zhao/openwrt_helloworld
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

luci-app-passwall: sync upstream

Browse Source 
last commit: c14a0544b7
This commit is contained in:
gitea-action 2024-11-14 23:30:23 +08:00
parent b302eb1c61
commit a699a82434
2 changed files with 54 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
luci-app-passwall/root/usr/share/passwall/iptables.sh
View File

@ -743,26 +743,31 @@ add_firewall_rule() {
ipset -! create $IPSET_BLOCKLIST6 nethash family inet6 maxelem 1048576 timeout 172800 ipset -! create $IPSET_BLOCKLIST6 nethash family inet6 maxelem 1048576 timeout 172800
#分流规则的IP列表 #分流规则的IP列表
local node_protocol=$(config_n_get $TCP_NODE protocol) process_shunt_rules() {
if [ "$node_protocol" = "_shunt" ]; then local _node=$1
local default_node_id=$(config_n_get $TCP_NODE default_node "_direct") local node_protocol=$(config_n_get $_node protocol)
local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}') if [ "$node_protocol" = "_shunt" ]; then
for shunt_id in $shunt_ids; do local default_node_id=$(config_n_get $_node default_node "_direct")
local _node_id=$(config_n_get $TCP_NODE $shunt_id "nil") local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
[ "$_node_id" != "nil" ] && { for shunt_id in $shunt_ids; do
[ "$_node_id" = "_default" ] && _node_id=$default_node_id local _node_id=$(config_n_get $_node $shunt_id "nil")
if [ "$_node_id" = "_direct" ]; then [ "$_node_id" != "nil" ] && {
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_WHITELIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R [ "$_node_id" = "_default" ] && _node_id=$default_node_id
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_WHITELIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R if [ "$_node_id" = "_direct" ]; then
else config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_WHITELIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_SHUNTLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_WHITELIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
[ "$PROXY_IPV6" = "1" ] && { else
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_SHUNTLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_SHUNTLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
} [ "$PROXY_IPV6" = "1" ] && {
fi config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_SHUNTLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
} }
done fi
fi }
done
fi
}
[ "$TCP_NODE" ] && process_shunt_rules $TCP_NODE
[ "$UDP_NODE" ] && [ "$TCP_UDP" = "0" ] && process_shunt_rules $UDP_NODE
cat $RULES_PATH/chnroute | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R cat $RULES_PATH/chnroute | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/proxy_ip | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLACKLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R cat $RULES_PATH/proxy_ip | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLACKLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
@ -1228,7 +1233,7 @@ del_firewall_rule() {
destroy_ipset $IPSET_LANLIST destroy_ipset $IPSET_LANLIST
destroy_ipset $IPSET_VPSLIST destroy_ipset $IPSET_VPSLIST
#destroy_ipset $IPSET_SHUNTLIST destroy_ipset $IPSET_SHUNTLIST
#destroy_ipset $IPSET_GFW #destroy_ipset $IPSET_GFW
#destroy_ipset $IPSET_CHN #destroy_ipset $IPSET_CHN
#destroy_ipset $IPSET_BLACKLIST #destroy_ipset $IPSET_BLACKLIST
@ -1237,7 +1242,7 @@ del_firewall_rule() {
destroy_ipset $IPSET_LANLIST6 destroy_ipset $IPSET_LANLIST6
destroy_ipset $IPSET_VPSLIST6 destroy_ipset $IPSET_VPSLIST6
#destroy_ipset $IPSET_SHUNTLIST6 destroy_ipset $IPSET_SHUNTLIST6
#destroy_ipset $IPSET_GFW6 #destroy_ipset $IPSET_GFW6
#destroy_ipset $IPSET_CHN6 #destroy_ipset $IPSET_CHN6
#destroy_ipset $IPSET_BLACKLIST6 #destroy_ipset $IPSET_BLACKLIST6

49
luci-app-passwall/root/usr/share/passwall/nftables.sh
View File

@ -829,26 +829,31 @@ add_firewall_rule() {
gen_nftset $NFTSET_SHUNTLIST6 ipv6_addr "2d" 0 gen_nftset $NFTSET_SHUNTLIST6 ipv6_addr "2d" 0
#分流规则的IP列表 #分流规则的IP列表
local node_protocol=$(config_n_get $TCP_NODE protocol) process_shunt_rules() {
if [ "$node_protocol" = "_shunt" ]; then local _node=$1
local default_node_id=$(config_n_get $TCP_NODE default_node "_direct") local node_protocol=$(config_n_get $_node protocol)
local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}') if [ "$node_protocol" = "_shunt" ]; then
for shunt_id in $shunt_ids; do local default_node_id=$(config_n_get $_node default_node "_direct")
local _node_id=$(config_n_get $TCP_NODE $shunt_id "nil") local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
[ "$_node_id" != "nil" ] && { for shunt_id in $shunt_ids; do
[ "$_node_id" = "_default" ] && _node_id=$default_node_id local _node_id=$(config_n_get $_node $shunt_id "nil")
if [ "$_node_id" = "_direct" ]; then [ "$_node_id" != "nil" ] && {
insert_nftset $NFTSET_WHITELIST "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}") [ "$_node_id" = "_default" ] && _node_id=$default_node_id
insert_nftset $NFTSET_WHITELIST6 "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") if [ "$_node_id" = "_direct" ]; then
else insert_nftset $NFTSET_WHITELIST "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
insert_nftset $NFTSET_SHUNTLIST "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}") insert_nftset $NFTSET_WHITELIST6 "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
[ "$PROXY_IPV6" = "1" ] && { else
insert_nftset $NFTSET_SHUNTLIST6 "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") insert_nftset $NFTSET_SHUNTLIST "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
} [ "$PROXY_IPV6" = "1" ] && {
fi insert_nftset $NFTSET_SHUNTLIST6 "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
} }
done fi
fi }
done
fi
}
[ "$TCP_NODE" ] && process_shunt_rules $TCP_NODE
[ "$UDP_NODE" ] && [ "$TCP_UDP" = "0" ] && process_shunt_rules $UDP_NODE
# 忽略特殊IP段 # 忽略特殊IP段
local lan_ifname lan_ip local lan_ifname lan_ip
@ -1295,7 +1300,7 @@ del_firewall_rule() {
destroy_nftset $NFTSET_LANLIST destroy_nftset $NFTSET_LANLIST
destroy_nftset $NFTSET_VPSLIST destroy_nftset $NFTSET_VPSLIST
#destroy_nftset $NFTSET_SHUNTLIST destroy_nftset $NFTSET_SHUNTLIST
#destroy_nftset $NFTSET_GFW #destroy_nftset $NFTSET_GFW
#destroy_nftset $NFTSET_CHN #destroy_nftset $NFTSET_CHN
#destroy_nftset $NFTSET_BLACKLIST #destroy_nftset $NFTSET_BLACKLIST
@ -1304,7 +1309,7 @@ del_firewall_rule() {
destroy_nftset $NFTSET_LANLIST6 destroy_nftset $NFTSET_LANLIST6
destroy_nftset $NFTSET_VPSLIST6 destroy_nftset $NFTSET_VPSLIST6
#destroy_nftset $NFTSET_SHUNTLIST6 destroy_nftset $NFTSET_SHUNTLIST6
#destroy_nftset $NFTSET_GFW6 #destroy_nftset $NFTSET_GFW6
#destroy_nftset $NFTSET_CHN6 #destroy_nftset $NFTSET_CHN6
#destroy_nftset $NFTSET_BLACKLIST6 #destroy_nftset $NFTSET_BLACKLIST6