mirror of
https://github.com/hanwckf/immortalwrt-mt798x.git
synced 2025-01-10 11:09:57 +08:00
luci-app-passwall: sync with upstream source
This commit is contained in:
CN_SZTL
parent
6176af0709
commit
8147a1c5cf
@ -7,8 +7,8 @@ include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=luci-app-passwall
|
||||
PKG_VERSION:=3.6
|
||||
PKG_RELEASE:=25
|
||||
PKG_DATE:=20200315
|
||||
PKG_RELEASE:=28
|
||||
PKG_DATE:=20200316
|
||||
|
||||
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
|
||||
|
||||
|
||||
@ -27,15 +27,17 @@ function index()
|
||||
entry({"admin", "vpn", "passwall", "auto_switch"},
|
||||
cbi("passwall/auto_switch"), _("Auto Switch"), 3).leaf = true
|
||||
entry({"admin", "vpn", "passwall", "other"},
|
||||
cbi("passwall/other", {autoapply = true}), _("Other Settings"), 94).leaf =
|
||||
cbi("passwall/other", {autoapply = true}), _("Other Settings"), 93).leaf =
|
||||
true
|
||||
if nixio.fs.access("/usr/sbin/haproxy") then
|
||||
entry({"admin", "vpn", "passwall", "balancing"},
|
||||
cbi("passwall/balancing"), _("Load Balancing"), 95).leaf = true
|
||||
entry({"admin", "vpn", "passwall", "haproxy"},
|
||||
cbi("passwall/haproxy"), _("Load Balancing"), 94).leaf = true
|
||||
end
|
||||
entry({"admin", "vpn", "passwall", "rule"},
|
||||
cbi("passwall/rule"), _("Rule Update"), 96).leaf =
|
||||
entry({"admin", "vpn", "passwall", "node_subscribe"},
|
||||
cbi("passwall/node_subscribe"), _("Node Subscribe"), 95).dependent =
|
||||
true
|
||||
entry({"admin", "vpn", "passwall", "rule"}, cbi("passwall/rule"),
|
||||
_("Rule Update"), 96).leaf = true
|
||||
entry({"admin", "vpn", "passwall", "acl"}, cbi("passwall/acl"),
|
||||
_("Access control"), 97).leaf = true
|
||||
entry({"admin", "vpn", "passwall", "log"}, form("passwall/log"),
|
||||
|
||||
@ -124,8 +124,8 @@ if tonumber(udp_node_num) > 1 then
|
||||
for i = 1, udp_node_num, 1 do o:value(i, "UDP_" .. i) end
|
||||
end
|
||||
|
||||
---- Proxy Mode
|
||||
o = s:option(ListValue, "proxy_mode", translate("Proxy Mode"))
|
||||
---- TCP Proxy Mode
|
||||
o = s:option(ListValue, "tcp_proxy_mode", "TCP" .. translate("Proxy Mode"))
|
||||
o.default = "default"
|
||||
o.rmempty = false
|
||||
o:value("default", translate("Default"))
|
||||
@ -133,7 +133,17 @@ o:value("disable", translate("No Proxy"))
|
||||
o:value("global", translate("Global Proxy"))
|
||||
o:value("gfwlist", translate("GFW List"))
|
||||
o:value("chnroute", translate("China WhiteList"))
|
||||
-- o:value("gamemode", translate("Game Mode"))
|
||||
o:value("returnhome", translate("Return Home"))
|
||||
|
||||
---- UDP Proxy Mode
|
||||
o = s:option(ListValue, "udp_proxy_mode", "UDP" .. translate("Proxy Mode"))
|
||||
o.default = "default"
|
||||
o.rmempty = false
|
||||
o:value("default", translate("Default"))
|
||||
o:value("disable", translate("No Proxy"))
|
||||
o:value("global", translate("Global Proxy"))
|
||||
o:value("gfwlist", translate("GFW List"))
|
||||
o:value("chnroute", translate("Game Mode") .. "(" .. translate("China WhiteList") .. ")")
|
||||
o:value("returnhome", translate("Return Home"))
|
||||
|
||||
---- TCP No Redir Ports
|
||||
|
||||
@ -20,19 +20,17 @@ uci:foreach(appname, "nodes", function(e)
|
||||
if type == nil then type = "" end
|
||||
local address = e.address
|
||||
if address == nil then address = "" end
|
||||
--if (type == "V2ray_balancing" or type == "V2ray_shunt") or (address:match("[\u4e00-\u9fa5]") and address:find("%.") and address:sub(#address) ~= ".") then
|
||||
if type and address and e.remarks then
|
||||
if e.use_kcp and e.use_kcp == "1" then
|
||||
n[e[".name"]] = "%s+%s:[%s] %s" %
|
||||
{
|
||||
translate(type), "Kcptun", e.remarks, address
|
||||
}
|
||||
else
|
||||
n[e[".name"]] = "%s:[%s] %s" %
|
||||
{translate(type), e.remarks, address}
|
||||
end
|
||||
-- if (type == "V2ray_balancing" or type == "V2ray_shunt") or (address:match("[\u4e00-\u9fa5]") and address:find("%.") and address:sub(#address) ~= ".") then
|
||||
if type and address and e.remarks then
|
||||
if e.use_kcp and e.use_kcp == "1" then
|
||||
n[e[".name"]] = "%s+%s:[%s] %s" %
|
||||
{translate(type), "Kcptun", e.remarks, address}
|
||||
else
|
||||
n[e[".name"]] = "%s:[%s] %s" %
|
||||
{translate(type), e.remarks, address}
|
||||
end
|
||||
--end
|
||||
end
|
||||
-- end
|
||||
end)
|
||||
|
||||
local key_table = {}
|
||||
@ -110,7 +108,7 @@ end
|
||||
o = s:option(Value, "up_china_dns", translate("China DNS Server") .. "(UDP)")
|
||||
-- o.description = translate("If you want to work with other DNS acceleration services, use the default.<br />Only use two at most, english comma separation, If you do not fill in the # and the following port, you are using port 53.")
|
||||
o.default = "default"
|
||||
o:value("default", translate("default"))
|
||||
o:value("default", translate("Default"))
|
||||
o:value("dnsbyisp", translate("dnsbyisp"))
|
||||
o:value("223.5.5.5", "223.5.5.5 (" .. translate("Ali") .. "DNS)")
|
||||
o:value("223.6.6.6", "223.6.6.6 (" .. translate("Ali") .. "DNS)")
|
||||
@ -183,9 +181,9 @@ o:value("208.67.220.220", "208.67.220.220 (Open DNS)")
|
||||
o:depends("dns_mode", "pdnsd")
|
||||
o:depends("up_trust_chinadns_ng_dns", "pdnsd")
|
||||
|
||||
---- Default Proxy Mode
|
||||
o = s:option(ListValue, "proxy_mode",
|
||||
translate("Default") .. translate("Proxy Mode"))
|
||||
---- TCP Default Proxy Mode
|
||||
o = s:option(ListValue, "tcp_proxy_mode",
|
||||
"TCP" .. translate("Default") .. translate("Proxy Mode"))
|
||||
-- o.description = translate("If not available, try clearing the cache.")
