
||||
$ip6t_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(REDIRECT $redir_port TPROXY) 2>/dev/null
|
||||
}
|
||||
else
|
||||
msg2="${msg}不代理TCP"
|
||||
@ -277,13 +277,13 @@ load_acl() {
|
||||
msg2="${msg2}所有端口"
|
||||
|
||||
$ipt_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} -d $FAKE_IP -j PSW2_RULE
|
||||
[ "$only_proxy_fakedns" != "1" ] && $ipt_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") -j PSW2_RULE
|
||||
[ "$only_proxy_fakedns" != "1" ] && $ipt_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(REDIRECT $redir_port TPROXY)
|
||||
$ipt_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") -j PSW2_RULE
|
||||
$ipt_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(REDIRECT $redir_port TPROXY)
|
||||
|
||||
[ "$PROXY_IPV6" == "1" ] && [ "$PROXY_IPV6_UDP" == "1" ] && {
|
||||
$ip6t_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} -d $FAKE_IP_6 -j PSW2_RULE 2>/dev/null
|
||||
[ "$only_proxy_fakedns" != "1" ] && $ip6t_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") -j PSW2_RULE 2>/dev/null
|
||||
[ "$only_proxy_fakedns" != "1" ] && $ip6t_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(REDIRECT $redir_port TPROXY) 2>/dev/null
|
||||
$ip6t_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") -j PSW2_RULE 2>/dev/null
|
||||
$ip6t_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(REDIRECT $redir_port TPROXY) 2>/dev/null
|
||||
}
|
||||
else
|
||||
msg2="${msg}不代理UDP"
|
||||
@ -322,27 +322,27 @@ load_acl() {
|
||||
|
||||
[ "$accept_icmp" = "1" ] && {
|
||||
$ipt_n -A PSW2 $(comment "默认") -p icmp -d $FAKE_IP $(REDIRECT)
|
||||
[ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ipt_n -A PSW2 $(comment "默认") -p icmp $(REDIRECT)
|
||||
$ipt_n -A PSW2 $(comment "默认") -p icmp $(REDIRECT)
|
||||
}
|
||||
|
||||
[ "$accept_icmpv6" = "1" ] && [ "$PROXY_IPV6" == "1" ] && {
|
||||
$ip6t_n -A PSW2 $(comment "默认") -p ipv6-icmp -d $FAKE_IP_6 $(REDIRECT)
|
||||
[ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ip6t_n -A PSW2 $(comment "默认") -p ipv6-icmp $(REDIRECT)
|
||||
$ip6t_n -A PSW2 $(comment "默认") -p ipv6-icmp $(REDIRECT)
|
||||
}
|
||||
|
||||
if [ "${ipt_tmp}" = "${ipt_n}" ]; then
|
||||
$ipt_n -A PSW2 $(comment "默认") -p tcp -d $FAKE_IP $(REDIRECT $REDIR_PORT)
|
||||
[ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ipt_n -A PSW2 $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(REDIRECT $REDIR_PORT)
|
||||
$ipt_n -A PSW2 $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(REDIRECT $REDIR_PORT)
|
||||
else
|
||||
$ipt_m -A PSW2 $(comment "默认") -p tcp -d $FAKE_IP -j PSW2_RULE
|
||||
[ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ipt_m -A PSW2 $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE
|
||||
[ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ipt_m -A PSW2 $(comment "默认") -p tcp $(REDIRECT $REDIR_PORT TPROXY)
|
||||
$ipt_m -A PSW2 $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE
|
||||
$ipt_m -A PSW2 $(comment "默认") -p tcp $(REDIRECT $REDIR_PORT TPROXY)
|
||||
fi
|
||||
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
$ip6t_m -A PSW2 $(comment "默认") -p tcp -d $FAKE_IP_6 -j PSW2_RULE
