diff --git a/package/lienol/luci-app-passwall/Makefile b/package/lienol/luci-app-passwall/Makefile index 1c0a96b0d3..5a16772bdb 100644 --- a/package/lienol/luci-app-passwall/Makefile +++ b/package/lienol/luci-app-passwall/Makefile @@ -7,8 +7,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luci-app-passwall PKG_VERSION:=3.6 -PKG_RELEASE:=39 -PKG_DATE:=20200408 +PKG_RELEASE:=40 +PKG_DATE:=20200411 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) diff --git a/package/lienol/luci-app-passwall/luasrc/controller/passwall.lua b/package/lienol/luci-app-passwall/luasrc/controller/passwall.lua index 71c6ee56aa..4df665997e 100644 --- a/package/lienol/luci-app-passwall/luasrc/controller/passwall.lua +++ b/package/lienol/luci-app-passwall/luasrc/controller/passwall.lua @@ -191,19 +191,12 @@ function ping_node() local port = luci.http.formvalue("port") local e = {} e.index = index - if luci.sys.exec("echo -n $(uci -q get %s.@global_other[0].use_tcping)" % - appname) == "1" and - luci.sys.exec("echo -n $(command -v tcping)") ~= "" then - e.ping = luci.sys.exec(string.format( - "echo -n $(tcping -q -c 1 -i 1 -p %s %s 2>&1 | grep -o 'time=[0-9]*' | awk -F '=' '{print$2}') 2>/dev/null", - port, address)) - luci.sys.call(string.format( - "ps -w | grep 'tcping -q -c 1 -i 1 -p %s %s' | grep -v grep | awk '{print $1}' | xargs kill -9 2>/dev/null", - port, address)) - else - e.ping = luci.sys.exec( - "echo -n $(ping -c 1 -W 1 %q 2>&1 | grep -o 'time=[0-9]*' | awk -F '=' '{print$2}') 2>/dev/null" % - address) + if luci.sys.exec("echo -n $(uci -q get %s.@global_other[0].use_tcping)" % appname) == "1" and luci.sys.exec("echo -n $(command -v tcping)") ~= "" then + e.ping = luci.sys.exec(string.format("echo -n $(tcping -q -c 1 -i 1 -p %s %s 2>&1 | grep -o 'time=[0-9]*' | awk -F '=' '{print$2}') 2>/dev/null", port, address)) + luci.sys.call(string.format("ps -w | grep 'tcping -q -c 1 -i 1 -p %s %s' | grep -v grep | awk '{print $1}' | xargs kill -9 2>/dev/null", port, address)) + end + if e.ping == nil or tonumber(e.ping) == 0 then + e.ping = luci.sys.exec("echo -n $(ping -c 1 -W 1 %q 2>&1 | grep -o 'time=[0-9]*' | awk -F '=' '{print$2}') 2>/dev/null" % address) end luci.http.prepare_content("application/json") luci.http.write_json(e) diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/acl.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/acl.lua index b1279402af..106f9bb00b 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/acl.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/acl.lua @@ -108,7 +108,7 @@ for index, key in pairs(ips) do o:value(key, temp[key]) end ---- MAC Address o = s:option(Value, "mac", translate("MAC")) o.rmempty = true -sys.net.mac_hints(function(e, t) o:value(e, "%s " % {e}) end) +sys.net.mac_hints(function(e, t) o:value(e, "%s (%s)" % {e, t}) end) ---- TCP Node local tcp_node_num = api.uci_get_type("global_other", "tcp_node_num", 1) diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray_shunt.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray_shunt.lua index 2326208489..8557caba08 100755 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray_shunt.