zhao/openwrt_helloworld
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

luci: optimize code

Browse Source
This commit is contained in:
xiaorouji 2022-04-28 02:51:45 +08:00 committed by sbwml
parent d23ea8d68c
commit be1b8e8c51
11 changed files with 344 additions and 389 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
luci-app-passwall/luasrc/controller/passwall.lua
View File

@ -181,7 +181,7 @@ end
function status() function status()
-- local dns_mode = ucic:get(appname, "@global[0]", "dns_mode") -- local dns_mode = ucic:get(appname, "@global[0]", "dns_mode")
local e = {} local e = {}
e.dns_mode_status = luci.sys.call("netstat -apn | grep ':7913 ' >/dev/null") == 0 e.dns_mode_status = luci.sys.call("netstat -apn | grep ':15353 ' >/dev/null") == 0
e.haproxy_status = luci.sys.call(string.format("/bin/top -bn1 | grep -v grep | grep '%s/bin/' | grep haproxy >/dev/null", appname)) == 0 e.haproxy_status = luci.sys.call(string.format("/bin/top -bn1 | grep -v grep | grep '%s/bin/' | grep haproxy >/dev/null", appname)) == 0
e["tcp_node_status"] = luci.sys.call(string.format("/bin/top -bn1 | grep -v -E 'grep|acl/|acl_' | grep '%s/bin/' | grep -i 'TCP' >/dev/null", appname)) == 0 e["tcp_node_status"] = luci.sys.call(string.format("/bin/top -bn1 | grep -v -E 'grep|acl/|acl_' | grep '%s/bin/' | grep -i 'TCP' >/dev/null", appname)) == 0

8
luci-app-passwall/luasrc/model/cbi/passwall/api/api.lua
View File

@ -206,6 +206,14 @@ function iprange(val)
return false return false
end end
function get_domain_from_url(url)
local domain = string.match(url, "//([^/]+)")
if domain then
return domain
end
return url
end
function get_valid_nodes() function get_valid_nodes()
local nodes_ping = uci_get_type("global_other", "nodes_ping") or "" local nodes_ping = uci_get_type("global_other", "nodes_ping") or ""
local nodes = {} local nodes = {}

