luci-app-passwall: sync with upstream source

package/lienol/luci-app-passwall/Makefile

@@ -7,8 +7,8 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-passwall
 PKG_VERSION:=3.6
-PKG_RELEASE:=25
+PKG_RELEASE:=28
-PKG_DATE:=20200315
+PKG_DATE:=20200316
 
 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 

package/lienol/luci-app-passwall/luasrc/controller/passwall.lua

@@ -27,15 +27,17 @@ function index()
     entry({"admin", "vpn", "passwall", "auto_switch"},
           cbi("passwall/auto_switch"), _("Auto Switch"), 3).leaf = true
     entry({"admin", "vpn", "passwall", "other"},
-          cbi("passwall/other", {autoapply = true}), _("Other Settings"), 94).leaf =
+          cbi("passwall/other", {autoapply = true}), _("Other Settings"), 93).leaf =
         true
     if nixio.fs.access("/usr/sbin/haproxy") then
-        entry({"admin", "vpn", "passwall", "balancing"},
+        entry({"admin", "vpn", "passwall", "haproxy"},
-              cbi("passwall/balancing"), _("Load Balancing"), 95).leaf = true
+              cbi("passwall/haproxy"), _("Load Balancing"), 94).leaf = true
     end
-    entry({"admin", "vpn", "passwall", "rule"},
+    entry({"admin", "vpn", "passwall", "node_subscribe"},
-          cbi("passwall/rule"), _("Rule Update"), 96).leaf =
+          cbi("passwall/node_subscribe"), _("Node Subscribe"), 95).dependent =
         true
+    entry({"admin", "vpn", "passwall", "rule"}, cbi("passwall/rule"),
+          _("Rule Update"), 96).leaf = true
     entry({"admin", "vpn", "passwall", "acl"}, cbi("passwall/acl"),
           _("Access control"), 97).leaf = true
     entry({"admin", "vpn", "passwall", "log"}, form("passwall/log"),

package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/acl.lua

@@ -124,8 +124,8 @@ if tonumber(udp_node_num) > 1 then
     for i = 1, udp_node_num, 1 do o:value(i, "UDP_" .. i) end
 end
 
----- Proxy Mode
+---- TCP Proxy Mode
-o = s:option(ListValue, "proxy_mode", translate("Proxy Mode"))
+o = s:option(ListValue, "tcp_proxy_mode", "TCP" .. translate("Proxy Mode"))
 o.default = "default"
 o.rmempty = false
 o:value("default", translate("Default"))
@@ -133,7 +133,17 @@ o:value("disable", translate("No Proxy"))
 o:value("global", translate("Global Proxy"))
 o:value("gfwlist", translate("GFW List"))
 o:value("chnroute", translate("China WhiteList"))
--- o:value("gamemode", translate("Game Mode"))
+o:value("returnhome", translate("Return Home"))
+
+---- UDP Proxy Mode
+o = s:option(ListValue, "udp_proxy_mode", "UDP" .. translate("Proxy Mode"))
+o.default = "default"
+o.rmempty = false
+o:value("default", translate("Default"))
+o:value("disable", translate("No Proxy"))
+o:value("global", translate("Global Proxy"))
+o:value("gfwlist", translate("GFW List"))
+o:value("chnroute", translate("Game Mode") .. "（" .. translate("China WhiteList") .. "）")
 o:value("returnhome", translate("Return Home"))
 
 ---- TCP No Redir Ports

package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/global.lua

@@ -20,19 +20,17 @@ uci:foreach(appname, "nodes", function(e)
     if type == nil then type = "" end
     local address = e.address
     if address == nil then address = "" end
-    --if (type == "V2ray_balancing" or type == "V2ray_shunt") or (address:match("[\u4e00-\u9fa5]") and address:find("%.") and address:sub(#address) ~= ".") then
+    -- if (type == "V2ray_balancing" or type == "V2ray_shunt") or (address:match("[\u4e00-\u9fa5]") and address:find("%.") and address:sub(#address) ~= ".") then
-        if type and address and e.remarks then
+    if type and address and e.remarks then
-            if e.use_kcp and e.use_kcp == "1" then
+        if e.use_kcp and e.use_kcp == "1" then
-                n[e[".name"]] = "%s+%s：[%s] %s" %
+            n[e[".name"]] = "%s+%s：[%s] %s" %
-                                    {
+                                {translate(type), "Kcptun", e.remarks, address}
-                        translate(type), "Kcptun", e.remarks, address
+        else
-                    }
+            n[e[".name"]] = "%s：[%s] %s" %
-            else
+                                {translate(type), e.remarks, address}
-                n[e[".name"]] = "%s：[%s] %s" %
-                                    {translate(type), e.remarks, address}
-            end
         end
-    --end
+    end
+    -- end
 end)
 
 local key_table = {}
@@ -110,7 +108,7 @@ end
 o = s:option(Value, "up_china_dns", translate("China DNS Server") .. "(UDP)")
 -- o.description = translate("If you want to work with other DNS acceleration services, use the default.<br />Only use two at most, english comma separation, If you do not fill in the # and the following port, you are using port 53.")
 o.default = "default"
-o:value("default", translate("default"))
+o:value("default", translate("Default"))
 o:value("dnsbyisp", translate("dnsbyisp"))
 o:value("223.5.5.5", "223.5.5.5 (" .. translate("Ali") .. "DNS)")
 o:value("223.6.6.6", "223.6.6.6 (" .. translate("Ali") .. "DNS)")
@@ -183,9 +181,9 @@ o:value("208.67.220.220", "208.67.220.220 (Open DNS)")
 o:depends("dns_mode", "pdnsd")
 o:depends("up_trust_chinadns_ng_dns", "pdnsd")
 
----- Default Proxy Mode
+---- TCP Default Proxy Mode
-o = s:option(ListValue, "proxy_mode",
+o = s:option(ListValue, "tcp_proxy_mode",
-             translate("Default") .. translate("Proxy Mode"))
+             "TCP" .. translate("Default") .. translate("Proxy Mode"))
 -- o.description = translate("If not available, try clearing the cache.")
 o.default = "chnroute"
 o.rmempty = false
@@ -193,12 +191,22 @@ o:value("disable", translate("No Proxy"))
 o:value("global", translate("Global Proxy"))
 o:value("gfwlist", translate("GFW List"))
 o:value("chnroute", translate("China WhiteList"))
--- o:value("gamemode", translate("Game Mode"))
 o:value("returnhome", translate("Return Home"))
 
