zhao/openwrt_helloworld
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

luci: temporarily remove SmartDNS shunt scheme

Browse Source 
Because the SmartDNS new version has updated some characteristics and logic, this solution may not be used normally, so temporarily removed it.
This commit is contained in:
xiaorouji 2023-01-05 16:18:14 +08:00 committed by sbwml
parent 2f47f5b6b0
commit 9445139877
7 changed files with 8 additions and 495 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
View File

@ -171,18 +171,6 @@ udp_node:value("tcp", translate("Same as the tcp node"))
s:tab("DNS", translate("DNS"))
if api.is_finded("smartdns") then
dns_shunt = s:taboption("DNS", ListValue, "dns_shunt", translate("DNS Shunt"))
dns_shunt:value("dnsmasq", "Dnsmasq")
dns_shunt:value("smartdns", "SmartDNS")
group_domestic = s:taboption("DNS", Value, "group_domestic", translate("Domestic group name"))
group_domestic.placeholder = "local"
group_domestic:depends("dns_shunt", "smartdns")
group_domestic.description = translate("You only need to configure domestic DNS packets in SmartDNS and set it redirect or as Dnsmasq upstream, and fill in the domestic DNS group name here.")
group_domestic.description = group_domestic.description .. string.format('<a href="%s" target="_blank">%s</a>', "https://github.com/luckyyyyy/blog/issues/57", translate("Guide"))
end
o = s:taboption("DNS", Flag, "filter_proxy_ipv6", translate("Filter Proxy Host IPv6"), translate("Experimental feature."))
o.default = "0"
@ -282,23 +270,13 @@ o.rmempty = false
if has_chnlist and api.is_finded("chinadns-ng") then
o = s:taboption("DNS", Flag, "chinadns_ng", translate("ChinaDNS-NG"), translate("The effect is better, but will increase the memory."))
o.default = "0"
if api.is_finded("smartdns") then
o:depends({dns_shunt = "dnsmasq", dns_mode = "dns2socks"})
o:depends({dns_shunt = "dnsmasq", dns_mode = "dns2tcp"})
o:depends({dns_shunt = "dnsmasq", dns_mode = "v2ray", v2ray_dns_mode = "tcp"})
o:depends({dns_shunt = "dnsmasq", dns_mode = "v2ray", v2ray_dns_mode = "doh"})
o:depends({dns_shunt = "dnsmasq", dns_mode = "xray", v2ray_dns_mode = "tcp"})
o:depends({dns_shunt = "dnsmasq", dns_mode = "xray", v2ray_dns_mode = "doh"})
o:depends({dns_shunt = "dnsmasq", dns_mode = "udp"})
else
o:depends({dns_mode = "dns2socks"})
o:depends({dns_mode = "dns2tcp"})
o:depends({dns_mode = "v2ray", v2ray_dns_mode = "tcp"})
o:depends({dns_mode = "v2ray", v2ray_dns_mode = "doh"})
o:depends({dns_mode = "xray", v2ray_dns_mode = "tcp"})
o:depends({dns_mode = "xray", v2ray_dns_mode = "doh"})
o:depends({dns_mode = "udp"})
end
o:depends({dns_mode = "dns2socks"})
o:depends({dns_mode = "dns2tcp"})
o:depends({dns_mode = "v2ray", v2ray_dns_mode = "tcp"})
o:depends({dns_mode = "v2ray", v2ray_dns_mode = "doh"})
o:depends({dns_mode = "xray", v2ray_dns_mode = "tcp"})
o:depends({dns_mode = "xray", v2ray_dns_mode = "doh"})
o:depends({dns_mode = "udp"})
end
o = s:taboption("DNS", Button, "clear_ipset", translate("Clear IPSET"), translate("Try this feature if the rule modification does not take effect."))

