gitea-action
parent
2e69e6d2b8
commit
a96b72705c
@ -5,8 +5,8 @@
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=luci-app-passwall2
|
||||
PKG_VERSION:=24.12.12
|
||||
PKG_RELEASE:=2
|
||||
PKG_VERSION:=24.12.14
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_CONFIG_DEPENDS:= \
|
||||
CONFIG_PACKAGE_$(PKG_NAME)_Iptables_Transparent_Proxy \
|
||||
|
||||
@ -996,6 +996,7 @@ run_copy_dnsmasq() {
|
||||
sed -i "/conf-dir/d" $dnsmasq_conf
|
||||
sed -i "/no-poll/d" $dnsmasq_conf
|
||||
sed -i "/no-resolv/d" $dnsmasq_conf
|
||||
sed -i "/server=/d" $dnsmasq_conf
|
||||
}
|
||||
local set_type="ipset"
|
||||
[ "${nftflag}" = "1" ] && {
|
||||
@ -1010,6 +1011,7 @@ run_copy_dnsmasq() {
|
||||
no-poll
|
||||
no-resolv
|
||||
EOF
|
||||
awk '!seen[$0]++' $dnsmasq_conf > /tmp/dnsmasq.tmp && mv /tmp/dnsmasq.tmp $dnsmasq_conf
|
||||
node_servers=$(uci show "${CONFIG}" | grep -E "(.address=|.download_address=)" | cut -d "'" -f 2)
|
||||
hosts_foreach "node_servers" host_from_url | grep '[a-zA-Z]$' | sort -u | grep -v "engage.cloudflareclient.com" | gen_dnsmasq_items settype="${set_type}" setnames="${setflag_4}passwall2_vpslist,${setflag_6}passwall2_vpslist6" dnss="${LOCAL_DNS:-${AUTO_DNS}}" outf="${dnsmasq_conf_path}/10-vpslist_host.conf" ipsetoutf="${dnsmasq_conf_path}/ipset.conf"
|
||||
ln_run "$(first_type dnsmasq)" "dnsmasq_${flag}" "/dev/null" -C $dnsmasq_conf -x $TMP_ACL_PATH/$flag/dnsmasq.pid
|
||||
@ -1211,6 +1213,13 @@ start() {
|
||||
[ "$(expr $dnsmasq_version \>= 2.90)" == 0 ] && echolog "Dnsmasq版本低于2.90,建议升级至2.90及以上版本以避免部分情况下Dnsmasq崩溃问题!"
|
||||
}
|
||||
|
||||
if [ "$ENABLED_DEFAULT_ACL" == 1 ] || [ "$ENABLED_ACLS" == 1 ]; then
|
||||
[ "$(uci -q get dhcp.@dnsmasq[0].dns_redirect)" == "1" ] && {
|
||||
uci -q set dhcp.@dnsmasq[0].dns_redirect='0' 2>/dev/null
|
||||
uci commit dhcp 2>/dev/null
|
||||
/etc/init.d/dnsmasq restart >/dev/null 2>&1
|
||||
}
|
||||
fi
|
||||
[ "$ENABLED_DEFAULT_ACL" == 1 ] && run_global
|
||||
[ -n "$USE_TABLES" ] && source $APP_PATH/${USE_TABLES}.sh start
|
||||
if [ "$ENABLED_DEFAULT_ACL" == 1 ] || [ "$ENABLED_ACLS" == 1 ]; then
|
||||
|
||||
@ -387,16 +387,16 @@ load_acl() {
|
||||
|
||||
if ([ "$tcp_proxy_mode" != "disable" ] || [ "$udp_proxy_mode" != "disable" ]) && [ -n "$redir_port" ]; then
|
||||
[ -n "$dns_redirect_port" ] && {
|
||||
$ipt_n -A PSW2_REDIRECT $(comment "$remarks") -p udp ${_ipt_source} --dport 53 -j REDIRECT --to-ports $dns_redirect_port
|
||||
$ip6t_n -A PSW2_REDIRECT $(comment "$remarks") -p udp ${_ipt_source} --dport 53 -j REDIRECT --to-ports $dns_redirect_port 2>/dev/null
|
||||
$ipt_n -A PSW2_REDIRECT $(comment "$remarks") -p tcp ${_ipt_source} --dport 53 -j REDIRECT --to-ports $dns_redirect_port
|
||||
