update 2025-08-03 09:48:05
This commit is contained in:
actions-user
parent
513b60ffa8
commit
c91bc6a992
@ -15,6 +15,7 @@ o.rmempty = false
|
||||
|
||||
---- gfwlist URL
|
||||
o = s:option(DynamicList, "gfwlist_url", translate("GFW domains(gfwlist) Update URL"))
|
||||
o:depends("geo2rule", false)
|
||||
o:value("https://fastly.jsdelivr.net/gh/YW5vbnltb3Vz/domain-list-community@release/gfwlist.txt", translate("v2fly/domain-list-community"))
|
||||
o:value("https://fastly.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/gfw.txt", translate("Loyalsoldier/v2ray-rules-dat"))
|
||||
o:value("https://fastly.jsdelivr.net/gh/Loukky/gfwlist-by-loukky/gfwlist.txt", translate("Loukky/gfwlist-by-loukky"))
|
||||
@ -23,6 +24,7 @@ o.default = "https://fastly.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release
|
||||
|
||||
----chnroute URL
|
||||
o = s:option(DynamicList, "chnroute_url", translate("China IPs(chnroute) Update URL"))
|
||||
o:depends("geo2rule", false)
|
||||
o:value("https://fastly.jsdelivr.net/gh/gaoyifan/china-operator-ip@ip-lists/china.txt", translate("gaoyifan/china-operator-ip/china"))
|
||||
o:value("https://ispip.clang.cn/all_cn.txt", translate("Clang.CN"))
|
||||
o:value("https://ispip.clang.cn/all_cn_cidr.txt", translate("Clang.CN.CIDR"))
|
||||
@ -32,12 +34,14 @@ o:value("https://fastly.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule
|
||||
|
||||
----chnroute6 URL
|
||||
o = s:option(DynamicList, "chnroute6_url", translate("China IPv6s(chnroute6) Update URL"))
|
||||
o:depends("geo2rule", false)
|
||||
o:value("https://fastly.jsdelivr.net/gh/gaoyifan/china-operator-ip@ip-lists/china6.txt", translate("gaoyifan/china-operator-ip/china6"))
|
||||
o:value("https://ispip.clang.cn/all_cn_ipv6.txt", translate("Clang.CN.IPv6"))
|
||||
o:value("https://fastly.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/ChinaMax/ChinaMax_IP.txt", translate("ios_rule_script/ChinaMax_IP"))
|
||||
|
||||
----chnlist URL
|
||||
o = s:option(DynamicList, "chnlist_url", translate("China List(Chnlist) Update URL"))
|
||||
o:depends("geo2rule", false)
|
||||
o:value("https://fastly.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/accelerated-domains.china.conf", translate("felixonmars/domains.china"))
|
||||
o:value("https://fastly.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/apple.china.conf", translate("felixonmars/apple.china"))
|
||||
o:value("https://fastly.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/google.china.conf", translate("felixonmars/google.china"))
|
||||
@ -67,6 +71,10 @@ if has_xray or has_singbox then
|
||||
o.rmempty = false
|
||||
|
||||
if api.is_finded("geoview") then
|
||||
o = s:option(Flag, "geo2rule", translate("Generate Rule List from Geo"), translate("Generate rule lists such as GFW, China domains, and China IP ranges based on Geo files."))
|
||||
o.default = 0
|
||||
o.rmempty = false
|
||||
|
||||
o = s:option(Flag, "enable_geoview", translate("Enable Geo Data Parsing"))
|
||||
o.default = 0
|
||||
o.rmempty = false
|
||||
|
||||
@ -982,6 +982,12 @@ msgstr "Geo 规则文件目录"
|
||||
msgid "This variable specifies a directory where geoip.dat and geosite.dat files are."
|
||||
msgstr "此变量指定 geoip.dat 和 geosite.dat 文件所在的目录。"
|
||||
|
||||
msgid "Generate Rule List from Geo"
|
||||
msgstr "从 Geo 文件生成规则"
|
||||
|
||||
msgid "Generate rule lists such as GFW, China domains, and China IP ranges based on Geo files."