|
||||
o.default = "chnroute"
|
||||
o.rmempty = false
|
||||
@ -193,12 +191,22 @@ o:value("disable", translate("No Proxy"))
|
||||
o:value("global", translate("Global Proxy"))
|
||||
o:value("gfwlist", translate("GFW List"))
|
||||
o:value("chnroute", translate("China WhiteList"))
|
||||
-- o:value("gamemode", translate("Game Mode"))
|
||||
o:value("returnhome", translate("Return Home"))
|
||||
|
||||
---- Localhost Proxy Mode
|
||||
o = s:option(ListValue, "localhost_proxy_mode",
|
||||
translate("Router Localhost") .. translate("Proxy Mode"))
|
||||
---- UDP Default Proxy Mode
|
||||
o = s:option(ListValue, "udp_proxy_mode",
|
||||
"UDP" .. translate("Default") .. translate("Proxy Mode"))
|
||||
o.default = "chnroute"
|
||||
o.rmempty = false
|
||||
o:value("disable", translate("No Proxy"))
|
||||
o:value("global", translate("Global Proxy"))
|
||||
o:value("gfwlist", translate("GFW List"))
|
||||
o:value("chnroute", translate("Game Mode") .. "(" .. translate("China WhiteList") .. ")")
|
||||
o:value("returnhome", translate("Return Home"))
|
||||
|
||||
---- Localhost TCP Proxy Mode
|
||||
o = s:option(ListValue, "localhost_tcp_proxy_mode",
|
||||
translate("Router Localhost") .. "TCP" .. translate("Proxy Mode"))
|
||||
-- o.description = translate("The server client can also use this rule to scientifically surf the Internet.")
|
||||
o:value("default", translate("Default"))
|
||||
o:value("gfwlist", translate("GFW List"))
|
||||
@ -207,6 +215,17 @@ o:value("global", translate("Global Proxy"))
|
||||
o.default = "default"
|
||||
o.rmempty = false
|
||||
|
||||
---- Localhost UDP Proxy Mode
|
||||
o = s:option(ListValue, "localhost_udp_proxy_mode",
|
||||
translate("Router Localhost") .. "UDP" .. translate("Proxy Mode"))
|
||||
o:value("disable", translate("No Proxy"))
|
||||
o:value("default", translate("Default"))
|
||||
o:value("gfwlist", translate("GFW List"))
|
||||
o:value("chnroute", translate("Game Mode") .. "(" .. translate("China WhiteList") .. ")")
|
||||
o:value("global", translate("Global Proxy"))
|
||||
o.default = "default"
|
||||
o.rmempty = false
|
||||
|
||||
---- Tips
|
||||
s:append(Template("passwall/global/tips"))
|
||||
|
||||
|
||||
@ -48,16 +48,9 @@ o = s:option(Value, "console_port", translate("Console Port"), translate(
|
||||
o.default = "1188"
|
||||
o:depends("balancing_enable", 1)
|
||||
|
||||
---- Haproxy Port
|
||||
o = s:option(Value, "haproxy_port", translate("Haproxy Port"),
|
||||
translate("Configure this node with 127.0.0.1: this port"))
|
||||
o.default = "1181"
|
||||
o:depends("balancing_enable", 1)
|
||||
|
||||
-- [[ Balancing Settings ]]--
|
||||
s = m:section(TypedSection, "balancing", translate("Load Balancing Setting"),
|
||||
translate(
|
||||
"Add a node, Export Of Multi WAN Only support Multi Wan. Load specific gravity range 1-256. Multiple primary servers can be load balanced, standby will only be enabled when the primary server is offline!"))
|
||||
s = m:section(TypedSection, "haproxy_config", translate("Load Balancing Setting"),
|
||||
"<font color='red'>" .. translate("Add a node, Export Of Multi WAN Only support Multi Wan. Load specific gravity range 1-256. Multiple primary servers can be load balanced, standby will only be enabled when the primary server is offline! Multiple groups can be set, Haproxy port same one for each group.").."</font>")
|
||||
s.template = "cbi/tblsection"
|
||||
s.sortable = true
|
||||
s.anonymous = true
|
||||
@ -81,6 +74,10 @@ o:value("default", translate("Default"))
|
||||
o.default = "default"
|
||||
o.rmempty = false
|
||||
|
||||
---- Haproxy Port
|
||||
o = s:option(Value, "haproxy_port", translate("Haproxy Port"))
|
||||
o.rmempty = false
|
||||
|
||||
---- Node Weight
|
||||
o = s:option(Value, "lbweight", translate("Node Weight"))
|
||||
o.default = "5"
|
||||
@ -0,0 +1,75 @@
|
||||
local e = require "nixio.fs"
|
||||
local e = require "luci.sys"
|
||||
|
||||
m = Map("passwall")
|
||||
|
||||
-- [[ Subscribe Settings ]]--
|
||||
s = m:section(TypedSection, "global_subscribe", "")
|
||||
s.anonymous = true
|
||||
|
||||
---- Subscribe via proxy
|
||||
o = s:option(Flag, "subscribe_proxy", translate("Subscribe via proxy"))
|
||||
o.default = 0
|
||||
o.rmempty = false
|
||||
|
||||
---- Enable auto update subscribe
|
||||
o = s:option(Flag, "auto_update_subscribe",
|
||||
translate("Enable auto update subscribe"))
|
||||
o.default = 0
|
||||
o.rmempty = false
|
||||
|
||||
---- Week update rules
|
||||
o = s:option(ListValue, "week_update_subscribe", translate("Week update rules"))
|
||||
o:value(7, translate("Every day"))
|
||||
for e = 1, 6 do o:value(e, translate("Week") .. e) end
|
||||
o:value(0, translate("Week") .. translate("day"))
|
||||
o.default = 0
|
||||
o:depends("auto_update_subscribe", 1)
|
||||
|
||||
---- Day update rules
|
||||
o = s:option(ListValue, "time_update_subscribe", translate("Day update rules"))
|
||||
for e = 0, 23 do o:value(e, e .. translate("oclock")) end
|
||||
o.default = 0
|
||||
o:depends("auto_update_subscribe", 1)
|
||||
|
||||
---- Manual subscription
|
||||
o = s:option(Button, "_update", translate("Manual subscription"))
|
||||
o.inputstyle = "apply"
|
||||
function o.write(e, e)
|
||||
luci.sys.call(
|
||||
"lua /usr/share/passwall/subscribe.lua start log > /dev/null 2>&1 &")
|
||||
luci.http.redirect(luci.dispatcher.build_url("admin", "vpn", "passwall",
|
||||
"log"))
|
||||
end
|
||||
|
||||
---- Subscribe Delete All
|
||||
o = s:option(Button, "_stop", translate("Delete All Subscribe Node"))
|
||||
o.inputstyle = "remove"
|
||||
function o.write(e, e)
|
||||
luci.sys.call(
|
||||
"lua /usr/share/passwall/subscribe.lua truncate log > /dev/null 2>&1 &")
|
||||
luci.http.redirect(luci.dispatcher.build_url("admin", "vpn", "passwall",
|
||||
"log"))
|
||||
end
|
||||
|
||||
s = m:section(TypedSection, "subscribe_list", "",
|
||||
"<font color='red'>" .. translate(
|
||||
"Please input the subscription url first, save and submit before updating. If you subscribe to update, it is recommended to delete all subscriptions and then re-subscribe.") ..
