diff --git a/luci-app-passwall/Makefile b/luci-app-passwall/Makefile
index 50231c67e..f643c161c 100644
--- a/luci-app-passwall/Makefile
+++ b/luci-app-passwall/Makefile
@@ -6,7 +6,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-passwall
-PKG_VERSION:=4.76-2
+PKG_VERSION:=4.76-3
PKG_RELEASE:=
PKG_CONFIG_DEPENDS:= \
diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
index ca4616759..3c99e2e9d 100644
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
@@ -424,7 +424,7 @@ o:depends(_depends)
o = s:taboption("DNS", Button, "clear_ipset", translate("Clear IPSET"), translate("Try this feature if the rule modification does not take effect."))
o.inputstyle = "remove"
function o.write(e, e)
- luci.sys.call("[ -n \"$(nft list sets 2>/dev/null | grep \"passwall_\")\" ] && sh /usr/share/" .. appname .. "/nftables.sh flush_nftset || sh /usr/share/" .. appname .. "/iptables.sh flush_ipset > /dev/null 2>&1 &")
+ luci.sys.call('[ -n "$(nft list sets 2>/dev/null | grep \"passwall_\")" ] && sh /usr/share/passwall/nftables.sh flush_nftset_reload || sh /usr/share/passwall/iptables.sh flush_ipset_reload > /dev/null 2>&1 &')
luci.http.redirect(api.url("log"))
end
diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua
index 8c76bbede..2497d32e0 100644
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua
@@ -268,4 +268,8 @@ if sys.call('[ -f "/www/luci-static/resources/uci.js" ]') == 0 then
end
end
+function m.on_commit(self)
+ luci.sys.call('[ -n "$(nft list sets 2>/dev/null | grep \"passwall_\")" ] && sh /usr/share/passwall/nftables.sh flush_nftset || sh /usr/share/passwall/iptables.sh flush_ipset > /dev/null 2>&1 &')
+end
+
return m
diff --git a/luci-app-passwall/luasrc/view/passwall/global/proxy.htm b/luci-app-passwall/luasrc/view/passwall/global/proxy.htm
index 7271331de..33ce38f08 100644
--- a/luci-app-passwall/luasrc/view/passwall/global/proxy.htm
+++ b/luci-app-passwall/luasrc/view/passwall/global/proxy.htm
@@ -7,6 +7,7 @@
+
@@ -99,4 +100,11 @@
opt.set("tcp_proxy_mode", "disable");
opt.set("udp_proxy_mode", "disable");
}
+
+ function switch_global_mode() {
+ opt.set("use_gfw_list", false);
+ opt.set("chn_list", "0");
+ opt.set("tcp_proxy_mode", "proxy");
+ opt.set("udp_proxy_mode", "proxy");
+ }
diff --git a/luci-app-passwall/root/usr/share/passwall/iptables.sh b/luci-app-passwall/root/usr/share/passwall/iptables.sh
index 397927adf..719aef575 100755
--- a/luci-app-passwall/root/usr/share/passwall/iptables.sh
+++ b/luci-app-passwall/root/usr/share/passwall/iptables.sh
@@ -135,7 +135,9 @@ REDIRECT() {
get_jump_ipt() {
case "$1" in
direct)
- echo "-j RETURN"
+ local mark="-m mark ! --mark 1"
+ s="${mark} -j RETURN"
+ echo $s
;;
proxy)
if [ -n "$2" ] && [ -n "$(echo $2 | grep "^-")" ]; then
@@ -1174,10 +1176,15 @@ del_firewall_rule() {
}
flush_ipset() {
- del_firewall_rule
+ $DIR/app.sh echolog "清空 IPSET。"
for _name in $(ipset list | grep "Name: " | grep "passwall_" | awk '{print $2}'); do
destroy_ipset ${_name}
done
+}
+
+flush_ipset_reload() {
+ del_firewall_rule
+ flush_ipset
rm -rf /tmp/singbox_passwall*
rm -rf /tmp/etc/passwall_tmp/dnsmasq*
/etc/init.d/passwall reload
@@ -1301,6 +1308,9 @@ insert_rule_after)
flush_ipset)
flush_ipset
;;
+flush_ipset_reload)
+ flush_ipset_reload
+ ;;
get_ipt_bin)
get_ipt_bin
;;
diff --git a/luci-app-passwall/root/usr/share/passwall/nftables.sh b/luci-app-passwall/root/usr/share/passwall/nftables.sh
index 68a4d1c1c..e4ba3f5f1 100755
--- a/luci-app-passwall/root/usr/share/passwall/nftables.sh
+++ b/luci-app-passwall/root/usr/share/passwall/nftables.sh
@@ -170,7 +170,7 @@ gen_nftset() {
get_jump_ipt() {
case "$1" in
direct)
- echo "counter return"
+ echo "mark != 1 counter return"
;;
proxy)
if [ -n "$2" ] && [ -n "$(echo $2 | grep "^counter")" ]; then
@@ -1218,10 +1218,15 @@ del_firewall_rule() {
}
flush_nftset() {
- del_firewall_rule
+ $DIR/app.sh echolog "清空 NFTSET。"
for _name in $(nft -a list sets | grep -E "passwall" | awk -F 'set ' '{print $2}' | awk '{print $1}'); do
destroy_nftset ${_name}
done
+}
+
+flush_nftset_reload() {
+ del_firewall_rule
+ flush_nftset
rm -rf /tmp/singbox_passwall*
rm -rf /tmp/etc/passwall_tmp/dnsmasq*
/etc/init.d/passwall reload
@@ -1328,6 +1333,9 @@ insert_rule_after)
flush_nftset)
flush_nftset
;;
+flush_nftset_reload)
+ flush_nftset_reload
+ ;;
get_wan_ip)
get_wan_ip
;;
diff --git a/luci-app-passwall/root/usr/share/passwall/rule_update.lua b/luci-app-passwall/root/usr/share/passwall/rule_update.lua
index 36375c4db..75505ddc8 100755
--- a/luci-app-passwall/root/usr/share/passwall/rule_update.lua
+++ b/luci-app-passwall/root/usr/share/passwall/rule_update.lua
@@ -461,9 +461,9 @@ luci.sys.call("uci commit " .. name)
if reboot == 1 then
log("重启服务,应用新的规则。")
if use_nft == "1" then
- luci.sys.call("sh /usr/share/" .. name .. "/nftables.sh flush_nftset > /dev/null 2>&1 &")
+ luci.sys.call("sh /usr/share/" .. name .. "/nftables.sh flush_nftset_reload > /dev/null 2>&1 &")
else
- luci.sys.call("sh /usr/share/" .. name .. "/iptables.sh flush_ipset > /dev/null 2>&1 &")
+ luci.sys.call("sh /usr/share/" .. name .. "/iptables.sh flush_ipset_reload > /dev/null 2>&1 &")
end
end
log("规则更新完毕...")