|
||||
msgstr "根据 Geo 文件生成规则列表,包括 GFW、中国域名和中国 IP 段等。"
|
||||
|
||||
msgid "Enable Geo Data Parsing"
|
||||
msgstr "开启 Geo 数据解析"
|
||||
|
||||
|
||||
@ -37,6 +37,9 @@ local geoip_url = uci:get(name, "@global_rules[0]", "geoip_url") or "https://gi
|
||||
local geosite_url = uci:get(name, "@global_rules[0]", "geosite_url") or "https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat"
|
||||
local asset_location = uci:get(name, "@global_rules[0]", "v2ray_location_asset") or "/usr/share/v2ray/"
|
||||
local use_nft = uci:get(name, "@global_forwarding[0]", "use_nft") or "0"
|
||||
local geo2rule = uci:get(name, "@global_rules[0]", "geo2rule") or "0"
|
||||
local geoip_update_ok, geosite_update_ok = false, false
|
||||
asset_location = asset_location:match("/$") and asset_location or (asset_location .. "/")
|
||||
|
||||
--兼容旧版本geo下载方式的配置,择机删除。
|
||||
if geoip_url:match(".*/([^/]+)$") == "latest" then
|
||||
@ -141,6 +144,31 @@ local function non_file_check(file_path, vali_file)
|
||||
end
|
||||
end
|
||||
|
||||
local function GeoToRule(rule_name, rule_type, out_path)
|
||||
if not api.is_finded("geoview") then
|
||||
log(rule_name .. "生成失败,缺少 geoview 组件。")
|
||||
return false;
|
||||
end
|
||||
local geosite_path = asset_location .. "geosite.dat"
|
||||
local geoip_path = asset_location .. "geoip.dat"
|
||||
local file_path = (rule_type == "domain") and geosite_path or geoip_path
|
||||
local arg
|
||||
if rule_type == "domain" then
|
||||
if rule_name == "gfwlist" then
|
||||
arg = "-type geosite -list gfw"
|
||||
else
|
||||
arg = "-type geosite -list cn"
|
||||
end
|
||||
elseif rule_type == "ip4" then
|
||||
arg = "-type geoip -list cn -ipv6=false"
|
||||
elseif rule_type == "ip6" then
|
||||
arg = "-type geoip -list cn -ipv4=false"
|
||||
end
|
||||
cmd = string.format("geoview -input '%s' %s -lowmem=true -output '%s'", file_path, arg, out_path)
|
||||
sys.exec(cmd)
|
||||
return true;
|
||||
end
|
||||
|
||||
--fetch rule
|
||||
local function fetch_rule(rule_name,rule_type,url,exclude_domain)
|
||||
local sret = 200
|
||||
@ -151,8 +179,14 @@ local function fetch_rule(rule_name,rule_type,url,exclude_domain)
|
||||
local download_file_tmp = "/tmp/" ..rule_name.. "_dl"
|
||||
local unsort_file_tmp = "/tmp/" ..rule_name.. "_unsort"
|
||||
|
||||
if geo2rule == "1" then
|
||||
url = {"geo2rule"}
|
||||
log(rule_name.. " 开始生成...")
|
||||
else
|
||||
log(rule_name.. " 开始更新...")
|
||||
end
|
||||
for k,v in ipairs(url) do
|
||||
if v ~= "geo2rule" then
|
||||
sret_tmp = curl(v, download_file_tmp..k, vali_file..k)
|
||||
if sret_tmp == 200 and non_file_check(download_file_tmp..k, vali_file..k) then
|
||||
log(rule_name.. " 第" ..k.. "条规则:" ..v.. "下载文件过程出错,尝试重新下载。")
|
||||
@ -165,9 +199,13 @@ local function fetch_rule(rule_name,rule_type,url,exclude_domain)
|
||||
log(rule_name.. " 第" ..k.. "条规则:" ..v.. "下载文件过程出错,请检查网络或下载链接后重试!")