318
luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray.lua
View File

@ -19,16 +19,17 @@ local local_http_port = var["-local_http_port"]
local local_http_username = var["-local_http_username"] local local_http_username = var["-local_http_username"]
local local_http_password = var["-local_http_password"] local local_http_password = var["-local_http_password"]
local dns_listen_port = var["-dns_listen_port"] local dns_listen_port = var["-dns_listen_port"]
local dns_server = var["-dns_server"]
local dns_tcp_server = var["-dns_tcp_server"]
local dns_cache = var["-dns_cache"]
local doh_url = var["-doh_url"]
local doh_host = var["-doh_host"]
local dns_client_ip = var["-dns_client_ip"]
local dns_query_strategy = var["-dns_query_strategy"] local dns_query_strategy = var["-dns_query_strategy"]
local remote_dns_server = var["-remote_dns_server"]
local remote_dns_port = var["-remote_dns_port"]
local remote_dns_tcp_server = var["-remote_dns_tcp_server"]
local remote_dns_doh_url = var["-remote_dns_doh_url"]
local remote_dns_doh_host = var["-remote_dns_doh_host"]
local remote_dns_fake = var["-remote_dns_fake"]
local dns_cache = var["-dns_cache"]
local dns_client_ip = var["-dns_client_ip"]
local dns_socks_address = var["-dns_socks_address"] local dns_socks_address = var["-dns_socks_address"]
local dns_socks_port = var["-dns_socks_port"] local dns_socks_port = var["-dns_socks_port"]
local dns_fakedns = var["-dns_fakedns"]
local loglevel = var["-loglevel"] or "warning" local loglevel = var["-loglevel"] or "warning"
local new_port local new_port
@ -291,59 +292,33 @@ if node_id then
table.insert(inbounds, inbound) table.insert(inbounds, inbound)
end end
if tcp_redir_port then if tcp_redir_port or udp_redir_port then
table.insert(inbounds, { local inbound = {
port = tonumber(tcp_redir_port),
protocol = "dokodemo-door", protocol = "dokodemo-door",
settings = {network = "tcp", followRedirect = true}, settings = {network = "tcp,udp", followRedirect = true},
streamSettings = {sockopt = {tproxy = tcp_proxy_way}},
sniffing = {enabled = sniffing and true or false, destOverride = {"http", "tls", (dns_fakedns) and "fakedns"}, metadataOnly = false, routeOnly = route_only and true or nil, domainsExcluded = (sniffing and not route_only) and get_domain_excluded() or nil}
})
end
if udp_redir_port then
table.insert(inbounds, {
port = tonumber(udp_redir_port),
protocol = "dokodemo-door",
settings = {network = "udp", followRedirect = true},
streamSettings = {sockopt = {tproxy = "tproxy"}}, streamSettings = {sockopt = {tproxy = "tproxy"}},
sniffing = {enabled = sniffing and true or false, destOverride = {"http", "tls", (dns_fakedns) and "fakedns"}, metadataOnly = false, routeOnly = route_only and true or nil, domainsExcluded = (sniffing and not route_only) and get_domain_excluded() or nil} sniffing = {enabled = sniffing and true or false, destOverride = {"http", "tls", (remote_dns_fake) and "fakedns"}, metadataOnly = false, routeOnly = route_only and true or nil, domainsExcluded = (sniffing and not route_only) and get_domain_excluded() or nil}
}) }
end
if tcp_redir_port then
local tcp_inbound = api.clone(inbound)
tcp_inbound.tag = "tcp_redir"
tcp_inbound.settings.network = "tcp"
tcp_inbound.port = tonumber(tcp_redir_port)
tcp_inbound.streamSettings.sockopt.tproxy = tcp_proxy_way
table.insert(inbounds, tcp_inbound)
end
local up_trust_doh = uci:get(appname, "@global[0]", "up_trust_doh") if udp_redir_port then
if up_trust_doh then local udp_inbound = api.clone(inbound)
local t = {} udp_inbound.tag = "udp_redir"
string.gsub(up_trust_doh, '[^' .. "," .. ']+', function (w) udp_inbound.settings.network = "udp"
table.insert(t, w) udp_inbound.port = tonumber(udp_redir_port)
end) table.insert(inbounds, udp_inbound)
if #t > 1 then
local host = sys.exec("echo -n $(echo " .. t[1] .. " | sed 's/https:\\/\\///g' | awk -F ':' '{print $1}' | awk -F '/' '{print $1}')")
dns = {
hosts = {
[host] = t[2]
}
}
end end
end end
if node.protocol == "_shunt" then if node.protocol == "_shunt" then
table.insert(outbounds, {
protocol = "freedom",
tag = "direct",
settings = {
domainStrategy = "UseIPv4"
},
streamSettings = {
sockopt = {
mark = 255
}
}
})
table.insert(outbounds, {
protocol = "blackhole",
tag = "blackhole"
})
local rules = {} local rules = {}
local default_node_id = node.default_node or "_direct" local default_node_id = node.default_node or "_direct"
@ -545,55 +520,64 @@ if node_id then
end end
end end
if dns_server or dns_fakedns then if remote_dns_server or remote_dns_doh_url or remote_dns_fake then
table.insert(outbounds, {
protocol = "dns",
tag = "dns-out"
})
local rules = {} local rules = {}
local _remote_dns_proto = "tcp"
if not routing then
routing = {
domainStrategy = "IPOnDemand",
rules = {}
}
end
dns = { dns = {
tag = "dns-in1", tag = "dns-in1",
hosts = {},
disableCache = (dns_cache and dns_cache == "0") and true or false, disableCache = (dns_cache and dns_cache == "0") and true or false,
servers = { disableFallback = true,
dns_server disableFallbackIfMatch = true,
}, servers = {},
clientIp = (dns_client_ip and dns_client_ip ~= "") and dns_client_ip or nil, clientIp = (dns_client_ip and dns_client_ip ~= "") and dns_client_ip or nil,
queryStrategy = (dns_query_strategy and dns_query_strategy ~= "") and dns_query_strategy or nil queryStrategy = (dns_query_strategy and dns_query_strategy ~= "") and dns_query_strategy or "UseIPv4"
} }
if doh_url and doh_host then
dns.hosts = { local _remote_dns = {
