zhao/openwrt_helloworld
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

luci: acl config add filter_proxy_ipv6 option

Browse Source
This commit is contained in:
xiaorouji 2023-03-03 23:58:44 +08:00 committed by sbwml
parent 8d62a289be
commit 941ffd8ed1
3 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
View File

@ -222,6 +222,10 @@ for k, v in pairs(nodes_table) do
udp_node:value(v.id, v["remark"]) udp_node:value(v.id, v["remark"])
end end
o = s:option(Flag, "filter_proxy_ipv6", translate("Filter Proxy Host IPv6"), translate("Experimental feature."))
o.default = "0"
o:depends({ tcp_node = "default", ['!reverse'] = true })
---- DNS Forward Mode ---- DNS Forward Mode
o = s:option(ListValue, "dns_mode", translate("Filter Mode")) o = s:option(ListValue, "dns_mode", translate("Filter Mode"))
o:depends({ tcp_node = "default", ['!reverse'] = true }) o:depends({ tcp_node = "default", ['!reverse'] = true })

6
luci-app-passwall/root/usr/share/passwall/iptables.sh
View File

@ -271,7 +271,7 @@ load_acl() {
dnsmasq_port=11400 dnsmasq_port=11400
echolog "访问控制:" echolog "访问控制:"
for item in $items; do for item in $items; do
local enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip local enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node filter_proxy_ipv6 dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip
local _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark config_file _extra_param local _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark config_file _extra_param
sid=$(uci -q show "${CONFIG}.${item}" | grep "=acl_rule" | awk -F '=' '{print $1}' | awk -F '.' '{print $2}') sid=$(uci -q show "${CONFIG}.${item}" | grep "=acl_rule" | awk -F '=' '{print $1}' | awk -F '.' '{print $2}')
eval $(uci -q show "${CONFIG}.${item}" | cut -d'.' -sf 3-) eval $(uci -q show "${CONFIG}.${item}" | cut -d'.' -sf 3-)
@ -305,9 +305,9 @@ load_acl() {
udp_redir_ports=${udp_redir_ports:-default} udp_redir_ports=${udp_redir_ports:-default}
tcp_node=${tcp_node:-default} tcp_node=${tcp_node:-default}
udp_node=${udp_node:-default} udp_node=${udp_node:-default}
filter_proxy_ipv6=${filter_proxy_ipv6:-0}
dns_mode=${dns_mode:-dns2socks} dns_mode=${dns_mode:-dns2socks}
remote_dns=${remote_dns:-1.1.1.1} remote_dns=${remote_dns:-1.1.1.1}
filter_proxy_ipv6=${FILTER_PROXY_IPV6}
[ "$dns_mode" = "v2ray" -o "$dns_mode" = "xray" ] && { [ "$dns_mode" = "v2ray" -o "$dns_mode" = "xray" ] && {
[ "$v2ray_dns_mode" = "doh" ] && remote_dns=${remote_dns_doh:-https://1.1.1.1/dns-query} [ "$v2ray_dns_mode" = "doh" ] && remote_dns=${remote_dns_doh:-https://1.1.1.1/dns-query}
} }
@ -604,7 +604,7 @@ load_acl() {
$ip6t_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -j RETURN 2>/dev/null $ip6t_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -j RETURN 2>/dev/null
$ipt_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -j RETURN $ipt_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -j RETURN
done done
unset enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip unset enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node filter_proxy_ipv6 dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip
unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark config_file _extra_param unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark config_file _extra_param
unset ipt_tmp msg msg2 unset ipt_tmp msg msg2
unset redirect_dns_port unset redirect_dns_port

5
luci-app-passwall/root/usr/share/passwall/nftables.sh
View File

@ -282,7 +282,7 @@ load_acl() {
dnsmasq_port=11400 dnsmasq_port=11400
echolog "访问控制:" echolog "访问控制:"
for item in $items; do for item in $items; do
local enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip local enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node filter_proxy_ipv6 dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip
local _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark config_file _extra_param local _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark config_file _extra_param
sid=$(uci -q show "${CONFIG}.${item}" | grep "=acl_rule" | awk -F '=' '{print $1}' | awk -F '.' '{print $2}') sid=$(uci -q show "${CONFIG}.${item}" | grep "=acl_rule" | awk -F '=' '{print $1}' | awk -F '.' '{print $2}')
eval $(uci -q show "${CONFIG}.${item}" | cut -d'.' -sf 3-) eval $(uci -q show "${CONFIG}.${item}" | cut -d'.' -sf 3-)
@ -316,6 +316,7 @@ load_acl() {
udp_redir_ports=${udp_redir_ports:-default} udp_redir_ports=${udp_redir_ports:-default}
tcp_node=${tcp_node:-default} tcp_node=${tcp_node:-default}
udp_node=${udp_node:-default} udp_node=${udp_node:-default}
filter_proxy_ipv6=${filter_proxy_ipv6:-0}
dns_mode=${dns_mode:-dns2socks} dns_mode=${dns_mode:-dns2socks}
remote_dns=${remote_dns:-1.1.1.1} remote_dns=${remote_dns:-1.1.1.1}
[ "$dns_mode" = "v2ray" -o "$dns_mode" = "xray" ] && { [ "$dns_mode" = "v2ray" -o "$dns_mode" = "xray" ] && {
@ -611,7 +612,7 @@ load_acl() {
nft "add rule inet fw4 PSW_MANGLE ip protocol udp ${_ipt_source} counter return comment \"$remarks\"" nft "add rule inet fw4 PSW_MANGLE ip protocol udp ${_ipt_source} counter return comment \"$remarks\""
nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp ${_ipt_source} counter return comment \"$remarks\"" 2>/dev/null nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp ${_ipt_source} counter return comment \"$remarks\"" 2>/dev/null
done done
unset enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip unset enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node filter_proxy_ipv6 dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip
unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark config_file _extra_param unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark config_file _extra_param
unset ipt_tmp msg msg2 unset ipt_tmp msg msg2
unset redirect_dns_port unset redirect_dns_port