|
||||
end
|
||||
end
|
||||
else
|
||||
if not GeoToRule(rule_name, rule_type, download_file_tmp..k) then return 1 end
|
||||
sret_tmp = 200
|
||||
end
|
||||
|
||||
if sret_tmp == 200 then
|
||||
if rule_name == "gfwlist" then
|
||||
if rule_name == "gfwlist" and geo2rule == "0" then
|
||||
local domains = {}
|
||||
local gfwlist = io.open(download_file_tmp..k, "r")
|
||||
local decode = api.base64Decode(gfwlist:read("*all"))
|
||||
@ -314,6 +352,11 @@ local function fetch_geofile(geo_name, geo_type, url)
|
||||
sys.call(string.format("mkdir -p %s && cp -f %s %s", asset_location, tmp_path, asset_path))
|
||||
reboot = 1
|
||||
log(geo_type .. " 更新成功。")
|
||||
if geo_type == "geoip" then
|
||||
geoip_update_ok = true
|
||||
else
|
||||
geosite_update_ok = true
|
||||
end
|
||||
else
|
||||
log(geo_type .. " 更新失败,请稍后重试或更换更新URL。")
|
||||
return 1
|
||||
@ -326,6 +369,11 @@ local function fetch_geofile(geo_name, geo_type, url)
|
||||
sys.call(string.format("mkdir -p %s && cp -f %s %s", asset_location, tmp_path, asset_path))
|
||||
reboot = 1
|
||||
log(geo_type .. " 更新成功。")
|
||||
if geo_type == "geoip" then
|
||||
geoip_update_ok = true
|
||||
else
|
||||
geosite_update_ok = true
|
||||
end
|
||||
end
|
||||
else
|
||||
log(geo_type .. " 更新失败,请稍后重试或更换更新URL。")
|
||||
@ -392,58 +440,69 @@ if gfwlist_update == "0" and chnroute_update == "0" and chnroute6_update == "0"
|
||||
end
|
||||
|
||||
log("开始更新规则...")
|
||||
if gfwlist_update == "1" then
|
||||
xpcall(fetch_gfwlist,function(e)
|
||||
local function safe_call(func, err_msg)
|
||||
xpcall(func, function(e)
|
||||
log(e)
|
||||
log(debug.traceback())
|
||||
log('更新gfwlist发生错误...')
|
||||
log(err_msg)
|
||||
end)
|
||||
end
|
||||
|
||||
if chnroute_update == "1" then
|
||||
xpcall(fetch_chnroute,function(e)
|
||||
log(e)
|
||||
log(debug.traceback())
|
||||
log('更新chnroute发生错误...')
|
||||
end)
|
||||
local function remove_tmp_geofile(name)
|
||||
os.remove("/tmp/" .. name .. ".dat")
|
||||
os.remove("/tmp/" .. name .. ".dat.sha256sum")
|
||||
end
|
||||
|
||||
if chnroute6_update == "1" then
|
||||
xpcall(fetch_chnroute6,function(e)
|
||||
log(e)
|
||||
log(debug.traceback())
|
||||
log('更新chnroute6发生错误...')
|
||||
end)
|
||||
end
|
||||
|
||||
if chnlist_update == "1" then
|
||||
xpcall(fetch_chnlist,function(e)
|
||||
log(e)
|
||||
log(debug.traceback())
|
||||
log('更新chnlist发生错误...')
|
||||
end)
|
||||
end
|
||||
|
||||
if geoip_update == "1" then
|
||||
if geo2rule == "1" then
|
||||
if geoip_update == "1" then
|
||||
log("geoip 开始更新...")
|
||||
xpcall(fetch_geoip,function(e)
|
||||
log(e)
|
||||
log(debug.traceback())
|
||||
log('更新geoip发生错误...')
|
||||
end)
|
||||
os.remove("/tmp/geoip.dat")
|
||||
os.remove("/tmp/geoip.dat.sha256sum")
|
||||
end
|
||||
safe_call(fetch_geoip, "更新geoip发生错误...")
|
||||
remove_tmp_geofile("geoip")
|
||||
end
|
||||
|
||||
if geosite_update == "1" then
|
||||
if geosite_update == "1" then
|
||||
log("geosite 开始更新...")