----- Localhost Proxy Mode
+---- UDP Default Proxy Mode
-o = s:option(ListValue, "localhost_proxy_mode",
+o = s:option(ListValue, "udp_proxy_mode",
-             translate("Router Localhost") .. translate("Proxy Mode"))
+             "UDP" .. translate("Default") .. translate("Proxy Mode"))
+o.default = "chnroute"
+o.rmempty = false
+o:value("disable", translate("No Proxy"))
+o:value("global", translate("Global Proxy"))
+o:value("gfwlist", translate("GFW List"))
+o:value("chnroute", translate("Game Mode") .. "（" .. translate("China WhiteList") .. "）")
+o:value("returnhome", translate("Return Home"))
+
+---- Localhost TCP Proxy Mode
+o = s:option(ListValue, "localhost_tcp_proxy_mode",
+             translate("Router Localhost") .. "TCP" .. translate("Proxy Mode"))
 -- o.description = translate("The server client can also use this rule to scientifically surf the Internet.")
 o:value("default", translate("Default"))
 o:value("gfwlist", translate("GFW List"))
@@ -207,6 +215,17 @@ o:value("global", translate("Global Proxy"))
 o.default = "default"
 o.rmempty = false
 
+---- Localhost UDP Proxy Mode
+o = s:option(ListValue, "localhost_udp_proxy_mode",
+             translate("Router Localhost") .. "UDP" .. translate("Proxy Mode"))
+o:value("disable", translate("No Proxy"))
+o:value("default", translate("Default"))
+o:value("gfwlist", translate("GFW List"))
+o:value("chnroute", translate("Game Mode") .. "（" .. translate("China WhiteList") .. "）")
+o:value("global", translate("Global Proxy"))
+o.default = "default"
+o.rmempty = false
+
 ---- Tips
 s:append(Template("passwall/global/tips"))
 

package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/haproxy.lua

@@ -48,16 +48,9 @@ o = s:option(Value, "console_port", translate("Console Port"), translate(
 o.default = "1188"
 o:depends("balancing_enable", 1)
 
----- Haproxy Port
-o = s:option(Value, "haproxy_port", translate("Haproxy Port"),
-             translate("Configure this node with 127.0.0.1: this port"))
-o.default = "1181"
-o:depends("balancing_enable", 1)
-
 -- [[ Balancing Settings ]]--
-s = m:section(TypedSection, "balancing", translate("Load Balancing Setting"),
+s = m:section(TypedSection, "haproxy_config", translate("Load Balancing Setting"),
-              translate(
+              "<font color='red'>" .. translate("Add a node, Export Of Multi WAN Only support Multi Wan. Load specific gravity range 1-256. Multiple primary servers can be load balanced, standby will only be enabled when the primary server is offline! Multiple groups can be set, Haproxy port same one for each group.").."</font>")
-                  "Add a node, Export Of Multi WAN Only support Multi Wan. Load specific gravity range 1-256. Multiple primary servers can be load balanced, standby will only be enabled when the primary server is offline!"))
 s.template = "cbi/tblsection"
 s.sortable = true
 s.anonymous = true
@@ -81,6 +74,10 @@ o:value("default", translate("Default"))
 o.default = "default"
 o.rmempty = false
 
+---- Haproxy Port
+o = s:option(Value, "haproxy_port", translate("Haproxy Port"))
+o.rmempty = false
+
 ---- Node Weight
 o = s:option(Value, "lbweight", translate("Node Weight"))
 o.default = "5"

package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/node_subscribe.lua

@@ -0,0 +1,75 @@
+local e = require "nixio.fs"
+local e = require "luci.sys"
+
+m = Map("passwall")
+
+-- [[ Subscribe Settings ]]--
+s = m:section(TypedSection, "global_subscribe", "")
+s.anonymous = true
+
+---- Subscribe via proxy
+o = s:option(Flag, "subscribe_proxy", translate("Subscribe via proxy"))
+o.default = 0
+o.rmempty = false
+
+---- Enable auto update subscribe
+o = s:option(Flag, "auto_update_subscribe",
+             translate("Enable auto update subscribe"))
+o.default = 0
+o.rmempty = false
+
+---- Week update rules
+o = s:option(ListValue, "week_update_subscribe", translate("Week update rules"))
+o:value(7, translate("Every day"))
+for e = 1, 6 do o:value(e, translate("Week") .. e) end
+o:value(0, translate("Week") .. translate("day"))
+o.default = 0
+o:depends("auto_update_subscribe", 1)
+
+---- Day update rules
+o = s:option(ListValue, "time_update_subscribe", translate("Day update rules"))
+for e = 0, 23 do o:value(e, e .. translate("oclock")) end
+o.default = 0
+o:depends("auto_update_subscribe", 1)
+
+---- Manual subscription
+o = s:option(Button, "_update", translate("Manual subscription"))
+o.inputstyle = "apply"
+function o.write(e, e)
+    luci.sys.call(
+        "lua /usr/share/passwall/subscribe.lua start log > /dev/null 2>&1 &")
+    luci.http.redirect(luci.dispatcher.build_url("admin", "vpn", "passwall",
+                                                 "log"))
+end
+
+---- Subscribe Delete All
+o = s:option(Button, "_stop", translate("Delete All Subscribe Node"))
+o.inputstyle = "remove"
+function o.write(e, e)
+    luci.sys.call(
+        "lua /usr/share/passwall/subscribe.lua truncate log > /dev/null 2>&1 &")
+    luci.http.redirect(luci.dispatcher.build_url("admin", "vpn", "passwall",
+                                                 "log"))
+end
+
+s = m:section(TypedSection, "subscribe_list", "",
+              "<font color='red'>" .. translate(
+                  "Please input the subscription url first, save and submit before updating. If you subscribe to update, it is recommended to delete all subscriptions and then re-subscribe.") ..
+                  "</font>")
+s.addremove = true
+s.anonymous = true
+s.sortable = true
+s.template = "cbi/tblsection"
+
+o = s:option(Flag, "enabled", translate("Enabled"))
+o.rmempty = false
+
+o = s:option(Value, "remark", translate("Subscribe Remark"))
+o.width = "auto"
+o.rmempty = false
+
+o = s:option(Value, "url", translate("Subscribe URL"))
+o.width = "auto"
+o.rmempty = false
+
+return m

package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/rule.lua

@@ -31,75 +31,6 @@ for e = 0, 23 do o:value(e, e .. translate("oclock")) end
 o.default = 0
 o:depends("auto_update", 1)
 