|
||||
[ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ip6t_m -A PSW2 $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE
|
||||
[ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ip6t_m -A PSW2 $(comment "默认") -p tcp $(REDIRECT $REDIR_PORT TPROXY)
|
||||
$ip6t_m -A PSW2 $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE
|
||||
$ip6t_m -A PSW2 $(comment "默认") -p tcp $(REDIRECT $REDIR_PORT TPROXY)
|
||||
}
|
||||
|
||||
echolog "${msg}"
|
||||
@ -366,13 +366,13 @@ load_acl() {
|
||||
msg="${msg}所有端口"
|
||||
|
||||
$ipt_m -A PSW2 $(comment "默认") -p udp -d $FAKE_IP -j PSW2_RULE
|
||||
[ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ipt_m -A PSW2 $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE
|
||||
[ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ipt_m -A PSW2 $(comment "默认") -p udp $(REDIRECT $REDIR_PORT TPROXY)
|
||||
$ipt_m -A PSW2 $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE
|
||||
$ipt_m -A PSW2 $(comment "默认") -p udp $(REDIRECT $REDIR_PORT TPROXY)
|
||||
|
||||
if [ "$PROXY_IPV6_UDP" == "1" ]; then
|
||||
$ip6t_m -A PSW2 $(comment "默认") -p udp -d $FAKE_IP_6 -j PSW2_RULE
|
||||
[ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ip6t_m -A PSW2 $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE
|
||||
[ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ip6t_m -A PSW2 $(comment "默认") -p udp $(REDIRECT $REDIR_PORT TPROXY)
|
||||
$ip6t_m -A PSW2 $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE
|
||||
$ip6t_m -A PSW2 $(comment "默认") -p udp $(REDIRECT $REDIR_PORT TPROXY)
|
||||
fi
|
||||
|
||||
echolog "${msg}"
|
||||
@ -560,8 +560,6 @@ add_firewall_rule() {
|
||||
elif [ "$tcp_proxy_way" = "tproxy" ]; then
|
||||
is_tproxy="TPROXY"
|
||||
fi
|
||||
|
||||
ONLY_PROXY_FAKEDNS=$(config_t_get global only_proxy_fakedns 0)
|
||||
|
||||
$ipt_n -N PSW2
|
||||
$ipt_n -A PSW2 $(dst $IPSET_LANIPLIST) -j RETURN
|
||||
@ -681,13 +679,13 @@ add_firewall_rule() {
|
||||
[ "$accept_icmp" = "1" ] && {
|
||||
$ipt_n -A OUTPUT -p icmp -j PSW2_OUTPUT
|
||||
$ipt_n -A PSW2_OUTPUT -p icmp -d $FAKE_IP $(REDIRECT)
|
||||
[ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ipt_n -A PSW2_OUTPUT -p icmp $(REDIRECT)
|
||||
$ipt_n -A PSW2_OUTPUT -p icmp $(REDIRECT)
|
||||
}
|
||||
|
||||
[ "$accept_icmpv6" = "1" ] && {
|
||||
$ip6t_n -A OUTPUT -p ipv6-icmp -j PSW2_OUTPUT
|
||||
$ip6t_n -A PSW2_OUTPUT -p ipv6-icmp -d $FAKE_IP_6 $(REDIRECT)
|
||||
[ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ip6t_n -A PSW2_OUTPUT -p ipv6-icmp $(REDIRECT)
|
||||
$ip6t_n -A PSW2_OUTPUT -p ipv6-icmp $(REDIRECT)
|
||||
}
|
||||
|
||||
local ipt_tmp=$ipt_n
|
||||
@ -704,20 +702,20 @@ add_firewall_rule() {
|
||||
|
||||
if [ "${ipt_tmp}" = "${ipt_n}" ]; then
|
||||
$ipt_n -A PSW2_OUTPUT -p tcp -d $FAKE_IP $(REDIRECT $REDIR_PORT)
|
||||
[ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ipt_n -A PSW2_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(REDIRECT $REDIR_PORT)
|
||||
$ipt_n -A PSW2_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(REDIRECT $REDIR_PORT)
|
||||
$ipt_n -A OUTPUT -p tcp -j PSW2_OUTPUT