|
||||
xpcall(fetch_geosite,function(e)
|
||||
log(e)
|
||||
log(debug.traceback())
|
||||
log('更新geosite发生错误...')
|
||||
end)
|
||||
os.remove("/tmp/geosite.dat")
|
||||
os.remove("/tmp/geosite.dat.sha256sum")
|
||||
safe_call(fetch_geosite, "更新geosite发生错误...")
|
||||
remove_tmp_geofile("geosite")
|
||||
end
|
||||
|
||||
if geoip_update_ok then
|
||||
safe_call(fetch_chnroute, "生成chnroute发生错误...")
|
||||
safe_call(fetch_chnroute6, "生成chnroute6发生错误...")
|
||||
end
|
||||
|
||||
if geosite_update_ok then
|
||||
safe_call(fetch_gfwlist, "生成gfwlist发生错误...")
|
||||
safe_call(fetch_chnlist, "生成chnlist发生错误...")
|
||||
end
|
||||
else
|
||||
if gfwlist_update == "1" then
|
||||
safe_call(fetch_gfwlist, "更新gfwlist发生错误...")
|
||||
end
|
||||
|
||||
if chnroute_update == "1" then
|
||||
safe_call(fetch_chnroute, "更新chnroute发生错误...")
|
||||
end
|
||||
|
||||
if chnroute6_update == "1" then
|
||||
safe_call(fetch_chnroute6, "更新chnroute6发生错误...")
|
||||
end
|
||||
|
||||
if chnlist_update == "1" then
|
||||
safe_call(fetch_chnlist, "更新chnlist发生错误...")
|
||||
end
|
||||
|
||||
if geoip_update == "1" then
|
||||
log("geoip 开始更新...")
|
||||
safe_call(fetch_geoip, "更新geoip发生错误...")
|
||||
remove_tmp_geofile("geoip")
|
||||
end
|
||||
|
||||
if geosite_update == "1" then
|
||||
log("geosite 开始更新...")
|
||||
safe_call(fetch_geosite, "更新geosite发生错误...")
|
||||
remove_tmp_geofile("geosite")
|
||||
end
|
||||
end
|
||||
|
||||
uci:set(name, "@global_rules[0]", "gfwlist_update", gfwlist_update)
|
||||
|
||||
@ -365,7 +365,7 @@ load_acl() {
|
||||
_acl_list=${TMP_ACL_PATH}/${sid}/source_list
|
||||
|
||||
for i in $(cat $_acl_list); do
|
||||
local _ipt_source
|
||||
local _ipt_source _ipv4
|
||||
local msg
|
||||
if [ -n "${interface}" ]; then
|
||||
. /lib/functions/network.sh
|
||||
@ -382,6 +382,7 @@ load_acl() {
|
||||
_iprange=$(echo ${i} | sed 's#iprange:##g')
|
||||
_ipt_source=$(factor ${_iprange} "${_ipt_source}-m iprange --src-range")
|
||||
msg="${msg}IP range【${_iprange}】,"
|
||||
_ipv4="1"
|
||||
unset _iprange
|
||||
elif [ -n "$(echo ${i} | grep '^ipset:')" ]; then
|
||||
_ipset=$(echo ${i} | sed 's#ipset:##g')
|
||||
@ -399,6 +400,7 @@ load_acl() {
|
||||
_ip=$(echo ${i} | sed 's#ip:##g')
|
||||
_ipt_source=$(factor ${_ip} "${_ipt_source}-s")
|
||||
msg="${msg}IP【${_ip}】,"
|
||||
_ipv4="1"
|
||||
unset _ip
|
||||
elif [ -n "$(echo ${i} | grep '^mac:')" ]; then
|
||||
_mac=$(echo ${i} | sed 's#mac:##g')
|
||||
@ -417,7 +419,7 @@ load_acl() {
|
||||
|
||||
[ "$tcp_no_redir_ports" != "disable" ] && {
|
||||
if [ "$tcp_no_redir_ports" != "1:65535" ]; then
|
||||
add_port_rules "$ip6t_m -A PSW2 $(comment "$remarks") ${_ipt_source} -p tcp" $tcp_no_redir_ports "-j RETURN" 2>/dev/null
|
||||
[ "$_ipv4" != "1" ] && add_port_rules "$ip6t_m -A PSW2 $(comment "$remarks") ${_ipt_source} -p tcp" $tcp_no_redir_ports "-j RETURN" 2>/dev/null
|
||||
add_port_rules "$ipt_tmp -A PSW2 $(comment "$remarks") ${_ipt_source} -p tcp" $tcp_no_redir_ports "-j RETURN"
|
||||
echolog " - ${msg}不代理 TCP 端口[${tcp_no_redir_ports}]"
|
||||
else
|
||||
@ -429,7 +431,7 @@ load_acl() {