--- [[ Subscribe Settings ]]--
-s = m:section(TypedSection, "global_subscribe", translate("Node Subscribe"),
-              "<font color='red'>" .. translate(
-                  "Please input the subscription url first, save and submit before updating. If you subscribe to update, it is recommended to delete all subscriptions and then re-subscribe.") ..
-                  "</font>")
-s.anonymous = true
-
----- Subscribe via proxy
-o = s:option(Flag, "subscribe_proxy", translate("Subscribe via proxy"))
-o.default = 0
-o.rmempty = false
-
----- Enable auto update subscribe
-o = s:option(Flag, "auto_update_subscribe",
-             translate("Enable auto update subscribe"))
-o.default = 0
-o.rmempty = false
-
----- Week update rules
-o = s:option(ListValue, "week_update_subscribe", translate("Week update rules"))
-o:value(7, translate("Every day"))
-for e = 1, 6 do o:value(e, translate("Week") .. e) end
-o:value(0, translate("Week") .. translate("day"))
-o.default = 0
-o:depends("auto_update_subscribe", 1)
-
----- Day update rules
-o = s:option(ListValue, "time_update_subscribe", translate("Day update rules"))
-for e = 0, 23 do o:value(e, e .. translate("oclock")) end
-o.default = 0
-o:depends("auto_update_subscribe", 1)
-
----- Manual subscription
-o = s:option(Button, "_update", translate("Manual subscription"))
-o.inputstyle = "apply"
-function o.write(e, e)
-    luci.sys.call(
-        "lua /usr/share/passwall/subscribe.lua start log > /dev/null 2>&1 &")
-    luci.http.redirect(luci.dispatcher.build_url("admin", "vpn", "passwall",
-                                                 "log"))
-end
-
----- Subscribe Delete All
-o = s:option(Button, "_stop", translate("Delete All Subscribe Node"))
-o.inputstyle = "remove"
-function o.write(e, e)
-    luci.sys.call(
-        "lua /usr/share/passwall/subscribe.lua truncate log > /dev/null 2>&1 &")
-    luci.http.redirect(luci.dispatcher.build_url("admin", "vpn", "passwall",
-                                                 "log"))
-end
-
-s = m:section(TypedSection, "subscribe_list")
-s.addremove = true
-s.anonymous = true
-s.sortable = true
-s.template = "cbi/tblsection"
-
-o = s:option(Flag, "enabled", translate("Enabled"))
-o.rmempty = false
-
-o = s:option(Value, "remark", translate("Subscribe Remark"))
-o.width = "auto"
-o.rmempty = false
-
-o = s:option(Value, "url", translate("Subscribe URL"))
-o.width = "auto"
-o.rmempty = false
-
 -- [[ App Settings ]]--
 s = m:section(TypedSection, "global_app", translate("App Update"),
               "<font color='red'>" ..

package/lienol/luci-app-passwall/po/zh_Hans/passwall.po

@@ -490,8 +490,8 @@ msgstr "负载均衡端口"
 msgid "Load Balancing Setting"
 msgstr "负载均衡设置"
 
-msgid "Add a node, Export Of Multi WAN Only support Multi Wan. Load specific gravity range 1-256. Multiple primary servers can be load balanced, standby will only be enabled when the primary server is offline!"
+msgid "Add a node, Export Of Multi WAN Only support Multi Wan. Load specific gravity range 1-256. Multiple primary servers can be load balanced, standby will only be enabled when the primary server is offline! Multiple groups can be set, Haproxy port same one for each group."
-msgstr "添加节点，指定出口功能是为多WAN用户准备的。负载比重范围1-256。多个主服务器可以负载均衡，备用只有在主服务器离线时才会启用！"
+msgstr "添加节点，指定出口功能是为多WAN用户准备的。负载比重范围1-256。多个主服务器可以负载均衡，备用只有在主服务器离线时才会启用！可以设置多个组，负载均衡端口相同则为一组。"
 
 msgid "Node"
 msgstr "节点"

package/lienol/luci-app-passwall/root/etc/config/passwall

@@ -8,8 +8,10 @@ config global
 	option up_china_dns 'default'
 	option dns_forward '8.8.4.4'
 	option use_tcp_node_resolve_dns '1'
-	option proxy_mode 'chnroute'
+	option tcp_proxy_mode 'chnroute'
-	option localhost_proxy_mode 'gfwlist'
+	option udp_proxy_mode 'chnroute'
+	option localhost_tcp_proxy_mode 'gfwlist'
+	option localhost_udp_proxy_mode 'gfwlist'
 
 config global_haproxy
 	option balancing_enable '0'

package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh

@@ -145,23 +145,22 @@ TCP_NODE_NUM=$(config_t_get global_other tcp_node_num 1)
 for i in $(seq 1 $TCP_NODE_NUM); do
 	eval TCP_NODE$i=$(config_t_get global tcp_node$i nil)
 done
+TCP_REDIR_PORT1=$(config_t_get global_forwarding tcp_redir_port 1041)
+TCP_REDIR_PORT2=$(expr $TCP_REDIR_PORT1 + 1)
+TCP_REDIR_PORT3=$(expr $TCP_REDIR_PORT2 + 1)
 
 UDP_NODE_NUM=$(config_t_get global_other udp_node_num 1)
 for i in $(seq 1 $UDP_NODE_NUM); do
 	eval UDP_NODE$i=$(config_t_get global udp_node$i nil)
 done
+UDP_REDIR_PORT1=$(config_t_get global_forwarding udp_redir_port 1051)
+UDP_REDIR_PORT2=$(expr $UDP_REDIR_PORT1 + 1)
+UDP_REDIR_PORT3=$(expr $UDP_REDIR_PORT2 + 1)
 
