luci-app-passwall: sync with upstream source

2025-01-09 02:43:53 +08:00 · 2020-04-12 00:40:22 +08:00 · 2020-04-12 00:40:22 +08:00 · 7e0682d651
commit 7e0682d651
parent 40422cc8a5
9 changed files with 140 additions and 107 deletions
--- a/package/lienol/luci-app-passwall/Makefile
+++ b/package/lienol/luci-app-passwall/Makefile
@ -7,8 +7,8 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=luci-app-passwall
 PKG_VERSION:=3.6
-PKG_RELEASE:=39
-PKG_DATE:=20200408
+PKG_RELEASE:=40
+PKG_DATE:=20200411

 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)

--- a/package/lienol/luci-app-passwall/luasrc/controller/passwall.lua
+++ b/package/lienol/luci-app-passwall/luasrc/controller/passwall.lua
@ -191,19 +191,12 @@ function ping_node()
    local port = luci.http.formvalue("port")
    local e = {}
    e.index = index
-    if luci.sys.exec("echo -n $(uci -q get %s.@global_other[0].use_tcping)" %
-                         appname) == "1" and
-        luci.sys.exec("echo -n $(command -v tcping)") ~= "" then
-        e.ping = luci.sys.exec(string.format(
-                                   "echo -n $(tcping -q -c 1 -i 1 -p %s %s 2>&1 | grep -o 'time=[0-9]*' | awk -F '=' '{print$2}') 2>/dev/null",
-                                   port, address))
-        luci.sys.call(string.format(
-                          "ps -w | grep 'tcping -q -c 1 -i 1 -p %s %s' | grep -v grep | awk '{print $1}' | xargs kill -9 2>/dev/null",
-                          port, address))
-    else
-        e.ping = luci.sys.exec(
-                     "echo -n $(ping -c 1 -W 1 %q 2>&1 | grep -o 'time=[0-9]*' | awk -F '=' '{print$2}') 2>/dev/null" %
-                         address)
+    if luci.sys.exec("echo -n $(uci -q get %s.@global_other[0].use_tcping)" % appname) == "1" and luci.sys.exec("echo -n $(command -v tcping)") ~= "" then
+        e.ping = luci.sys.exec(string.format("echo -n $(tcping -q -c 1 -i 1 -p %s %s 2>&1 | grep -o 'time=[0-9]*' | awk -F '=' '{print$2}') 2>/dev/null", port, address))
+        luci.sys.call(string.format("ps -w | grep 'tcping -q -c 1 -i 1 -p %s %s' | grep -v grep | awk '{print $1}' | xargs kill -9 2>/dev/null", port, address))
+    end
+    if e.ping == nil or tonumber(e.ping) == 0 then
+        e.ping = luci.sys.exec("echo -n $(ping -c 1 -W 1 %q 2>&1 | grep -o 'time=[0-9]*' | awk -F '=' '{print$2}') 2>/dev/null" % address)
    end
    luci.http.prepare_content("application/json")
    luci.http.write_json(e)
--- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/acl.lua
+++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/acl.lua
@ -108,7 +108,7 @@ for index, key in pairs(ips) do o:value(key, temp[key]) end
 ---- MAC Address
 o = s:option(Value, "mac", translate("MAC"))
 o.rmempty = true
-sys.net.mac_hints(function(e, t) o:value(e, "%s " % {e}) end)
+sys.net.mac_hints(function(e, t) o:value(e, "%s (%s)" % {e, t}) end)