|
||||
"</font>")
|
||||
s.addremove = true
|
||||
s.anonymous = true
|
||||
s.sortable = true
|
||||
s.template = "cbi/tblsection"
|
||||
|
||||
o = s:option(Flag, "enabled", translate("Enabled"))
|
||||
o.rmempty = false
|
||||
|
||||
o = s:option(Value, "remark", translate("Subscribe Remark"))
|
||||
o.width = "auto"
|
||||
o.rmempty = false
|
||||
|
||||
o = s:option(Value, "url", translate("Subscribe URL"))
|
||||
o.width = "auto"
|
||||
o.rmempty = false
|
||||
|
||||
return m
|
||||
@ -31,75 +31,6 @@ for e = 0, 23 do o:value(e, e .. translate("oclock")) end
|
||||
o.default = 0
|
||||
o:depends("auto_update", 1)
|
||||
|
||||
-- [[ Subscribe Settings ]]--
|
||||
s = m:section(TypedSection, "global_subscribe", translate("Node Subscribe"),
|
||||
"<font color='red'>" .. translate(
|
||||
"Please input the subscription url first, save and submit before updating. If you subscribe to update, it is recommended to delete all subscriptions and then re-subscribe.") ..
|
||||
"</font>")
|
||||
s.anonymous = true
|
||||
|
||||
---- Subscribe via proxy
|
||||
o = s:option(Flag, "subscribe_proxy", translate("Subscribe via proxy"))
|
||||
o.default = 0
|
||||
o.rmempty = false
|
||||
|
||||
---- Enable auto update subscribe
|
||||
o = s:option(Flag, "auto_update_subscribe",
|
||||
translate("Enable auto update subscribe"))
|
||||
o.default = 0
|
||||
o.rmempty = false
|
||||
|
||||
---- Week update rules
|
||||
o = s:option(ListValue, "week_update_subscribe", translate("Week update rules"))
|
||||
o:value(7, translate("Every day"))
|
||||
for e = 1, 6 do o:value(e, translate("Week") .. e) end
|
||||
o:value(0, translate("Week") .. translate("day"))
|
||||
o.default = 0
|
||||
o:depends("auto_update_subscribe", 1)
|
||||
|
||||
---- Day update rules
|
||||
o = s:option(ListValue, "time_update_subscribe", translate("Day update rules"))
|
||||
for e = 0, 23 do o:value(e, e .. translate("oclock")) end
|
||||
o.default = 0
|
||||
o:depends("auto_update_subscribe", 1)
|
||||
|
||||
---- Manual subscription
|
||||
o = s:option(Button, "_update", translate("Manual subscription"))
|
||||
o.inputstyle = "apply"
|
||||
function o.write(e, e)
|
||||
luci.sys.call(
|
||||
"lua /usr/share/passwall/subscribe.lua start log > /dev/null 2>&1 &")
|
||||
luci.http.redirect(luci.dispatcher.build_url("admin", "vpn", "passwall",
|
||||
"log"))
|
||||
end
|
||||
|
||||
---- Subscribe Delete All
|
||||
o = s:option(Button, "_stop", translate("Delete All Subscribe Node"))
|
||||
o.inputstyle = "remove"
|
||||
function o.write(e, e)
|
||||
luci.sys.call(
|
||||
"lua /usr/share/passwall/subscribe.lua truncate log > /dev/null 2>&1 &")
|
||||
luci.http.redirect(luci.dispatcher.build_url("admin", "vpn", "passwall",
|
||||
"log"))
|
||||
end
|
||||
|
||||
s = m:section(TypedSection, "subscribe_list")
|
||||
s.addremove = true
|
||||
s.anonymous = true
|
||||
s.sortable = true
|
||||
s.template = "cbi/tblsection"
|
||||
|
||||
o = s:option(Flag, "enabled", translate("Enabled"))
|
||||
o.rmempty = false
|
||||
|
||||
o = s:option(Value, "remark", translate("Subscribe Remark"))
|
||||
o.width = "auto"
|
||||
o.rmempty = false
|
||||
|
||||
o = s:option(Value, "url", translate("Subscribe URL"))
|
||||
o.width = "auto"
|
||||
o.rmempty = false
|
||||
|
||||
-- [[ App Settings ]]--
|
||||
s = m:section(TypedSection, "global_app", translate("App Update"),
|
||||
"<font color='red'>" ..
|
||||
|
||||
@ -490,8 +490,8 @@ msgstr "负载均衡端口"
|
||||
msgid "Load Balancing Setting"
|
||||
msgstr "负载均衡设置"
|
||||
|
||||
msgid "Add a node, Export Of Multi WAN Only support Multi Wan. Load specific gravity range 1-256. Multiple primary servers can be load balanced, standby will only be enabled when the primary server is offline!"
|
||||
msgstr "添加节点,指定出口功能是为多WAN用户准备的。负载比重范围1-256。多个主服务器可以负载均衡,备用只有在主服务器离线时才会启用!"
|
||||
msgid "Add a node, Export Of Multi WAN Only support Multi Wan. Load specific gravity range 1-256. Multiple primary servers can be load balanced, standby will only be enabled when the primary server is offline! Multiple groups can be set, Haproxy port same one for each group."
|
||||
msgstr "添加节点,指定出口功能是为多WAN用户准备的。负载比重范围1-256。多个主服务器可以负载均衡,备用只有在主服务器离线时才会启用!可以设置多个组,负载均衡端口相同则为一组。"
|
||||
|
||||
msgid "Node"
|
||||
msgstr "节点"
|
||||
|
||||
@ -8,8 +8,10 @@ config global
|
||||
option up_china_dns 'default'
|
||||
option dns_forward '8.8.4.4'
|
||||
option use_tcp_node_resolve_dns '1'
|
||||
option proxy_mode 'chnroute'
|
||||
option localhost_proxy_mode 'gfwlist'
|
||||
option tcp_proxy_mode 'chnroute'
|
||||
option udp_proxy_mode 'chnroute'
|
||||
option localhost_tcp_proxy_mode 'gfwlist'
|
||||
option localhost_udp_proxy_mode 'gfwlist'
|
||||
|
||||
config global_haproxy
|
||||
option balancing_enable '0'
|
||||
|
||||
@ -145,23 +145,22 @@ TCP_NODE_NUM=$(config_t_get global_other tcp_node_num 1)
|
||||
for i in $(seq 1 $TCP_NODE_NUM); do
|
||||
eval TCP_NODE$i=$(config_t_get global tcp_node$i nil)
|
||||
done
|
||||
TCP_REDIR_PORT1=$(config_t_get global_forwarding tcp_redir_port 1041)
|
||||
TCP_REDIR_PORT2=$(expr $TCP_REDIR_PORT1 + 1)
|
||||
TCP_REDIR_PORT3=$(expr $TCP_REDIR_PORT2 + 1)
|
||||
|
||||
UDP_NODE_NUM=$(config_t_get global_other udp_node_num 1)
|
||||
for i in $(seq 1 $UDP_NODE_NUM); do
|
||||
eval UDP_NODE$i=$(config_t_get global udp_node$i nil)
|
||||
done
|
||||
UDP_REDIR_PORT1=$(config_t_get global_forwarding udp_redir_port 1051)
|
||||