|
||||
else
|
||||
$ipt_m -A PSW2_OUTPUT -p tcp -d $FAKE_IP -j PSW2_RULE
|
||||
[ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ipt_m -A PSW2_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE
|
||||
[ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ipt_m -A PSW2 $(comment "本机") -p tcp -i lo $(REDIRECT $REDIR_PORT TPROXY)
|
||||
$ipt_m -A PSW2_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE
|
||||
$ipt_m -A PSW2 $(comment "本机") -p tcp -i lo $(REDIRECT $REDIR_PORT TPROXY)
|
||||
$ipt_m -A PSW2 $(comment "本机") -p tcp -i lo -j RETURN
|
||||
$ipt_m -A OUTPUT -p tcp -j PSW2_OUTPUT
|
||||
fi
|
||||
|
||||
if [ "$PROXY_IPV6" == "1" ]; then
|
||||
$ip6t_m -A PSW2_OUTPUT -p tcp -d $FAKE_IP_6 -j PSW2_RULE
|
||||
[ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ip6t_m -A PSW2_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE
|
||||
[ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ip6t_m -A PSW2 $(comment "本机") -p tcp -i lo $(REDIRECT $REDIR_PORT TPROXY)
|
||||
$ip6t_m -A PSW2_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE
|
||||
$ip6t_m -A PSW2 $(comment "本机") -p tcp -i lo $(REDIRECT $REDIR_PORT TPROXY)
|
||||
$ip6t_m -A PSW2 $(comment "本机") -p tcp -i lo -j RETURN
|
||||
$ip6t_m -A OUTPUT -p tcp -j PSW2_OUTPUT
|
||||
fi
|
||||
@ -743,15 +741,15 @@ add_firewall_rule() {
|
||||
}
|
||||
|
||||
$ipt_m -A PSW2_OUTPUT -p udp -d $FAKE_IP -j PSW2_RULE
|
||||
[ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ipt_m -A PSW2_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE
|
||||
[ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ipt_m -A PSW2 $(comment "本机") -p udp -i lo $(REDIRECT $REDIR_PORT TPROXY)
|
||||
$ipt_m -A PSW2_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE
|
||||
$ipt_m -A PSW2 $(comment "本机") -p udp -i lo $(REDIRECT $REDIR_PORT TPROXY)
|
||||
$ipt_m -A PSW2 $(comment "本机") -p udp -i lo -j RETURN
|
||||
$ipt_m -A OUTPUT -p udp -j PSW2_OUTPUT
|
||||
|
||||
if [ "$PROXY_IPV6_UDP" == "1" ]; then
|
||||
$ip6t_m -A PSW2_OUTPUT -p udp -d $FAKE_IP_6 -j PSW2_RULE
|
||||
[ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ip6t_m -A PSW2_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE
|
||||
[ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ip6t_m -A PSW2 $(comment "本机") -p udp -i lo $(REDIRECT $REDIR_PORT TPROXY)
|
||||
$ip6t_m -A PSW2_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE
|
||||
$ip6t_m -A PSW2 $(comment "本机") -p udp -i lo $(REDIRECT $REDIR_PORT TPROXY)
|
||||
$ip6t_m -A PSW2 $(comment "本机") -p udp -i lo -j RETURN
|
||||
$ip6t_m -A OUTPUT -p udp -j PSW2_OUTPUT
|
||||
fi
|
||||
|
||||
@ -894,12 +894,17 @@ local function select_node(nodes, config)
|
||||
end
|
||||
-- 还不行 随便找一个
|
||||
if not server then
|
||||
server = uci:get_all(appname, '@' .. "nodes" .. '[0]')
|
||||
if server then
|
||||
if config.log == nil or config.log == true then
|
||||
log('【' .. config.remarks .. '】' .. '无法找到最匹配的节点,当前已更换为:' .. server.remarks)
|
||||
local nodes_table = {}
|
||||
for k, e in ipairs(api.get_valid_nodes()) do
|
||||
if e.node_type == "normal" then
|
||||
nodes_table[#nodes_table + 1] = e
|
||||
