gitea-action
parent
ab6449be27
commit
7f57749263
@ -48,7 +48,7 @@ o = s:option(DummyValue, "sources", translate("Source"))
|
||||
o.rawhtml = true
|
||||
o.cfgvalue = function(t, n)
|
||||
local e = ''
|
||||
local v = Value.cfgvalue(t, n) or ''
|
||||
local v = Value.cfgvalue(t, n) or '-'
|
||||
string.gsub(v, '[^' .. " " .. ']+', function(w)
|
||||
local a = w
|
||||
if mac_t[w] then
|
||||
@ -62,6 +62,12 @@ o.cfgvalue = function(t, n)
|
||||
return e
|
||||
end
|
||||
|
||||
o = s:option(DummyValue, "interface", translate("Source Interface"))
|
||||
o.cfgvalue = function(t, n)
|
||||
local v = Value.cfgvalue(t, n) or '-'
|
||||
return v
|
||||
end
|
||||
|
||||
--[[
|
||||
---- TCP No Redir Ports
|
||||
o = s:option(Value, "tcp_no_redir_ports", translate("TCP No Redir Ports"))
|
||||
|
||||
@ -54,6 +54,10 @@ o = s:option(Value, "remarks", translate("Remarks"))
|
||||
o.default = arg[1]
|
||||
o.rmempty = true
|
||||
|
||||
o = s:option(Flag, "use_interface", translate("Use Interface With ACLs"))
|
||||
o.default = 0
|
||||
o.rmempty = false
|
||||
|
||||
local mac_t = {}
|
||||
sys.net.mac_hints(function(e, t)
|
||||
mac_t[#mac_t + 1] = {
|
||||
@ -74,6 +78,17 @@ table.sort(mac_t, function(a,b)
|
||||
return false
|
||||
end)
|
||||
|
||||
local device_list = {}
|
||||
device_list = sys.net.devices()
|
||||
table.sort(device_list)
|
||||
interface = s:option(ListValue, "interface", translate("Source Interface"))
|
||||
|
||||
for k, name in ipairs(device_list) do
|
||||
interface:value(name)
|
||||
end
|
||||
|
||||
interface:depends({ use_interface = 1 })
|
||||
|
||||
---- Source
|
||||
sources = s:option(DynamicList, "sources", translate("Source"))
|
||||
sources.description = "<ul><li>" .. translate("Example:")
|
||||
@ -139,6 +154,7 @@ sources.validate = function(self, value, t)
|
||||
return value
|
||||
end
|
||||
sources.write = dynamicList_write
|
||||
sources:depends({ use_interface = 0 })
|
||||
|
||||
---- TCP No Redir Ports
|
||||
local TCP_NO_REDIR_PORTS = uci:get(appname, "@global_forwarding[0]", "tcp_no_redir_ports")
|
||||
|
||||
@ -1048,6 +1048,12 @@ msgstr "例:"
|
||||
msgid "IP range"
|
||||
msgstr "IP 范围"
|
||||
|
||||
msgid "Source Interface"
|
||||
msgstr "源接口"
|
||||
|
||||
msgid "Use Interface With ACLs"
|
||||
msgstr "使用接口控制"
|
||||
|
||||
msgid "Remarks"
|
||||
msgstr "备注"
|
||||
|
||||
|
||||
@ -1635,6 +1635,7 @@ add_ip2route() {
|
||||
|
||||
delete_ip2route() {
|
||||
[ -d "${TMP_ROUTE_PATH}" ] && {
|
||||
local interface
|
||||
for interface in $(ls ${TMP_ROUTE_PATH}); do
|
||||
for ip in $(cat ${TMP_ROUTE_PATH}/${interface}); do
|
||||
route del -host ${ip} dev ${interface} >/dev/null 2>&1
|
||||
@ -1671,7 +1672,7 @@ acl_app() {
|
||||
eval $(uci -q show "${CONFIG}.${item}" | cut -d'.' -sf 3-)
|
||||
[ "$enabled" = "1" ] || continue
|
||||
|
||||
[ -z "${sources}" ] && continue
|
||||
[ -z "${sources}" ] && [ -z "${interface}" ] && continue
|
||||
for s in $sources; do
|
||||
is_iprange=$(lua_api "iprange(\"${s}\")")
|
||||
if [ "${is_iprange}" = "true" ]; then
|
||||
@ -1687,9 +1688,14 @@ acl_app() {
|
||||
fi
|
||||
fi
|
||||
done
|
||||
[ -z "${rule_list}" ] && continue
|
||||
for i in $interface; do
|
||||
interface_list="${interface_list}\n$i"
|
||||
done
|
||||
[ -z "${rule_list}" ] && [ -z "${interface_list}" ] && continue
|
||||
mkdir -p $TMP_ACL_PATH/$sid
|
||||
echo -e "${rule_list}" | sed '/^$/d' > $TMP_ACL_PATH/$sid/rule_list
|
||||
|
||||
[ ! -z "${rule_list}" ] && echo -e "${rule_list}" | sed '/^$/d' > $TMP_ACL_PATH/$sid/rule_list