[doh_host] = dns_server --_flag = "remote"
} }
if not tcp_redir_port and not dns_socks_port then
doh_url = doh_url:gsub("https://", "https+local://") if remote_dns_tcp_server then
end _remote_dns.address = remote_dns_tcp_server
dns.servers = { _remote_dns.port = tonumber(remote_dns_port)
doh_url
}
end end
if dns_tcp_server then if remote_dns_doh_url and remote_dns_doh_host then
if not tcp_redir_port and not dns_socks_port then if remote_dns_server and remote_dns_doh_host ~= remote_dns_server and not api.is_ip(remote_dns_doh_host) then
dns_tcp_server = dns_tcp_server:gsub("tcp://", "tcp+local://") dns.hosts[remote_dns_doh_host] = remote_dns_server
end end
dns.servers = { _remote_dns.address = remote_dns_doh_url
dns_tcp_server _remote_dns.port = tonumber(remote_dns_port)
} _remote_dns_proto = "doh"
end end
if dns_fakedns then if remote_dns_fake then
remote_dns_server = "1.1.1.1"
fakedns = {} fakedns = {}
fakedns[#fakedns + 1] = { fakedns[#fakedns + 1] = {
ipPool = "198.18.0.0/16", ipPool = "198.18.0.0/16",
poolSize = 65535 poolSize = 65535
} }
dns_server = "1.1.1.1" if dns_query_strategy == "UseIP" then
dns.servers = { fakedns[#fakedns + 1] = {
"fakedns" ipPool = "fc00::/18",
} poolSize = 65535
}
end
_remote_dns.address = "fakedns"
end end
table.insert(dns.servers, _remote_dns)
if dns_listen_port then if dns_listen_port then
table.insert(inbounds, { table.insert(inbounds, {
listen = "127.0.0.1", listen = "127.0.0.1",
@ -601,72 +585,128 @@ if dns_server or dns_fakedns then
protocol = "dokodemo-door", protocol = "dokodemo-door",
tag = "dns-in", tag = "dns-in",
settings = { settings = {
address = dns_server, address = remote_dns_server,
port = 53, port = (_remote_dns_proto ~= "doh" and tonumber(remote_dns_port)) and tonumber(remote_dns_port) or 53,
network = "tcp,udp" network = "tcp,udp"
} }
}) })
end
table.insert(rules, { table.insert(outbounds, {
type = "field", tag = "dns-out",
inboundTag = { protocol = "dns",
"dns-in"
},
outboundTag = "dns-out"
})
if dns_socks_address and dns_socks_port then
table.insert(outbounds, 1, {
tag = "out",
protocol = "socks",
streamSettings = {
network = "tcp",
security = "none"
},
settings = { settings = {
servers = { address = remote_dns_server,
{ port = (_remote_dns_proto ~= "doh" and tonumber(remote_dns_port)) and tonumber(remote_dns_port) or 53,
address = dns_socks_address, network = "tcp",
port = tonumber(dns_socks_port)
}
}
} }
}) })
local outboundTag = "out"
table.insert(rules, { table.insert(routing.rules, 1, {
type = "field", type = "field",
inboundTag = { inboundTag = {
"dns-in1" "dns-in"
}, },
outboundTag = outboundTag outboundTag = "dns-out"
}) })
end end
if node_id and tcp_redir_port and not dns_fakedns then --[[
local outboundTag = node_id local default_dns_flag = "remote"
if node_id and tcp_redir_port then
local node = uci:get_all(appname, node_id) local node = uci:get_all(appname, node_id)
if node.protocol == "_shunt" then if node.protocol == "_shunt" then
outboundTag = "default" if node.default_node == "_direct" then
default_dns_flag = "direct"
end
end end
table.insert(rules, {
type = "field",
inboundTag = {
"dns-in1"
},
outboundTag = outboundTag
})
end end
if not routing then if dns.servers and #dns.servers > 0 then
routing = { local dns_servers = nil
domainStrategy = "IPOnDemand", for index, value in ipairs(dns.servers) do
rules = rules if not dns_servers and value["_flag"] == default_dns_flag then
} dns_servers = {
else _flag = "default",
for index, value in ipairs(rules) do address = value.address,
table.insert(routing.rules, 1, value) port = value.port
}
break
end
end end
if dns_servers then
table.insert(dns.servers, 1, dns_servers)
end
end
]]--
if true then
local dns_outboundTag = "direct"
if dns_socks_address and dns_socks_port then
dns_outboundTag = "out"
table.insert(outbounds, 1, {
tag = dns_outboundTag,
protocol = "socks",
streamSettings = {
network = "tcp",
security = "none"
},
settings = {
servers = {
{
address = dns_socks_address,
port = tonumber(dns_socks_port)
}
}
}
})
else
if node_id and tcp_redir_port and not remote_dns_fake then
dns_outboundTag = node_id
local node = uci:get_all(appname, node_id)
if node.protocol == "_shunt" then
dns_outboundTag = "default"
end
end
end
if dns_outboundTag == "direct" then
table.insert(routing.rules, {
type = "field",
ip = {
remote_dns_server
},
port = tonumber(remote_dns_port),
outboundTag = dns_outboundTag
})
else
table.insert(rules, {
type = "field",
ip = {
remote_dns_server
},
port = tonumber(remote_dns_port),
outboundTag = dns_outboundTag
})
end
end
local default_rule_index = #routing.rules > 0 and #routing.rules or 1
for index, value in ipairs(routing.rules) do
if value["_flag"] == "default" then
default_rule_index = index
break
end
end
for index, value in ipairs(rules) do
local t = rules[#rules + 1 - index]
table.insert(routing.rules, default_rule_index, t)
end
local dns_hosts_len = 0
for key, value in pairs(dns.hosts) do
dns_hosts_len = dns_hosts_len + 1
end
if dns_hosts_len == 0 then
dns.hosts = nil
end end
end end
@ -704,5 +744,21 @@ if inbounds or outbounds then
-- } -- }
} }
} }
table.insert(outbounds, {
protocol = "freedom",
tag = "direct",
settings = {
domainStrategy = (dns_query_strategy and dns_query_strategy ~= "") and dns_query_strategy or "UseIPv4"
},
streamSettings = {
sockopt = {
mark = 255
}
}
})
table.insert(outbounds, {
protocol = "blackhole",
tag = "blackhole"
})
print(jsonc.stringify(config, 1)) print(jsonc.stringify(config, 1))
end end

