From 44a77873ee80378bc464fe2dea4080df2a4fdb82 Mon Sep 17 00:00:00 2001 From: sbwml Date: Wed, 4 Sep 2024 17:30:08 +0800 Subject: [PATCH] luci-app-passwall: sync upstream last commit: https://github.com/xiaorouji/openwrt-passwall/commit/231e3cb6980d1436187fd599f13831c397a8f95b --- .../root/usr/share/passwall/iptables.sh | 12 ++++++++---- .../root/usr/share/passwall/nftables.sh | 8 +++++--- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/luci-app-passwall/root/usr/share/passwall/iptables.sh b/luci-app-passwall/root/usr/share/passwall/iptables.sh index c77084d5b..a8ce15ae9 100755 --- a/luci-app-passwall/root/usr/share/passwall/iptables.sh +++ b/luci-app-passwall/root/usr/share/passwall/iptables.sh @@ -584,13 +584,14 @@ filter_haproxy() { local ip=$(get_host_ip ipv4 $(echo $item | awk -F ":" '{print $1}') 1) ipset -q add $IPSET_VPSLIST $ip done - echolog " - [$?]加入负载均衡的节点到ipset[$IPSET_VPSLIST]" + echolog " - [$?]加入负载均衡的节点到ipset[$IPSET_VPSLIST]直连完成" } filter_vpsip() { - uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | grep -v "^127\.0\.0\.1$" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + echolog " - [$?]加入所有IPv4节点到ipset[$IPSET_VPSLIST]直连完成" uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSLIST6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - echolog " - [$?]加入所有节点到ipset[$IPSET_VPSLIST]" + echolog " - [$?]加入所有IPv6节点到ipset[$IPSET_VPSLIST6]直连完成" } filter_node() { @@ -841,7 +842,10 @@ add_firewall_rule() { $ipt_m -A PSW $(dst $IPSET_LANLIST) -j RETURN $ipt_m -A PSW $(dst $IPSET_VPSLIST) -j RETURN - [ ! -z "${WAN_IP}" ] && $ipt_m -A PSW $(comment "WAN_IP_RETURN") -d "${WAN_IP}" -j RETURN + [ ! -z "${WAN_IP}" ] && { + $ipt_m -A PSW $(comment "WAN_IP_RETURN") -d "${WAN_IP}" -j RETURN + echolog " - [$?]追加WAN IP到iptables:${WAN_IP}" + } unset WAN_IP insert_rule_before "$ipt_m" "PREROUTING" "mwan3" "-j PSW" diff --git a/luci-app-passwall/root/usr/share/passwall/nftables.sh b/luci-app-passwall/root/usr/share/passwall/nftables.sh index e30b79a80..b422f63fb 100755 --- a/luci-app-passwall/root/usr/share/passwall/nftables.sh +++ b/luci-app-passwall/root/usr/share/passwall/nftables.sh @@ -662,9 +662,10 @@ filter_vps_addr() { } filter_vpsip() { - insert_nftset $NFTSET_VPSLIST "-1" $(uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | sed -e "/^$/d") + insert_nftset $NFTSET_VPSLIST "-1" $(uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | grep -v "^127\.0\.0\.1$" | sed -e "/^$/d") + echolog " - [$?]加入所有IPv4节点到nftset[$NFTSET_VPSLIST]直连完成" insert_nftset $NFTSET_VPSLIST6 "-1" $(uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d") - echolog " - [$?]加入所有节点到nftset[$NFTSET_VPSLIST]直连完成" + echolog " - [$?]加入所有IPv6节点到nftset[$NFTSET_VPSLIST6]直连完成" } filter_node() { @@ -947,8 +948,9 @@ add_firewall_rule() { WAN_IP=$(get_wan_ip) if [ -n "${WAN_IP}" ]; then - nft "add rule $NFTABLE_NAME PSW_MANGLE ip daddr ${WAN_IP} counter return comment \"WAN_IP_RETURN\"" [ -z "${is_tproxy}" ] && nft "add rule $NFTABLE_NAME PSW_NAT ip daddr ${WAN_IP} counter return comment \"WAN_IP_RETURN\"" + nft "add rule $NFTABLE_NAME PSW_MANGLE ip daddr ${WAN_IP} counter return comment \"WAN_IP_RETURN\"" + echolog " - [$?]追加WAN IP到nftables:${WAN_IP}" fi unset WAN_IP