 ---- TCP Node
 local tcp_node_num = api.uci_get_type("global_other", "tcp_node_num", 1)
--- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray_shunt.lua
+++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray_shunt.lua
@ -20,16 +20,12 @@ local function gen_outbound(node, tag)
                node.v2ray_protocol = "socks"
                node.v2ray_transport = "tcp"
            else
-                local node_type = (proto and proto ~= "nil") and proto or
-                                      "socks"
-                local new_port = sys.exec(
-                                     "echo -n $(/usr/share/passwall/app.sh get_new_port auto tcp)")
+                local node_type = (proto and proto ~= "nil") and proto or "socks"
+                local new_port = sys.exec("echo -n $(/usr/share/passwall/app.sh get_new_port auto tcp)")
                node.port = new_port
-                sys.call(string.format(
-                             "/usr/share/passwall/app.sh gen_start_config %s %s %s %s %s %s",
+                sys.call(string.format("/usr/share/passwall/app.sh gen_start_config %s %s %s %s %s %s",
                             node_id, new_port, "SOCKS",
-                             "/var/etc/passwall/v2_shunt_" .. node_type .. "_" ..
-                                 node_id .. ".json", "4", "127.0.0.1"))
+                             "/var/etc/passwall/v2_shunt_" .. node_type .. "_" .. node_id .. ".json", "4", "127.0.0.1"))
                node.v2ray_protocol = "socks"
                node.v2ray_transport = "tcp"
                node.address = "127.0.0.1"
@ -40,8 +36,7 @@ local function gen_outbound(node, tag)
            protocol = node.v2ray_protocol or "vmess",
            mux = {
                enabled = (node.v2ray_mux == "1") and true or false,
-                concurrency = (node.v2ray_mux_concurrency) and
-                    tonumber(node.v2ray_mux_concurrency) or 8
+                concurrency = (node.v2ray_mux_concurrency) and tonumber(node.v2ray_mux_concurrency) or 8
            },
            -- 底层传输配置
            streamSettings = (node.v2ray_protocol == "vmess") and {
@ -49,8 +44,7 @@ local function gen_outbound(node, tag)
                security = node.v2ray_stream_security,
                tlsSettings = (node.v2ray_stream_security == "tls") and {
                    serverName = node.tls_serverName,
-                    allowInsecure = (node.tls_allowInsecure == "1") and true or
-                        false
+                    allowInsecure = (node.tls_allowInsecure == "1") and true or false
                } or nil,
                tcpSettings = (node.v2ray_transport == "tcp" and
                    node.v2ray_protocol ~= "socks") and {
@ -69,8 +63,7 @@ local function gen_outbound(node, tag)
                    tti = tonumber(node.v2ray_mkcp_tti),
                    uplinkCapacity = tonumber(node.v2ray_mkcp_uplinkCapacity),
                    downlinkCapacity = tonumber(node.v2ray_mkcp_downlinkCapacity),
-                    congestion = (node.v2ray_mkcp_congestion == "1") and true or
-                        false,
+                    congestion = (node.v2ray_mkcp_congestion == "1") and true or false,
                    readBufferSize = tonumber(node.v2ray_mkcp_readBufferSize),
                    writeBufferSize = tonumber(node.v2ray_mkcp_writeBufferSize),
                    header = {type = node.v2ray_mkcp_guise}
@ -111,8 +104,7 @@ local function gen_outbound(node, tag)
                        address = node.address,
                        port = tonumber(node.port),
                        users = (node.username and node.password) and
-                            {{user = node.username, pass = node.password}} or
-                            nil
+                            {{user = node.username, pass = node.password}} or nil
                    }
                } or nil
            }
@ -159,10 +151,10 @@ end

 local rules = {}

-local youtube_node = node.youtube_node or nil
-if youtube_node and youtube_node ~= "nil" then
-    local node = ucursor:get_all("passwall", youtube_node)
-    local youtube_outbound = gen_outbound(node, "youtube")
+local youtube_node_id = node.youtube_node or nil
+if youtube_node_id and youtube_node_id ~= "nil" then
+    local youtube_node = ucursor:get_all("passwall", youtube_node_id)
+    local youtube_outbound = gen_outbound(youtube_node, "youtube")
    if youtube_outbound then
        table.insert(outbounds, youtube_outbound)
        local rule = {
@ -177,17 +169,17 @@ if youtube_node and youtube_node ~= "nil" then
    end
 end

-local netflix_node = node.netflix_node or nil
-if netflix_node and netflix_node ~= "nil" then
-    local node = ucursor:get_all("passwall", netflix_node)
-    local netflix_outbound = gen_outbound(node, "netflix")
+local netflix_node_id = node.netflix_node or nil
+if netflix_node_id and netflix_node_id ~= "nil" then
+    local netflix_node = ucursor:get_all("passwall", netflix_node_id)
+    local netflix_outbound = gen_outbound(netflix_node, "netflix")
    if netflix_outbound then
        table.insert(outbounds, netflix_outbound)
        local rule = {
            type = "field",
            domain = {
                "netflix", "netflix.com", "nflxso.net", "nflxext.com",
-                "nflximg.com", "nflximg.net", "nflxvideo.net"
+                "nflximg.com", "nflximg.net", "nflxvideo.net", "fast.com"
            },
            outboundTag = "netflix"
        }
@ -195,10 +187,10 @@ if netflix_node and netflix_node ~= "nil" then
    end
 end

