gitea-action
parent
ab6449be27
commit
7f57749263
@ -48,7 +48,7 @@ o = s:option(DummyValue, "sources", translate("Source"))
|
|||||||
o.rawhtml = true
|
o.rawhtml = true
|
||||||
o.cfgvalue = function(t, n)
|
o.cfgvalue = function(t, n)
|
||||||
local e = ''
|
local e = ''
|
||||||
local v = Value.cfgvalue(t, n) or ''
|
local v = Value.cfgvalue(t, n) or '-'
|
||||||
string.gsub(v, '[^' .. " " .. ']+', function(w)
|
string.gsub(v, '[^' .. " " .. ']+', function(w)
|
||||||
local a = w
|
local a = w
|
||||||
if mac_t[w] then
|
if mac_t[w] then
|
||||||
@ -62,6 +62,12 @@ o.cfgvalue = function(t, n)
|
|||||||
return e
|
return e
|
||||||
end
|
end
|
||||||
|
|
||||||
|
o = s:option(DummyValue, "interface", translate("Source Interface"))
|
||||||
|
o.cfgvalue = function(t, n)
|
||||||
|
local v = Value.cfgvalue(t, n) or '-'
|
||||||
|
return v
|
||||||
|
end
|
||||||
|
|
||||||
--[[
|
--[[
|
||||||
---- TCP No Redir Ports
|
---- TCP No Redir Ports
|
||||||
o = s:option(Value, "tcp_no_redir_ports", translate("TCP No Redir Ports"))
|
o = s:option(Value, "tcp_no_redir_ports", translate("TCP No Redir Ports"))
|
||||||
|
|||||||
@ -54,6 +54,10 @@ o = s:option(Value, "remarks", translate("Remarks"))
|
|||||||
o.default = arg[1]
|
o.default = arg[1]
|
||||||
o.rmempty = true
|
o.rmempty = true
|
||||||
|
|
||||||
|
o = s:option(Flag, "use_interface", translate("Use Interface With ACLs"))
|
||||||
|
o.default = 0
|
||||||
|
o.rmempty = false
|
||||||
|
|
||||||
local mac_t = {}
|
local mac_t = {}
|
||||||
sys.net.mac_hints(function(e, t)
|
sys.net.mac_hints(function(e, t)
|
||||||
mac_t[#mac_t + 1] = {
|
mac_t[#mac_t + 1] = {
|
||||||
@ -74,6 +78,17 @@ table.sort(mac_t, function(a,b)
|
|||||||
return false
|
return false
|
||||||
end)
|
end)
|
||||||
|
|
||||||
|
local device_list = {}
|
||||||
|
device_list = sys.net.devices()
|
||||||
|
table.sort(device_list)
|
||||||
|
interface = s:option(ListValue, "interface", translate("Source Interface"))
|
||||||
|
|
||||||
|
for k, name in ipairs(device_list) do
|
||||||
|
interface:value(name)
|
||||||
|
end
|
||||||
|
|
||||||
|
interface:depends({ use_interface = 1 })
|
||||||
|
|
||||||
---- Source
|
---- Source
|
||||||
sources = s:option(DynamicList, "sources", translate("Source"))
|
sources = s:option(DynamicList, "sources", translate("Source"))
|
||||||
sources.description = "<ul><li>" .. translate("Example:")
|
sources.description = "<ul><li>" .. translate("Example:")
|
||||||
@ -139,6 +154,7 @@ sources.validate = function(self, value, t)
|
|||||||
return value
|
return value
|
||||||
end
|
end
|
||||||
sources.write = dynamicList_write
|
sources.write = dynamicList_write
|
||||||
|
sources:depends({ use_interface = 0 })
|
||||||
|
|
||||||
---- TCP No Redir Ports
|
---- TCP No Redir Ports
|
||||||
local TCP_NO_REDIR_PORTS = uci:get(appname, "@global_forwarding[0]", "tcp_no_redir_ports")
|
local TCP_NO_REDIR_PORTS = uci:get(appname, "@global_forwarding[0]", "tcp_no_redir_ports")
|
||||||
|
|||||||
@ -1048,6 +1048,12 @@ msgstr "例:"
|
|||||||
msgid "IP range"
|
msgid "IP range"
|
||||||
msgstr "IP 范围"
|
msgstr "IP 范围"
|
||||||
|
|
||||||
|
msgid "Source Interface"
|
||||||
|
msgstr "源接口"
|
||||||
|
|
||||||
|
msgid "Use Interface With ACLs"
|
||||||
|
msgstr "使用接口控制"
|
||||||
|
|
||||||
msgid "Remarks"
|
msgid "Remarks"
|
||||||
msgstr "备注"
|
msgstr "备注"
|
||||||
|
|
||||||
|
|||||||
@ -1635,6 +1635,7 @@ add_ip2route() {
|
|||||||
|
|
||||||
delete_ip2route() {
|
delete_ip2route() {
|
||||||
[ -d "${TMP_ROUTE_PATH}" ] && {
|
[ -d "${TMP_ROUTE_PATH}" ] && {
|
||||||
|
local interface
|
||||||
for interface in $(ls ${TMP_ROUTE_PATH}); do
|
for interface in $(ls ${TMP_ROUTE_PATH}); do