|
||||
[ ! -z "${interface_list}" ] && echo -e "${interface_list}" | sed '/^$/d' > $TMP_ACL_PATH/$sid/interface_list
|
||||
|
||||
use_global_config=${use_global_config:-0}
|
||||
tcp_node=${tcp_node:-nil}
|
||||
@ -1917,8 +1923,8 @@ acl_app() {
|
||||
udp_flag=1
|
||||
}
|
||||
[ -n "$redirect_dns_port" ] && echo "${redirect_dns_port}" > $TMP_ACL_PATH/$sid/var_redirect_dns_port
|
||||
unset enabled sid remarks sources use_global_config tcp_node udp_node use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode filter_proxy_ipv6 dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip
|
||||
unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port config_file _extra_param
|
||||
unset enabled sid remarks sources interface use_global_config tcp_node udp_node use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode filter_proxy_ipv6 dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip
|
||||
unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port config_file _extra_param interface_list
|
||||
unset _china_ng_listen _chinadns_local_dns _direct_dns_mode chinadns_ng_default_tag dnsmasq_filter_proxy_ipv6
|
||||
unset redirect_dns_port
|
||||
done
|
||||
|
||||
@ -229,25 +229,35 @@ load_acl() {
|
||||
udp_proxy_mode=${UDP_PROXY_MODE}
|
||||
}
|
||||
|
||||
for i in $(cat ${TMP_ACL_PATH}/${sid}/rule_list); do
|
||||
if [ -n "$(echo ${i} | grep '^iprange:')" ]; then
|
||||
_iprange=$(echo ${i} | sed 's#iprange:##g')
|
||||
_ipt_source=$(factor ${_iprange} "-m iprange --src-range")
|
||||
msg="【$remarks】,IP range【${_iprange}】,"
|
||||
elif [ -n "$(echo ${i} | grep '^ipset:')" ]; then
|
||||
_ipset=$(echo ${i} | sed 's#ipset:##g')
|
||||
_ipt_source="-m set --match-set ${_ipset} src"
|
||||
msg="【$remarks】,IPset【${_ipset}】,"
|
||||
elif [ -n "$(echo ${i} | grep '^ip:')" ]; then
|
||||
_ip=$(echo ${i} | sed 's#ip:##g')
|
||||
_ipt_source=$(factor ${_ip} "-s")
|
||||
msg="【$remarks】,IP【${_ip}】,"
|
||||
elif [ -n "$(echo ${i} | grep '^mac:')" ]; then
|
||||
_mac=$(echo ${i} | sed 's#mac:##g')
|
||||
_ipt_source=$(factor ${_mac} "-m mac --mac-source")
|
||||
msg="【$remarks】,MAC【${_mac}】,"
|
||||
_acl_list=${TMP_ACL_PATH}/${sid}/rule_list
|
||||
[ $use_interface = "1" ] && _acl_list=${TMP_ACL_PATH}/${sid}/interface_list
|
||||
|
||||
for i in $(cat $_acl_list); do
|
||||
if [ $use_interface = "0" ]; then
|
||||
if [ -n "$(echo ${i} | grep '^iprange:')" ]; then
|
||||
_iprange=$(echo ${i} | sed 's#iprange:##g')
|
||||
_ipt_source=$(factor ${_iprange} "-m iprange --src-range")
|
||||
msg="【$remarks】,IP range【${_iprange}】,"
|
||||
elif [ -n "$(echo ${i} | grep '^ipset:')" ]; then
|
||||
_ipset=$(echo ${i} | sed 's#ipset:##g')
|
||||
_ipt_source="-m set --match-set ${_ipset} src"
|
||||
msg="【$remarks】,IPset【${_ipset}】,"
|
||||
elif [ -n "$(echo ${i} | grep '^ip:')" ]; then
|
||||
_ip=$(echo ${i} | sed 's#ip:##g')
|
||||
_ipt_source=$(factor ${_ip} "-s")
|
||||
msg="【$remarks】,IP【${_ip}】,"
|
||||
elif [ -n "$(echo ${i} | grep '^mac:')" ]; then
|
||||
_mac=$(echo ${i} | sed 's#mac:##g')
|
||||
_ipt_source=$(factor ${_mac} "-m mac --mac-source")
|
||||
msg="【$remarks】,MAC【${_mac}】,"
|
||||
else
|
||||
continue
|
||||
fi
|
||||
else
|
||||
continue
|
||||
[ -z "${i}" ] && continue
|
||||
_ifname="${i}"
|
||||
_ipt_source="-i $_ifname"
|
||||
msg="【$remarks】,IF【${_ifname}】,"
|
||||
fi
|
||||
|
||||
ipt_tmp=$ipt_n
|
||||
@ -411,8 +421,8 @@ load_acl() {
|
||||
$ip6t_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -j RETURN 2>/dev/null