UDP_REDIR_PORT2=$(expr $UDP_REDIR_PORT1 + 1)
|
||||
UDP_REDIR_PORT3=$(expr $UDP_REDIR_PORT2 + 1)
|
||||
|
||||
SOCKS5_NODE_NUM=$(config_t_get global_other socks5_node_num 1)
|
||||
for i in $(seq 1 $SOCKS5_NODE_NUM); do
|
||||
eval SOCKS5_NODE$i=$(config_t_get global socks5_node$i nil)
|
||||
done
|
||||
|
||||
TCP_REDIR_PORT1=$(config_t_get global_forwarding tcp_redir_port 1041)
|
||||
TCP_REDIR_PORT2=$(expr $TCP_REDIR_PORT1 + 1)
|
||||
TCP_REDIR_PORT3=$(expr $TCP_REDIR_PORT2 + 1)
|
||||
UDP_REDIR_PORT1=$(config_t_get global_forwarding udp_redir_port 1051)
|
||||
UDP_REDIR_PORT2=$(expr $UDP_REDIR_PORT1 + 1)
|
||||
UDP_REDIR_PORT3=$(expr $UDP_REDIR_PORT2 + 1)
|
||||
SOCKS5_PROXY_PORT1=$(config_t_get global_forwarding socks5_proxy_port 1081)
|
||||
SOCKS5_PROXY_PORT2=$(expr $SOCKS5_PROXY_PORT1 + 1)
|
||||
SOCKS5_PROXY_PORT3=$(expr $SOCKS5_PROXY_PORT2 + 1)
|
||||
@ -177,7 +176,12 @@ UDP_REDIR_PORTS=$(config_t_get global_forwarding udp_redir_ports '1:65535')
|
||||
TCP_NO_REDIR_PORTS=$(config_t_get global_forwarding tcp_no_redir_ports 'disable')
|
||||
UDP_NO_REDIR_PORTS=$(config_t_get global_forwarding udp_no_redir_ports 'disable')
|
||||
KCPTUN_REDIR_PORT=$(config_t_get global_forwarding kcptun_port 12948)
|
||||
PROXY_MODE=$(config_t_get global proxy_mode chnroute)
|
||||
TCP_PROXY_MODE=$(config_t_get global tcp_proxy_mode chnroute)
|
||||
UDP_PROXY_MODE=$(config_t_get global udp_proxy_mode chnroute)
|
||||
LOCALHOST_TCP_PROXY_MODE=$(config_t_get global localhost_tcp_proxy_mode default)
|
||||
LOCALHOST_UDP_PROXY_MODE=$(config_t_get global localhost_udp_proxy_mode default)
|
||||
[ "$LOCALHOST_TCP_PROXY_MODE" == "default" ] && LOCALHOST_TCP_PROXY_MODE=$TCP_PROXY_MODE
|
||||
[ "$LOCALHOST_UDP_PROXY_MODE" == "default" ] && LOCALHOST_UDP_PROXY_MODE=$UDP_PROXY_MODE
|
||||
|
||||
load_config() {
|
||||
[ "$ENABLED" != 1 ] && return 1
|
||||
@ -196,8 +200,6 @@ load_config() {
|
||||
else
|
||||
process=$(config_t_get global_forwarding process)
|
||||
fi
|
||||
LOCALHOST_PROXY_MODE=$(config_t_get global localhost_proxy_mode default)
|
||||
[ "$LOCALHOST_PROXY_MODE" == "default" ] && LOCALHOST_PROXY_MODE=$PROXY_MODE
|
||||
UP_CHINA_DNS=$(config_t_get global up_china_dns dnsbyisp)
|
||||
[ "$UP_CHINA_DNS" == "default" ] && IS_DEFAULT_CHINA_DNS=1
|
||||
[ ! -f "$RESOLVFILE" -o ! -s "$RESOLVFILE" ] && RESOLVFILE=/tmp/resolv.conf.auto
|
||||
@ -794,7 +796,7 @@ start_haproxy() {
|
||||
mkdir -p $HAPROXY_PATH
|
||||
local HAPROXY_FILE=$HAPROXY_PATH/config.cfg
|
||||
bport=$(config_t_get global_haproxy haproxy_port)
|
||||
cat <<-EOF >$HAPROXY_FILE
|
||||
cat <<-EOF > $HAPROXY_FILE
|
||||
global
|
||||
log 127.0.0.1 local2
|
||||
chroot /usr/bin
|
||||
@ -821,48 +823,51 @@ start_haproxy() {
|
||||
timeout check 10s
|
||||
maxconn 3000
|
||||
|
||||
listen passwall
|
||||
bind 0.0.0.0:$bport
|
||||
mode tcp
|
||||
EOF
|
||||
local count=$(uci show $CONFIG | grep "@balancing" | sed -n '$p' | cut -d '[' -f 2 | cut -d ']' -f 1)
|
||||
|
||||
local ports=$(uci show $CONFIG | grep "@haproxy_config" | grep haproxy_port | cut -d "'" -f 2 | sort -u)
|
||||
for p in $ports; do
|
||||
cat <<-EOF >> $HAPROXY_FILE
|
||||
listen $p
|
||||
mode tcp
|
||||
bind 0.0.0.0:$p
|
||||
|
||||
EOF
|
||||
done
|
||||
|
||||
local count=$(uci show $CONFIG | grep "@haproxy_config" | sed -n '$p' | cut -d '[' -f 2 | cut -d ']' -f 1)
|
||||
[ -n "$count" ] && [ "$count" -ge 0 ] && {
|
||||
u_get() {
|
||||
local ret=$(uci -q get $CONFIG.@balancing[$1].$2)
|
||||
local ret=$(uci -q get $CONFIG.@haproxy_config[$1].$2)
|
||||
echo ${ret:=$3}
|
||||
}
|
||||
for i in $(seq 0 $count); do
|
||||
enabled=$(u_get $i enabled 0)
|
||||
[ "$enabled" == "0" ] && continue
|
||||
bips=$(u_get $i lbss)
|
||||
bports=$(u_get $i lbort)
|
||||
local enabled=$(u_get $i enabled 0)
|
||||
[ -z "$enabled" -o "$enabled" == "0" ] && continue
|
||||
|
||||
local haproxy_port=$(u_get $i haproxy_port)
|
||||
[ -z "$haproxy_port" ] && continue
|
||||
|
||||
local bips=$(u_get $i lbss)
|
||||
local bports=$(u_get $i lbort)
|
||||
if [ -z "$bips" ] || [ -z "$bports" ]; then
|
||||
break
|
||||
continue
|
||||
fi
|
||||
|
||||
local bip=$(echo $bips | awk -F ":" '{print $1}')
|
||||
local bport=$(echo $bips | awk -F ":" '{print $2}')
|
||||
[ "$bports" != "default" ] && bport=$bports
|
||||
[ -z "$bport" ] && break
|
||||
[ -z "$bport" ] && continue
|
||||
|
||||
bweight=$(u_get $i lbweight)
|
||||
exports=$(u_get $i export)
|
||||
bbackup=$(u_get $i backup)
|
||||
if [ "$bbackup" = "1" ]; then
|
||||
bbackup=" backup"
|
||||
echolog "负载均衡:添加故障转移备节点:$bip"
|
||||
else
|
||||
bbackup=""
|
||||
echolog "负载均衡:添加负载均衡主节点:$bip"
|
||||
fi
|
||||
#si=$(echo $bip | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}")
|
||||
#if [ -z "$si" ]; then
|
||||
# bip=$(resolveip -4 -t 2 $bip | awk 'NR==1{print}')
|
||||
# if [ -z "$bip" ]; then
|
||||
# bip=$(nslookup $bip localhost | sed '1,4d' | awk '{print $3}' | grep -v : | awk 'NR==1{print}')
|
||||
# fi
|
||||
# echolog "负载均衡${i} IP为:$bip"
|
||||
#fi
|
||||
echo " server $bip:$bport $bip:$bport weight $bweight check inter 1500 rise 1 fall 3 $bbackup" >> $HAPROXY_FILE
|
||||
local line=$(cat $HAPROXY_FILE | grep -n "bind 0.0.0.0:$haproxy_port" | awk -F ":" '{print $1}')
|
||||
[ -z "$line" ] && continue
|
||||
|
||||
local bweight=$(u_get $i lbweight)
|
||||
local exports=$(u_get $i export)
|
||||
local backup=$(u_get $i backup)
|
||||
local bbackup=""
|
||||
