zhao/openwrt_helloworld
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

luci-app-passwall: sync upstream

Browse Source 
last commit: 7e403fb3c1
This commit is contained in:
gitea-action 2024-11-21 19:30:29 +08:00
parent fc086418e1
commit b7ca0c23d9
4 changed files with 94 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
View File

@ -54,9 +54,10 @@ o = s:option(Value, "remarks", translate("Remarks"))
o.default = arg[1] o.default = arg[1]
o.rmempty = true o.rmempty = true
o = s:option(Flag, "use_interface", translate("Use Interface With ACLs")) o = s:option(ListValue, "interface", translate("Source Interface"))
o.default = 0 o:value("", translate("All"))
o.rmempty = false local wa = require "luci.tools.webadmin"
wa.cbi_add_networks(o)
local mac_t = {} local mac_t = {}
sys.net.mac_hints(function(e, t) sys.net.mac_hints(function(e, t)
@ -78,17 +79,6 @@ table.sort(mac_t, function(a,b)
return false return false
end) end)
local device_list = {}
device_list = sys.net.devices()
table.sort(device_list)
interface = s:option(ListValue, "interface", translate("Source Interface"))
for k, name in ipairs(device_list) do
interface:value(name)
end
interface:depends({ use_interface = 1 })
---- Source ---- Source
sources = s:option(DynamicList, "sources", translate("Source")) sources = s:option(DynamicList, "sources", translate("Source"))
sources.description = "<ul><li>" .. translate("Example:") sources.description = "<ul><li>" .. translate("Example:")
@ -154,7 +144,6 @@ sources.validate = function(self, value, t)
return value return value
end end
sources.write = dynamicList_write sources.write = dynamicList_write
sources:depends({ use_interface = 0 })
---- TCP No Redir Ports ---- TCP No Redir Ports
local TCP_NO_REDIR_PORTS = uci:get(appname, "@global_forwarding[0]", "tcp_no_redir_ports") local TCP_NO_REDIR_PORTS = uci:get(appname, "@global_forwarding[0]", "tcp_no_redir_ports")

23
luci-app-passwall/root/usr/share/passwall/app.sh
View File

@ -1615,32 +1615,31 @@ acl_app() {
for item in $items; do for item in $items; do
sid=$(uci -q show "${CONFIG}.${item}" | grep "=acl_rule" | awk -F '=' '{print $1}' | awk -F '.' '{print $2}') sid=$(uci -q show "${CONFIG}.${item}" | grep "=acl_rule" | awk -F '=' '{print $1}' | awk -F '.' '{print $2}')
eval $(uci -q show "${CONFIG}.${item}" | cut -d'.' -sf 3-) eval $(uci -q show "${CONFIG}.${item}" | cut -d'.' -sf 3-)
[ "$enabled" = "1" ] || continue [ "$enabled" = "1" ] || continue
[ -z "${sources}" ] && [ -z "${interface}" ] && continue
for s in $sources; do for s in $sources; do
local s2
is_iprange=$(lua_api "iprange(\"${s}\")") is_iprange=$(lua_api "iprange(\"${s}\")")
if [ "${is_iprange}" = "true" ]; then if [ "${is_iprange}" = "true" ]; then
rule_list="${rule_list}\niprange:${s}" s2="iprange:${s}"
elif [ -n "$(echo ${s} | grep '^ipset:')" ]; then elif [ -n "$(echo ${s} | grep '^ipset:')" ]; then
rule_list="${rule_list}\nipset:${s}" s2="ipset:${s}"
else else
_ip_or_mac=$(lua_api "ip_or_mac(\"${s}\")") _ip_or_mac=$(lua_api "ip_or_mac(\"${s}\")")
if [ "${_ip_or_mac}" = "ip" ]; then if [ "${_ip_or_mac}" = "ip" ]; then
rule_list="${rule_list}\nip:${s}" s2="ip:${s}"
elif [ "${_ip_or_mac}" = "mac" ]; then elif [ "${_ip_or_mac}" = "mac" ]; then
rule_list="${rule_list}\nmac:${s}" s2="mac:${s}"
fi fi
fi fi
[ -n "${s2}" ] && source_list="${source_list}\n${s2}"
unset s2
done done
for i in $interface; do
interface_list="${interface_list}\n$i"
done
[ -z "${rule_list}" ] && [ -z "${interface_list}" ] && continue
mkdir -p $TMP_ACL_PATH/$sid mkdir -p $TMP_ACL_PATH/$sid
[ ! -z "${rule_list}" ] && echo -e "${rule_list}" | sed '/^$/d' > $TMP_ACL_PATH/$sid/rule_list [ ! -z "${source_list}" ] && echo -e "${source_list}" | sed '/^$/d' > $TMP_ACL_PATH/$sid/source_list
[ ! -z "${interface_list}" ] && echo -e "${interface_list}" | sed '/^$/d' > $TMP_ACL_PATH/$sid/interface_list
use_global_config=${use_global_config:-0} use_global_config=${use_global_config:-0}
tcp_node=${tcp_node:-nil} tcp_node=${tcp_node:-nil}
@ -1872,7 +1871,7 @@ acl_app() {
} }
[ -n "$redirect_dns_port" ] && echo "${redirect_dns_port}" > $TMP_ACL_PATH/$sid/var_redirect_dns_port [ -n "$redirect_dns_port" ] && echo "${redirect_dns_port}" > $TMP_ACL_PATH/$sid/var_redirect_dns_port
unset enabled sid remarks sources interface use_global_config tcp_node udp_node use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode filter_proxy_ipv6 dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip unset enabled sid remarks sources interface use_global_config tcp_node udp_node use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode filter_proxy_ipv6 dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip
unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port config_file _extra_param interface_list unset _ip _mac _iprange _ipset _ip_or_mac source_list tcp_port udp_port config_file _extra_param
unset _china_ng_listen _chinadns_local_dns _direct_dns_mode chinadns_ng_default_tag dnsmasq_filter_proxy_ipv6 unset _china_ng_listen _chinadns_local_dns _direct_dns_mode chinadns_ng_default_tag dnsmasq_filter_proxy_ipv6
unset redirect_dns_port unset redirect_dns_port
done done