73
luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
View File

@ -242,51 +242,52 @@ o:depends("dns_mode", "v2ray")
o:depends("dns_mode", "xray") o:depends("dns_mode", "xray")
---- DNS Forward ---- DNS Forward
o = s:option(Value, "dns_forward", translate("Remote DNS")) o = s:option(Value, "remote_dns", translate("Remote DNS"))
o.default = "1.1.1.1" o.default = "1.1.1.1"
o:value("1.1.1.1", "1.1.1.1 (CloudFlare DNS)") o:value("1.1.1.1", "1.1.1.1 (CloudFlare)")
o:value("1.1.1.2", "1.1.1.2 (CloudFlare DNS)") o:value("1.1.1.2", "1.1.1.2 (CloudFlare-Security)")
o:value("8.8.8.8", "8.8.8.8 (Google DNS)") o:value("8.8.4.4", "8.8.4.4 (Google)")
o:value("8.8.4.4", "8.8.4.4 (Google DNS)") o:value("8.8.8.8", "8.8.8.8 (Google)")
o:value("208.67.222.222", "208.67.222.222 (Open DNS)") o:value("9.9.9.9", "9.9.9.9 (Quad9-Recommended)")
o:value("208.67.220.220", "208.67.220.220 (Open DNS)") o:value("208.67.220.220", "208.67.220.220 (OpenDNS)")
o:value("208.67.222.222", "208.67.222.222 (OpenDNS)")
o:depends("dns_mode", "dns2socks") o:depends("dns_mode", "dns2socks")
o:depends("v2ray_dns_mode", "tcp") o:depends("v2ray_dns_mode", "tcp")
if has_v2ray or has_xray then if has_v2ray or has_xray then
---- DoH o = s:option(Value, "remote_dns_doh", translate("Remote DNS DoH"))
o = s:option(Value, "dns_doh", translate("DoH request address")) o:value("https://1.1.1.1/dns-query", "CloudFlare")
o:value("https://cloudflare-dns.com/dns-query,1.1.1.1", "CloudFlare") o:value("https://1.1.1.2/dns-query", "CloudFlare-Security")
o:value("https://security.cloudflare-dns.com/dns-query,1.1.1.2", "CloudFlare-Security") o:value("https://8.8.4.4/dns-query", "Google 8844")
o:value("https://doh.opendns.com/dns-query,208.67.222.222", "OpenDNS") o:value("https://8.8.8.8/dns-query", "Google 8888")
o:value("https://dns.google/dns-query,8.8.8.8", "Google") o:value("https://9.9.9.9/dns-query", "Quad9-Recommended")
o:value("https://doh.libredns.gr/dns-query,116.202.176.26", "LibreDNS") o:value("https://208.67.222.222/dns-query", "OpenDNS")
o:value("https://doh.libredns.gr/ads,116.202.176.26", "LibreDNS (No Ads)") o:value("https://dns.adguard.com/dns-query,176.103.130.130", "AdGuard")
o:value("https://dns.quad9.net/dns-query,9.9.9.9", "Quad9-Recommended") o:value("https://doh.libredns.gr/dns-query,116.202.176.26", "LibreDNS")
o:value("https://dns.adguard.com/dns-query,176.103.130.130", "AdGuard") o:value("https://doh.libredns.gr/ads,116.202.176.26", "LibreDNS (No Ads)")
o.default = "https://cloudflare-dns.com/dns-query,1.1.1.1" o.default = "https://1.1.1.1/dns-query"
o.validate = function(self, value, t) o.validate = function(self, value, t)
if value ~= "" then if value ~= "" then
local flag = 0 local flag = 0
local util = require "luci.util" local util = require "luci.util"
local val = util.split(value, ",") local val = util.split(value, ",")
local url = val[1] local url = val[1]
val[1] = nil val[1] = nil
for i = 1, #val do for i = 1, #val do
local v = val[i] local v = val[i]
if v then if v then
if not api.datatypes.ipmask4(v) then if not api.datatypes.ipmask4(v) then
flag = 1 flag = 1
end
end end
end end
if flag == 0 then
return value
end
end end
if flag == 0 then return nil, translate("DoH request address") .. " " .. translate("Format must be:") .. " URL,IP"
return value
end
end end
return nil, translate("DoH request address") .. " " .. translate("Format must be:") .. " URL,IP" o:depends("v2ray_dns_mode", "doh")
end
o:depends("v2ray_dns_mode", "doh")
end end
o = s:option(Value, "dns_client_ip", translate("EDNS Client Subnet")) o = s:option(Value, "dns_client_ip", translate("EDNS Client Subnet"))