|
||||
|
||||
[ "$udp_no_redir_ports" != "disable" ] && {
|
||||
if [ "$udp_no_redir_ports" != "1:65535" ]; then
|
||||
add_port_rules "$ip6t_m -A PSW2 $(comment "$remarks") ${_ipt_source} -p udp" $udp_no_redir_ports "-j RETURN" 2>/dev/null
|
||||
[ "$_ipv4" != "1" ] && add_port_rules "$ip6t_m -A PSW2 $(comment "$remarks") ${_ipt_source} -p udp" $udp_no_redir_ports "-j RETURN" 2>/dev/null
|
||||
add_port_rules "$ipt_m -A PSW2 $(comment "$remarks") ${_ipt_source} -p udp" $udp_no_redir_ports "-j RETURN"
|
||||
echolog " - ${msg}不代理 UDP 端口[${udp_no_redir_ports}]"
|
||||
else
|
||||
@ -479,7 +481,7 @@ load_acl() {
|
||||
add_port_rules "$ipt_tmp -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source}" $tcp_redir_ports "${ipt_j}"
|
||||
[ -n "${is_tproxy}" ] && $ipt_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(REDIRECT $redir_port TPROXY)
|
||||
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
[ "$PROXY_IPV6" == "1" ] && [ "$_ipv4" != "1" ] && {
|
||||
$ip6t_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} -d $FAKE_IP_6 -j PSW2_RULE 2>/dev/null
|
||||
add_shunt_t_rule "${shunt_list6}" "$ip6t_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source}" "${ipt_j}" $tcp_redir_ports 2>/dev/null
|
||||
add_port_rules "$ip6t_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source}" $tcp_redir_ports "-j PSW2_RULE" 2>/dev/null
|
||||
@ -488,7 +490,7 @@ load_acl() {
|
||||
echolog " - ${msg2}"
|
||||
}
|
||||
$ipt_tmp -A PSW2 $(comment "$remarks") ${_ipt_source} -p tcp -j RETURN
|
||||
$ip6t_m -A PSW2 $(comment "$remarks") ${_ipt_source} -p tcp -j RETURN 2>/dev/null
|
||||
[ "$_ipv4" != "1" ] && $ip6t_m -A PSW2 $(comment "$remarks") ${_ipt_source} -p tcp -j RETURN 2>/dev/null
|
||||
|
||||
[ "$udp_proxy_mode" != "disable" ] && [ -n "$redir_port" ] && {
|
||||
msg2="${msg}使用 UDP 节点[$node_remark](TPROXY:${redir_port})"
|
||||
@ -498,7 +500,7 @@ load_acl() {
|
||||
add_port_rules "$ipt_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source}" $udp_redir_ports "-j PSW2_RULE"
|
||||
$ipt_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(REDIRECT $redir_port TPROXY)
|
||||
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
[ "$PROXY_IPV6" == "1" ] && [ "$_ipv4" != "1" ] && {
|
||||
$ip6t_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} -d $FAKE_IP_6 -j PSW2_RULE 2>/dev/null
|
||||
add_shunt_t_rule "${shunt_list6}" "$ip6t_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source}" "-j PSW2_RULE" $udp_redir_ports 2>/dev/null
|
||||
add_port_rules "$ip6t_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source}" $udp_redir_ports "-j PSW2_RULE" 2>/dev/null
|
||||
@ -507,8 +509,8 @@ load_acl() {
|
||||
echolog " - ${msg2}"
|
||||
}
|
||||
$ipt_m -A PSW2 $(comment "$remarks") ${_ipt_source} -p udp -j RETURN
|
||||
$ip6t_m -A PSW2 $(comment "$remarks") ${_ipt_source} -p udp -j RETURN 2>/dev/null
|
||||
unset ipt_tmp ipt_j _ipt_source msg msg2
|
||||
[ "$_ipv4" != "1" ] && $ip6t_m -A PSW2 $(comment "$remarks") ${_ipt_source} -p udp -j RETURN 2>/dev/null
|
||||
unset ipt_tmp ipt_j _ipt_source msg msg2 _ipv4