12
luci-app-passwall/po/zh-cn/passwall.po
View File

@ -109,18 +109,6 @@ msgstr "与TCP节点相同"
msgid "Current node: %s"
msgstr "当前节点:%s"
msgid "DNS Shunt"
msgstr "DNS分流"
msgid "Domestic group name"
msgstr "国内分组名"
msgid "You only need to configure domestic DNS packets in SmartDNS and set it redirect or as Dnsmasq upstream, and fill in the domestic DNS group name here."
msgstr "你只需要在SmartDNS配置好国内DNS分组并设置重定向或作为Dnsmasq上游此处填入国内DNS分组名。"
msgid "Guide"
msgstr "教程"
msgid "Filter Mode"
msgstr "过滤模式"

14
luci-app-passwall/root/usr/share/passwall/app.sh
View File

@ -1143,16 +1143,6 @@ start_dns() {
[ "${use_tcp_node_resolve_dns}" = "1" ] && echolog " * 请确认上游 DNS 支持 TCP 查询,如非直连地址,确保 TCP 代理打开,并且已经正确转发!"
[ "${use_udp_node_resolve_dns}" = "1" ] && echolog " * 要求代理 DNS 请求,如上游 DNS 非直连地址,确保 UDP 代理打开,并且已经正确转发!"
case "$DNS_SHUNT" in
smartdns)
local group_domestic=$(config_t_get global group_domestic)
CHINADNS_NG=0
source $APP_PATH/helper_smartdns.sh add FLAG="default" DNS_MODE=$DNS_MODE SMARTDNS_CONF=/tmp/etc/smartdns/$CONFIG.conf REMOTE_FAKEDNS=$fakedns DEFAULT_DNS=$DEFAULT_DNS LOCAL_GROUP=$group_domestic TUN_DNS=$TUN_DNS TCP_NODE=$TCP_NODE PROXY_MODE=${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${ACL_TCP_PROXY_MODE} NO_PROXY_IPV6=${filter_proxy_ipv6} NFTFLAG=${nftflag}
source $APP_PATH/helper_smartdns.sh restart
echolog " - 域名解析使用SmartDNS请确保配置正常。"
;;
esac
[ -n "$chnlist" ] && [ "$CHINADNS_NG" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && [ -s "${RULES_PATH}/chnlist" ] && {
china_ng_listen_port=$(expr $dns_listen_port + 1)
china_ng_listen="127.0.0.1#${china_ng_listen_port}"
@ -1385,7 +1375,6 @@ stop() {
unset V2RAY_LOCATION_ASSET
unset XRAY_LOCATION_ASSET
stop_crontab
source $APP_PATH/helper_smartdns.sh del
source $APP_PATH/helper_dnsmasq.sh del
source $APP_PATH/helper_dnsmasq.sh restart no_log=1
rm -rf ${TMP_PATH}
@ -1430,8 +1419,7 @@ global=$(echo "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${UDP_PROXY_MODE}${LO
returnhome=$(echo "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${UDP_PROXY_MODE}${LOCALHOST_UDP_PROXY_MODE}" | grep "returnhome")
chnlist=$(echo "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${UDP_PROXY_MODE}${LOCALHOST_UDP_PROXY_MODE}" | grep "chnroute")
gfwlist=$(echo "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${UDP_PROXY_MODE}${LOCALHOST_UDP_PROXY_MODE}" | grep "gfwlist")
DNS_SHUNT=$(config_t_get global dns_shunt dnsmasq)
[ -z "$(first_type $DNS_SHUNT)" ] && DNS_SHUNT="dnsmasq"
DNS_SHUNT="dnsmasq"
DNS_MODE=$(config_t_get global dns_mode dns2tcp)
DNS_CACHE=$(config_t_get global dns_cache 0)
REMOTE_DNS=$(config_t_get global remote_dns 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')

