diff --git a/luci-app-passwall/luasrc/controller/passwall.lua b/luci-app-passwall/luasrc/controller/passwall.lua index f5a412974..7dfd444ef 100644 --- a/luci-app-passwall/luasrc/controller/passwall.lua +++ b/luci-app-passwall/luasrc/controller/passwall.lua @@ -42,7 +42,7 @@ function index() end entry({"admin", "services", appname, "app_update"}, cbi(appname .. "/client/app_update"), _("App Update"), 95).leaf = true entry({"admin", "services", appname, "rule"}, cbi(appname .. "/client/rule"), _("Rule Manage"), 96).leaf = true - entry({"admin", "services", appname, "rule_list"}, cbi(appname .. "/client/rule_list"), _("Rule List"), 97).leaf = true + entry({"admin", "services", appname, "rule_list"}, cbi(appname .. "/client/rule_list", {autoapply = true}), _("Rule List"), 97).leaf = true entry({"admin", "services", appname, "node_subscribe_config"}, cbi(appname .. "/client/node_subscribe_config")).leaf = true entry({"admin", "services", appname, "node_config"}, cbi(appname .. "/client/node_config")).leaf = true entry({"admin", "services", appname, "shunt_rules"}, cbi(appname .. "/client/shunt_rules")).leaf = true @@ -109,16 +109,14 @@ function reset_config() end function show_menu() - uci:delete(appname, "@global[0]", "hide_from_luci") - api.uci_save(uci, appname, true) + api.sh_uci_del(appname, "@global[0]", "hide_from_luci", true) luci.sys.call("rm -rf /tmp/luci-*") luci.sys.call("/etc/init.d/rpcd restart >/dev/null") luci.http.redirect(api.url()) end function hide_menu() - uci:set(appname, "@global[0]", "hide_from_luci","1") - api.uci_save(uci, appname, true) + api.sh_uci_set(appname, "@global[0]", "hide_from_luci", "1", true) luci.sys.call("rm -rf /tmp/luci-*") luci.sys.call("/etc/init.d/rpcd restart >/dev/null") luci.http.redirect(luci.dispatcher.build_url("admin", "status", "overview")) @@ -361,8 +359,7 @@ function set_node() local protocol = luci.http.formvalue("protocol") local section = luci.http.formvalue("section") uci:set(appname, "@global[0]", protocol .. "_node", section) - api.uci_save(uci, appname, true) - luci.sys.call("/etc/init.d/passwall restart > /dev/null 2>&1 &") + api.uci_save(uci, appname, true, true) luci.http.redirect(api.url("log")) end diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua index 952e4c8ed..463bdff1c 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua @@ -607,7 +607,8 @@ else end o.inputstyle = "remove" function o.write(e, e) - luci.sys.call('[ -n "$(nft list sets 2>/dev/null | grep \"passwall_\")" ] && sh /usr/share/passwall/nftables.sh flush_nftset_reload || sh /usr/share/passwall/iptables.sh flush_ipset_reload > /dev/null 2>&1 &') + m:set("@global[0]", "flush_set", "1") + api.uci_save(m.uci, appname, true, true) luci.http.redirect(api.url("log")) end diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua index 094b1dfd2..2c0d55695 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua @@ -312,15 +312,18 @@ end m:append(Template(appname .. "/rule_list/js")) -if sys.call('[ -f "/www/luci-static/resources/uci.js" ]') == 0 then +function m.on_before_save(self) + m:set("@global[0]", "flush_set", "1") +end + +if api.is_js_luci() then + function m.on_before_save(self) + api.sh_uci_set(appname, "@global[0]", "flush_set", "1", true) + end m.apply_on_parse = true function m.on_apply(self) luci.sys.call("/etc/init.d/passwall reload > /dev/null 2>&1 &") end end -function m.on_commit(self) - luci.sys.call('[ -n "$(nft list sets 2>/dev/null | grep \"passwall_\")" ] && sh /usr/share/passwall/nftables.sh flush_nftset || sh /usr/share/passwall/iptables.sh flush_ipset > /dev/null 2>&1 &') -end - return m diff --git a/luci-app-passwall/root/usr/share/passwall/iptables.sh b/luci-app-passwall/root/usr/share/passwall/iptables.sh index 9f24c698d..51843cfe9 100755 --- a/luci-app-passwall/root/usr/share/passwall/iptables.sh +++ b/luci-app-passwall/root/usr/share/passwall/iptables.sh @@ -1254,15 +1254,6 @@ add_firewall_rule() { } del_firewall_rule() { - # 10秒内禁止重复运行 - local time_file="/tmp/etc/passwall_tmp/del_fw_rule_time" - local current_time=$(date +%s) - if [ -f "$time_file" ]; then - local last_time=$(head -n 1 "$time_file" 2>/dev/null | tr -d ' \t' | grep -E '^[0-9]+$' || echo 0) - [ $((current_time - last_time)) -le 10 ] && return 0 - fi - echo "$current_time" > "$time_file" - for ipt in "$ipt_n" "$ipt_m" "$ip6t_n" "$ip6t_m"; do for chain in "PREROUTING" "OUTPUT"; do for i in $(seq 1 $($ipt -nL $chain | grep -c PSW)); do @@ -1302,25 +1293,16 @@ del_firewall_rule() { destroy_ipset $IPSET_BLOCK6 destroy_ipset $IPSET_WHITE6 - $DIR/app.sh echolog "删除iptables防火墙规则完成。" + $DIR/app.sh echolog "删除 iptables 规则完成。" } flush_ipset() { - $DIR/app.sh echolog "清空 IPSET。" + $DIR/app.sh echolog "清空 IPSet。" for _name in $(ipset list | grep "Name: " | grep "passwall_" | awk '{print $2}'); do destroy_ipset ${_name} done } -flush_ipset_reload() { - del_firewall_rule - flush_ipset - rm -rf /tmp/etc/passwall_tmp/singbox* - rm -rf /tmp/etc/passwall_tmp/smartdns* - rm -rf /tmp/etc/passwall_tmp/dnsmasq* - /etc/init.d/passwall reload -} - flush_include() { echo '#!