-local default_node = node.default_node or nil
-if default_node and default_node ~= "nil" then
-    local node = ucursor:get_all("passwall", default_node)
-    local default_outbound = gen_outbound(node, "default")
+local default_node_id = node.default_node or nil
+if default_node_id and default_node_id ~= "nil" then
+    local default_node = ucursor:get_all("passwall", default_node_id)
+    local default_outbound = gen_outbound(default_node, "default")
    if default_outbound then
        table.insert(outbounds, default_outbound)
        local rule = {
@ -213,8 +205,7 @@ end
 routing = {domainStrategy = "IPOnDemand", rules = rules}

 -- 额外传出连接
-table.insert(outbounds,
-             {protocol = "freedom", tag = "direct", settings = {keep = ""}})
+table.insert(outbounds, {protocol = "freedom", tag = "direct", settings = {keep = ""}})

 local v2ray = {
    log = {
--- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/node_config.lua
+++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/node_config.lua
@ -127,12 +127,22 @@ youtube_node:value("nil", translate("Close"))
 for _, key in pairs(key_table) do youtube_node:value(key, n[key]) end
 youtube_node:depends("type", "V2ray_shunt")

+youtube_proxy = s:option(Flag, "youtube_proxy", "Youtube " .. translate("Node") .. translate("Preproxy"),
+                        "Youtube " .. translate("Node") .. translate("Use the default node for the transit."))
+youtube_proxy.default = 0
+youtube_proxy:depends("type", "V2ray_shunt")
+
 netflix_node = s:option(ListValue, "netflix_node",
                        "Netflix " .. translate("Node"))
 netflix_node:value("nil", translate("Close"))
 for _, key in pairs(key_table) do netflix_node:value(key, n[key]) end
 netflix_node:depends("type", "V2ray_shunt")

+netflix_proxy = s:option(Flag, "netflix_proxy", "Netflix " .. translate("Node") .. translate("Preproxy"),
+                        "Netflix " .. translate("Node") .. translate("Use the default node for the transit."))
+netflix_proxy.default = 0
+netflix_proxy:depends("type", "V2ray_shunt")
+
 default_node = s:option(ListValue, "default_node",
                        translate("Default") .. " " .. translate("Node"))
 default_node:value("nil", translate("Close"))
@ -148,6 +158,7 @@ address:depends("type", "V2ray")
 address:depends("type", "Brook")
 address:depends("type", "Trojan")

+--[[
 use_ipv6 = s:option(Flag, "use_ipv6", translate("Use IPv6"))
 use_ipv6.default = 0
 use_ipv6:depends("type", "Socks5")
@ -156,6 +167,7 @@ use_ipv6:depends("type", "SSR")
 use_ipv6:depends("type", "V2ray")
 use_ipv6:depends("type", "Brook")
 use_ipv6:depends("type", "Trojan")
+--]]

 port = s:option(Value, "port", translate("Port"))
 port.datatype = "port"
--- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/other.lua
+++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/other.lua
@ -101,10 +101,12 @@ for i = 1, socks_node_num, 1 do
    o.default = "108" .. i
 end

+--[[
 ---- Proxy IPv6
 o = s:option(Flag, "proxy_ipv6", translate("Proxy IPv6"),
             translate("The IPv6 traffic can be proxyed when selected"))
 o.default = 0
+--]]

 --[[
 ---- TCP Redir Port
--- a/package/lienol/luci-app-passwall/po/zh_Hans/passwall.po
+++ b/package/lienol/luci-app-passwall/po/zh_Hans/passwall.po
@ -301,6 +301,12 @@ msgstr "V2ray 分流"
 msgid "V2ray_shunt"
 msgstr "V2ray 分流"

+msgid "Preproxy"
+msgstr "前置代理"
+
+msgid "Use the default node for the transit."
+msgstr "使用默认节点代理转发。"
+
 msgid "Load balancing node list"
 msgstr "负载均衡节点列表"