|
||||||
for ip in $(cat ${TMP_ROUTE_PATH}/${interface}); do
|
for ip in $(cat ${TMP_ROUTE_PATH}/${interface}); do
|
||||||
route del -host ${ip} dev ${interface} >/dev/null 2>&1
|
route del -host ${ip} dev ${interface} >/dev/null 2>&1
|
||||||
@ -1671,7 +1672,7 @@ acl_app() {
|
|||||||
eval $(uci -q show "${CONFIG}.${item}" | cut -d'.' -sf 3-)
|
eval $(uci -q show "${CONFIG}.${item}" | cut -d'.' -sf 3-)
|
||||||
[ "$enabled" = "1" ] || continue
|
[ "$enabled" = "1" ] || continue
|
||||||
|
|
||||||
[ -z "${sources}" ] && continue
|
[ -z "${sources}" ] && [ -z "${interface}" ] && continue
|
||||||
for s in $sources; do
|
for s in $sources; do
|
||||||
is_iprange=$(lua_api "iprange(\"${s}\")")
|
is_iprange=$(lua_api "iprange(\"${s}\")")
|
||||||
if [ "${is_iprange}" = "true" ]; then
|
if [ "${is_iprange}" = "true" ]; then
|
||||||
@ -1687,9 +1688,14 @@ acl_app() {
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
[ -z "${rule_list}" ] && continue
|
for i in $interface; do
|
||||||
|
interface_list="${interface_list}\n$i"
|
||||||
|
done
|
||||||
|
[ -z "${rule_list}" ] && [ -z "${interface_list}" ] && continue
|
||||||
mkdir -p $TMP_ACL_PATH/$sid
|
mkdir -p $TMP_ACL_PATH/$sid
|
||||||
echo -e "${rule_list}" | sed '/^$/d' > $TMP_ACL_PATH/$sid/rule_list
|
|
||||||
|
[ ! -z "${rule_list}" ] && echo -e "${rule_list}" | sed '/^$/d' > $TMP_ACL_PATH/$sid/rule_list
|
||||||
|
[ ! -z "${interface_list}" ] && echo -e "${interface_list}" | sed '/^$/d' > $TMP_ACL_PATH/$sid/interface_list
|
||||||
|
|
||||||
use_global_config=${use_global_config:-0}
|
use_global_config=${use_global_config:-0}
|
||||||
tcp_node=${tcp_node:-nil}
|
tcp_node=${tcp_node:-nil}
|
||||||
@ -1917,8 +1923,8 @@ acl_app() {
|
|||||||
udp_flag=1
|
udp_flag=1
|
||||||
}
|
}
|
||||||
[ -n "$redirect_dns_port" ] && echo "${redirect_dns_port}" > $TMP_ACL_PATH/$sid/var_redirect_dns_port
|
[ -n "$redirect_dns_port" ] && echo "${redirect_dns_port}" > $TMP_ACL_PATH/$sid/var_redirect_dns_port
|
||||||
unset enabled sid remarks sources use_global_config tcp_node udp_node use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode filter_proxy_ipv6 dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip
|
unset enabled sid remarks sources interface use_global_config tcp_node udp_node use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode filter_proxy_ipv6 dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip
|
||||||
unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port config_file _extra_param
|
unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port config_file _extra_param interface_list
|
||||||
unset _china_ng_listen _chinadns_local_dns _direct_dns_mode chinadns_ng_default_tag dnsmasq_filter_proxy_ipv6
|
unset _china_ng_listen _chinadns_local_dns _direct_dns_mode chinadns_ng_default_tag dnsmasq_filter_proxy_ipv6
|
||||||
unset redirect_dns_port
|
unset redirect_dns_port
|
||||||
done
|
done
|
||||||
|
|||||||
@ -229,7 +229,11 @@ load_acl() {
|
|||||||
udp_proxy_mode=${UDP_PROXY_MODE}
|
udp_proxy_mode=${UDP_PROXY_MODE}
|
||||||
}
|
}
|
||||||
|
|
||||||
for i in $(cat ${TMP_ACL_PATH}/${sid}/rule_list); do
|
_acl_list=${TMP_ACL_PATH}/${sid}/rule_list
|
||||||
|
[ $use_interface = "1" ] && _acl_list=${TMP_ACL_PATH}/${sid}/interface_list
|
||||||
|
|
||||||
|
for i in $(cat $_acl_list); do
|
||||||
|
if [ $use_interface = "0" ]; then
|
||||||
if [ -n "$(echo ${i} | grep '^iprange:')" ]; then
|
if [ -n "$(echo ${i} | grep '^iprange:')" ]; then
|
||||||
_iprange=$(echo ${i} | sed 's#iprange:##g')
|
_iprange=$(echo ${i} | sed 's#iprange:##g')
|
||||||
_ipt_source=$(factor ${_iprange} "-m iprange --src-range")
|