/bin/sh' >$FWI } @@ -1421,6 +1403,14 @@ start() { stop() { del_firewall_rule + [ $(config_t_get global flush_set "0") = "1" ] && { + uci -q delete ${CONFIG}.@global[0].flush_set + uci -q commit ${CONFIG} + flush_ipset + rm -rf /tmp/etc/passwall_tmp/singbox* + rm -rf /tmp/etc/passwall_tmp/smartdns* + rm -rf /tmp/etc/passwall_tmp/dnsmasq* + } flush_include } @@ -1436,12 +1426,6 @@ insert_rule_before) insert_rule_after) insert_rule_after "$@" ;; -flush_ipset) - flush_ipset - ;; -flush_ipset_reload) - flush_ipset_reload - ;; get_ipt_bin) get_ipt_bin ;; diff --git a/luci-app-passwall/root/usr/share/passwall/nftables.sh b/luci-app-passwall/root/usr/share/passwall/nftables.sh index 8c8f9967e..4f74a5b46 100755 --- a/luci-app-passwall/root/usr/share/passwall/nftables.sh +++ b/luci-app-passwall/root/usr/share/passwall/nftables.sh @@ -1300,15 +1300,6 @@ add_firewall_rule() { } del_firewall_rule() { - # 10秒内禁止重复运行 - local time_file="/tmp/etc/passwall_tmp/del_fw_rule_time" - local current_time=$(date +%s) - if [ -f "$time_file" ]; then - local last_time=$(head -n 1 "$time_file" 2>/dev/null | tr -d ' \t' | grep -E '^[0-9]+$' || echo 0) - [ $((current_time - last_time)) -le 10 ] && return 0 - fi - echo "$current_time" > "$time_file" - for nft in "dstnat" "srcnat" "nat_output" "mangle_prerouting" "mangle_output"; do local handles=$(nft -a list chain $NFTABLE_NAME ${nft} 2>/dev/null | grep -E "PSW_" | awk -F '# handle ' '{print$2}') for handle in $handles; do @@ -1349,11 +1340,11 @@ del_firewall_rule() { destroy_nftset $NFTSET_BLOCK6 destroy_nftset $NFTSET_WHITE6 - $DIR/app.sh echolog "删除nftables防火墙规则完成。" + $DIR/app.sh echolog "删除 nftables 规则完成。" } flush_nftset() { - $DIR/app.sh echolog "清空 NFTSET。" + $DIR/app.sh echolog "清空 NFTSet。" for _name in $(nft -a list sets | grep -E "passwall" | awk -F 'set ' '{print $2}' | awk '{print $1}'); do destroy_nftset ${_name} done @@ -1364,15 +1355,6 @@ flush_table() { nft delete table $NFTABLE_NAME } -flush_nftset_reload() { - del_firewall_rule - flush_table - rm -rf /tmp/etc/passwall_tmp/singbox* - rm -rf /tmp/etc/passwall_tmp/smartdns* - rm -rf /tmp/etc/passwall_tmp/dnsmasq* - /etc/init.d/passwall reload -} - flush_include() { echo '#!/bin/sh' >$FWI } @@ -1424,6 +1406,15 @@ start() { stop() { del_firewall_rule + [ $(config_t_get global flush_set "0") = "1" ] && { + uci -q delete ${CONFIG}.@global[0].flush_set + uci -q commit ${CONFIG} + #flush_table + flush_nftset + rm -rf /tmp/etc/passwall_tmp/singbox* + rm -rf /tmp/etc/passwall_tmp/smartdns* + rm -rf /tmp/etc/passwall_tmp/dnsmasq* + } flush_include } @@ -1439,12 +1430,6 @@ insert_rule_before) insert_rule_after) insert_rule_after "$@" ;; -flush_nftset) - flush_nftset - ;; -flush_nftset_reload) - flush_nftset_reload - ;; get_wan_ip) get_wan_ip ;; diff --git a/luci-app-passwall/root/usr/share/passwall/rule_update.lua b/luci-app-passwall/root/usr/share/passwall/rule_update.lua index f0ffc645e..f6c11a1fd 100755 --- a/luci-app-passwall/root/usr/share/passwall/rule_update.lua +++ b/luci-app-passwall/root/usr/share/passwall/rule_update.lua @@ -479,10 +479,7 @@ if reboot == 1 then end log("重启服务,应用新的规则。") - if use_nft == "1" then - sys.call("sh /usr/share/" .. name .. "/nftables.sh flush_nftset_reload > /dev/null 2>&1 &") - else - sys.call("sh /usr/share/" .. name .. "/iptables.sh flush_ipset_reload > /dev/null 2>&1 &") - end + uci:set(name, "@global[0]", "flush_set", "1") + api.uci_save(uci, name, true, true) end log("规则更新完毕...") diff --git a/patch-luci-app-passwall.patch b/patch-luci-app-passwall.patch index 28e014204..05c8f0eae 100644 --- a/patch-luci-app-passwall.patch +++ b/patch-luci-app-passwall.patch @@ -20,7 +20,7 @@ index 18cdd8d..44f5958 100644 define Package/$(PKG_NAME)/postrm diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua -index 3f6dd8c..952e4c8 100644 +index de67f1c..463bdff 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua @@ -492,6 +492,12 @@ o:value("9.9.9.9", "9.9.9.9 (Quad9)")