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray_shunt.lua @@ -20,16 +20,12 @@ local function gen_outbound(node, tag) node.v2ray_protocol = "socks" node.v2ray_transport = "tcp" else - local node_type = (proto and proto ~= "nil") and proto or - "socks" - local new_port = sys.exec( - "echo -n $(/usr/share/passwall/app.sh get_new_port auto tcp)") + local node_type = (proto and proto ~= "nil") and proto or "socks" + local new_port = sys.exec("echo -n $(/usr/share/passwall/app.sh get_new_port auto tcp)") node.port = new_port - sys.call(string.format( - "/usr/share/passwall/app.sh gen_start_config %s %s %s %s %s %s", + sys.call(string.format("/usr/share/passwall/app.sh gen_start_config %s %s %s %s %s %s", node_id, new_port, "SOCKS", - "/var/etc/passwall/v2_shunt_" .. node_type .. "_" .. - node_id .. ".json", "4", "127.0.0.1")) + "/var/etc/passwall/v2_shunt_" .. node_type .. "_" .. node_id .. ".json", "4", "127.0.0.1")) node.v2ray_protocol = "socks" node.v2ray_transport = "tcp" node.address = "127.0.0.1" @@ -40,8 +36,7 @@ local function gen_outbound(node, tag) protocol = node.v2ray_protocol or "vmess", mux = { enabled = (node.v2ray_mux == "1") and true or false, - concurrency = (node.v2ray_mux_concurrency) and - tonumber(node.v2ray_mux_concurrency) or 8 + concurrency = (node.v2ray_mux_concurrency) and tonumber(node.v2ray_mux_concurrency) or 8 }, -- 底层传输配置 streamSettings = (node.v2ray_protocol == "vmess") and { @@ -49,8 +44,7 @@ local function gen_outbound(node, tag) security = node.v2ray_stream_security, tlsSettings = (node.v2ray_stream_security == "tls") and { serverName = node.tls_serverName, - allowInsecure = (node.tls_allowInsecure == "1") and true or - false + allowInsecure = (node.tls_allowInsecure == "1") and true or false } or nil, tcpSettings = (node.v2ray_transport == "tcp" and node.v2ray_protocol ~= "socks") and { @@ -69,8 +63,7 @@ local function gen_outbound(node, tag) tti = tonumber(node.v2ray_mkcp_tti), uplinkCapacity = tonumber(node.v2ray_mkcp_uplinkCapacity), downlinkCapacity = tonumber(node.v2ray_mkcp_downlinkCapacity), - congestion = (node.v2ray_mkcp_congestion == "1") and true or - false, + congestion = (node.v2ray_mkcp_congestion == "1") and true or false, readBufferSize = tonumber(node.v2ray_mkcp_readBufferSize), writeBufferSize = tonumber(node.v2ray_mkcp_writeBufferSize), header = {type = node.v2ray_mkcp_guise} @@ -111,8 +104,7 @@ local function gen_outbound(node, tag) address = node.address, port = tonumber(node.port), users = (node.username and node.password) and - {{user = node.username, pass = node.password}} or - nil + {{user = node.username, pass = node.password}} or nil } } or nil } @@ -159,10 +151,10 @@ end local rules = {} -local youtube_node = node.youtube_node or nil -if youtube_node and youtube_node ~= "nil" then - local node = ucursor:get_all("passwall", youtube_node) - local youtube_outbound = gen_outbound(node, "youtube") +local youtube_node_id = node.youtube_node or nil +if youtube_node_id and youtube_node_id ~= "nil" then + local youtube_node = ucursor:get_all("passwall", youtube_node_id) + local youtube_outbound = gen_outbound(youtube_node, "youtube") if youtube_outbound then table.insert(outbounds, youtube_outbound) local rule = { @@ -177,17 +169,17 @@ if youtube_node and youtube_node ~= "nil" then end end -local netflix_node = node.netflix_node or nil -if netflix_node and netflix_node ~= "nil" then - local node = ucursor:get_all("passwall", netflix_node) - local netflix_outbound = gen_outbound(node, "netflix") +local netflix_node_id = node.netflix_node or nil +if netflix_node_id and netflix_node_id ~= "nil" then + local netflix_node = ucursor:get_all("passwall", netflix_node_id) + local netflix_outbound = gen_outbound(netflix_node, "netflix") if netflix_outbound then table.insert(outbounds, netflix_outbound) local rule = { type = "field", domain = { "netflix", "netflix.com", "nflxso.net", "nflxext.com", - "nflximg.com", "nflximg.net", "nflxvideo.net" + "nflximg.com", "nflximg.net", "nflxvideo.net", "fast.com" }, outboundTag = "netflix" } @@ -195,10 +187,10 @@ if netflix_node and netflix_node ~= "nil" then end end -local default_node = node.default_node or nil -if default_node and default_node ~= "nil" then - local node = ucursor:get_all("passwall", default_node) - local default_outbound = gen_outbound(node, "default") +local default_node_id = node.default_node or nil +if default_node_id and default_node_id ~= "nil" then + local default_node = ucursor:get_all("passwall", default_node_id) + local default_outbound = gen_outbound(default_node, "default") if default_outbound then table.insert(outbounds, default_outbound) local rule = { @@ -213,8 +205,7 @@ end routing = {domainStrategy = "IPOnDemand", rules = rules} -- 额外传出连接 -table.insert(outbounds, - {protocol = "freedom", tag = "direct", settings = {keep = ""}}) +table.insert(outbounds, {protocol = "freedom", tag = "direct", settings = {keep = ""}}) local v2ray = { log = { diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/node_config.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/node_config.lua index 6bb5531bde..e8fe672a20 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/node_config.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/node_config.lua @@ -127,12 +127,22 @@ youtube_node:value("nil", translate("Close")) for _, key in pairs(key_table) do youtube_node:value(key, n[key]) end youtube_node:depends("type", "V2ray_shunt") +youtube_proxy = s:option(Flag, "youtube_proxy", "Youtube " .. translate("Node") .. translate("Preproxy"), + "Youtube " .. translate("Node") .. translate("Use the default node for the transit.")) +youtube_proxy.default = 0 +youtube_proxy:depends("type", "V2ray_shunt") + netflix_node = s:option(ListValue, "netflix_node", "Netflix " .. translate("Node")) netflix_node:value("nil", translate("Close")) for _, key in pairs(key_table) do netflix_node:value(key, n[key]) end netflix_node:depends("type", "V2ray_shunt") +netflix_proxy = s:option(Flag, "netflix_proxy", "Netflix " .. translate("Node") .. translate("Preproxy"), + "Netflix " .. translate("Node") .. translate("Use the default node for the transit.")) +netflix_proxy.default = 0 +netflix_proxy:depends("type", "V2ray_shunt") + default_node = s:option(ListValue, "default_node", translate("Default") .. " " .. translate("Node")) default_node:value("nil", translate("Close")) @@ -148,6 +158,7 @@ address:depends("type", "V2ray") address:depends("type", "Brook") address:depends("type", "Trojan") +--[[ use_ipv6 = s:option(Flag, "use_ipv6", translate("Use IPv6")) use_ipv6.default = 0 use_ipv6:depends("type", "Socks5") @@ -156,6 +167,7 @@ use_ipv6:depends("type", "SSR") use_ipv6:depends("type", "V2ray") use_ipv6:depends("type", "Brook") use_ipv6:depends("type", "Trojan") +--]] port = s:option(Value, "port", translate("Port")) port.datatype = "port" diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/other.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/other.lua index 7732738daf..8ddbad4126 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/other.