$ip6t_n -A PSW2_REDIRECT $(comment "$remarks") -p tcp ${_ipt_source} --dport 53 -j REDIRECT --to-ports $dns_redirect_port 2>/dev/null
|
||||
$ipt_n -A PSW2_DNS $(comment "$remarks") -p udp ${_ipt_source} --dport 53 -j REDIRECT --to-ports $dns_redirect_port
|
||||
$ip6t_n -A PSW2_DNS $(comment "$remarks") -p udp ${_ipt_source} --dport 53 -j REDIRECT --to-ports $dns_redirect_port 2>/dev/null
|
||||
$ipt_n -A PSW2_DNS $(comment "$remarks") -p tcp ${_ipt_source} --dport 53 -j REDIRECT --to-ports $dns_redirect_port
|
||||
$ip6t_n -A PSW2_DNS $(comment "$remarks") -p tcp ${_ipt_source} --dport 53 -j REDIRECT --to-ports $dns_redirect_port 2>/dev/null
|
||||
}
|
||||
else
|
||||
$ipt_n -A PSW2_REDIRECT $(comment "$remarks") -p udp ${_ipt_source} --dport 53 -j RETURN
|
||||
$ip6t_n -A PSW2_REDIRECT $(comment "$remarks") -p udp ${_ipt_source} --dport 53 -j RETURN 2>/dev/null
|
||||
$ipt_n -A PSW2_REDIRECT $(comment "$remarks") -p tcp ${_ipt_source} --dport 53 -j RETURN
|
||||
$ip6t_n -A PSW2_REDIRECT $(comment "$remarks") -p tcp ${_ipt_source} --dport 53 -j RETURN 2>/dev/null
|
||||
$ipt_n -A PSW2_DNS $(comment "$remarks") -p udp ${_ipt_source} --dport 53 -j RETURN
|
||||
$ip6t_n -A PSW2_DNS $(comment "$remarks") -p udp ${_ipt_source} --dport 53 -j RETURN 2>/dev/null
|
||||
$ipt_n -A PSW2_DNS $(comment "$remarks") -p tcp ${_ipt_source} --dport 53 -j RETURN
|
||||
$ip6t_n -A PSW2_DNS $(comment "$remarks") -p tcp ${_ipt_source} --dport 53 -j RETURN 2>/dev/null
|
||||
fi
|
||||
|
||||
[ "$tcp_proxy_mode" != "disable" ] && [ -n "$redir_port" ] && {
|
||||
@ -492,10 +492,10 @@ load_acl() {
|
||||
|
||||
if ([ "$TCP_PROXY_MODE" != "disable" ] || [ "$UDP_PROXY_MODE" != "disable" ]) && [ "$NODE" != "nil" ]; then
|
||||
[ -n "$DNS_REDIRECT_PORT" ] && {
|
||||
$ipt_n -A PSW2_REDIRECT $(comment "默认") -p udp --dport 53 -j REDIRECT --to-ports $DNS_REDIRECT_PORT
|
||||
$ip6t_n -A PSW2_REDIRECT $(comment "默认") -p udp --dport 53 -j REDIRECT --to-ports $DNS_REDIRECT_PORT 2>/dev/null
|
||||
$ipt_n -A PSW2_REDIRECT $(comment "默认") -p tcp --dport 53 -j REDIRECT --to-ports $DNS_REDIRECT_PORT
|
||||
$ip6t_n -A PSW2_REDIRECT $(comment "默认") -p tcp --dport 53 -j REDIRECT --to-ports $DNS_REDIRECT_PORT 2>/dev/null
|
||||
$ipt_n -A PSW2_DNS $(comment "默认") -p udp --dport 53 -j REDIRECT --to-ports $DNS_REDIRECT_PORT
|
||||
$ip6t_n -A PSW2_DNS $(comment "默认") -p udp --dport 53 -j REDIRECT --to-ports $DNS_REDIRECT_PORT 2>/dev/null
|
||||
$ipt_n -A PSW2_DNS $(comment "默认") -p tcp --dport 53 -j REDIRECT --to-ports $DNS_REDIRECT_PORT
|
||||
$ip6t_n -A PSW2_DNS $(comment "默认") -p tcp --dport 53 -j REDIRECT --to-ports $DNS_REDIRECT_PORT 2>/dev/null
|
||||
}
|
||||
fi
|
||||
|
||||
@ -763,8 +763,8 @@ add_firewall_rule() {
|
||||
$ipt_n -A PSW2_OUTPUT $(dst $IPSET_VPSLIST) -j RETURN
|
||||