[ "$backup" = "1" ] && bbackup="backup"
|
||||
sed -i "${line}i \ \ \ \ server $bip:$bport $bip:$bport weight $bweight check inter 1500 rise 1 fall 3 $bbackup" $HAPROXY_FILE
|
||||
if [ "$exports" != "0" ]; then
|
||||
failcount=0
|
||||
while [ "$failcount" -lt "3" ]; do
|
||||
@ -881,22 +886,23 @@ start_haproxy() {
|
||||
fi
|
||||
done
|
||||
}
|
||||
#生成负载均衡控制台
|
||||
console_port=$(config_t_get global_haproxy console_port)
|
||||
console_user=$(config_t_get global_haproxy console_user)
|
||||
console_password=$(config_t_get global_haproxy console_password)
|
||||
|
||||
# 控制台配置
|
||||
local console_port=$(config_t_get global_haproxy console_port)
|
||||
local console_user=$(config_t_get global_haproxy console_user)
|
||||
local console_password=$(config_t_get global_haproxy console_password)
|
||||
local auth=""
|
||||
[ -n "$console_user" -a -n "console_password" ] && auth="stats auth $console_user:$console_password"
|
||||
cat <<-EOF >> $HAPROXY_FILE
|
||||
|
||||
listen status
|
||||
listen console
|
||||
bind 0.0.0.0:$console_port
|
||||
mode http
|
||||
stats refresh 30s
|
||||
stats uri /
|
||||
stats admin if TRUE
|
||||
$auth
|
||||
$auth
|
||||
EOF
|
||||
|
||||
ln_start_bin $haproxy_bin haproxy "-f $HAPROXY_FILE"
|
||||
}
|
||||
}
|
||||
|
||||
@ -8,8 +8,10 @@ config global
|
||||
option up_china_dns 'default'
|
||||
option dns_forward '8.8.4.4'
|
||||
option use_tcp_node_resolve_dns '1'
|
||||
option proxy_mode 'chnroute'
|
||||
option localhost_proxy_mode 'gfwlist'
|
||||
option tcp_proxy_mode 'chnroute'
|
||||
option udp_proxy_mode 'chnroute'
|
||||
option localhost_tcp_proxy_mode 'gfwlist'
|
||||
option localhost_udp_proxy_mode 'gfwlist'
|
||||
|
||||
config global_haproxy
|
||||
option balancing_enable '0'
|
||||
|
||||
@ -15,6 +15,8 @@ FWI=$(uci -q get firewall.passwall.path 2>/dev/null)
|
||||
factor() {
|
||||
if [ -z "$1" ] || [ -z "$2" ]; then
|
||||
echo ""
|
||||
elif [ "$1" == "1:65535" ]; then
|
||||
echo ""
|
||||
else
|
||||
echo "$2 $1"
|
||||
fi
|
||||
@ -53,9 +55,6 @@ get_action_chain() {
|
||||
chnroute)
|
||||
echo "PSW_CHN"
|
||||
;;
|
||||
gamemode)
|
||||
echo "PSW_GAME"
|
||||
;;
|
||||
returnhome)
|
||||
echo "PSW_HOME"
|
||||
;;
|
||||
@ -76,9 +75,6 @@ get_action_chain_name() {
|
||||
chnroute)
|
||||
echo "大陆白名单"
|
||||
;;
|
||||
gamemode)
|
||||
echo "游戏"
|
||||
;;
|
||||
returnhome)
|
||||
echo "回国"
|
||||
;;
|
||||
@ -112,14 +108,16 @@ load_acl() {
|
||||
local remarks=$(u_get $i remarks)
|
||||
local ip=$(u_get $i ip)
|
||||
local mac=$(u_get $i mac)
|
||||
local proxy_mode=$(u_get $i proxy_mode default)
|
||||
local tcp_proxy_mode=$(u_get $i tcp_proxy_mode default)
|
||||
local udp_proxy_mode=$(u_get $i udp_proxy_mode default)
|
||||
local tcp_node=$(u_get $i tcp_node 1)
|
||||
local udp_node=$(u_get $i udp_node 1)
|
||||
local tcp_no_redir_ports=$(u_get $i tcp_no_redir_ports default)
|
||||
local udp_no_redir_ports=$(u_get $i udp_no_redir_ports default)
|
||||
local tcp_redir_ports=$(u_get $i tcp_redir_ports default)
|
||||
local udp_redir_ports=$(u_get $i udp_redir_ports default)
|
||||
[ "$proxy_mode" = "default" ] && proxy_mode=$PROXY_MODE
|
||||
[ "$tcp_proxy_mode" = "default" ] && tcp_proxy_mode=$TCP_PROXY_MODE
|
||||
[ "$udp_proxy_mode" = "default" ] && udp_proxy_mode=$UDP_PROXY_MODE
|
||||
[ "$TCP_NODE_NUM" == "1" ] && tcp_node=1
|
||||
[ "$UDP_NODE_NUM" == "1" ] && udp_node=1
|
||||
[ "$tcp_no_redir_ports" = "default" ] && tcp_no_redir_ports=$TCP_NO_REDIR_PORTS
|
||||
@ -128,42 +126,35 @@ load_acl() {
|
||||
[ "$udp_redir_ports" = "default" ] && udp_redir_ports=$UDP_REDIR_PORTS
|
||||
eval TCP_NODE=\$TCP_NODE$tcp_node
|
||||
eval UDP_NODE=\$UDP_NODE$udp_node
|
||||
[ -n "$proxy_mode" ] && {
|
||||
if [ -n "$ip" ] || [ -n "$mac" ]; then
|
||||
if [ -n "$ip" -a -n "$mac" ]; then
|
||||
echolog "访问控制:IP:$ip,MAC:$mac,使用TCP_${tcp_node}节点,UDP_${udp_node}节点,$(get_action_chain_name $proxy_mode)"
|
||||
else
|
||||
[ -n "$ip" ] && echolog "访问控制:IP:$ip,使用TCP_${tcp_node}节点,UDP_${udp_node}节点,$(get_action_chain_name $proxy_mode)"
|
||||
[ -n "$mac" ] && echolog "访问控制:MAC:$mac,使用TCP_${tcp_node}节点,UDP_${udp_node}节点,$(get_action_chain_name $proxy_mode)"
|
||||
fi
|
||||
|
||||
if [ "$proxy_mode" == "disable" ]; then
|
||||
$ipt_n -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp $(comment "$remarks") -j RETURN
|
||||
$ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp $(comment "$remarks") -j RETURN
|
||||
else
|
||||
[ "$TCP_NODE" != "nil" ] && {
|
||||
eval TCP_NODE_TYPE=$(echo $(config_n_get $TCP_NODE type) | tr 'A-Z' 'a-z')
|
||||
if [ "$TCP_NODE_TYPE" == "brook" -a "$(config_n_get $TCP_NODE brook_protocol client)" == "client" ]; then
|
||||
[ "$tcp_no_redir_ports" != "disable" ] && $ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp -m multiport --dport $tcp_no_redir_ports -j RETURN
|
||||
eval tcp_redir_port=\$TCP_REDIR_PORT$tcp_node
|
||||
$ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp $(factor $tcp_redir_ports "-m multiport --dport") $(comment "$remarks") -$(get_jump_mode $proxy_mode) $(get_action_chain $proxy_mode)$tcp_node
|
||||
$ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp $(comment "$remarks") -j RETURN
|
||||
else
|
||||
[ "$tcp_no_redir_ports" != "disable" ] && $ipt_n -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp -m multiport --dport $tcp_no_redir_ports -j RETURN
|
||||
eval tcp_redir_port=\$TCP_REDIR_PORT$tcp_node
|
||||