39
luci-app-passwall/root/usr/share/passwall/helper_smartdns.sh
View File

@ -1,39 +0,0 @@
#!/bin/sh
restart() {
local no_log
eval_set_val $@
_LOG_FILE=$LOG_FILE
[ -n "$no_log" ] && LOG_FILE="/dev/null"
rm -rf /tmp/smartdns.cache
/etc/init.d/smartdns reload >/dev/null 2>&1
LOG_FILE=${_LOG_FILE}
}
add() {
local FLAG SMARTDNS_CONF LOCAL_GROUP REMOTE_GROUP REMOTE_FAKEDNS TUN_DNS TCP_NODE PROXY_MODE NO_PROXY_IPV6 NO_LOGIC_LOG NFTFLAG
eval_set_val $@
lua $APP_PATH/helper_smartdns_add.lua -FLAG $FLAG -SMARTDNS_CONF $SMARTDNS_CONF -LOCAL_GROUP ${LOCAL_GROUP:-nil} -REMOTE_GROUP ${REMOTE_GROUP:-nil} -REMOTE_FAKEDNS ${REMOTE_FAKEDNS:-0} -TUN_DNS $TUN_DNS -TCP_NODE $TCP_NODE -PROXY_MODE $PROXY_MODE -NO_PROXY_IPV6 ${NO_PROXY_IPV6:-0} -NO_LOGIC_LOG ${NO_LOGIC_LOG:-0} -NFTFLAG ${NFTFLAG:-0}
}
del() {
rm -rf /tmp/etc/smartdns/passwall.conf
sed -i "/passwall/d" /etc/smartdns/custom.conf >/dev/null 2>&1
rm -rf /tmp/smartdns.cache
/etc/init.d/smartdns reload >/dev/null 2>&1
}
arg1=$1
shift
case $arg1 in
add)
add $@
;;
del)
del $@
;;
restart)
restart $@
;;
*) ;;
esac