$ipt_n -A PSW2_OUTPUT -m mark --mark 0xff -j RETURN
|
||||
|
||||
$ipt_n -N PSW2_REDIRECT
|
||||
$ipt_n -I PREROUTING 1 -j PSW2_REDIRECT
|
||||
$ipt_n -N PSW2_DNS
|
||||
$ipt_n -I PREROUTING 1 -j PSW2_DNS
|
||||
|
||||
$ipt_m -N PSW2_DIVERT
|
||||
$ipt_m -A PSW2_DIVERT -j MARK --set-mark 1
|
||||
@ -815,8 +815,8 @@ add_firewall_rule() {
|
||||
$ip6t_n -A PSW2_OUTPUT -m mark --mark 0xff -j RETURN
|
||||
}
|
||||
|
||||
$ip6t_n -N PSW2_REDIRECT
|
||||
$ip6t_n -I PREROUTING 1 -j PSW2_REDIRECT
|
||||
$ip6t_n -N PSW2_DNS
|
||||
$ip6t_n -I PREROUTING 1 -j PSW2_DNS
|
||||
|
||||
$ip6t_m -N PSW2_DIVERT
|
||||
$ip6t_m -A PSW2_DIVERT -j MARK --set-mark 1
|
||||
@ -1007,7 +1007,7 @@ del_firewall_rule() {
|
||||
$ipt -D $chain $index 2>/dev/null
|
||||
done
|
||||
done
|
||||
for chain in "PSW2" "PSW2_OUTPUT" "PSW2_DIVERT" "PSW2_REDIRECT" "PSW2_RULE"; do
|
||||
for chain in "PSW2" "PSW2_OUTPUT" "PSW2_DIVERT" "PSW2_DNS" "PSW2_RULE"; do
|
||||
$ipt -F $chain 2>/dev/null
|
||||
$ipt -X $chain 2>/dev/null
|
||||
done
|
||||
|
||||
@ -432,16 +432,16 @@ load_acl() {
|
||||
|
||||
if ([ "$tcp_proxy_mode" != "disable" ] || [ "$udp_proxy_mode" != "disable" ]) && [ -n "$redir_port" ]; then
|
||||
[ -n "$dns_redirect_port" ] && {
|
||||
nft "add rule $NFTABLE_NAME PSW2_REDIRECT ip protocol udp ${_ipt_source} udp dport 53 counter redirect to :$dns_redirect_port comment \"$remarks\""
|
||||
nft "add rule $NFTABLE_NAME PSW2_REDIRECT ip protocol tcp ${_ipt_source} tcp dport 53 counter redirect to :$dns_redirect_port comment \"$remarks\""
|
||||
nft "add rule $NFTABLE_NAME PSW2_REDIRECT meta l4proto udp ${_ipt_source} udp dport 53 counter redirect to :$dns_redirect_port comment \"$remarks\""
|
||||
nft "add rule $NFTABLE_NAME PSW2_REDIRECT meta l4proto tcp ${_ipt_source} tcp dport 53 counter redirect to :$dns_redirect_port comment \"$remarks\""
|
||||
nft "add rule $NFTABLE_NAME PSW2_DNS ip protocol udp ${_ipt_source} udp dport 53 counter redirect to :$dns_redirect_port comment \"$remarks\""
|
||||
nft "add rule $NFTABLE_NAME PSW2_DNS ip protocol tcp ${_ipt_source} tcp dport 53 counter redirect to :$dns_redirect_port comment \"$remarks\""
|
||||
nft "add rule $NFTABLE_NAME PSW2_DNS meta l4proto udp ${_ipt_source} udp dport 53 counter redirect to :$dns_redirect_port comment \"$remarks\""
|
||||
nft "add rule $NFTABLE_NAME PSW2_DNS meta l4proto tcp ${_ipt_source} tcp dport 53 counter redirect to :$dns_redirect_port comment \"$remarks\""
|
||||
}
|
||||
else
|
||||
nft "add rule $NFTABLE_NAME PSW2_REDIRECT ip protocol udp ${_ipt_source} udp dport 53 counter return comment \"$remarks\""
|
||||
nft "add rule $NFTABLE_NAME PSW2_REDIRECT ip protocol tcp ${_ipt_source} tcp dport 53 counter return comment \"$remarks\""
|
||||