$ipt_n -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp $(factor $tcp_redir_ports "-m multiport --dport") $(comment "$remarks") -$(get_jump_mode $proxy_mode) $(get_action_chain $proxy_mode)$tcp_node
|
||||
$ipt_n -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp $(comment "$remarks") -j RETURN
|
||||
fi
|
||||
}
|
||||
[ "$UDP_NODE" != "nil" ] && {
|
||||
[ "$udp_no_redir_ports" != "disable" ] && $ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp -m multiport --dport $udp_no_redir_ports -j RETURN
|
||||
eval udp_redir_port=\$UDP_REDIR_PORT$udp_node
|
||||
$ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp $(factor $udp_redir_ports "-m multiport --dport") $(comment "$remarks") -$(get_jump_mode $proxy_mode) $(get_action_chain $proxy_mode)$udp_node
|
||||
$ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp $(comment "$remarks") -j RETURN
|
||||
}
|
||||
fi
|
||||
if [ -n "$ip" ] || [ -n "$mac" ]; then
|
||||
if [ -n "$ip" -a -n "$mac" ]; then
|
||||
echolog "访问控制:IP:$ip,MAC:$mac,使用TCP_${tcp_node}节点,UDP_${udp_node}节点,TCP模式:$(get_action_chain_name $tcp_proxy_mode),UDP模式:$(get_action_chain_name $udp_proxy_mode)"
|
||||
else
|
||||
[ -n "$ip" ] && echolog "访问控制:IP:$ip,使用TCP_${tcp_node}节点,UDP_${udp_node}节点,TCP模式:$(get_action_chain_name $tcp_proxy_mode),UDP模式:$(get_action_chain_name $udp_proxy_mode)"
|
||||
[ -n "$mac" ] && echolog "访问控制:MAC:$mac,使用TCP_${tcp_node}节点,UDP_${udp_node}节点,TCP模式:$(get_action_chain_name $tcp_proxy_mode),UDP模式:$(get_action_chain_name $udp_proxy_mode)"
|
||||
fi
|
||||
}
|
||||
|
||||
[ "$tcp_proxy_mode" != "disable" ] && {
|
||||
[ "$TCP_NODE" != "nil" ] && {
|
||||
local ipt_tmp=$ipt_n
|
||||
eval TCP_NODE_TYPE=$(echo $(config_n_get $TCP_NODE type) | tr 'A-Z' 'a-z')
|
||||
[ "$TCP_NODE_TYPE" == "brook" -a "$(config_n_get $TCP_NODE brook_protocol client)" == "client" ] && ipt_tmp=$ipt_m
|
||||
[ "$tcp_no_redir_ports" != "disable" ] && $ipt_tmp -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp -m multiport --dport $tcp_no_redir_ports -j RETURN
|
||||
#eval tcp_redir_port=\$TCP_REDIR_PORT$tcp_node
|
||||
$ipt_tmp -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp $(factor $tcp_redir_ports "-m multiport --dport") $(comment "$remarks") -$(get_jump_mode $tcp_proxy_mode) $(get_action_chain $tcp_proxy_mode)$tcp_node
|
||||
}
|
||||
}
|
||||
$ipt_n -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp $(comment "$remarks") -j RETURN
|
||||
|
||||
[ "$udp_proxy_mode" != "disable" ] && {
|
||||
[ "$UDP_NODE" != "nil" ] && {
|
||||
[ "$udp_no_redir_ports" != "disable" ] && $ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp -m multiport --dport $udp_no_redir_ports -j RETURN
|
||||
#eval udp_redir_port=\$UDP_REDIR_PORT$udp_node
|
||||
$ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp $(factor $udp_redir_ports "-m multiport --dport") $(comment "$remarks") -$(get_jump_mode $udp_proxy_mode) $(get_action_chain $udp_proxy_mode)$udp_node
|
||||
}
|
||||
}
|
||||
$ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp $(comment "$remarks") -j RETURN
|
||||
fi
|
||||
done
|
||||
}
|
||||
}
|
||||
@ -285,26 +276,23 @@ add_firewall_rule() {
|
||||
$ipt_n -N PSW_GFW$i
|
||||
$ipt_n -N PSW_CHN$i
|
||||
$ipt_n -N PSW_HOME$i
|
||||
#$ipt_n -N PSW_GAME$i
|
||||
|
||||
$ipt_m -N PSW_GLO$i
|
||||
$ipt_m -N PSW_GFW$i
|
||||
$ipt_m -N PSW_CHN$i
|
||||
$ipt_m -N PSW_HOME$i
|
||||
#$ipt_m -N PSW_GAME$i
|
||||
done
|
||||
ip rule add fwmark 1 lookup 100
|
||||
ip route add local 0.0.0.0/0 dev lo table 100
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$SOCKS5_NODE_NUM" -ge 1 ]; then
|
||||
for k in $(seq 1 $SOCKS5_NODE_NUM); do
|
||||
eval node=\$SOCKS5_NODE$k
|
||||
[ "$node" != "nil" ] && filter_node $node
|
||||
done
|
||||
fi
|
||||
for k in $(seq 1 $SOCKS5_NODE_NUM); do
|
||||
eval node=\$SOCKS5_NODE$k
|
||||
[ "$node" != "nil" ] && filter_node $node
|
||||
done
|
||||
|
||||
# 加载TCP防火墙
|
||||
if [ "$TCP_NODE_NUM" -ge 1 ]; then
|
||||
for k in $(seq 1 $TCP_NODE_NUM); do
|
||||
eval node=\$TCP_NODE$k
|
||||
@ -336,9 +324,6 @@ add_firewall_rule() {
|
||||
# 回国模式
|
||||
$ipt_m -A PSW_HOME$k -p tcp $(dst $IPSET_BLACKLIST) -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port
|
||||
$ipt_m -A PSW_HOME$k -p tcp $(dst $IPSET_CHN) -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port
|
||||
|
||||
# 游戏模式
|
||||
# $ipt_m -A PSW_GAME$k -p tcp $(dst $IPSET_CHN) -j RETURN
|
||||
else
|
||||
# 全局模式
|
||||
$ipt_n -A PSW_GLO$k -p tcp $(dst $IPSET_BLACKLIST) -j REDIRECT --to-ports $local_port
|
||||
@ -357,9 +342,6 @@ add_firewall_rule() {
|
||||
$ipt_n -A PSW_HOME$k -p tcp $(dst $IPSET_BLACKLIST) -j REDIRECT --to-ports $local_port
|
||||
$ipt_n -A PSW_HOME$k -p tcp $(dst $IPSET_CHN) -j REDIRECT --to-ports $local_port
|
||||
#$ipt_n -A PSW_HOME$k -p tcp -m geoip --destination-country CN -j REDIRECT --to-ports $local_port
|
||||
|
||||
# 游戏模式
|
||||
# $ipt_n -A PSW_GAME$k -p tcp $(dst $IPSET_CHN) -j RETURN
|
||||
fi
|
||||
|
||||
[ "$k" == 1 ] && {
|
||||
@ -367,8 +349,10 @@ add_firewall_rule() {
|
||||
[ "$use_tcp_node_resolve_dns" == 1 -a -n "$DNS_FORWARD" ] && {
|
||||
for dns in $DNS_FORWARD
|
||||
do
|
||||
local dns_ip=$(echo $dns | awk -F "#" '{print $1}')
|
||||
local dns_port=$(echo $dns | awk -F "#" '{print $2}')
|
||||
local dns_ip=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $1}')
|
||||
ipset test $IPSET_LANIPLIST $dns_ip 2>/dev/null
|
||||
[ $? == 0 ] && continue