|
||||
done
|
||||
unset enabled sid remarks sources tcp_no_redir_ports udp_no_redir_ports tcp_redir_ports udp_redir_ports node interface write_ipset_direct
|
||||
unset node_remark _acl_list
|
||||
|
||||
@ -389,7 +389,7 @@ load_acl() {
|
||||
_acl_list=${TMP_ACL_PATH}/${sid}/source_list
|
||||
|
||||
for i in $(cat $_acl_list); do
|
||||
local _ipt_source
|
||||
local _ipt_source _ipv4
|
||||
local msg
|
||||
if [ -n "${interface}" ]; then
|
||||
. /lib/functions/network.sh
|
||||
@ -406,6 +406,7 @@ load_acl() {
|
||||
_iprange=$(echo ${i} | sed 's#iprange:##g')
|
||||
_ipt_source=$(factor ${_iprange} "${_ipt_source}ip saddr")
|
||||
msg="${msg}IP range【${_iprange}】,"
|
||||
_ipv4="1"
|
||||
unset _iprange
|
||||
elif [ -n "$(echo ${i} | grep '^ipset:')" ]; then
|
||||
_ipset=$(echo ${i} | sed 's#ipset:##g')
|
||||
@ -416,6 +417,7 @@ load_acl() {
|
||||
_ip=$(echo ${i} | sed 's#ip:##g')
|
||||
_ipt_source=$(factor ${_ip} "${_ipt_source}ip saddr")
|
||||
msg="${msg}IP【${_ip}】,"
|
||||
_ipv4="1"
|
||||
unset _ip
|
||||
elif [ -n "$(echo ${i} | grep '^mac:')" ]; then
|
||||
_mac=$(echo ${i} | sed 's#mac:##g')
|
||||
@ -432,7 +434,7 @@ load_acl() {
|
||||
[ "$tcp_no_redir_ports" != "disable" ] && {
|
||||
if [ "$tcp_no_redir_ports" != "1:65535" ]; then
|
||||
nft "add rule $NFTABLE_NAME $nft_prerouting_chain ${_ipt_source} ip protocol tcp $(factor $tcp_no_redir_ports "tcp dport") counter return comment \"$remarks\""
|
||||
nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 ${_ipt_source} meta l4proto tcp $(factor $tcp_no_redir_ports "tcp dport") counter return comment \"$remarks\""
|
||||
[ "$_ipv4" != "1" ] && nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 ${_ipt_source} meta l4proto tcp $(factor $tcp_no_redir_ports "tcp dport") counter return comment \"$remarks\""
|
||||
echolog " - ${msg}不代理 TCP 端口[${tcp_no_redir_ports}]"
|
||||
else
|
||||
#结束时会return,无需加多余的规则。
|
||||
@ -444,7 +446,7 @@ load_acl() {
|
||||
[ "$udp_no_redir_ports" != "disable" ] && {
|
||||
if [ "$udp_no_redir_ports" != "1:65535" ]; then
|
||||
nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp ${_ipt_source} $(factor $udp_no_redir_ports "udp dport") counter return comment \"$remarks\""
|
||||
nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_no_redir_ports "udp dport") counter return comment \"$remarks\"" 2>/dev/null
|
||||
[ "$_ipv4" != "1" ] && nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_no_redir_ports "udp dport") counter return comment \"$remarks\"" 2>/dev/null
|
||||
echolog " - ${msg}不代理 UDP 端口[${udp_no_redir_ports}]"
|
||||
else
|
||||
#结束时会return,无需加多余的规则。
|
||||
@ -499,7 +501,7 @@ load_acl() {
|
||||
nft "add rule $NFTABLE_NAME $nft_chain ip protocol tcp ${_ipt_source} $(factor $tcp_redir_ports "tcp dport") ${nft_j} comment \"$remarks\""
|
||||
[ -n "${is_tproxy}" ] && nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol tcp ${_ipt_source} $(REDIRECT $redir_port TPROXY4) comment \"$remarks\""
|
||||
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
[ "$PROXY_IPV6" == "1" ] && [ "$_ipv4" != "1" ] && {