400
luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua
View File

@ -1,400 +0,0 @@
require "luci.sys"
local api = require "luci.model.cbi.passwall.api.api"
local var = api.get_args(arg)
local FLAG = var["-FLAG"]
local SMARTDNS_CONF = var["-SMARTDNS_CONF"]
local LOCAL_GROUP = var["-LOCAL_GROUP"]
local REMOTE_GROUP = var["-REMOTE_GROUP"]
local REMOTE_FAKEDNS = var["-REMOTE_FAKEDNS"]
local TUN_DNS = var["-TUN_DNS"]
local TCP_NODE = var["-TCP_NODE"]
local PROXY_MODE = var["-PROXY_MODE"]
local NO_PROXY_IPV6 = var["-NO_PROXY_IPV6"]
local NO_LOGIC_LOG = var["-NO_LOGIC_LOG"]
local NFTFLAG = var["-NFTFLAG"]
local LOG_FILE = api.LOG_FILE
local CACHE_PATH = api.CACHE_PATH
local CACHE_FLAG = "dns_" .. FLAG
local CACHE_DNS_PATH = CACHE_PATH .. "/" .. CACHE_FLAG
local CACHE_DNS_FILE = CACHE_DNS_PATH .. ".conf"
local CACHE_TEXT_FILE = CACHE_DNS_PATH .. ".txt"
local SMARTDNS_PATH = "/tmp/etc/smartdns"
local uci = api.uci
local sys = api.sys
local jsonc = api.jsonc
local appname = api.appname
local fs = api.fs
local datatypes = api.datatypes
local list1 = {}
local excluded_domain = {}
local excluded_domain_str = "!"
local function log(...)
if NO_LOGIC_LOG == "1" then
return
end
local f, err = io.open(LOG_FILE, "a")
if f and err == nil then
local str = os.date("%Y-%m-%d %H:%M:%S: ") .. table.concat({...}, " ")
f:write(str .. "\n")
f:close()
end
end
--从url获取域名
local function get_domain_from_url(url)
if url then
if datatypes.hostname(url) then
return url
end
local domain = url:match("//([^/]+)")
if domain then
return domain
end
end
return ""
end
local function check_ipset(domain, ipset)
if domain == "" or domain:find("#") then
return false
end
if not ipset then
return
end
for k,v in ipairs(list1[domain].ipsets) do
if ipset == v then
return true
end
end
return false
end
local function set_domain_address(domain, address)
if domain == "" or domain:find("#") then
return
end
if not list1[domain] then
list1[domain] = {
ipsets = {}
}
end
if not list1[domain].address then
list1[domain].address = address
end
end
local function set_domain_group(domain, group)
if domain == "" or domain:find("#") then
return
end
if not group then
return
end
if not list1[domain] then
list1[domain] = {
ipsets = {}
}
end
if not list1[domain].group then
list1[domain].group = group
if group == REMOTE_GROUP then
list1[domain].speed_check_mode = "none"
end
end
end
local function set_domain_ipset(domain, ipset)
if domain == "" or domain:find("#") then
return
end
if not ipset then
return
end
if not list1[domain] then
list1[domain] = {
ipsets = {}
}
end
for line in string.gmatch(ipset, '[^' .. "," .. ']+') do
if not check_ipset(domain, line) then
table.insert(list1[domain].ipsets, line)
end
end
end
local function add_excluded_domain(domain)
if domain == "" or domain:find("#") then
return
end
table.insert(excluded_domain, domain)
excluded_domain_str = excluded_domain_str .. "|" .. domain
end
local function check_excluded_domain(domain)
if domain == "" or domain:find("#") then
return false
end
for k,v in ipairs(excluded_domain) do
if domain:find(v) then
return true
end
end
return false
end
local cache_text = ""
local subscribe_proxy=uci:get(appname, "@global_subscribe[0]", "subscribe_proxy") or "0"
local new_rules = luci.sys.exec("echo -n $(find /usr/share/passwall/rules -type f | xargs md5sum)")
local new_text = SMARTDNS_CONF .. LOCAL_GROUP .. REMOTE_GROUP .. REMOTE_FAKEDNS .. TUN_DNS .. PROXY_MODE .. NO_PROXY_IPV6 .. subscribe_proxy .. new_rules
if fs.access(CACHE_TEXT_FILE) then
for line in io.lines(CACHE_TEXT_FILE) do
cache_text = line
end
end
if cache_text ~= new_text then
api.remove(CACHE_DNS_PATH .. "*")
end
local global = PROXY_MODE:find("global")
local returnhome = PROXY_MODE:find("returnhome")
local chnlist = PROXY_MODE:find("chnroute")
local gfwlist = PROXY_MODE:find("gfwlist")
if not REMOTE_GROUP or REMOTE_GROUP == "nil" then
REMOTE_GROUP = "passwall_proxy"
if TUN_DNS then
TUN_DNS = TUN_DNS:gsub("#", ":")
end
sys.call('sed -i "/passwall/d" /etc/smartdns/custom.conf >/dev/null 2>&1')
end
local setflag= (NFTFLAG == "1") and "inet#fw4#" or ""
if not fs.access(CACHE_DNS_FILE) then
sys.call(string.format('echo "server %s -group %s -exclude-default-group" >> %s', TUN_DNS, REMOTE_GROUP, CACHE_DNS_FILE))
--屏蔽列表
for line in io.lines("/usr/share/passwall/rules/block_host") do
if line ~= "" and not line:find("#") then
set_domain_address(line, "-")
end
end
--始终用国内DNS解析节点域名
uci:foreach(appname, "nodes", function(t)
local address = t.address
if datatypes.hostname(address) then
set_domain_group(address, LOCAL_GROUP)
set_domain_ipset(address, "#4:" .. setflag .. "vpsiplist,#6:" .. setflag .. "vpsiplist6")
end
end)
log(string.format(" - 节点列表中的域名(vpsiplist)使用分组:%s", LOCAL_GROUP or "默认"))
--始终用国内DNS解析直连白名单列表
for line in io.lines("/usr/share/passwall/rules/direct_host") do
if line ~= "" and not line:find("#") then
add_excluded_domain(line)
set_domain_group(line, LOCAL_GROUP)
set_domain_ipset(line, "#4:" .. setflag .. "whitelist,#6:" .. setflag .. "whitelist6")
end
end
log(string.format(" - 域名白名单(whitelist)使用分组:%s", LOCAL_GROUP or "默认"))
local fwd_group = LOCAL_GROUP
local ipset_flag = "#4:" .. setflag .. "whitelist,#6:" .. setflag .. "whitelist6"
local no_ipv6
if subscribe_proxy == "1" then
fwd_group = REMOTE_GROUP
ipset_flag = "#4:" .. setflag .. "blacklist,#6:" .. setflag .. "blacklist6"
if NO_PROXY_IPV6 == "1" then
ipset_flag = "#4:" .. setflag .. "blacklist"
no_ipv6 = true
end