_ipt_source=$(factor ${_iprange} "-m iprange --src-range")
|
||||||
@ -249,6 +253,12 @@ load_acl() {
|
|||||||
else
|
else
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
|
else
|
||||||
|
[ -z "${i}" ] && continue
|
||||||
|
_ifname="${i}"
|
||||||
|
_ipt_source="-i $_ifname"
|
||||||
|
msg="【$remarks】,IF【${_ifname}】,"
|
||||||
|
fi
|
||||||
|
|
||||||
ipt_tmp=$ipt_n
|
ipt_tmp=$ipt_n
|
||||||
[ -n "${is_tproxy}" ] && ipt_tmp=$ipt_m
|
[ -n "${is_tproxy}" ] && ipt_tmp=$ipt_m
|
||||||
@ -411,8 +421,8 @@ load_acl() {
|
|||||||
$ip6t_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -j RETURN 2>/dev/null
|
$ip6t_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -j RETURN 2>/dev/null
|
||||||
$ipt_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -j RETURN
|
$ipt_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -j RETURN
|
||||||
done
|
done
|
||||||
unset enabled sid remarks sources use_global_config use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node
|
unset enabled sid remarks sources use_global_config use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node use_interface interface
|
||||||
unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark
|
unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark _acl_list
|
||||||
unset ipt_tmp msg msg2
|
unset ipt_tmp msg msg2
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|||||||
@ -289,7 +289,11 @@ load_acl() {
|
|||||||
udp_proxy_mode=${UDP_PROXY_MODE}
|
udp_proxy_mode=${UDP_PROXY_MODE}
|
||||||
}
|
}
|
||||||
|
|
||||||
for i in $(cat ${TMP_ACL_PATH}/${sid}/rule_list); do
|
_acl_list=${TMP_ACL_PATH}/${sid}/rule_list
|
||||||
|
[ $use_interface = "1" ] && _acl_list=${TMP_ACL_PATH}/${sid}/interface_list
|
||||||
|
|
||||||
|
for i in $(cat $_acl_list); do
|
||||||
|
if [ $use_interface = "0" ]; then
|
||||||
if [ -n "$(echo ${i} | grep '^iprange:')" ]; then
|
if [ -n "$(echo ${i} | grep '^iprange:')" ]; then
|
||||||
_iprange=$(echo ${i} | sed 's#iprange:##g')
|
_iprange=$(echo ${i} | sed 's#iprange:##g')
|
||||||
_ipt_source=$(factor ${_iprange} "ip saddr")
|
_ipt_source=$(factor ${_iprange} "ip saddr")
|
||||||
@ -309,6 +313,12 @@ load_acl() {
|
|||||||
else
|
else
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
|
else
|
||||||
|
[ -z "${i}" ] && continue
|
||||||
|
_ifname="${i}"
|
||||||
|
_ipt_source="iifname $_ifname"
|
||||||
|
msg="【$remarks】,IF【${_ifname}】,"
|
||||||
|
fi
|
||||||
|
|
||||||
[ "$tcp_no_redir_ports" != "disable" ] && {
|
[ "$tcp_no_redir_ports" != "disable" ] && {
|
||||||
if [ "$tcp_no_redir_ports" != "1:65535" ]; then
|
if [ "$tcp_no_redir_ports" != "1:65535" ]; then
|
||||||
@ -473,8 +483,8 @@ load_acl() {
|
|||||||
nft "add rule $NFTABLE_NAME PSW_MANGLE ip protocol udp ${_ipt_source} counter return comment \"$remarks\""
|
nft "add rule $NFTABLE_NAME PSW_MANGLE ip protocol udp ${_ipt_source} counter return comment \"$remarks\""
|
||||||
nft "add rule $NFTABLE_NAME PSW_MANGLE_V6 meta l4proto udp ${_ipt_source} counter return comment \"$remarks\"" 2>/dev/null
|
nft "add rule $NFTABLE_NAME PSW_MANGLE_V6 meta l4proto udp ${_ipt_source} counter return comment \"$remarks\"" 2>/dev/null
|
||||||
done
|
done
|
||||||
unset enabled sid remarks sources use_global_config use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node
|
unset enabled sid remarks sources use_global_config use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node use_interface interface
|
||||||
unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark
|
unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark _acl_list _ifname
|
||||||
unset msg msg2
|
unset msg msg2
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user