end
|
||||
server = server[".name"]
|
||||
end
|
||||
if #nodes_table > 0 then
|
||||
if config.log == nil or config.log == true then
|
||||
log('【' .. config.remarks .. '】' .. '无法找到最匹配的节点,当前已更换为:' .. nodes_table[1].remarks)
|
||||
end
|
||||
server = nodes_table[1][".name"]
|
||||
end
|
||||
end
|
||||
if server then
|
||||
@ -913,15 +918,15 @@ local function update_node(manual)
|
||||
return
|
||||
end
|
||||
|
||||
local group = ""
|
||||
local group = {}
|
||||
for _, v in ipairs(nodeResult) do
|
||||
group = group .. v["remark"]
|
||||
group[v["remark"]] = true
|
||||
end
|
||||
|
||||
if manual == 0 and #group > 0 then
|
||||
if manual == 0 and next(group) then
|
||||
uci:foreach(appname, "nodes", function(node)
|
||||
-- 如果是未发现新节点或手动导入的节点就不要删除了...
|
||||
if (node.add_from and group:find(node.add_from, 1, true)) and node.add_mode == "2" then
|
||||
-- 如果未发现新节点或手动导入的节点就不要删除了...
|
||||
if node.add_mode == "2" and (node.add_from and group[node.add_from] == true) then
|
||||
uci:delete(appname, node['.name'])
|
||||
end
|
||||
end)
|
||||
@ -1117,7 +1122,7 @@ local execute = function()
|
||||
|
||||
if #fail_list > 0 then
|
||||
for index, value in ipairs(fail_list) do
|
||||
log(value.remark .. '订阅失败,可能是订阅地址失效,或是网络问题,请诊断!')
|
||||
log(string.format('【%s】订阅失败,可能是订阅地址失效,或是网络问题,请诊断!', value.remark))
|
||||
end
|
||||
end
|
||||
update_node(0)
|
||||
|
||||
@ -237,14 +237,12 @@ tp_rule() {
|
||||
router)
|
||||
$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set ss_spec_wan_ac dst -j RETURN
|
||||
$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set china dst -j RETURN
|
||||
$ipt -A SS_SPEC_TPROXY -p udp --dport 443 -j DROP
|
||||
$ipt -A SS_SPEC_TPROXY -p udp --dport 80 -j DROP
|
||||
$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set gmlan src -m set ! --match-set china dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
|
||||
$ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set ! --match-set ss_spec_wan_ac dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
|
||||
;;
|
||||
gfw)
|
||||
$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set china dst -j RETURN
|
||||
$ipt -A SS_SPEC_TPROXY -p udp --dport 443 -j DROP
|
||||
$ipt -A SS_SPEC_TPROXY -p udp --dport 80 -j DROP
|
||||
$ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set gfwlist dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
|
||||
$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set gmlan src -m set ! --match-set china dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
|
||||
|
||||
@ -6,12 +6,12 @@
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=sing-box
|
||||
PKG_VERSION:=1.2.5
|
||||
PKG_VERSION:=1.2.6
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||
PKG_SOURCE_URL:=https://codeload.github.com/SagerNet/sing-box/tar.gz/v$(PKG_VERSION)?
|
||||
PKG_HASH:=88d85e8b8a29b165e67b63e4742473d12c49444a659b82ef302113d84bba53ca
|
||||
PKG_HASH:=8f7adf55ed9afe6ec0dd8b04ed64dd3a6243578ee779f909dfb3778fa2dbda10
|
||||
|
||||
PKG_LICENSE:=GPL-3.0-or-later
|
||||
PKG_LICENSE_FILES:=LICENSE
|
||||
|
||||
Loading…
Reference in New Issue
Block a user