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/other.lua @@ -101,10 +101,12 @@ for i = 1, socks_node_num, 1 do o.default = "108" .. i end +--[[ ---- Proxy IPv6 o = s:option(Flag, "proxy_ipv6", translate("Proxy IPv6"), translate("The IPv6 traffic can be proxyed when selected")) o.default = 0 +--]] --[[ ---- TCP Redir Port diff --git a/package/lienol/luci-app-passwall/po/zh_Hans/passwall.po b/package/lienol/luci-app-passwall/po/zh_Hans/passwall.po index 45c03185cf..39a566529d 100644 --- a/package/lienol/luci-app-passwall/po/zh_Hans/passwall.po +++ b/package/lienol/luci-app-passwall/po/zh_Hans/passwall.po @@ -301,6 +301,12 @@ msgstr "V2ray 分流" msgid "V2ray_shunt" msgstr "V2ray 分流" +msgid "Preproxy" +msgstr "前置代理" + +msgid "Use the default node for the transit." +msgstr "使用默认节点代理转发。" + msgid "Load balancing node list" msgstr "负载均衡节点列表" diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh b/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh index a4e8f83b2b..fbead15d16 100755 --- a/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh +++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh @@ -159,6 +159,28 @@ load_acl() { $ipt_m -A PSW_ACL $(comment "$remarks") $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp -j RETURN done } + + # 加载TCP默认代理模式 + local ipt_tmp=$ipt_n + [ "$TCP_NODE1" != "nil" -a "$TCP_PROXY_MODE" != "disable" ] && { + local TCP_NODE1_TYPE=$(echo $(config_n_get $TCP_NODE1 type) | tr 'A-Z' 'a-z') + local is_tproxy + [ "$TCP_NODE1_TYPE" == "brook" -a "$(config_n_get $TCP_NODE1 brook_protocol client)" == "client" ] && ipt_tmp=$ipt_m && is_tproxy="TPROXY" + [ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_tmp -A PSW_ACL $(comment "默认") -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN + $ipt_tmp -A PSW_ACL $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $TCP_REDIR_PORT1 $is_tproxy) + $ipt_tmp -A PSW_ACL $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $TCP_PROXY_MODE $TCP_REDIR_PORT1 $is_tproxy) + } + $ipt_tmp -A PSW_ACL $(comment "默认") -p tcp -j RETURN + echolog "TCP默认代理模式:$(get_action_chain_name $TCP_PROXY_MODE)" + + # 加载UDP默认代理模式 + [ "$UDP_NODE1" != "nil" -a "$UDP_PROXY_MODE" != "disable" ] && { + [ "$UDP_NO_REDIR_PORTS" != "disable" ] && $ipt_m -A PSW_ACL $(comment "默认") -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN + $ipt_m -A PSW_ACL $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $UDP_REDIR_PORT1 TPROXY) + $ipt_m -A PSW_ACL $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $UDP_PROXY_MODE $UDP_REDIR_PORT1 TPROXY) + } + $ipt_m -A PSW_ACL $(comment "默认") -p udp -j RETURN + echolog "UDP默认代理模式:$(get_action_chain_name $UDP_PROXY_MODE)" } filter_vpsip() { @@ -169,41 +191,52 @@ filter_vpsip() { filter_node() { filter_rules() { - [ -n "$1" -a "$1" != "nil" ] && { + [ -n "$1" ] && [ "$1" != "nil" ] && { local type=$(echo $(config_n_get $1 type) | tr 'A-Z' 'a-z') local i=$ipt_n - [ "$type" == "brook" -a "$(config_n_get $1 brook_protocol client)" == "client" ] && i=$ipt_m + [ "$2" == "udp" ] || [ "$type" == "brook" -a "$(config_n_get $1 brook_protocol client)" == "client" ] && i=$ipt_m local address=$(config_n_get $1 address) local port=$(config_n_get $1 port) - is_exist=$($i -n -L PSW 2>/dev/null | grep -c "$address:$port") - [ "$is_exist" == 0 ] && { - local ADD_INDEX=2 - local INDEX=$($i -n -L PSW --line-numbers | grep "$IPSET_VPSIPLIST" | sed -n '$p' | awk '{print $1}') - [ -n "$INDEX" ] && ADD_INDEX=$INDEX - $i -I PSW $ADD_INDEX -p tcp -d $address --dport $port $(comment "$address:$port") -j RETURN - } - is_exist=$($i -n -L PSW_OUTPUT 2>/dev/null | grep -c "$address:$port") - [ "$is_exist" == 0 ] && { - local ADD_INDEX=2 - local INDEX=$($i -n -L PSW_OUTPUT --line-numbers | grep "$IPSET_VPSIPLIST" | sed -n '$p' | awk '{print $1}') - [ -n "$INDEX" ] && ADD_INDEX=$INDEX - $i -I PSW_OUTPUT $ADD_INDEX -p tcp -d $address --dport $port $(comment "$address:$port") -j RETURN - } + + if [ -n "$3" ] && [ "$3" == "1" ] && [ -n "$4" ]; then + if [ "$i" == "$ipt_m" ]; then + $i -I PSW_OUTPUT 2 -p $2 -d $address --dport $port $(REDIRECT 1 MARK) + else + $i -I PSW_OUTPUT 2 -p $2 -d $address --dport $port $(REDIRECT $4) + fi + else + is_exist=$($i -n -L PSW_OUTPUT 2>/dev/null | grep -c "$address:$port") + [ "$is_exist" == 0 ] && { + local ADD_INDEX=2 + local INDEX=$($i -n -L PSW_OUTPUT --line-numbers | grep "$IPSET_VPSIPLIST" | sed -n '$p' | awk '{print $1}') + [ -n "$INDEX" ] && ADD_INDEX=$INDEX + $i -I PSW_OUTPUT $ADD_INDEX -p $2 -d $address --dport $port $(comment "$address:$port") -j RETURN + } + fi } } local tmp_type=$(echo $(config_n_get $1 type) | tr 'A-Z' 'a-z') if [ "$tmp_type" == "v2ray_shunt" ]; then - filter_rules $(config_n_get $node youtube_node) - filter_rules $(config_n_get $node netflix_node) - filter_rules $(config_n_get $node default_node) + local default_node=$(config_n_get $1 default_node nil) + filter_rules $default_node $2 + + local youtube_node=$(config_n_get $1 youtube_node) + local youtube_proxy=$(config_n_get $1 youtube_proxy 0) + [ "$default_node" == "$youtube_node" ] && youtube_proxy=0 + local netflix_node=$(config_n_get $1 netflix_node) + local netflix_proxy=$(config_n_get $1 netflix_proxy 0) + [ "$default_node" == "$netflix_node" ] && netflix_proxy=0 + filter_rules $(config_n_get $1 youtube_node) $2 $youtube_proxy $3 + filter_rules $(config_n_get $1 netflix_node) $2 $netflix_proxy $3 + elif [ "$tmp_type" == "v2ray_balancing" ]; then - local balancing_node=$(config_n_get $node v2ray_balancing_node) + local balancing_node=$(config_n_get $1 v2ray_balancing_node) for node_id in $balancing_node do - filter_rules $node_id + filter_rules $node_id $2 done else - filter_rules $node + filter_rules $1 $2 fi } @@ -227,6 +260,13 @@ add_firewall_rule() { ipset -! -R <<-EOF || return 1 $(gen_laniplist | sed -e "s/^/add $IPSET_LANIPLIST /") EOF + + # 忽略特殊IP段 + lan_ifname=$(uci -q -p /var/state get network.lan.ifname) + [ -n "$lan_ifname" ] && { + lan_ip=$(ip address show $lan_ifname | grep -w "inet" | awk '{print $2}') + [ -n "$lan_ip" ] && ipset -! add $IPSET_LANIPLIST $lan_ip >/dev/null 2>&1 & + } ISP_DNS=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | sort -u | grep -v 0.0.0.0 | grep -v 127.0.0.1) [ -n "$ISP_DNS" ] && { @@ -234,13 +274,9 @@ add_firewall_rule() { ipset -! add $IPSET_WHITELIST $ispip >/dev/null 2>&1 & done } - - # 忽略特殊IP段 - lan_ifname=$(uci -q -p /var/state get network.lan.ifname) - [ -n "$lan_ifname" ] && { - lan_ip=$(ip address show $lan_ifname | grep -w "inet" | awk '{print $2}') - [ -n "$lan_ip" ] && ipset -! add $IPSET_LANIPLIST $lan_ip >/dev/null 2>&1 & - } + + # 过滤所有节点IP + filter_vpsip $ipt_n -N PSW $ipt_n -A PSW $(dst $IPSET_LANIPLIST) -j RETURN @@ -267,14 +303,22 @@ add_firewall_rule() { ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 - for k in $(seq 