59
luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
View File

@ -86,8 +86,6 @@ o.rmempty = false
---- TCP Node ---- TCP Node
tcp_node = s:taboption("Main", ListValue, "tcp_node", "<a style='color: red'>" .. translate("TCP Node") .. "</a>") tcp_node = s:taboption("Main", ListValue, "tcp_node", "<a style='color: red'>" .. translate("TCP Node") .. "</a>")
tcp_node.description = "" tcp_node.description = ""
--tcp_node.description = translate("For proxy specific list.")
--tcp_node.description = o.description .. "<br />"
local current_node = luci.sys.exec(string.format("[ -f '/tmp/etc/%s/id/TCP' ] && echo -n $(cat /tmp/etc/%s/id/TCP)", appname, appname)) local current_node = luci.sys.exec(string.format("[ -f '/tmp/etc/%s/id/TCP' ] && echo -n $(cat /tmp/etc/%s/id/TCP)", appname, appname))
if current_node and current_node ~= "" and current_node ~= "nil" then if current_node and current_node ~= "" and current_node ~= "nil" then
local n = uci:get_all(appname, current_node) local n = uci:get_all(appname, current_node)
@ -168,7 +166,6 @@ end
udp_node = s:taboption("Main", ListValue, "udp_node", "<a style='color: red'>" .. translate("UDP Node") .. "</a>") udp_node = s:taboption("Main", ListValue, "udp_node", "<a style='color: red'>" .. translate("UDP Node") .. "</a>")
udp_node:value("nil", translate("Close")) udp_node:value("nil", translate("Close"))
--udp_node.description = translate("For proxy game network.")
udp_node:value("tcp", translate("Same as the tcp node")) udp_node:value("tcp", translate("Same as the tcp node"))
s:tab("DNS", translate("DNS")) s:tab("DNS", translate("DNS"))
@ -182,6 +179,7 @@ if api.is_finded("smartdns") then
group_domestic.placeholder = "local" group_domestic.placeholder = "local"
group_domestic:depends("dns_shunt", "smartdns") group_domestic:depends("dns_shunt", "smartdns")
group_domestic.description = translate("You only need to configure domestic DNS packets in SmartDNS and set it redirect or as Dnsmasq upstream, and fill in the domestic DNS group name here.") group_domestic.description = translate("You only need to configure domestic DNS packets in SmartDNS and set it redirect or as Dnsmasq upstream, and fill in the domestic DNS group name here.")
group_domestic.description = group_domestic.description .. string.format('<a href="%s" target="_blank">%s</a>', "https://github.com/luckyyyyy/blog/issues/57", translate("Guide"))
end end
o = s:taboption("DNS", Flag, "filter_proxy_ipv6", translate("Filter Proxy Host IPv6"), translate("Experimental feature.")) o = s:taboption("DNS", Flag, "filter_proxy_ipv6", translate("Filter Proxy Host IPv6"), translate("Experimental feature."))
@ -232,36 +230,37 @@ o.validate = function(self, value, t)
end end
o:depends({dns_mode = "dns2socks"}) o:depends({dns_mode = "dns2socks"})
---- DoH
o = s:taboption("DNS", Value, "up_trust_doh", translate("DoH request address"))
o:value("https://cloudflare-dns.com/dns-query,1.1.1.1", "CloudFlare")
o:value("https://security.cloudflare-dns.com/dns-query,1.1.1.2", "CloudFlare-Security")
o:value("https://doh.opendns.com/dns-query,208.67.222.222", "OpenDNS")
o:value("https://dns.google/dns-query,8.8.8.8", "Google")
o:value("https://doh.libredns.gr/dns-query,116.202.176.26", "LibreDNS")
o:value("https://doh.libredns.gr/ads,116.202.176.26", "LibreDNS (No Ads)")
o:value("https://dns.quad9.net/dns-query,9.9.9.9", "Quad9-Recommended")
o:value("https://dns.adguard.com/dns-query,176.103.130.130", "AdGuard")
o.default = "https://cloudflare-dns.com/dns-query,1.1.1.1"
o.validate = doh_validate
o:depends("v2ray_dns_mode", "doh")
---- DNS Forward ---- DNS Forward
o = s:taboption("DNS", Value, "dns_forward", translate("Remote DNS")) o = s:taboption("DNS", Value, "remote_dns", translate("Remote DNS"))
--o.description = translate("IP:Port mode acceptable, multi value split with english comma.") .. " " .. translate("If you use dns2socks, only the first one is valid.")
o.datatype = "or(ipaddr,ipaddrport)" o.datatype = "or(ipaddr,ipaddrport)"
o.default = "1.1.1.1" o.default = "1.1.1.1"
o:value("1.1.1.1", "1.1.1.1 (CloudFlare DNS)") o:value("1.1.1.1", "1.1.1.1 (CloudFlare)")
o:value("1.1.1.2", "1.1.1.2 (CloudFlare DNS)") o:value("1.1.1.2", "1.1.1.2 (CloudFlare-Security)")
o:value("8.8.8.8", "8.8.8.8 (Google DNS)") o:value("8.8.4.4", "8.8.4.4 (Google)")
o:value("8.8.4.4", "8.8.4.4 (Google DNS)") o:value("8.8.8.8", "8.8.8.8 (Google)")
o:value("208.67.222.222", "208.67.222.222 (Open DNS)") o:value("9.9.9.9", "9.9.9.9 (Quad9-Recommended)")
o:value("208.67.220.220", "208.67.220.220 (Open DNS)") o:value("208.67.220.220", "208.67.220.220 (OpenDNS)")
o:value("208.67.222.222", "208.67.222.222 (OpenDNS)")
o:depends({dns_mode = "dns2socks"}) o:depends({dns_mode = "dns2socks"})
o:depends({dns_mode = "pdnsd"}) o:depends({dns_mode = "pdnsd"})
o:depends({dns_mode = "udp"}) o:depends({dns_mode = "udp"})
o:depends({v2ray_dns_mode = "tcp"}) o:depends({v2ray_dns_mode = "tcp"})
---- DoH
o = s:taboption("DNS", Value, "remote_dns_doh", translate("Remote DNS DoH"))
o.default = "https://1.1.1.1/dns-query"
o:value("https://1.1.1.1/dns-query", "CloudFlare")
o:value("https://1.1.1.2/dns-query", "CloudFlare-Security")
o:value("https://8.8.4.4/dns-query", "Google 8844")
o:value("https://8.8.8.8/dns-query", "Google 8888")
o:value("https://9.9.9.9/dns-query", "Quad9-Recommended")
o:value("https://208.67.222.222/dns-query", "OpenDNS")
o:value("https://dns.adguard.com/dns-query,176.103.130.130", "AdGuard")
o:value("https://doh.libredns.gr/dns-query,116.202.176.26", "LibreDNS")
o:value("https://doh.libredns.gr/ads,116.202.176.26", "LibreDNS (No Ads)")
o.validate = doh_validate
o:depends("v2ray_dns_mode", "doh")
o = s:taboption("DNS", Value, "dns_client_ip", translate("EDNS Client Subnet")) o = s:taboption("DNS", Value, "dns_client_ip", translate("EDNS Client Subnet"))
o.description = translate("Notify the DNS server when the DNS query is notified, the location of the client (cannot be a private IP address).") .. "<br />" .. o.description = translate("Notify the DNS server when the DNS query is notified, the location of the client (cannot be a private IP address).") .. "<br />" ..
translate("This feature requires the DNS server to support the Edns Client Subnet (RFC7871).") translate("This feature requires the DNS server to support the Edns Client Subnet (RFC7871).")
@ -311,8 +310,7 @@ end
s:tab("Proxy", translate("Mode")) s:tab("Proxy", translate("Mode"))
---- TCP Default Proxy Mode ---- TCP Default Proxy Mode
tcp_proxy_mode = s:taboption("Proxy", ListValue, "tcp_proxy_mode", "TCP " .. translate("Default") .. translate("Proxy Mode")) tcp_proxy_mode = s:taboption("Proxy", ListValue, "tcp_proxy_mode", "TCP " .. translate("Default Proxy Mode"))
-- o.description = translate("If not available, try clearing the cache.")
tcp_proxy_mode:value("disable", translate("No Proxy")) tcp_proxy_mode:value("disable", translate("No Proxy"))
tcp_proxy_mode:value("global", translate("Global Proxy")) tcp_proxy_mode:value("global", translate("Global Proxy"))
tcp_proxy_mode:value("gfwlist", translate("GFW List")) tcp_proxy_mode:value("gfwlist", translate("GFW List"))
@ -325,7 +323,7 @@ tcp_proxy_mode.default = "chnroute"
--tcp_proxy_mode.validate = redir_mode_validate --tcp_proxy_mode.validate = redir_mode_validate
---- UDP Default Proxy Mode ---- UDP Default Proxy Mode
udp_proxy_mode = s:taboption("Proxy", ListValue, "udp_proxy_mode", "UDP " .. translate("Default") .. translate("Proxy Mode")) udp_proxy_mode = s:taboption("Proxy", ListValue, "udp_proxy_mode", "UDP " .. translate("Default Proxy Mode"))
udp_proxy_mode:value("disable", translate("No Proxy")) udp_proxy_mode:value("disable", translate("No Proxy"))
udp_proxy_mode:value("global", translate("Global Proxy")) udp_proxy_mode:value("global", translate("Global Proxy"))
udp_proxy_mode:value("gfwlist", translate("GFW List")) udp_proxy_mode:value("gfwlist", translate("GFW List"))
@ -339,7 +337,6 @@ udp_proxy_mode.default = "chnroute"
---- Localhost TCP Proxy Mode ---- Localhost TCP Proxy Mode
localhost_tcp_proxy_mode = s:taboption("Proxy", ListValue, "localhost_tcp_proxy_mode", translate("Router Localhost") .. " TCP " .. translate("Proxy Mode")) localhost_tcp_proxy_mode = s:taboption("Proxy", ListValue, "localhost_tcp_proxy_mode", translate("Router Localhost") .. " TCP " .. translate("Proxy Mode"))
-- o.description = translate("The server client can also use this rule to scientifically surf the Internet.")
localhost_tcp_proxy_mode:value("default", translatef("Same as the %s default proxy mode", "TCP")) localhost_tcp_proxy_mode:value("default", translatef("Same as the %s default proxy mode", "TCP"))
localhost_tcp_proxy_mode:value("global", translate("Global Proxy")) localhost_tcp_proxy_mode:value("global", translate("Global Proxy"))
localhost_tcp_proxy_mode:value("gfwlist", translate("GFW List")) localhost_tcp_proxy_mode:value("gfwlist", translate("GFW List"))
@ -379,14 +376,14 @@ o.rmempty = false
o = s:taboption("log", Flag, "close_log_udp", translatef("%s Node Log Close", "UDP")) o = s:taboption("log", Flag, "close_log_udp", translatef("%s Node Log Close", "UDP"))
o.rmempty = false o.rmempty = false
loglevel = s:taboption("log", ListValue, "loglevel", "V2ray/Xray" .. translate("Log Level")) loglevel = s:taboption("log", ListValue, "loglevel", "V2ray/Xray " .. translate("Log Level"))
loglevel.default = "warning" loglevel.default = "warning"
loglevel:value("debug") loglevel:value("debug")
loglevel:value("info") loglevel:value("info")
loglevel:value("warning") loglevel:value("warning")
loglevel:value("error") loglevel:value("error")
trojan_loglevel = s:taboption("log", ListValue, "trojan_loglevel", "Trojan" .. translate("Log Level")) trojan_loglevel = s:taboption("log", ListValue, "trojan_loglevel", "Trojan " .. translate("Log Level"))
trojan_loglevel.default = "2" trojan_loglevel.default = "2"
trojan_loglevel:value("0", "all") trojan_loglevel:value("0", "all")
trojan_loglevel:value("1", "info") trojan_loglevel:value("1", "info")