--- a/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh
+++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh
@ -159,6 +159,28 @@ load_acl() {
 			$ipt_m -A PSW_ACL $(comment "$remarks") $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp -j RETURN
 		done
 	}
+	
+	#  加载TCP默认代理模式
+	local ipt_tmp=$ipt_n
+	[ "$TCP_NODE1" != "nil" -a "$TCP_PROXY_MODE" != "disable" ] && {
+		local TCP_NODE1_TYPE=$(echo $(config_n_get $TCP_NODE1 type) | tr 'A-Z' 'a-z')
+		local is_tproxy
+		[ "$TCP_NODE1_TYPE" == "brook" -a "$(config_n_get $TCP_NODE1 brook_protocol client)" == "client" ] && ipt_tmp=$ipt_m && is_tproxy="TPROXY"
+		[ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_tmp -A PSW_ACL $(comment "默认") -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
+		$ipt_tmp -A PSW_ACL $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $TCP_REDIR_PORT1 $is_tproxy)
+		$ipt_tmp -A PSW_ACL $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $TCP_PROXY_MODE $TCP_REDIR_PORT1 $is_tproxy)
+	}
+	$ipt_tmp -A PSW_ACL $(comment "默认") -p tcp -j RETURN
+	echolog "TCP默认代理模式：$(get_action_chain_name $TCP_PROXY_MODE)"
+	
+	#  加载UDP默认代理模式
+	[ "$UDP_NODE1" != "nil" -a "$UDP_PROXY_MODE" != "disable" ] && {
+		[ "$UDP_NO_REDIR_PORTS" != "disable" ] && $ipt_m -A PSW_ACL $(comment "默认") -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN
+		$ipt_m -A PSW_ACL $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $UDP_REDIR_PORT1 TPROXY)
+		$ipt_m -A PSW_ACL $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $UDP_PROXY_MODE $UDP_REDIR_PORT1 TPROXY)
+	}
+	$ipt_m -A PSW_ACL $(comment "默认") -p udp -j RETURN
+	echolog "UDP默认代理模式：$(get_action_chain_name $UDP_PROXY_MODE)"
 }

 filter_vpsip() {
@ -169,41 +191,52 @@ filter_vpsip() {

 filter_node() {
 	filter_rules() {
-		[ -n "$1" -a "$1" != "nil" ] && {
+		[ -n "$1" ] && [ "$1" != "nil" ] && {
 			local type=$(echo $(config_n_get $1 type) | tr 'A-Z' 'a-z')
 			local i=$ipt_n
-			[ "$type" == "brook" -a "$(config_n_get $1 brook_protocol client)" == "client" ] && i=$ipt_m
+			[ "$2" == "udp" ] || [ "$type" == "brook" -a "$(config_n_get $1 brook_protocol client)" == "client" ] && i=$ipt_m
 			local address=$(config_n_get $1 address)
 			local port=$(config_n_get $1 port)
-			is_exist=$($i -n -L PSW 2>/dev/null | grep -c "$address:$port")
-			[ "$is_exist" == 0 ] && {
-				local ADD_INDEX=2
-				local INDEX=$($i -n -L PSW --line-numbers | grep "$IPSET_VPSIPLIST" | sed -n '$p' | awk '{print $1}')
-				[ -n "$INDEX" ] && ADD_INDEX=$INDEX
-				$i -I PSW $ADD_INDEX -p tcp -d $address --dport $port $(comment "$address:$port") -j RETURN
-			}
-			is_exist=$($i -n -L PSW_OUTPUT 2>/dev/null | grep -c "$address:$port")
-			[ "$is_exist" == 0 ] && {
-				local ADD_INDEX=2
-				local INDEX=$($i -n -L PSW_OUTPUT --line-numbers | grep "$IPSET_VPSIPLIST" | sed -n '$p' | awk '{print $1}')
-				[ -n "$INDEX" ] && ADD_INDEX=$INDEX
-				$i -I PSW_OUTPUT $ADD_INDEX -p tcp -d $address --dport $port $(comment "$address:$port") -j RETURN
-			}
+			
+			if [ -n "$3" ] && [ "$3" == "1" ] && [ -n "$4" ]; then
+				if [ "$i" == "$ipt_m" ]; then
+					$i -I PSW_OUTPUT 2 -p $2 -d $address --dport $port $(REDIRECT 1 MARK)
+				else
+					$i -I PSW_OUTPUT 2 -p $2 -d $address --dport $port $(REDIRECT $4)
+				fi
+			else
+				is_exist=$($i -n -L PSW_OUTPUT 2>/dev/null | grep -c "$address:$port")
+				[ "$is_exist" == 0 ] && {
+					local ADD_INDEX=2
+					local INDEX=$($i -n -L PSW_OUTPUT --line-numbers | grep "$IPSET_VPSIPLIST" | sed -n '$p' | awk '{print $1}')
+					[ -n "$INDEX" ] && ADD_INDEX=$INDEX
+					$i -I PSW_OUTPUT $ADD_INDEX -p $2 -d $address --dport $port $(comment "$address:$port") -j RETURN
+				}
+			fi
 		}
 	}
 	local tmp_type=$(echo $(config_n_get $1 type) | tr 'A-Z' 'a-z')
 	if [ "$tmp_type" == "v2ray_shunt" ]; then
-		filter_rules $(config_n_get $node youtube_node)
-		filter_rules $(config_n_get $node netflix_node)
-		filter_rules $(config_n_get $node default_node)
+		local default_node=$(config_n_get $1 default_node nil)
+		filter_rules $default_node $2
+		
+		local youtube_node=$(config_n_get $1 youtube_node)
+		local youtube_proxy=$(config_n_get $1 youtube_proxy 0)
+		[ "$default_node" == "$youtube_node" ] && youtube_proxy=0
+		local netflix_node=$(config_n_get $1 netflix_node)
+		local netflix_proxy=$(config_n_get $1 netflix_proxy 0)
+		[ "$default_node" == "$netflix_node" ] && netflix_proxy=0
+		filter_rules $(config_n_get $1 youtube_node) $2 $youtube_proxy $3
+		filter_rules $(config_n_get $1 netflix_node) $2 $netflix_proxy $3
+		
 	elif [ "$tmp_type" == "v2ray_balancing" ]; then
-		local balancing_node=$(config_n_get $node v2ray_balancing_node)
+		local balancing_node=$(config_n_get $1 v2ray_balancing_node)
 		for node_id in $balancing_node
 		do
-			filter_rules $node_id
+			filter_rules $node_id $2
 		done
 	else
-		filter_rules $node
+		filter_rules $1 $2
 	fi
 }