 SOCKS5_NODE_NUM=$(config_t_get global_other socks5_node_num 1)
 for i in $(seq 1 $SOCKS5_NODE_NUM); do
 	eval SOCKS5_NODE$i=$(config_t_get global socks5_node$i nil)
 done
-
-TCP_REDIR_PORT1=$(config_t_get global_forwarding tcp_redir_port 1041)
-TCP_REDIR_PORT2=$(expr $TCP_REDIR_PORT1 + 1)
-TCP_REDIR_PORT3=$(expr $TCP_REDIR_PORT2 + 1)
-UDP_REDIR_PORT1=$(config_t_get global_forwarding udp_redir_port 1051)
-UDP_REDIR_PORT2=$(expr $UDP_REDIR_PORT1 + 1)
-UDP_REDIR_PORT3=$(expr $UDP_REDIR_PORT2 + 1)
 SOCKS5_PROXY_PORT1=$(config_t_get global_forwarding socks5_proxy_port 1081)
 SOCKS5_PROXY_PORT2=$(expr $SOCKS5_PROXY_PORT1 + 1)
 SOCKS5_PROXY_PORT3=$(expr $SOCKS5_PROXY_PORT2 + 1)
@@ -177,7 +176,12 @@ UDP_REDIR_PORTS=$(config_t_get global_forwarding udp_redir_ports '1:65535')
 TCP_NO_REDIR_PORTS=$(config_t_get global_forwarding tcp_no_redir_ports 'disable')
 UDP_NO_REDIR_PORTS=$(config_t_get global_forwarding udp_no_redir_ports 'disable')
 KCPTUN_REDIR_PORT=$(config_t_get global_forwarding kcptun_port 12948)
-PROXY_MODE=$(config_t_get global proxy_mode chnroute)
+TCP_PROXY_MODE=$(config_t_get global tcp_proxy_mode chnroute)
+UDP_PROXY_MODE=$(config_t_get global udp_proxy_mode chnroute)
+LOCALHOST_TCP_PROXY_MODE=$(config_t_get global localhost_tcp_proxy_mode default)
+LOCALHOST_UDP_PROXY_MODE=$(config_t_get global localhost_udp_proxy_mode default)
+[ "$LOCALHOST_TCP_PROXY_MODE" == "default" ] && LOCALHOST_TCP_PROXY_MODE=$TCP_PROXY_MODE
+[ "$LOCALHOST_UDP_PROXY_MODE" == "default" ] && LOCALHOST_UDP_PROXY_MODE=$UDP_PROXY_MODE
 
 load_config() {
 	[ "$ENABLED" != 1 ] && return 1
@@ -196,8 +200,6 @@ load_config() {
 	else
 		process=$(config_t_get global_forwarding process)
 	fi
-	LOCALHOST_PROXY_MODE=$(config_t_get global localhost_proxy_mode default)
-	[ "$LOCALHOST_PROXY_MODE" == "default" ] && LOCALHOST_PROXY_MODE=$PROXY_MODE
 	UP_CHINA_DNS=$(config_t_get global up_china_dns dnsbyisp)
 	[ "$UP_CHINA_DNS" == "default" ] && IS_DEFAULT_CHINA_DNS=1
 	[ ! -f "$RESOLVFILE" -o ! -s "$RESOLVFILE" ] && RESOLVFILE=/tmp/resolv.conf.auto
@@ -794,7 +796,7 @@ start_haproxy() {
 			mkdir -p $HAPROXY_PATH
 			local HAPROXY_FILE=$HAPROXY_PATH/config.cfg
 			bport=$(config_t_get global_haproxy haproxy_port)
-			cat <<-EOF >$HAPROXY_FILE
+			cat <<-EOF > $HAPROXY_FILE
 				global
 				    log         127.0.0.1 local2
 				    chroot      /usr/bin
@@ -821,48 +823,51 @@ start_haproxy() {
 				    timeout check           10s
 				    maxconn                 3000
 					
-				listen passwall
-				    bind 0.0.0.0:$bport
-				    mode tcp
 			EOF
-			local count=$(uci show $CONFIG | grep "@balancing" | sed -n '$p' | cut -d '[' -f 2 | cut -d ']' -f 1)
+			
+			local ports=$(uci show $CONFIG | grep "@haproxy_config" | grep haproxy_port | cut -d "'" -f 2 | sort -u)
+			for p in $ports; do
+				cat <<-EOF >> $HAPROXY_FILE
+					listen $p
+					    mode tcp
+					    bind 0.0.0.0:$p
+						
+				EOF
+			done
+			
+			local count=$(uci show $CONFIG | grep "@haproxy_config" | sed -n '$p' | cut -d '[' -f 2 | cut -d ']' -f 1)
 			[ -n "$count" ] && [ "$count" -ge 0 ] && {
 				u_get() {
-					local ret=$(uci -q get $CONFIG.@balancing[$1].$2)
+					local ret=$(uci -q get $CONFIG.@haproxy_config[$1].$2)
 					echo ${ret:=$3}
 				}
 				for i in $(seq 0 $count); do
-					enabled=$(u_get $i enabled 0)
+					local enabled=$(u_get $i enabled 0)
-					[ "$enabled" == "0" ] && continue
+					[ -z "$enabled" -o "$enabled" == "0" ] && continue
-					bips=$(u_get $i lbss)
+					
-					bports=$(u_get $i lbort)
+					local haproxy_port=$(u_get $i haproxy_port)
+					[ -z "$haproxy_port" ] && continue
+					
+					local bips=$(u_get $i lbss)
+					local bports=$(u_get $i lbort)
 					if [ -z "$bips" ] || [ -z "$bports" ]; then
-						break
+						continue
 					fi
+					
 					local bip=$(echo $bips | awk -F ":" '{print $1}')
 					local bport=$(echo $bips | awk -F ":" '{print $2}')
 					[ "$bports" != "default" ] && bport=$bports
-					[ -z "$bport" ] && break
+					[ -z "$bport" ] && continue
 					
-					bweight=$(u_get $i lbweight)
+					local line=$(cat $HAPROXY_FILE | grep -n "bind 0.0.0.0:$haproxy_port" | awk -F ":" '{print $1}')
-					exports=$(u_get $i export)
+					[ -z "$line" ] && continue
-					bbackup=$(u_get $i backup)
+					
-					if [ "$bbackup" = "1" ]; then
+					local bweight=$(u_get $i lbweight)
-						bbackup=" backup"
+					local exports=$(u_get $i export)
-						echolog "负载均衡：添加故障转移备节点:$bip"
+					local backup=$(u_get $i backup)
-					else
+					local bbackup=""
-						bbackup=""
+					[ "$backup" = "1" ] && bbackup="backup"
-						echolog "负载均衡：添加负载均衡主节点:$bip"
+					sed -i "${line}i \ \ \ \ server $bip:$bport $bip:$bport weight $bweight check inter 1500 rise 1 fall 3 $bbackup" $HAPROXY_FILE
-					fi
-					#si=$(echo $bip | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}")
-					#if [ -z "$si" ]; then
-					#	bip=$(resolveip -4 -t 2 $bip | awk 'NR==1{print}')
-					#	if [ -z "$bip" ]; then
-					#		bip=$(nslookup $bip localhost | sed '1,4d' | awk '{print $3}' | grep -v : | awk 'NR==1{print}')
-					#	fi
-					#	echolog "负载均衡${i} IP为：$bip"
-					#fi
-					echo "    server $bip:$bport $bip:$bport weight $bweight check inter 1500 rise 1 fall 3 $bbackup" >> $HAPROXY_FILE
 					if [ "$exports" != "0" ]; then
 						failcount=0
 						while [ "$failcount" -lt "3" ]; do
@@ -881,22 +886,23 @@ start_haproxy() {
 					fi
 				done
 			}
-			#生成负载均衡控制台
+			
-			console_port=$(config_t_get global_haproxy console_port)
+			# 控制台配置
-			console_user=$(config_t_get global_haproxy console_user)
+			local console_port=$(config_t_get global_haproxy console_port)
-			console_password=$(config_t_get global_haproxy console_password)
+			local console_user=$(config_t_get global_haproxy console_user)
+			local console_password=$(config_t_get global_haproxy console_password)
 			local auth=""
 			[ -n "$console_user" -a -n "console_password" ] && auth="stats auth $console_user:$console_password"
 			cat <<-EOF >> $HAPROXY_FILE
-			
+				listen console
-				listen status
 				    bind 0.0.0.0:$console_port
 				    mode http                   
 				    stats refresh 30s
 				    stats uri /
 				    stats admin if TRUE
-					$auth
+				    $auth
 			EOF
+			
 			ln_start_bin $haproxy_bin haproxy "-f $HAPROXY_FILE"
 		}
 	}