26
luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua
View File

@ -257,32 +257,6 @@ address:depends({ type = "Xray", protocol = "socks" })
address:depends({ type = "Xray", protocol = "shadowsocks" }) address:depends({ type = "Xray", protocol = "shadowsocks" })
address:depends({ type = "Xray", protocol = "trojan" }) address:depends({ type = "Xray", protocol = "trojan" })
--[[
use_ipv6 = s:option(Flag, "use_ipv6", translate("Use IPv6"))
use_ipv6.default = 0
use_ipv6:depends("type", "Socks")
use_ipv6:depends("type", "SS")
use_ipv6:depends("type", "SS-Rust")
use_ipv6:depends("type", "SSR")
use_ipv6:depends("type", "Brook")
use_ipv6:depends("type", "Trojan")
use_ipv6:depends("type", "Trojan-Plus")
use_ipv6:depends("type", "Trojan-Go")
use_ipv6:depends("type", "Hysteria")
use_ipv6:depends({ type = "V2ray", protocol = "vmess" })
use_ipv6:depends({ type = "V2ray", protocol = "vless" })
use_ipv6:depends({ type = "V2ray", protocol = "http" })
use_ipv6:depends({ type = "V2ray", protocol = "socks" })
use_ipv6:depends({ type = "V2ray", protocol = "shadowsocks" })
use_ipv6:depends({ type = "V2ray", protocol = "trojan" })
use_ipv6:depends({ type = "Xray", protocol = "vmess" })
use_ipv6:depends({ type = "Xray", protocol = "vless" })
use_ipv6:depends({ type = "Xray", protocol = "http" })
use_ipv6:depends({ type = "Xray", protocol = "socks" })
use_ipv6:depends({ type = "Xray", protocol = "shadowsocks" })
use_ipv6:depends({ type = "Xray", protocol = "trojan" })
--]]
port = s:option(Value, "port", translate("Port")) port = s:option(Value, "port", translate("Port"))
port.datatype = "port" port.datatype = "port"
port.rmempty = false port.rmempty = false

2
luci-app-passwall/luasrc/model/cbi/passwall/client/other.lua
View File

@ -88,8 +88,6 @@ o.default = "22,25,53,143,465,587,853,993,995,80,443"
o:value("1:65535", translate("All")) o:value("1:65535", translate("All"))
o:value("22,25,53,143,465,587,853,993,995,80,443", translate("Common Use")) o:value("22,25,53,143,465,587,853,993,995,80,443", translate("Common Use"))
o:value("80,443", translate("Only Web")) o:value("80,443", translate("Only Web"))
o:value("80:65535", "80 " .. translate("or more"))
o:value("1:443", "443 " .. translate("or less"))
---- UDP Redir Ports ---- UDP Redir Ports
o = s:option(Value, "udp_redir_ports", translate("UDP Redir Ports")) o = s:option(Value, "udp_redir_ports", translate("UDP Redir Ports"))