|
||||
nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto tcp ${_ipt_source} ip6 daddr $FAKE_IP_6 counter jump PSW2_RULE comment \"$remarks\""
|
||||
add_shunt_t_rule "${shunt_list6}" "nft add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto tcp ${_ipt_source} $(factor $tcp_redir_ports "tcp dport") ip6 daddr" "counter jump PSW2_RULE" "$remarks" 2>/dev/null
|
||||
nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto tcp ${_ipt_source} $(factor $tcp_redir_ports "tcp dport") counter jump PSW2_RULE comment \"$remarks\"" 2>/dev/null
|
||||
@ -508,7 +510,7 @@ load_acl() {
|
||||
echolog " - ${msg2}"
|
||||
}
|
||||
nft "add rule $NFTABLE_NAME $nft_prerouting_chain ip protocol tcp ${_ipt_source} counter return comment \"$remarks\""
|
||||
nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto tcp ${_ipt_source} counter return comment \"$remarks\"" 2>/dev/null
|
||||
[ "$_ipv4" != "1" ] && nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto tcp ${_ipt_source} counter return comment \"$remarks\"" 2>/dev/null
|
||||
|
||||
[ "$udp_proxy_mode" != "disable" ] && [ -n "$redir_port" ] && {
|
||||
msg2="${msg}使用 UDP 节点[$node_remark](TPROXY:${redir_port})"
|
||||
@ -518,17 +520,17 @@ load_acl() {
|
||||
nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") counter jump PSW2_RULE comment \"$remarks\""
|
||||
nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp ${_ipt_source} $(REDIRECT $redir_port TPROXY4) comment \"$remarks\""
|
||||
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
[ "$PROXY_IPV6" == "1" ] && [ "$_ipv4" != "1" ] && {
|
||||
nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ${_ipt_source} ip6 daddr $FAKE_IP_6 counter jump PSW2_RULE comment \"$remarks\""
|
||||
add_shunt_t_rule "${shunt_list6}" "nft add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") ip6 daddr" "counter jump PSW2_RULE" "$remarks"
|
||||
add_shunt_t_rule "${shunt_list6}" "nft add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") ip6 daddr" "counter jump PSW2_RULE" "$remarks" 2>/dev/null
|
||||
nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") counter jump PSW2_RULE comment \"$remarks\"" 2>/dev/null
|
||||
nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ${_ipt_source} $(REDIRECT $redir_port TPROXY) comment \"$remarks\"" 2>/dev/null
|
||||
}
|
||||
echolog " - ${msg2}"
|
||||
}
|
||||
nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp ${_ipt_source} counter return comment \"$remarks\""
|
||||
nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ${_ipt_source} counter return comment \"$remarks\"" 2>/dev/null
|
||||
unset nft_chain nft_j _ipt_source msg msg2
|
||||
[ "$_ipv4" != "1" ] && nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ${_ipt_source} counter return comment \"$remarks\"" 2>/dev/null
|
||||
unset nft_chain nft_j _ipt_source msg msg2 _ipv4
|
||||
done
|
||||
unset enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_redir_ports udp_redir_ports node interface write_ipset_direct
|
||||
unset redir_port node_remark _acl_list
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user