package/lienol/luci-app-passwall/root/usr/share/passwall/config.default

@@ -8,8 +8,10 @@ config global
 	option up_china_dns 'default'
 	option dns_forward '8.8.4.4'
 	option use_tcp_node_resolve_dns '1'
-	option proxy_mode 'chnroute'
+	option tcp_proxy_mode 'chnroute'
-	option localhost_proxy_mode 'gfwlist'
+	option udp_proxy_mode 'chnroute'
+	option localhost_tcp_proxy_mode 'gfwlist'
+	option localhost_udp_proxy_mode 'gfwlist'
 
 config global_haproxy
 	option balancing_enable '0'

package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh

@@ -15,6 +15,8 @@ FWI=$(uci -q get firewall.passwall.path 2>/dev/null)
 factor() {
 	if [ -z "$1" ] || [ -z "$2" ]; then
 		echo ""
+	elif [ "$1" == "1:65535" ]; then
+		echo ""
 	else
 		echo "$2 $1"
 	fi
@@ -53,9 +55,6 @@ get_action_chain() {
 	chnroute)
 		echo "PSW_CHN"
 		;;
-	gamemode)
-		echo "PSW_GAME"
-		;;
 	returnhome)
 		echo "PSW_HOME"
 		;;
@@ -76,9 +75,6 @@ get_action_chain_name() {
 	chnroute)
 		echo "大陆白名单"
 		;;
-	gamemode)
-		echo "游戏"
-		;;
 	returnhome)
 		echo "回国"
 		;;
@@ -112,14 +108,16 @@ load_acl() {
 			local remarks=$(u_get $i remarks)
 			local ip=$(u_get $i ip)
 			local mac=$(u_get $i mac)
-			local proxy_mode=$(u_get $i proxy_mode default)
+			local tcp_proxy_mode=$(u_get $i tcp_proxy_mode default)
+			local udp_proxy_mode=$(u_get $i udp_proxy_mode default)
 			local tcp_node=$(u_get $i tcp_node 1)
 			local udp_node=$(u_get $i udp_node 1)
 			local tcp_no_redir_ports=$(u_get $i tcp_no_redir_ports default)
 			local udp_no_redir_ports=$(u_get $i udp_no_redir_ports default)
 			local tcp_redir_ports=$(u_get $i tcp_redir_ports default)
 			local udp_redir_ports=$(u_get $i udp_redir_ports default)
-			[ "$proxy_mode" = "default" ] && proxy_mode=$PROXY_MODE
+			[ "$tcp_proxy_mode" = "default" ] && tcp_proxy_mode=$TCP_PROXY_MODE
+			[ "$udp_proxy_mode" = "default" ] && udp_proxy_mode=$UDP_PROXY_MODE
 			[ "$TCP_NODE_NUM" == "1" ] && tcp_node=1
 			[ "$UDP_NODE_NUM" == "1" ] && udp_node=1
 			[ "$tcp_no_redir_ports" = "default" ] && tcp_no_redir_ports=$TCP_NO_REDIR_PORTS
@@ -128,42 +126,35 @@ load_acl() {
 			[ "$udp_redir_ports" = "default" ] && udp_redir_ports=$UDP_REDIR_PORTS
 			eval TCP_NODE=\$TCP_NODE$tcp_node
 			eval UDP_NODE=\$UDP_NODE$udp_node
-			[ -n "$proxy_mode" ] && {
+			if [ -n "$ip" ] || [ -n "$mac" ]; then
-				if [ -n "$ip" ] || [ -n "$mac" ]; then
+				if [ -n "$ip" -a -n "$mac" ]; then
-					if [ -n "$ip" -a -n "$mac" ]; then
+					echolog "访问控制：IP：$ip，MAC：$mac，使用TCP_${tcp_node}节点，UDP_${udp_node}节点，TCP模式：$(get_action_chain_name $tcp_proxy_mode)，UDP模式：$(get_action_chain_name $udp_proxy_mode)"
-						echolog "访问控制：IP：$ip，MAC：$mac，使用TCP_${tcp_node}节点，UDP_${udp_node}节点，$(get_action_chain_name $proxy_mode)"
+				else
-					else
+					[ -n "$ip" ] && echolog "访问控制：IP：$ip，使用TCP_${tcp_node}节点，UDP_${udp_node}节点，TCP模式：$(get_action_chain_name $tcp_proxy_mode)，UDP模式：$(get_action_chain_name $udp_proxy_mode)"
-						[ -n "$ip" ] && echolog "访问控制：IP：$ip，使用TCP_${tcp_node}节点，UDP_${udp_node}节点，$(get_action_chain_name $proxy_mode)"
+					[ -n "$mac" ] && echolog "访问控制：MAC：$mac，使用TCP_${tcp_node}节点，UDP_${udp_node}节点，TCP模式：$(get_action_chain_name $tcp_proxy_mode)，UDP模式：$(get_action_chain_name $udp_proxy_mode)"
-						[ -n "$mac" ] && echolog "访问控制：MAC：$mac，使用TCP_${tcp_node}节点，UDP_${udp_node}节点，$(get_action_chain_name $proxy_mode)"
-					fi
-					
-					if [ "$proxy_mode" == "disable" ]; then
-						$ipt_n -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp $(comment "$remarks") -j RETURN
-						$ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp $(comment "$remarks") -j RETURN
-					else
-						[ "$TCP_NODE" != "nil" ] && {
-							eval TCP_NODE_TYPE=$(echo $(config_n_get $TCP_NODE type) | tr 'A-Z' 'a-z')
-							if [ "$TCP_NODE_TYPE" == "brook" -a "$(config_n_get $TCP_NODE brook_protocol client)" == "client" ]; then
-								[ "$tcp_no_redir_ports" != "disable" ] && $ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp -m multiport --dport $tcp_no_redir_ports -j RETURN
-								eval tcp_redir_port=\$TCP_REDIR_PORT$tcp_node
-								$ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp $(factor $tcp_redir_ports "-m multiport --dport") $(comment "$remarks") -$(get_jump_mode $proxy_mode) $(get_action_chain $proxy_mode)$tcp_node
-								$ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp $(comment "$remarks") -j RETURN
-							else
-								[ "$tcp_no_redir_ports" != "disable" ] && $ipt_n -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp -m multiport --dport $tcp_no_redir_ports -j RETURN
-								eval tcp_redir_port=\$TCP_REDIR_PORT$tcp_node
-								$ipt_n -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp $(factor $tcp_redir_ports "-m multiport --dport") $(comment "$remarks") -$(get_jump_mode $proxy_mode) $(get_action_chain $proxy_mode)$tcp_node
-								$ipt_n -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp $(comment "$remarks") -j RETURN
-							fi
-						}
-						[ "$UDP_NODE" != "nil" ] && {
-							[ "$udp_no_redir_ports" != "disable" ] && $ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp -m multiport --dport $udp_no_redir_ports -j RETURN
-							eval udp_redir_port=\$UDP_REDIR_PORT$udp_node
-							$ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp $(factor $udp_redir_ports "-m multiport --dport") $(comment "$remarks") -$(get_jump_mode $proxy_mode) $(get_action_chain $proxy_mode)$udp_node
-							$ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp $(comment "$remarks") -j RETURN
-						}
-					fi
 				fi
-			}
+				
+				[ "$tcp_proxy_mode" != "disable" ] && {
+					[ "$TCP_NODE" != "nil" ] && {
+						local ipt_tmp=$ipt_n
+						eval TCP_NODE_TYPE=$(echo $(config_n_get $TCP_NODE type) | tr 'A-Z' 'a-z')
+						[ "$TCP_NODE_TYPE" == "brook" -a "$(config_n_get $TCP_NODE brook_protocol client)" == "client" ] && ipt_tmp=$ipt_m
+						[ "$tcp_no_redir_ports" != "disable" ] && $ipt_tmp -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp -m multiport --dport $tcp_no_redir_ports -j RETURN
+						#eval tcp_redir_port=\$TCP_REDIR_PORT$tcp_node
+						$ipt_tmp -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp $(factor $tcp_redir_ports "-m multiport --dport") $(comment "$remarks") -$(get_jump_mode $tcp_proxy_mode) $(get_action_chain $tcp_proxy_mode)$tcp_node
+					}
+				}
+				$ipt_n -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp $(comment "$remarks") -j RETURN
+				
+				[ "$udp_proxy_mode" != "disable" ] && {
+					[ "$UDP_NODE" != "nil" ] && {
+						[ "$udp_no_redir_ports" != "disable" ] && $ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp -m multiport --dport $udp_no_redir_ports -j RETURN
+						#eval udp_redir_port=\$UDP_REDIR_PORT$udp_node
+						$ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp $(factor $udp_redir_ports "-m multiport --dport") $(comment "$remarks") -$(get_jump_mode $udp_proxy_mode) $(get_action_chain $udp_proxy_mode)$udp_node
+					}
+				}
+				$ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp $(comment "$remarks") -j RETURN
+			fi
 		done
 	}
 }
@@ -285,26 +276,23 @@ add_firewall_rule() {
 				$ipt_n -N PSW_GFW$i
 				$ipt_n -N PSW_CHN$i
 				$ipt_n -N PSW_HOME$i
-				#$ipt_n -N PSW_GAME$i
 			