67
luci-app-passwall/root/usr/share/passwall/iptables.sh
View File

@ -229,36 +229,51 @@ load_acl() {
udp_proxy_mode=${UDP_PROXY_MODE} udp_proxy_mode=${UDP_PROXY_MODE}
} }
_acl_list=${TMP_ACL_PATH}/${sid}/rule_list _acl_list=${TMP_ACL_PATH}/${sid}/source_list
[ "$use_interface" = "1" ] && _acl_list=${TMP_ACL_PATH}/${sid}/interface_list
for i in $(cat $_acl_list); do for i in $(cat $_acl_list); do
if [ "$use_interface" = "0" ]; then local _ipt_source
if [ -n "$(echo ${i} | grep '^iprange:')" ]; then local msg
_iprange=$(echo ${i} | sed 's#iprange:##g') if [ -n "${interface}" ]; then
_ipt_source=$(factor ${_iprange} "-m iprange --src-range") . /lib/functions/network.sh
msg="$remarksIP range【${_iprange}】," local gateway device
elif [ -n "$(echo ${i} | grep '^ipset:')" ]; then network_get_gateway gateway "${interface}"
_ipset=$(echo ${i} | sed 's#ipset:##g') network_get_device device "${interface}"
_ipt_source="-m set --match-set ${_ipset} src" [ -z "${device}" ] && device="${interface}"
msg="$remarksIPset【${_ipset}】," _ipt_source="-i ${device} "
elif [ -n "$(echo ${i} | grep '^ip:')" ]; then msg="源接口【${device}】,"
_ip=$(echo ${i} | sed 's#ip:##g') fi
_ipt_source=$(factor ${_ip} "-s") if [ -n "$(echo ${i} | grep '^iprange:')" ]; then
msg="$remarksIP【${_ip}】," _iprange=$(echo ${i} | sed 's#iprange:##g')
elif [ -n "$(echo ${i} | grep '^mac:')" ]; then _ipt_source=$(factor ${_iprange} "${_ipt_source}-m iprange --src-range")
_mac=$(echo ${i} | sed 's#mac:##g') msg="${msg}IP range【${_iprange}】,"
_ipt_source=$(factor ${_mac} "-m mac --mac-source") unset _iprange
msg="$remarksMAC【${_mac}】," elif [ -n "$(echo ${i} | grep '^ipset:')" ]; then
_ipset=$(echo ${i} | sed 's#ipset:##g')
msg="${msg}IPset【${_ipset}】,"
ipset -q list ${_ipset} >/dev/null
if [ $? -eq 0 ]; then
_ipt_source="${_ipt_source}-m set --match-set ${_ipset} src"
unset _ipset
else else
echolog " - 【$remarks】,${msg}不存在,忽略。"
unset _ipset
continue continue
fi fi
elif [ -n "$(echo ${i} | grep '^ip:')" ]; then
_ip=$(echo ${i} | sed 's#ip:##g')
_ipt_source=$(factor ${_ip} "${_ipt_source}-s")
msg="${msg}IP【${_ip}】,"
unset _ip
elif [ -n "$(echo ${i} | grep '^mac:')" ]; then
_mac=$(echo ${i} | sed 's#mac:##g')
_ipt_source=$(factor ${_mac} "${_ipt_source}-m mac --mac-source")
msg="${msg}MAC【${_mac}】,"
unset _mac
else else
[ -z "${i}" ] && continue continue
_ifname="${i}"
_ipt_source="-i $_ifname"
msg="$remarksIF【${_ifname}】,"
fi fi
msg="$remarks】,${msg}"
ipt_tmp=$ipt_n ipt_tmp=$ipt_n
[ -n "${is_tproxy}" ] && ipt_tmp=$ipt_m [ -n "${is_tproxy}" ] && ipt_tmp=$ipt_m
@ -420,10 +435,10 @@ load_acl() {
} }
$ip6t_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -j RETURN 2>/dev/null $ip6t_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -j RETURN 2>/dev/null
$ipt_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -j RETURN $ipt_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -j RETURN
unset ipt_tmp _ipt_source msg msg2
done done
unset enabled sid remarks sources use_global_config use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node use_interface interface unset enabled sid remarks sources use_global_config use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node interface
unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark _acl_list unset tcp_port udp_port tcp_node_remark udp_node_remark _acl_list
unset ipt_tmp msg msg2
done done
} }