@ -227,6 +260,13 @@ add_firewall_rule() {
 	ipset -! -R <<-EOF || return 1
 		$(gen_laniplist | sed -e "s/^/add $IPSET_LANIPLIST /")
 	EOF
+	
+	# 忽略特殊IP段
+	lan_ifname=$(uci -q -p /var/state get network.lan.ifname)
+	[ -n "$lan_ifname" ] && {
+		lan_ip=$(ip address show $lan_ifname | grep -w "inet" | awk '{print $2}')
+		[ -n "$lan_ip" ] && ipset -! add $IPSET_LANIPLIST $lan_ip >/dev/null 2>&1 &
+	}

 	ISP_DNS=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | sort -u | grep -v 0.0.0.0 | grep -v 127.0.0.1)
 	[ -n "$ISP_DNS" ] && {
@ -234,13 +274,9 @@ add_firewall_rule() {
 			ipset -! add $IPSET_WHITELIST $ispip >/dev/null 2>&1 &
 		done
 	}
-
-	# 忽略特殊IP段
-	lan_ifname=$(uci -q -p /var/state get network.lan.ifname)
-	[ -n "$lan_ifname" ] && {
-		lan_ip=$(ip address show $lan_ifname | grep -w "inet" | awk '{print $2}')
-		[ -n "$lan_ip" ] && ipset -! add $IPSET_LANIPLIST $lan_ip >/dev/null 2>&1 &
-	}
+	
+	#  过滤所有节点IP
+	filter_vpsip
 	
 	$ipt_n -N PSW
 	$ipt_n -A PSW $(dst $IPSET_LANIPLIST) -j RETURN
@ -267,14 +303,22 @@ add_firewall_rule() {
 	ip rule add fwmark 1 lookup 100
 	ip route add local 0.0.0.0/0 dev lo table 100

-	for k in $(seq 1 $SOCKS_NODE_NUM); do
-		eval node=\$SOCKS_NODE$k
-		[ "$node" != "nil" ] && filter_node $node
+	for i in $(seq 1 $SOCKS_NODE_NUM); do
+		eval node=\$SOCKS_NODE$i
+		[ "$node" != "nil" ] && {
+			filter_node $node tcp
+			filter_node $node udp
+		}
+	done
+	
+	for i in $(seq 1 $TCP_NODE_NUM); do
+		eval node=\$TCP_NODE$i
+		eval port=\$TCP_REDIR_PORT$i
+		[ "$node" != "nil" ] && filter_node $node tcp $port
 	done
 	