nft "add rule $NFTABLE_NAME PSW2_REDIRECT meta l4proto udp ${_ipt_source} udp dport 53 counter return comment \"$remarks\""
|
||||
nft "add rule $NFTABLE_NAME PSW2_REDIRECT meta l4proto tcp ${_ipt_source} tcp dport 53 counter return comment \"$remarks\""
|
||||
nft "add rule $NFTABLE_NAME PSW2_DNS ip protocol udp ${_ipt_source} udp dport 53 counter return comment \"$remarks\""
|
||||
nft "add rule $NFTABLE_NAME PSW2_DNS ip protocol tcp ${_ipt_source} tcp dport 53 counter return comment \"$remarks\""
|
||||
nft "add rule $NFTABLE_NAME PSW2_DNS meta l4proto udp ${_ipt_source} udp dport 53 counter return comment \"$remarks\""
|
||||
nft "add rule $NFTABLE_NAME PSW2_DNS meta l4proto tcp ${_ipt_source} tcp dport 53 counter return comment \"$remarks\""
|
||||
fi
|
||||
|
||||
[ "$tcp_proxy_mode" != "disable" ] && [ -n "$redir_port" ] && {
|
||||
@ -539,10 +539,10 @@ load_acl() {
|
||||
|
||||
if ([ "$TCP_PROXY_MODE" != "disable" ] || [ "$UDP_PROXY_MODE" != "disable" ]) && [ "$NODE" != "nil" ]; then
|
||||
[ -n "$DNS_REDIRECT_PORT" ] && {
|
||||
nft "add rule $NFTABLE_NAME PSW2_REDIRECT ip protocol udp udp dport 53 counter redirect to :$DNS_REDIRECT_PORT comment \"默认\""
|
||||
nft "add rule $NFTABLE_NAME PSW2_REDIRECT ip protocol tcp tcp dport 53 counter redirect to :$DNS_REDIRECT_PORT comment \"默认\""
|
||||
nft "add rule $NFTABLE_NAME PSW2_REDIRECT meta l4proto udp udp dport 53 counter redirect to :$DNS_REDIRECT_PORT comment \"默认\""
|
||||
nft "add rule $NFTABLE_NAME PSW2_REDIRECT meta l4proto tcp tcp dport 53 counter redirect to :$DNS_REDIRECT_PORT comment \"默认\""
|
||||
nft "add rule $NFTABLE_NAME PSW2_DNS ip protocol udp udp dport 53 counter redirect to :$DNS_REDIRECT_PORT comment \"默认\""
|
||||
nft "add rule $NFTABLE_NAME PSW2_DNS ip protocol tcp tcp dport 53 counter redirect to :$DNS_REDIRECT_PORT comment \"默认\""
|
||||
nft "add rule $NFTABLE_NAME PSW2_DNS meta l4proto udp udp dport 53 counter redirect to :$DNS_REDIRECT_PORT comment \"默认\""
|
||||
nft "add rule $NFTABLE_NAME PSW2_DNS meta l4proto tcp tcp dport 53 counter redirect to :$DNS_REDIRECT_PORT comment \"默认\""
|
||||
}
|
||||
fi
|
||||
|
||||
@ -806,9 +806,9 @@ add_firewall_rule() {
|
||||
nft "flush chain $NFTABLE_NAME PSW2_DIVERT"
|
||||
nft "add rule $NFTABLE_NAME PSW2_DIVERT meta l4proto tcp socket transparent 1 mark set 1 counter accept"
|
||||
|
||||
nft "add chain $NFTABLE_NAME PSW2_REDIRECT"
|
||||
nft "flush chain $NFTABLE_NAME PSW2_REDIRECT"
|
||||
nft "add rule $NFTABLE_NAME dstnat jump PSW2_REDIRECT"
|
||||
nft "add chain $NFTABLE_NAME PSW2_DNS"
|
||||
nft "flush chain $NFTABLE_NAME PSW2_DNS"
|
||||
nft "insert rule $NFTABLE_NAME dstnat jump PSW2_DNS"
|
||||
|
||||
# for ipv4 ipv6 tproxy mark
|
||||
nft "add chain $NFTABLE_NAME PSW2_RULE"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user