1 $SOCKS_NODE_NUM); do - eval node=\$SOCKS_NODE$k - [ "$node" != "nil" ] && filter_node $node + for i in $(seq 1 $SOCKS_NODE_NUM); do + eval node=\$SOCKS_NODE$i + [ "$node" != "nil" ] && { + filter_node $node tcp + filter_node $node udp + } + done + + for i in $(seq 1 $TCP_NODE_NUM); do + eval node=\$TCP_NODE$i + eval port=\$TCP_REDIR_PORT$i + [ "$node" != "nil" ] && filter_node $node tcp $port done # 加载路由器自身代理 TCP if [ "$TCP_NODE1" != "nil" ]; then - filter_node $TCP_NODE1 TCP_NODE1_TYPE=$(echo $(config_n_get $TCP_NODE1 type) | tr 'A-Z' 'a-z') if [ "$TCP_NODE1_TYPE" == "brook" -a "$(config_n_get $TCP_NODE1 brook_protocol client)" == "client" ]; then [ "$use_tcp_node_resolve_dns" == 1 -a -n "$DNS_FORWARD" ] && { @@ -340,9 +384,14 @@ add_firewall_rule() { } fi + for i in $(seq 1 $UDP_NODE_NUM); do + eval node=\$UDP_NODE$i + eval port=\$UDP_REDIR_PORT$i + [ "$node" != "nil" ] && filter_node $node udp $port + done + # 加载路由器自身代理 UDP if [ "$UDP_NODE1" != "nil" ]; then - filter_node $UDP_NODE1 local UDP_NODE1_TYPE=$(echo $(config_n_get $UDP_NODE1 type) | tr 'A-Z' 'a-z') [ "$use_udp_node_resolve_dns" == 1 -a -n "$DNS_FORWARD" ] && { for dns in $DNS_FORWARD ; do @@ -367,31 +416,6 @@ add_firewall_rule() { # 加载ACLS load_acl - - # 加载TCP默认代理模式 - local ipt_tmp=$ipt_n - [ "$TCP_NODE1" != "nil" -a "$TCP_PROXY_MODE" != "disable" ] && { - local TCP_NODE1_TYPE=$(echo $(config_n_get $TCP_NODE1 type) | tr 'A-Z' 'a-z') - local is_tproxy - [ "$TCP_NODE1_TYPE" == "brook" -a "$(config_n_get $TCP_NODE1 brook_protocol client)" == "client" ] && ipt_tmp=$ipt_m && is_tproxy="TPROXY" - [ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_tmp -A PSW_ACL $(comment "默认") -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN - $ipt_tmp -A PSW_ACL $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $TCP_REDIR_PORT1 $is_tproxy) - $ipt_tmp -A PSW_ACL $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $TCP_PROXY_MODE $TCP_REDIR_PORT1 $is_tproxy) - } - $ipt_tmp -A PSW_ACL $(comment "默认") -p tcp -j RETURN - echolog "TCP默认代理模式:$(get_action_chain_name $TCP_PROXY_MODE)" - - # 加载UDP默认代理模式 - [ "$UDP_NODE1" != "nil" -a "$UDP_PROXY_MODE" != "disable" ] && { - [ "$UDP_NO_REDIR_PORTS" != "disable" ] && $ipt_m -A PSW_ACL $(comment "默认") -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN - $ipt_m -A PSW_ACL $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $UDP_REDIR_PORT1 TPROXY) - $ipt_m -A PSW_ACL $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $UDP_PROXY_MODE $UDP_REDIR_PORT1 TPROXY) - } - $ipt_m -A PSW_ACL $(comment "默认") -p udp -j RETURN - echolog "UDP默认代理模式:$(get_action_chain_name $UDP_PROXY_MODE)" - - # 过滤所有节点IP - filter_vpsip # dns_hijack "force" diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/test.sh b/package/lienol/luci-app-passwall/root/usr/share/passwall/test.sh index 071c9d1ff2..dbaec1c93a 100755 --- a/package/lienol/luci-app-passwall/root/usr/share/passwall/test.sh +++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/test.sh @@ -22,7 +22,12 @@ test_url() { local timeout=2 [ -n "$3" ] && timeout=$3 status=$(/usr/bin/wget -4 --no-check-certificate --spider --timeout=$timeout --tries $try "$url" 2>/dev/null) - [ "$?" == 0 ] && status=200 + if [ "$?" == 0 ]; then + status=200 + else + status=$(/usr/bin/wget --no-check-certificate --spider --timeout=$timeout --tries $try "$url" 2>/dev/null) + [ "$?" == 0 ] && status=200 + fi echo $status }