 	# 加载路由器自身代理 TCP
 	if [ "$TCP_NODE1" != "nil" ]; then
-		filter_node $TCP_NODE1
 		TCP_NODE1_TYPE=$(echo $(config_n_get $TCP_NODE1 type) | tr 'A-Z' 'a-z')
 		if [ "$TCP_NODE1_TYPE" == "brook" -a "$(config_n_get $TCP_NODE1 brook_protocol client)" == "client" ]; then
 			[ "$use_tcp_node_resolve_dns" == 1 -a -n "$DNS_FORWARD" ] && {
@ -340,9 +384,14 @@ add_firewall_rule() {
 		}
 	fi
 	
+	for i in $(seq 1 $UDP_NODE_NUM); do
+		eval node=\$UDP_NODE$i
+		eval port=\$UDP_REDIR_PORT$i
+		[ "$node" != "nil" ] && filter_node $node udp $port
+	done
+	
 	# 加载路由器自身代理 UDP
 	if [ "$UDP_NODE1" != "nil" ]; then
-		filter_node $UDP_NODE1
 		local UDP_NODE1_TYPE=$(echo $(config_n_get $UDP_NODE1 type) | tr 'A-Z' 'a-z')
 		[ "$use_udp_node_resolve_dns" == 1 -a -n "$DNS_FORWARD" ] && {
 			for dns in $DNS_FORWARD ; do
@ -367,31 +416,6 @@ add_firewall_rule() {
 	
 	#  加载ACLS
 	load_acl
-
-	#  加载TCP默认代理模式
-	local ipt_tmp=$ipt_n
-	[ "$TCP_NODE1" != "nil" -a "$TCP_PROXY_MODE" != "disable" ] && {
-		local TCP_NODE1_TYPE=$(echo $(config_n_get $TCP_NODE1 type) | tr 'A-Z' 'a-z')
-		local is_tproxy
-		[ "$TCP_NODE1_TYPE" == "brook" -a "$(config_n_get $TCP_NODE1 brook_protocol client)" == "client" ] && ipt_tmp=$ipt_m && is_tproxy="TPROXY"
-		[ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_tmp -A PSW_ACL $(comment "默认") -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
-		$ipt_tmp -A PSW_ACL $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $TCP_REDIR_PORT1 $is_tproxy)
-		$ipt_tmp -A PSW_ACL $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $TCP_PROXY_MODE $TCP_REDIR_PORT1 $is_tproxy)
-	}
-	$ipt_tmp -A PSW_ACL $(comment "默认") -p tcp -j RETURN
-	echolog "TCP默认代理模式：$(get_action_chain_name $TCP_PROXY_MODE)"
-	
-	#  加载UDP默认代理模式
-	[ "$UDP_NODE1" != "nil" -a "$UDP_PROXY_MODE" != "disable" ] && {
-		[ "$UDP_NO_REDIR_PORTS" != "disable" ] && $ipt_m -A PSW_ACL $(comment "默认") -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN
-		$ipt_m -A PSW_ACL $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $UDP_REDIR_PORT1 TPROXY)
-		$ipt_m -A PSW_ACL $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $UDP_PROXY_MODE $UDP_REDIR_PORT1 TPROXY)
-	}
-	$ipt_m -A PSW_ACL $(comment "默认") -p udp -j RETURN
-	echolog "UDP默认代理模式：$(get_action_chain_name $UDP_PROXY_MODE)"
-	
-	#  过滤所有节点IP
-	filter_vpsip
 	
 	# dns_hijack "force"
 	
--- a/package/lienol/luci-app-passwall/root/usr/share/passwall/test.sh
+++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/test.sh
@ -22,7 +22,12 @@ test_url() {
 	local timeout=2
 	[ -n "$3" ] && timeout=$3
 	status=$(/usr/bin/wget -4 --no-check-certificate --spider --timeout=$timeout --tries $try "$url" 2>/dev/null)
-	[ "$?" == 0 ] && status=200
+	if [ "$?" == 0 ]; then
+		status=200
+	else
+		status=$(/usr/bin/wget --no-check-certificate --spider --timeout=$timeout --tries $try "$url" 2>/dev/null)
+		[ "$?" == 0 ] && status=200
+	fi
 	echo $status
 }