138
luci-app-passwall/po/zh-cn/passwall.po
View File

@ -16,37 +16,12 @@ msgstr "连接正常"
msgid "Problem detected!" msgid "Problem detected!"
msgstr "连接失败" msgstr "连接失败"
msgid "Very Fast"
msgstr "非常快"
msgid "Fast"
msgstr "很快"
msgid "Slow"
msgstr "很慢"
msgid "Very Slow"
msgstr "非常慢"
msgid "Touch Check" msgid "Touch Check"
msgstr "点我检测" msgstr "点我检测"
msgid "Kernel Unsupported" msgid "Kernel Unsupported"
msgstr "内核不支持" msgstr "内核不支持"
msgid "Use IPv6"
msgstr "使用IPv6"
msgid "Parsing IP"
msgstr "域名解析IP"
msgid "TCP Server"
msgstr "TCP服务器"
msgid "UDP Server"
msgstr "UDP服务器"
msgid "Main Settings" msgid "Main Settings"
msgstr "节点选择" msgstr "节点选择"
@ -108,19 +83,19 @@ msgid "Main switch"
msgstr "主开关" msgstr "主开关"
msgid "TCP Node" msgid "TCP Node"
msgstr "TCP节点" msgstr "TCP 节点"
msgid "UDP Node" msgid "UDP Node"
msgstr "UDP节点" msgstr "UDP 节点"
msgid "Edit Current Node" msgid "Edit Current Node"
msgstr "编辑当前节点" msgstr "编辑当前节点"
msgid "Socks Config" msgid "Socks Config"
msgstr "Socks配置" msgstr "Socks 配置"
msgid "Socks Node" msgid "Socks Node"
msgstr "Socks节点" msgstr "Socks 节点"
msgid "Listen Port" msgid "Listen Port"
msgstr "监听端口" msgstr "监听端口"
@ -134,12 +109,6 @@ msgstr "与TCP节点相同"
msgid "Current node: %s" msgid "Current node: %s"
msgstr "当前节点:%s" msgstr "当前节点:%s"
msgid "For proxy specific list."
msgstr "用于代理特定的列表。"
msgid "For proxy game network."
msgstr "用于代理游戏等。"
msgid "DNS Shunt" msgid "DNS Shunt"
msgstr "DNS分流" msgstr "DNS分流"
@ -149,27 +118,18 @@ msgstr "国内分组名"
msgid "You only need to configure domestic DNS packets in SmartDNS and set it redirect or as Dnsmasq upstream, and fill in the domestic DNS group name here." msgid "You only need to configure domestic DNS packets in SmartDNS and set it redirect or as Dnsmasq upstream, and fill in the domestic DNS group name here."
msgstr "你只需要在SmartDNS配置好国内DNS分组并设置重定向或作为Dnsmasq上游此处填入国内DNS分组名。" msgstr "你只需要在SmartDNS配置好国内DNS分组并设置重定向或作为Dnsmasq上游此处填入国内DNS分组名。"
msgid "Guide"
msgstr "教程"
msgid "Filter Mode" msgid "Filter Mode"
msgstr "过滤模式" msgstr "过滤模式"
msgid "TCP node must be '%s' type to use FakeDNS." msgid "TCP node must be '%s' type to use FakeDNS."
msgstr "TCP节点必须是 '%s' 类型才能使用 FakeDNS。" msgstr "TCP 节点必须是 '%s' 类型才能使用 FakeDNS。"
msgid "Remote DNS" msgid "Remote DNS"
msgstr "远程 DNS" msgstr "远程 DNS"
msgid "IP:Port mode acceptable, multi value split with english comma."
msgstr "接受 IP:Port 形式的输入,多个以英文逗号分隔。"
msgid "If you use dns2socks, only the first one is valid."
msgstr "如果使用dns2socks只有第一个生效。"
msgid "Ali"
msgstr "阿里"
msgid "Baidu"
msgstr "百度"
msgid "Resolver For The List Proxied" msgid "Resolver For The List Proxied"
msgstr "解析被代理的域名列表" msgstr "解析被代理的域名列表"
@ -177,7 +137,7 @@ msgid "Requery DNS By %s"
msgstr "通过%s请求DNS" msgstr "通过%s请求DNS"
msgid "Socks Server" msgid "Socks Server"
msgstr "Socks服务器" msgstr "Socks 服务器"
msgid "Misconfigured" msgid "Misconfigured"
msgstr "配置不当" msgstr "配置不当"
@ -188,11 +148,8 @@ msgstr "请确保此Socks服务可用。"
msgid "Format must be:" msgid "Format must be:"
msgstr "格式必须为:" msgstr "格式必须为:"
msgid "DoH request address" msgid "Remote DNS DoH"
msgstr "DoH 请求地址" msgstr "远程 DNS DoH"
msgid "China list or gfwlist cannot be used together with outside China list!"
msgstr "中国列表不能和中国列表外或防火墙表一起使用!"
msgid "Cache Resolved" msgid "Cache Resolved"
msgstr "缓存解析结果" msgstr "缓存解析结果"
@ -221,9 +178,6 @@ msgstr "清空 IPSET"
msgid "Try this feature if the rule modification does not take effect." msgid "Try this feature if the rule modification does not take effect."
msgstr "如果修改规则后没有生效,请尝试此功能。" msgstr "如果修改规则后没有生效,请尝试此功能。"
msgid "The server client can also use this rule to scientifically surf the Internet."
msgstr "本机服务器的客户端也可以使用这个代理模式上网。"
msgid "About DNS issues:" msgid "About DNS issues:"
msgstr "关于DNS问题" msgstr "关于DNS问题"
@ -281,11 +235,8 @@ msgstr "单进程"
msgid "Proxy Mode" msgid "Proxy Mode"
msgstr "代理模式" msgstr "代理模式"
msgid "%s Proxy Mode" msgid "Default Proxy Mode"
msgstr "%s 代理模式" msgstr "默认代理模式"
msgid "If not available, try clearing the cache."
msgstr "如果无法使用,请尝试清除缓存。"
msgid "No Proxy" msgid "No Proxy"
msgstr "不代理" msgstr "不代理"
@ -312,10 +263,7 @@ msgid "Localhost"
msgstr "本机" msgstr "本机"
msgid "Router Localhost" msgid "Router Localhost"
msgstr "路由器自身" msgstr "路由器本机"
msgid "Danger"
msgstr "危险"
msgid "Same as the %s default proxy mode" msgid "Same as the %s default proxy mode"
msgstr "与 %s 默认代理模式相同" msgstr "与 %s 默认代理模式相同"
@ -323,6 +271,9 @@ msgstr "与 %s 默认代理模式相同"