|
||||
$ipt_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -j RETURN
|
||||
done
|
||||
unset enabled sid remarks sources use_global_config use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node
|
||||
unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark
|
||||
unset enabled sid remarks sources use_global_config use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node use_interface interface
|
||||
unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark _acl_list
|
||||
unset ipt_tmp msg msg2
|
||||
done
|
||||
}
|
||||
|
||||
@ -289,25 +289,35 @@ load_acl() {
|
||||
udp_proxy_mode=${UDP_PROXY_MODE}
|
||||
}
|
||||
|
||||
for i in $(cat ${TMP_ACL_PATH}/${sid}/rule_list); do
|
||||
if [ -n "$(echo ${i} | grep '^iprange:')" ]; then
|
||||
_iprange=$(echo ${i} | sed 's#iprange:##g')
|
||||
_ipt_source=$(factor ${_iprange} "ip saddr")
|
||||
msg="【$remarks】,IP range【${_iprange}】,"
|
||||
elif [ -n "$(echo ${i} | grep '^ipset:')" ]; then
|
||||
_ipset=$(echo ${i} | sed 's#ipset:##g')
|
||||
_ipt_source="ip daddr @${_ipset}"
|
||||
msg="【$remarks】,NFTset【${_ipset}】,"
|
||||
elif [ -n "$(echo ${i} | grep '^ip:')" ]; then
|
||||
_ip=$(echo ${i} | sed 's#ip:##g')
|
||||
_ipt_source=$(factor ${_ip} "ip saddr")
|
||||
msg="【$remarks】,IP【${_ip}】,"
|
||||
elif [ -n "$(echo ${i} | grep '^mac:')" ]; then
|
||||
_mac=$(echo ${i} | sed 's#mac:##g')
|
||||
_ipt_source=$(factor ${_mac} "ether saddr")
|
||||
msg="【$remarks】,MAC【${_mac}】,"
|
||||
_acl_list=${TMP_ACL_PATH}/${sid}/rule_list
|
||||
[ $use_interface = "1" ] && _acl_list=${TMP_ACL_PATH}/${sid}/interface_list
|
||||
|
||||
for i in $(cat $_acl_list); do
|
||||
if [ $use_interface = "0" ]; then
|
||||
if [ -n "$(echo ${i} | grep '^iprange:')" ]; then
|
||||
_iprange=$(echo ${i} | sed 's#iprange:##g')
|
||||
_ipt_source=$(factor ${_iprange} "ip saddr")
|
||||
msg="【$remarks】,IP range【${_iprange}】,"
|
||||
elif [ -n "$(echo ${i} | grep '^ipset:')" ]; then
|
||||
_ipset=$(echo ${i} | sed 's#ipset:##g')
|
||||
_ipt_source="ip daddr @${_ipset}"
|
||||
msg="【$remarks】,NFTset【${_ipset}】,"
|
||||
elif [ -n "$(echo ${i} | grep '^ip:')" ]; then
|
||||
_ip=$(echo ${i} | sed 's#ip:##g')
|
||||
_ipt_source=$(factor ${_ip} "ip saddr")
|
||||
msg="【$remarks】,IP【${_ip}】,"
|
||||
elif [ -n "$(echo ${i} | grep '^mac:')" ]; then
|
||||
_mac=$(echo ${i} | sed 's#mac:##g')
|
||||
_ipt_source=$(factor ${_mac} "ether saddr")
|
||||
msg="【$remarks】,MAC【${_mac}】,"
|
||||
else
|
||||
continue
|
||||
fi
|
||||
else
|
||||
continue
|
||||
[ -z "${i}" ] && continue
|
||||
_ifname="${i}"
|
||||
_ipt_source="iifname $_ifname"
|
||||
msg="【$remarks】,IF【${_ifname}】,"
|
||||
fi
|
||||
|
||||
[ "$tcp_no_redir_ports" != "disable" ] && {
|
||||
@ -473,8 +483,8 @@ load_acl() {
|
||||
nft "add rule $NFTABLE_NAME PSW_MANGLE ip protocol udp ${_ipt_source} counter return comment \"$remarks\""
|
||||
nft "add rule $NFTABLE_NAME PSW_MANGLE_V6 meta l4proto udp ${_ipt_source} counter return comment \"$remarks\"" 2>/dev/null
|
||||
done
|
||||
unset enabled sid remarks sources use_global_config use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node
|
||||
unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark
|
||||
unset enabled sid remarks sources use_global_config use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node use_interface interface
|
||||
unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark _acl_list _ifname
|
||||
unset msg msg2
|
||||
done
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user