|
||||
local dns_port=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $2}')
|
||||
[ -z "$dns_port" ] && dns_port=53
|
||||
$ipt_m -I PSW 2 -p tcp -d $dns_ip --dport $dns_port -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port
|
||||
done
|
||||
@ -377,9 +361,9 @@ add_firewall_rule() {
|
||||
$ipt_m -A OUTPUT -p tcp -j PSW_OUTPUT
|
||||
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_m -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
|
||||
$ipt_m -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS $(dst $IPSET_BLACKLIST) $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j MARK --set-mark 1
|
||||
[ "$LOCALHOST_PROXY_MODE" == "global" ] && $ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j MARK --set-mark 1
|
||||
[ "$LOCALHOST_PROXY_MODE" == "gfwlist" ] && $ipt_m -A PSW_OUTPUT -p tcp $(dst $IPSET_GFW) $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j MARK --set-mark 1
|
||||
[ "$LOCALHOST_PROXY_MODE" == "chnroute" ] && $ipt_m -A PSW_OUTPUT -p tcp -m set ! --match-set $IPSET_CHN dst $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j MARK --set-mark 1
|
||||
[ "$LOCALHOST_TCP_PROXY_MODE" == "global" ] && $ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j MARK --set-mark 1
|
||||
[ "$LOCALHOST_TCP_PROXY_MODE" == "gfwlist" ] && $ipt_m -A PSW_OUTPUT -p tcp $(dst $IPSET_GFW) $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j MARK --set-mark 1
|
||||
[ "$LOCALHOST_TCP_PROXY_MODE" == "chnroute" ] && $ipt_m -A PSW_OUTPUT -p tcp -m set ! --match-set $IPSET_CHN dst $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j MARK --set-mark 1
|
||||
else
|
||||
# 用于本机流量转发
|
||||
$ipt_n -A OUTPUT -p tcp -j PSW_OUTPUT
|
||||
@ -387,6 +371,8 @@ add_firewall_rule() {
|
||||
for dns in $DNS_FORWARD
|
||||
do
|
||||
local dns_ip=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $1}')
|
||||
ipset test $IPSET_LANIPLIST $dns_ip 2>/dev/null
|
||||
[ $? == 0 ] && continue
|
||||
local dns_port=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $2}')
|
||||
[ -z "$dns_port" ] && dns_port=53
|
||||
local ADD_INDEX=2
|
||||
@ -394,7 +380,7 @@ add_firewall_rule() {
|
||||
done
|
||||
}
|
||||
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_n -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
|
||||
$ipt_n -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j $(get_action_chain $LOCALHOST_PROXY_MODE)1
|
||||
$ipt_n -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j $(get_action_chain $LOCALHOST_TCP_PROXY_MODE)1
|
||||
fi
|
||||
# 重定所有流量到透明代理端口
|
||||
# $ipt_n -A PSW -p tcp -m ttl --ttl-eq $ttl -j REDIRECT --to $local_port
|
||||
@ -435,9 +421,10 @@ add_firewall_rule() {
|
||||
PR_INDEX=$($ipt_n -L PREROUTING --line-numbers | grep "prerouting_rule" | sed -n '$p' | awk '{print $1}')
|
||||
[ -n "$PR_INDEX" ] && PRE_INDEX=$(expr $PR_INDEX + 1)
|
||||
fi
|
||||
$ipt_n -I PREROUTING $PRE_INDEX -j PSW
|
||||
$ipt_n -I PREROUTING $PRE_INDEX -p tcp -j PSW
|
||||
fi
|
||||
|
||||
# 加载UDP防火墙
|
||||
if [ "$UDP_NODE_NUM" -ge 1 ]; then
|
||||
for k in $(seq 1 $UDP_NODE_NUM); do
|
||||
eval node=\$UDP_NODE$k
|
||||
@ -462,10 +449,6 @@ add_firewall_rule() {
|
||||
# 回国模式
|
||||
$ipt_m -A PSW_HOME$k -p udp $(dst $IPSET_BLACKLIST) -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port
|
||||
$ipt_m -A PSW_HOME$k -p udp $(dst $IPSET_CHN) -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port
|
||||
|
||||
# 游戏模式
|
||||
# $ipt_m -A PSW_GAME$k -p udp $(dst $IPSET_BLACKLIST) -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port
|
||||
# $ipt_m -A PSW_GAME$k -p udp $(dst $IPSET_CHN !) -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port
|
||||
|
||||
[ "$k" == 1 ] && {
|
||||
# 用于本机流量转发
|
||||
@ -474,6 +457,8 @@ add_firewall_rule() {
|
||||
for dns in $DNS_FORWARD
|
||||
do
|
||||
local dns_ip=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $1}')
|
||||
ipset test $IPSET_LANIPLIST $dns_ip 2>/dev/null
|
||||
[ $? == 0 ] && continue
|
||||
local dns_port=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $2}')
|
||||
[ -z "$dns_port" ] && dns_port=53
|
||||
local ADD_INDEX=2
|
||||
@ -484,9 +469,9 @@ add_firewall_rule() {
|
||||
|
||||
[ "$UDP_NO_REDIR_PORTS" != "disable" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN
|
||||
$ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS $(dst $IPSET_BLACKLIST) -j MARK --set-mark 1
|
||||
[ "$LOCALHOST_PROXY_MODE" == "global" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS -j MARK --set-mark 1
|
||||
[ "$LOCALHOST_PROXY_MODE" == "gfwlist" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS $(dst $IPSET_GFW) -j MARK --set-mark 1
|
||||
[ "$LOCALHOST_PROXY_MODE" == "chnroute" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS -m set ! --match-set $IPSET_CHN dst -j MARK --set-mark 1
|
||||
[ "$LOCALHOST_UDP_PROXY_MODE" == "global" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS -j MARK --set-mark 1
|
||||
[ "$LOCALHOST_UDP_PROXY_MODE" == "gfwlist" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS $(dst $IPSET_GFW) -j MARK --set-mark 1
|
||||
[ "$LOCALHOST_UDP_PROXY_MODE" == "chnroute" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS -m set ! --match-set $IPSET_CHN dst -j MARK --set-mark 1
|
||||
}
|
||||
fi
|
||||
done
|
||||
@ -497,50 +482,39 @@ add_firewall_rule() {
|
||||
# 加载ACLS
|
||||
load_acl
|
||||
|
||||
# 加载默认代理模式
|
||||
if [ "$PROXY_MODE" == "disable" ]; then
|
||||