68
luci-app-passwall/root/usr/share/passwall/nftables.sh
View File

@ -289,36 +289,44 @@ load_acl() {
udp_proxy_mode=${UDP_PROXY_MODE} udp_proxy_mode=${UDP_PROXY_MODE}
} }
_acl_list=${TMP_ACL_PATH}/${sid}/rule_list _acl_list=${TMP_ACL_PATH}/${sid}/source_list
[ "$use_interface" = "1" ] && _acl_list=${TMP_ACL_PATH}/${sid}/interface_list
for i in $(cat $_acl_list); do for i in $(cat $_acl_list); do
if [ "$use_interface" = "0" ]; then local _ipt_source
if [ -n "$(echo ${i} | grep '^iprange:')" ]; then local msg
_iprange=$(echo ${i} | sed 's#iprange:##g') if [ -n "${interface}" ]; then
_ipt_source=$(factor ${_iprange} "ip saddr") . /lib/functions/network.sh
msg="$remarksIP range【${_iprange}】," local gateway device
elif [ -n "$(echo ${i} | grep '^ipset:')" ]; then network_get_gateway gateway "${interface}"
_ipset=$(echo ${i} | sed 's#ipset:##g') network_get_device device "${interface}"
_ipt_source="ip daddr @${_ipset}" [ -z "${device}" ] && device="${interface}"
msg="$remarksNFTset【${_ipset}】," _ipt_source="iifname ${device} "
elif [ -n "$(echo ${i} | grep '^ip:')" ]; then msg="源接口【${device}】,"
_ip=$(echo ${i} | sed 's#ip:##g')
_ipt_source=$(factor ${_ip} "ip saddr")
msg="$remarksIP【${_ip}】,"
elif [ -n "$(echo ${i} | grep '^mac:')" ]; then
_mac=$(echo ${i} | sed 's#mac:##g')
_ipt_source=$(factor ${_mac} "ether saddr")
msg="$remarksMAC【${_mac}】,"
else
continue
fi
else
[ -z "${i}" ] && continue
_ifname="${i}"
_ipt_source="iifname $_ifname"
msg="$remarksIF【${_ifname}】,"
fi fi
if [ -n "$(echo ${i} | grep '^iprange:')" ]; then
_iprange=$(echo ${i} | sed 's#iprange:##g')
_ipt_source=$(factor ${_iprange} "${_ipt_source}ip saddr")
msg="${msg}IP range【${_iprange}】,"
unset _iprange
elif [ -n "$(echo ${i} | grep '^ipset:')" ]; then
_ipset=$(echo ${i} | sed 's#ipset:##g')
_ipt_source="${_ipt_source}ip daddr @${_ipset}"
msg="${msg}NFTset【${_ipset}】,"
unset _ipset
elif [ -n "$(echo ${i} | grep '^ip:')" ]; then
_ip=$(echo ${i} | sed 's#ip:##g')
_ipt_source=$(factor ${_ip} "${_ipt_source}ip saddr")
msg="${msg}IP【${_ip}】,"
unset _ip
elif [ -n "$(echo ${i} | grep '^mac:')" ]; then
_mac=$(echo ${i} | sed 's#mac:##g')
_ipt_source=$(factor ${_mac} "${_ipt_source}ether saddr")
msg="${msg}MAC【${_mac}】,"
unset _mac
else
continue
fi
msg="$remarks】,${msg}"
[ "$tcp_no_redir_ports" != "disable" ] && { [ "$tcp_no_redir_ports" != "disable" ] && {
if [ "$tcp_no_redir_ports" != "1:65535" ]; then if [ "$tcp_no_redir_ports" != "1:65535" ]; then
@ -482,10 +490,10 @@ load_acl() {
} }
nft "add rule $NFTABLE_NAME PSW_MANGLE ip protocol udp ${_ipt_source} counter return comment \"$remarks\"" nft "add rule $NFTABLE_NAME PSW_MANGLE ip protocol udp ${_ipt_source} counter return comment \"$remarks\""
nft "add rule $NFTABLE_NAME PSW_MANGLE_V6 meta l4proto udp ${_ipt_source} counter return comment \"$remarks\"" 2>/dev/null nft "add rule $NFTABLE_NAME PSW_MANGLE_V6 meta l4proto udp ${_ipt_source} counter return comment \"$remarks\"" 2>/dev/null
unset _ipt_source msg msg2
done done
unset enabled sid remarks sources use_global_config use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node use_interface interface unset enabled sid remarks sources use_global_config use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node interface
unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark _acl_list _ifname unset tcp_port udp_port tcp_node_remark udp_node_remark _acl_list
unset msg msg2
done done
} }