 				$ipt_m -N PSW_GLO$i
 				$ipt_m -N PSW_GFW$i
 				$ipt_m -N PSW_CHN$i
 				$ipt_m -N PSW_HOME$i
-				#$ipt_m -N PSW_GAME$i
 			done
 			ip rule add fwmark 1 lookup 100
 			ip route add local 0.0.0.0/0 dev lo table 100
 		fi
 	fi
 
-	if [ "$SOCKS5_NODE_NUM" -ge 1 ]; then
+	for k in $(seq 1 $SOCKS5_NODE_NUM); do
-		for k in $(seq 1 $SOCKS5_NODE_NUM); do
+		eval node=\$SOCKS5_NODE$k
-			eval node=\$SOCKS5_NODE$k
+		[ "$node" != "nil" ] && filter_node $node
-			[ "$node" != "nil" ] && filter_node $node
+	done
-		done
-	fi
 
+	# 加载TCP防火墙
 	if [ "$TCP_NODE_NUM" -ge 1 ]; then
 		for k in $(seq 1 $TCP_NODE_NUM); do
 			eval node=\$TCP_NODE$k
@@ -336,9 +324,6 @@ add_firewall_rule() {
 					# 回国模式
 					$ipt_m -A PSW_HOME$k -p tcp $(dst $IPSET_BLACKLIST) -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port
 					$ipt_m -A PSW_HOME$k -p tcp $(dst $IPSET_CHN) -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port
-
-					# 游戏模式
-					# $ipt_m -A PSW_GAME$k -p tcp $(dst $IPSET_CHN) -j RETURN
 				else
 					# 全局模式
 					$ipt_n -A PSW_GLO$k -p tcp $(dst $IPSET_BLACKLIST) -j REDIRECT --to-ports $local_port
@@ -357,9 +342,6 @@ add_firewall_rule() {
 					$ipt_n -A PSW_HOME$k -p tcp $(dst $IPSET_BLACKLIST) -j REDIRECT --to-ports $local_port
 					$ipt_n -A PSW_HOME$k -p tcp $(dst $IPSET_CHN) -j REDIRECT --to-ports $local_port
 					#$ipt_n -A PSW_HOME$k -p tcp -m geoip --destination-country CN -j REDIRECT --to-ports $local_port
-					
-					# 游戏模式
-					# $ipt_n -A PSW_GAME$k -p tcp $(dst $IPSET_CHN) -j RETURN
 				fi
 				