if REMOTE_FAKEDNS == "1" then
ipset_flag = nil
end
end
uci:foreach(appname, "subscribe_list", function(t)
local domain = get_domain_from_url(t.url)
if domain then
if no_ipv6 then
set_domain_address(domain, "#6")
end
set_domain_group(domain, fwd_group)
set_domain_ipset(domain, ipset_flag)
end
end)
log(string.format(" - 节点订阅域名(blacklist)使用分组:%s", fwd_group or "默认"))
--始终使用远程DNS解析代理黑名单列表
for line in io.lines("/usr/share/passwall/rules/proxy_host") do
if line ~= "" and not line:find("#") then
add_excluded_domain(line)
local ipset_flag = "#4:" .. setflag .. "blacklist,#6:" .. setflag .. "blacklist6"
if NO_PROXY_IPV6 == "1" then
set_domain_address(line, "#6")
ipset_flag = "#4:" .. setflag .. "blacklist"
end
if REMOTE_FAKEDNS == "1" then
ipset_flag = nil
end
set_domain_group(line, REMOTE_GROUP)
set_domain_ipset(line, ipset_flag)
end
end
log(string.format(" - 代理域名表(blacklist)使用分组:%s", REMOTE_GROUP or "默认"))
--分流规则
if uci:get(appname, TCP_NODE, "protocol") == "_shunt" then
local t = uci:get_all(appname, TCP_NODE)
local default_node_id = t["default_node"] or "_direct"
uci:foreach(appname, "shunt_rules", function(s)
local _node_id = t[s[".name"]] or "nil"
if _node_id ~= "nil" and _node_id ~= "_blackhole" then
if _node_id == "_default" then
_node_id = default_node_id
end
fwd_group = nil
ipset_flag = nil
no_ipv6 = nil
if _node_id == "_direct" then
fwd_group = LOCAL_GROUP
ipset_flag = "#4:" .. setflag .. "whitelist,#6:" .. setflag .. "whitelist6"
else
fwd_group = REMOTE_GROUP
ipset_flag = "#4:" .. setflag .. "shuntlist,#6:" .. setflag .. "shuntlist6"
if NO_PROXY_IPV6 == "1" then
ipset_flag = "#4:" .. setflag .. "shuntlist"
no_ipv6 = true
end
if REMOTE_FAKEDNS == "1" then
ipset_flag = nil
end
end
local domain_list = s.domain_list or ""
for line in string.gmatch(domain_list, "[^\r\n]+") do
if line ~= "" and not line:find("#") and not line:find("regexp:") and not line:find("geosite:") and not line:find("ext:") then
if line:find("domain:") or line:find("full:") then
line = string.match(line, ":([^:]+)$")
end
add_excluded_domain(line)
if no_ipv6 then
set_domain_address(line, "#6")
end
set_domain_group(line, fwd_group)
set_domain_ipset(line, ipset_flag)
end
end
if _node_id ~= "_direct" then
log(string.format(" - V2ray/Xray分流规则(%s)使用分组:%s", s.remarks, fwd_group or "默认"))
end
end
end)
end
--如果没有使用回国模式
if not returnhome then
if fs.access("/usr/share/passwall/rules/gfwlist") then
local gfwlist_str = sys.exec('cat /usr/share/passwall/rules/gfwlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"')
for line in string.gmatch(gfwlist_str, "[^\r\n]+") do
if line ~= "" then
local ipset_flag = "#4:" .. setflag .. "gfwlist,#6:" .. setflag .. "gfwlist6"
if NO_PROXY_IPV6 == "1" then
ipset_flag = "#4:" .. setflag .. "gfwlist"
set_domain_address(line, "#6")
end
fwd_group = REMOTE_GROUP
if REMOTE_FAKEDNS == "1" then
ipset_flag = nil
end
set_domain_group(line, fwd_group)
set_domain_ipset(line, ipset_flag)
end
end
log(string.format(" - 防火墙域名表(gfwlist)使用分组:%s", fwd_group or "默认"))
end
if fs.access("/usr/share/passwall/rules/chnlist") and chnlist then
local chnlist_str = sys.exec('cat /usr/share/passwall/rules/chnlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"')
for line in string.gmatch(chnlist_str, "[^\r\n]+") do
if line ~= "" then
set_domain_group(line, LOCAL_GROUP)
set_domain_ipset(line, "#4:" .. setflag .. "chnroute,#6:" .. setflag .. "chnroute6")
end
end
end
log(string.format(" - 中国域名表(chnroute)使用分组:%s", LOCAL_GROUP or "默认"))
else
if fs.access("/usr/share/passwall/rules/chnlist") then
local chnlist_str = sys.exec('cat /usr/share/passwall/rules/chnlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"')
for line in string.gmatch(chnlist_str, "[^\r\n]+") do
if line ~= "" then
local ipset_flag = "#4:" .. setflag .. "chnroute,#6:" .. setflag .. "chnroute6"
if NO_PROXY_IPV6 == "1" then
ipset_flag = "#4:" .. setflag .. "chnroute"
set_domain_address(line, "#6")
end
set_domain_group(line, REMOTE_GROUP)
if REMOTE_FAKEDNS == "1" then
ipset_flag = nil
end
set_domain_ipset(line, ipset_flag)
end
end
log(string.format(" - 中国域名表(chnroute)使用分组:%s", REMOTE_GROUP or "默认"))
end
end
local f_out = io.open(CACHE_DNS_FILE, "a")
for key, value in pairs(list1) do
local group_str = ""
local ipset_str = ""
local speed_check_mode_str = ""
local address_str = ""
if value.group and #value.group > 0 then
group_str = group_str .. value.group
end
if group_str ~= "" then
group_str = " -n " .. group_str
end
if value.ipsets and #value.ipsets > 0 then
for i, ipset in ipairs(value.ipsets) do
ipset_str = ipset_str .. ipset .. ","
end
ipset_str = ipset_str:sub(1, #ipset_str - 1)
end
if ipset_str ~= "" then
ipset_str = " -p " .. ipset_str
end
if value.address and #value.address > 0 then
address_str = address_str .. value.address
end
if address_str ~= "" then
address_str = " -a " .. address_str
end
if value.speed_check_mode and #value.speed_check_mode > 0 then
speed_check_mode_str = value.speed_check_mode
end
if speed_check_mode_str ~= "" then
speed_check_mode_str = " -c " .. speed_check_mode_str
end
local str = string.format("domain-rules /%s/ %s%s%s%s\n", key, group_str, ipset_str, address_str, speed_check_mode_str)
f_out:write(str)
end
f_out:close()
f_out = io.open(CACHE_TEXT_FILE, "a")
f_out:write(new_text)
f_out:close()
end
fs.symlink(CACHE_DNS_FILE, SMARTDNS_CONF)
sys.call(string.format('echo "conf-file %s" >> /etc/smartdns/custom.conf', SMARTDNS_CONF))
log(" - 请让SmartDNS作为Dnsmasq的上游或重定向")