[ "$TCP_NODE1" != "nil" ] && $ipt_n -A PSW_ACL -p tcp $(comment "Default") -j $(get_action_chain $PROXY_MODE)
|
||||
[ "$UDP_NODE1" != "nil" ] && $ipt_m -A PSW_ACL -p udp $(comment "Default") -j $(get_action_chain $PROXY_MODE)
|
||||
else
|
||||
# 加载TCP默认代理模式
|
||||
[ "$TCP_PROXY_MODE" != "disable" ] && {
|
||||
[ "$TCP_NODE1" != "nil" ] && {
|
||||
local ipt_tmp=$ipt_n
|
||||
local TCP_NODE_TYPE1=$(echo $(config_n_get $TCP_NODE1 type) | tr 'A-Z' 'a-z')
|
||||
if [ "$TCP_NODE_TYPE1" == "brook" -a "$(config_n_get $TCP_NODE1 brook_protocol client)" == "client" ]; then
|
||||
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_m -A PSW_ACL -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS $(comment "Default") -j RETURN
|
||||
$ipt_m -A PSW_ACL -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(comment "Default") -j $(get_action_chain $PROXY_MODE)1
|
||||
else
|
||||
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_n -A PSW_ACL -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS $(comment "Default") -j RETURN
|
||||
$ipt_n -A PSW_ACL -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(comment "Default") -j $(get_action_chain $PROXY_MODE)1
|
||||
fi
|
||||
[ "$TCP_NODE_TYPE1" == "brook" -a "$(config_n_get $TCP_NODE1 brook_protocol client)" == "client" ] && ipt_tmp=$ipt_m
|
||||
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_tmp -A PSW_ACL -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS $(comment "Default") -j RETURN
|
||||
$ipt_tmp -A PSW_ACL -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(comment "Default") -j $(get_action_chain $TCP_PROXY_MODE)1
|
||||
}
|
||||
}
|
||||
$ipt_n -A PSW_ACL -p tcp $(comment "Default") -j RETURN
|
||||
echolog "TCP默认代理模式:$(get_action_chain_name $TCP_PROXY_MODE)"
|
||||
|
||||
# 加载UDP默认代理模式
|
||||
[ "$UDP_PROXY_MODE" == "disable" ] && {
|
||||
[ "$UDP_NODE1" != "nil" ] && {
|
||||
[ "$UDP_NO_REDIR_PORTS" != "disable" ] && $ipt_m -A PSW_ACL -p udp -m multiport --dport $UDP_NO_REDIR_PORTS $(comment "Default") -j RETURN
|
||||
$ipt_m -A PSW_ACL -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(comment "Default") -j $(get_action_chain $PROXY_MODE)1
|
||||
$ipt_m -A PSW_ACL -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(comment "Default") -j $(get_action_chain $UDP_PROXY_MODE)1
|
||||
}
|
||||
fi
|
||||
}
|
||||
$ipt_m -A PSW_ACL -p udp $(comment "Default") -j RETURN
|
||||
echolog "UDP默认代理模式:$(get_action_chain_name $UDP_PROXY_MODE)"
|
||||
|
||||
# 过滤所有节点IP
|
||||
filter_vpsip
|
||||
|
||||
dns_hijack "force"
|
||||
# dns_hijack "force"
|
||||
|
||||
echolog "默认代理模式:$(get_action_chain_name $PROXY_MODE)"
|
||||
echolog "防火墙规则加载完成!"
|
||||
}
|
||||
|
||||
del_firewall_rule() {
|
||||
ipv6_output_ss_exist=$($ip6t_n -n -L OUTPUT 2>/dev/null | grep -c "PSW")
|
||||
[ -n "$ipv6_output_ss_exist" ] && {
|
||||
until [ "$ipv6_output_ss_exist" = 0 ]; do
|
||||
rules=$($ip6t_n -n -L OUTPUT --line-numbers | grep "PSW" | awk '{print $1}')
|
||||
for rule in $rules; do
|
||||
$ip6t_n -D OUTPUT $rule 2>/dev/null
|
||||
break
|
||||
done
|
||||
ipv6_output_ss_exist=$(expr $ipv6_output_ss_exist - 1)
|
||||
done
|
||||
}
|
||||
|
||||
$ipt_n -D PREROUTING -j PSW 2>/dev/null
|
||||
$ipt_n -D PREROUTING -p tcp -j PSW 2>/dev/null
|
||||
$ipt_n -D OUTPUT -p tcp -j PSW_OUTPUT 2>/dev/null
|
||||
$ipt_n -F PSW 2>/dev/null && $ipt_n -X PSW 2>/dev/null
|
||||
$ipt_n -F PSW_ACL 2>/dev/null && $ipt_n -X PSW_ACL 2>/dev/null
|
||||
@ -559,19 +533,15 @@ del_firewall_rule() {
|
||||
$ip6t_n -F PSW_ACL 2>/dev/null && $ip6t_n -X PSW_ACL 2>/dev/null
|
||||
$ip6t_n -F PSW_OUTPUT 2>/dev/null && $ip6t_n -X PSW_OUTPUT 2>/dev/null
|
||||
|
||||
local max_num=3
|
||||
for i in $(seq 1 $max_num); do
|
||||
local k=$i
|
||||
for k in $(seq 1 3); do
|
||||
$ipt_n -F PSW_GLO$k 2>/dev/null && $ipt_n -X PSW_GLO$k 2>/dev/null
|
||||
$ipt_n -F PSW_GFW$k 2>/dev/null && $ipt_n -X PSW_GFW$k 2>/dev/null
|
||||
$ipt_n -F PSW_CHN$k 2>/dev/null && $ipt_n -X PSW_CHN$k 2>/dev/null
|
||||
$ipt_n -F PSW_GAME$k 2>/dev/null && $ipt_n -X PSW_GAME$k 2>/dev/null
|
||||
$ipt_n -F PSW_HOME$k 2>/dev/null && $ipt_n -X PSW_HOME$k 2>/dev/null
|
||||
|
||||
$ipt_m -F PSW_GLO$k 2>/dev/null && $ipt_m -X PSW_GLO$k 2>/dev/null
|
||||
$ipt_m -F PSW_GFW$k 2>/dev/null && $ipt_m -X PSW_GFW$k 2>/dev/null
|
||||
$ipt_m -F PSW_CHN$k 2>/dev/null && $ipt_m -X PSW_CHN$k 2>/dev/null
|
||||
$ipt_m -F PSW_GAME$k 2>/dev/null && $ipt_m -X PSW_GAME$k 2>/dev/null
|
||||
$ipt_m -F PSW_HOME$k 2>/dev/null && $ipt_m -X PSW_HOME$k 2>/dev/null
|
||||
|
||||
$ip6t_n -F PSW_GLO$k 2>/dev/null && $ip6t_n -X PSW_GLO$k 2>/dev/null
|
||||
@ -587,7 +557,7 @@ del_firewall_rule() {
|
||||
ipset -F $IPSET_VPSIPLIST >/dev/null 2>&1 && ipset -X $IPSET_VPSIPLIST >/dev/null 2>&1 &
|
||||
#ipset -F $IPSET_GFW >/dev/null 2>&1 && ipset -X $IPSET_GFW >/dev/null 2>&1 &
|
||||
#ipset -F $IPSET_CHN >/dev/null 2>&1 && ipset -X $IPSET_CHN >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_BLACKLIST >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST >/dev/null 2>&1 &
|
||||
#ipset -F $IPSET_BLACKLIST >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_WHITELIST >/dev/null 2>&1 && ipset -X $IPSET_WHITELIST >/dev/null 2>&1 &
|
||||
#echolog "删除相关防火墙规则完成。"
|
||||
}
|
||||
|
||||
@ -72558,4 +72558,4 @@ zzzyk.com
|
||||
zzzzaaaa.com
|
||||
zzzzhong.com
|
||||
zzzzllee.com
|
||||
zzzzmall.com
|
||||
zzzzmall.com
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user