 				[ "$k" == 1 ] && {
@@ -367,8 +349,10 @@ add_firewall_rule() {
 						[ "$use_tcp_node_resolve_dns" == 1 -a -n "$DNS_FORWARD" ] && {
 							for dns in $DNS_FORWARD
 							do
-								local dns_ip=$(echo $dns | awk -F "#" '{print $1}')
+								local dns_ip=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $1}')
-								local dns_port=$(echo $dns | awk -F "#" '{print $2}')
+								ipset test $IPSET_LANIPLIST $dns_ip 2>/dev/null
+								[ $? == 0 ] && continue
+								local dns_port=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $2}')
 								[ -z "$dns_port" ] && dns_port=53
 								$ipt_m -I PSW 2 -p tcp -d $dns_ip --dport $dns_port -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port
 							done
@@ -377,9 +361,9 @@ add_firewall_rule() {
 						$ipt_m -A OUTPUT -p tcp -j PSW_OUTPUT
 						[ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_m -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
 						$ipt_m -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS $(dst $IPSET_BLACKLIST) $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j MARK --set-mark 1
-						[ "$LOCALHOST_PROXY_MODE" == "global" ] && $ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j MARK --set-mark 1
+						[ "$LOCALHOST_TCP_PROXY_MODE" == "global" ] && $ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j MARK --set-mark 1
-						[ "$LOCALHOST_PROXY_MODE" == "gfwlist" ] && $ipt_m -A PSW_OUTPUT -p tcp $(dst $IPSET_GFW) $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j MARK --set-mark 1
+						[ "$LOCALHOST_TCP_PROXY_MODE" == "gfwlist" ] && $ipt_m -A PSW_OUTPUT -p tcp $(dst $IPSET_GFW) $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j MARK --set-mark 1
-						[ "$LOCALHOST_PROXY_MODE" == "chnroute" ] && $ipt_m -A PSW_OUTPUT -p tcp -m set ! --match-set $IPSET_CHN dst $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j MARK --set-mark 1
+						[ "$LOCALHOST_TCP_PROXY_MODE" == "chnroute" ] && $ipt_m -A PSW_OUTPUT -p tcp -m set ! --match-set $IPSET_CHN dst $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j MARK --set-mark 1
 					else
 						# 用于本机流量转发
 						$ipt_n -A OUTPUT -p tcp -j PSW_OUTPUT
@@ -387,6 +371,8 @@ add_firewall_rule() {
 							for dns in $DNS_FORWARD
 							do
 								local dns_ip=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $1}')
+								ipset test $IPSET_LANIPLIST $dns_ip 2>/dev/null
+								[ $? == 0 ] && continue
 								local dns_port=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $2}')
 								[ -z "$dns_port" ] && dns_port=53
 								local ADD_INDEX=2
@@ -394,7 +380,7 @@ add_firewall_rule() {
 							done
 						}
 						[ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_n -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
-						$ipt_n -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j $(get_action_chain $LOCALHOST_PROXY_MODE)1
+						$ipt_n -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j $(get_action_chain $LOCALHOST_TCP_PROXY_MODE)1
 					fi
 					# 重定所有流量到透明代理端口
 					# $ipt_n -A PSW -p tcp -m ttl --ttl-eq $ttl -j REDIRECT --to $local_port
@@ -435,9 +421,10 @@ add_firewall_rule() {
 			PR_INDEX=$($ipt_n -L PREROUTING --line-numbers | grep "prerouting_rule" | sed -n '$p' | awk '{print $1}')
 			[ -n "$PR_INDEX" ] && PRE_INDEX=$(expr $PR_INDEX + 1)
 		fi
-		$ipt_n -I PREROUTING $PRE_INDEX -j PSW
+		$ipt_n -I PREROUTING $PRE_INDEX -p tcp -j PSW
 	fi
 
+	# 加载UDP防火墙
 	if [ "$UDP_NODE_NUM" -ge 1 ]; then
 		for k in $(seq 1 $UDP_NODE_NUM); do
 			eval node=\$UDP_NODE$k
@@ -462,10 +449,6 @@ add_firewall_rule() {
 				#  回国模式
 				$ipt_m -A PSW_HOME$k -p udp $(dst $IPSET_BLACKLIST) -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port
 				$ipt_m -A PSW_HOME$k -p udp $(dst $IPSET_CHN) -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port
-
-				#  游戏模式
-				# $ipt_m -A PSW_GAME$k -p udp $(dst $IPSET_BLACKLIST) -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port
-				# $ipt_m -A PSW_GAME$k -p udp $(dst $IPSET_CHN !) -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port
 				
 				[ "$k" == 1 ] && {
 					# 用于本机流量转发
@@ -474,6 +457,8 @@ add_firewall_rule() {
 						for dns in $DNS_FORWARD
 						do
 							local dns_ip=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $1}')
+							ipset test $IPSET_LANIPLIST $dns_ip 2>/dev/null
+							[ $? == 0 ] && continue
 							local dns_port=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $2}')
 							[ -z "$dns_port" ] && dns_port=53
 							local ADD_INDEX=2
@@ -484,9 +469,9 @@ add_firewall_rule() {
 					
 					[ "$UDP_NO_REDIR_PORTS" != "disable" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN
 					$ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS $(dst $IPSET_BLACKLIST) -j MARK --set-mark 1
-					[ "$LOCALHOST_PROXY_MODE" == "global" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS -j MARK --set-mark 1
+					[ "$LOCALHOST_UDP_PROXY_MODE" == "global" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS -j MARK --set-mark 1
-					[ "$LOCALHOST_PROXY_MODE" == "gfwlist" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS $(dst $IPSET_GFW) -j MARK --set-mark 1
+					[ "$LOCALHOST_UDP_PROXY_MODE" == "gfwlist" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS $(dst $IPSET_GFW) -j MARK --set-mark 1
-					[ "$LOCALHOST_PROXY_MODE" == "chnroute" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS -m set ! --match-set $IPSET_CHN dst -j MARK --set-mark 1
+					[ "$LOCALHOST_UDP_PROXY_MODE" == "chnroute" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS -m set ! --match-set $IPSET_CHN dst -j MARK --set-mark 1
 				}
 			fi
 		done
@@ -497,50 +482,39 @@ add_firewall_rule() {
 	#  加载ACLS
 	load_acl
 