1
luci-app-passwall/root/usr/share/passwall/iptables.sh
View File

@ -1274,7 +1274,6 @@ flush_ipset() {
del_firewall_rule
destroy_ipset $IPSET_VPSIPLIST $IPSET_SHUNTLIST $IPSET_GFW $IPSET_CHN $IPSET_BLACKLIST $IPSET_BLOCKLIST $IPSET_WHITELIST $IPSET_LANIPLIST
destroy_ipset $IPSET_VPSIPLIST6 $IPSET_SHUNTLIST6 $IPSET_GFW6 $IPSET_CHN6 $IPSET_BLACKLIST6 $IPSET_BLOCKLIST6 $IPSET_WHITELIST6 $IPSET_LANIPLIST6
rm -rf /tmp/etc/passwall_tmp/smartdns*
rm -rf /tmp/etc/passwall_tmp/dnsmasq*
/etc/init.d/passwall reload
}

1
luci-app-passwall/root/usr/share/passwall/nftables.sh
View File

@ -1276,7 +1276,6 @@ flush_nftset() {
del_firewall_rule
destroy_nftset $NFTSET_VPSIPLIST $NFTSET_SHUNTLIST $NFTSET_GFW $NFTSET_CHN $NFTSET_BLACKLIST $NFTSET_BLOCKLIST $NFTSET_WHITELIST $NFTSET_LANIPLIST
destroy_nftset $NFTSET_VPSIPLIST6 $NFTSET_SHUNTLIST6 $NFTSET_GFW6 $NFTSET_CHN6 $NFTSET_BLACKLIST6 $NFTSET_BLOCKLIST6 $NFTSET_WHITELIST6 $NFTSET_LANIPLIST6
rm -rf /tmp/etc/passwall_tmp/smartdns*
rm -rf /tmp/etc/passwall_tmp/dnsmasq*
/etc/init.d/passwall reload
}