-	#  加载默认代理模式
+	#  加载TCP默认代理模式
-	if [ "$PROXY_MODE" == "disable" ]; then
+	[ "$TCP_PROXY_MODE" != "disable" ] && {
-		[ "$TCP_NODE1" != "nil" ] && $ipt_n -A PSW_ACL -p tcp $(comment "Default") -j $(get_action_chain $PROXY_MODE)
-		[ "$UDP_NODE1" != "nil" ] && $ipt_m -A PSW_ACL -p udp $(comment "Default") -j $(get_action_chain $PROXY_MODE)
-	else
 		[ "$TCP_NODE1" != "nil" ] && {
+			local ipt_tmp=$ipt_n
 			local TCP_NODE_TYPE1=$(echo $(config_n_get $TCP_NODE1 type) | tr 'A-Z' 'a-z')
-			if [ "$TCP_NODE_TYPE1" == "brook" -a "$(config_n_get $TCP_NODE1 brook_protocol client)" == "client" ]; then
+			[ "$TCP_NODE_TYPE1" == "brook" -a "$(config_n_get $TCP_NODE1 brook_protocol client)" == "client" ] && ipt_tmp=$ipt_m
-				[ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_m -A PSW_ACL -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS $(comment "Default") -j RETURN
+			[ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_tmp -A PSW_ACL -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS $(comment "Default") -j RETURN
-				$ipt_m -A PSW_ACL -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(comment "Default") -j $(get_action_chain $PROXY_MODE)1
+			$ipt_tmp -A PSW_ACL -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(comment "Default") -j $(get_action_chain $TCP_PROXY_MODE)1
-			else
-				[ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_n -A PSW_ACL -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS $(comment "Default") -j RETURN
-				$ipt_n -A PSW_ACL -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(comment "Default") -j $(get_action_chain $PROXY_MODE)1
-			fi
 		}
+	}
+	$ipt_n -A PSW_ACL -p tcp $(comment "Default") -j RETURN
+	echolog "TCP默认代理模式：$(get_action_chain_name $TCP_PROXY_MODE)"
+	
+	#  加载UDP默认代理模式
+	[ "$UDP_PROXY_MODE" == "disable" ] && {
 		[ "$UDP_NODE1" != "nil" ] && {
 			[ "$UDP_NO_REDIR_PORTS" != "disable" ] && $ipt_m -A PSW_ACL -p udp -m multiport --dport $UDP_NO_REDIR_PORTS $(comment "Default") -j RETURN
-			$ipt_m -A PSW_ACL -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(comment "Default") -j $(get_action_chain $PROXY_MODE)1
+			$ipt_m -A PSW_ACL -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(comment "Default") -j $(get_action_chain $UDP_PROXY_MODE)1
 		}
-	fi
+	}
+	$ipt_m -A PSW_ACL -p udp $(comment "Default") -j RETURN
+	echolog "UDP默认代理模式：$(get_action_chain_name $UDP_PROXY_MODE)"
 	
 	#  过滤所有节点IP
 	filter_vpsip
 	
-	dns_hijack "force"
+	# dns_hijack "force"
 	
-	echolog "默认代理模式：$(get_action_chain_name $PROXY_MODE)"
 	echolog "防火墙规则加载完成！"
 }
 
 del_firewall_rule() {
-	ipv6_output_ss_exist=$($ip6t_n -n -L OUTPUT 2>/dev/null | grep -c "PSW")
+	$ipt_n -D PREROUTING -p tcp -j PSW 2>/dev/null
-	[ -n "$ipv6_output_ss_exist" ] && {
-		until [ "$ipv6_output_ss_exist" = 0 ]; do
-			rules=$($ip6t_n -n -L OUTPUT --line-numbers | grep "PSW" | awk '{print $1}')
-			for rule in $rules; do
-				$ip6t_n -D OUTPUT $rule 2>/dev/null
-				break
-			done
-			ipv6_output_ss_exist=$(expr $ipv6_output_ss_exist - 1)
-		done
-	}
-
-	$ipt_n -D PREROUTING -j PSW 2>/dev/null
 	$ipt_n -D OUTPUT -p tcp -j PSW_OUTPUT 2>/dev/null
 	$ipt_n -F PSW 2>/dev/null && $ipt_n -X PSW 2>/dev/null
 	$ipt_n -F PSW_ACL 2>/dev/null && $ipt_n -X PSW_ACL 2>/dev/null
@@ -559,19 +533,15 @@ del_firewall_rule() {
 	$ip6t_n -F PSW_ACL 2>/dev/null && $ip6t_n -X PSW_ACL 2>/dev/null
 	$ip6t_n -F PSW_OUTPUT 2>/dev/null && $ip6t_n -X PSW_OUTPUT 2>/dev/null
 
-	local max_num=3
+	for k in $(seq 1 3); do
-	for i in $(seq 1 $max_num); do
-		local k=$i
 		$ipt_n -F PSW_GLO$k 2>/dev/null && $ipt_n -X PSW_GLO$k 2>/dev/null
 		$ipt_n -F PSW_GFW$k 2>/dev/null && $ipt_n -X PSW_GFW$k 2>/dev/null
 		$ipt_n -F PSW_CHN$k 2>/dev/null && $ipt_n -X PSW_CHN$k 2>/dev/null
-		$ipt_n -F PSW_GAME$k 2>/dev/null && $ipt_n -X PSW_GAME$k 2>/dev/null
 		$ipt_n -F PSW_HOME$k 2>/dev/null && $ipt_n -X PSW_HOME$k 2>/dev/null
 		
 		$ipt_m -F PSW_GLO$k 2>/dev/null && $ipt_m -X PSW_GLO$k 2>/dev/null
 		$ipt_m -F PSW_GFW$k 2>/dev/null && $ipt_m -X PSW_GFW$k 2>/dev/null
 		$ipt_m -F PSW_CHN$k 2>/dev/null && $ipt_m -X PSW_CHN$k 2>/dev/null
-		$ipt_m -F PSW_GAME$k 2>/dev/null && $ipt_m -X PSW_GAME$k 2>/dev/null
 		$ipt_m -F PSW_HOME$k 2>/dev/null && $ipt_m -X PSW_HOME$k 2>/dev/null
 		
 		$ip6t_n -F PSW_GLO$k 2>/dev/null && $ip6t_n -X PSW_GLO$k 2>/dev/null
@@ -587,7 +557,7 @@ del_firewall_rule() {
 	ipset -F $IPSET_VPSIPLIST >/dev/null 2>&1 && ipset -X $IPSET_VPSIPLIST >/dev/null 2>&1 &
 	#ipset -F $IPSET_GFW >/dev/null 2>&1 && ipset -X $IPSET_GFW >/dev/null 2>&1 &
 	#ipset -F $IPSET_CHN >/dev/null 2>&1 && ipset -X $IPSET_CHN >/dev/null 2>&1 &
-	ipset -F $IPSET_BLACKLIST >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST >/dev/null 2>&1 &
+	#ipset -F $IPSET_BLACKLIST >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST >/dev/null 2>&1 &
 	ipset -F $IPSET_WHITELIST >/dev/null 2>&1 && ipset -X $IPSET_WHITELIST >/dev/null 2>&1 &
 	#echolog "删除相关防火墙规则完成。"
 }

package/lienol/luci-app-passwall/root/usr/share/passwall/rules/chnlist

@@ -72558,4 +72558,4 @@ zzzyk.com
 zzzzaaaa.com
 zzzzhong.com
 zzzzllee.com
-zzzzmall.com
+zzzzmall.com