msgid "Want different devices to use different proxy modes/ports/nodes? Please use access control." msgid "Want different devices to use different proxy modes/ports/nodes? Please use access control."
msgstr "希望不同设备使用不同的代理模式/端口/节点?请使用访问控制。" msgstr "希望不同设备使用不同的代理模式/端口/节点?请使用访问控制。"
msgid "China list or gfwlist cannot be used together with outside China list!"
msgstr "中国列表不能和中国列表外或防火墙表一起使用!"
msgid "Operation" msgid "Operation"
msgstr "操作" msgstr "操作"
@ -545,15 +496,6 @@ msgstr "组"
msgid "Auto Ping" msgid "Auto Ping"
msgstr "自动Ping" msgstr "自动Ping"
msgid "This will automatically ping the node for latency"
msgstr "选中后保存应用后即自动Ping节点"
msgid "Use TCP Detection delay"
msgstr "使用TCP检测延迟"
msgid "This will use tcping replace ping detection of node"
msgstr "选中后保存应用后即使用tcping替换ping检测节点"
msgid "Concise display nodes" msgid "Concise display nodes"
msgstr "简洁显示节点" msgstr "简洁显示节点"
@ -609,25 +551,25 @@ msgid "Forwarding Settings"
msgstr "转发配置" msgstr "转发配置"
msgid "TCP No Redir Ports" msgid "TCP No Redir Ports"
msgstr "TCP不转发端口" msgstr "TCP 不转发端口"
msgid "UDP No Redir Ports" msgid "UDP No Redir Ports"
msgstr "UDP不转发端口" msgstr "UDP 不转发端口"
msgid "Fill in the ports you don't want to be forwarded by the agent, with the highest priority." msgid "Fill in the ports you don't want to be forwarded by the agent, with the highest priority."
msgstr "填写你不希望被代理转发的端口,优先级最高。" msgstr "填写你不希望被代理转发的端口,优先级最高。"
msgid "TCP Proxy Drop Ports" msgid "TCP Proxy Drop Ports"
msgstr "TCP转发屏蔽端口" msgstr "TCP 转发屏蔽端口"
msgid "UDP Proxy Drop Ports" msgid "UDP Proxy Drop Ports"
msgstr "UDP转发屏蔽端口" msgstr "UDP 转发屏蔽端口"
msgid "TCP Redir Ports" msgid "TCP Redir Ports"
msgstr "TCP转发端口" msgstr "TCP 转发端口"
msgid "UDP Redir Ports" msgid "UDP Redir Ports"
msgstr "UDP转发端口" msgstr "UDP 转发端口"
msgid "No patterns are used" msgid "No patterns are used"
msgstr "不使用" msgstr "不使用"
@ -641,12 +583,6 @@ msgstr "常用的"
msgid "Only Web" msgid "Only Web"
msgstr "仅网页" msgstr "仅网页"
msgid "or more"
msgstr "及以上"
msgid "or less"
msgstr "及以下"
msgid "Default" msgid "Default"
msgstr "默认" msgstr "默认"
@ -672,29 +608,14 @@ msgid "When enabled, the server not will resolve the domain name again."
msgstr "启用后,服务器不会再次解析域名。" msgstr "启用后,服务器不会再次解析域名。"
msgid "TCP Proxy Way" msgid "TCP Proxy Way"
msgstr "TCP代理方式" msgstr "TCP 代理方式"
msgid "Proxy Settings" msgid "Proxy Settings"
msgstr "代理配置" msgstr "代理配置"
msgid "TCP Redir Port"
msgstr "TCP透明代理端口"
msgid "UDP Redir Port"
msgstr "UDP透明代理端口"
msgid "Custom Dnsmasq"
msgstr "自定义Dnsmasq设置"
msgid "Setting a parameter error will cause dnsmasq fail to start."
msgstr "参数设置错误将会导致Dnsmasq无法启动。"
msgid "Auto Switch" msgid "Auto Switch"
msgstr "自动切换" msgstr "自动切换"
msgid "When there is no server, an automatic reconnect scheme is used"
msgstr "当没有服务器时,则使用自动重连方案"
msgid "How often to test" msgid "How often to test"
msgstr "多久检测一次" msgstr "多久检测一次"
@ -704,9 +625,6 @@ msgstr "超时秒数"
msgid "Timeout retry num" msgid "Timeout retry num"
msgstr "超时重试次数" msgstr "超时重试次数"
msgid "Automatic switching cannot be used when this option is checked"
msgstr "当勾选此选项时,不能使用自动切换"
msgid "Main node" msgid "Main node"
msgstr "主节点" msgstr "主节点"
@ -1083,7 +1001,7 @@ msgid "Local Port"
msgstr "本地端口" msgstr "本地端口"
msgid "TCP Fast Open" msgid "TCP Fast Open"
msgstr "TCP快速打开" msgstr "TCP 快速打开"
msgid "Need node support required" msgid "Need node support required"
msgstr "需要节点支持" msgstr "需要节点支持"
@ -1170,7 +1088,7 @@ msgid "Auth"
msgstr "身份认证" msgstr "身份认证"
msgid "Socks for authentication" msgid "Socks for authentication"
msgstr "Socks认证方式" msgstr "Socks 认证方式"
msgid "Socks protocol authentication, support anonymous and password." msgid "Socks protocol authentication, support anonymous and password."
msgstr "Socks 协议的认证方式,支持匿名方式和账号密码方式。" msgstr "Socks 协议的认证方式,支持匿名方式和账号密码方式。"
@ -1296,10 +1214,10 @@ msgid "Not enabled log"
msgstr "未启用日志" msgstr "未启用日志"
msgid "UDP Forward" msgid "UDP Forward"
msgstr "UDP转发" msgstr "UDP 转发"
msgid "DNS Settings" msgid "DNS Settings"
msgstr "DNS设置" msgstr "DNS 设置"
msgid "Null" msgid "Null"
msgstr "无" msgstr "无"

2
luci-app-passwall/root/usr/share/passwall/0_default_config
View File

@ -5,7 +5,7 @@ config global
option tcp_node 'nil' option tcp_node 'nil'
option udp_node 'nil' option udp_node 'nil'
option dns_mode 'pdnsd' option dns_mode 'pdnsd'
option dns_forward '1.1.1.1' option remote_dns '1.1.1.1'
option filter_proxy_ipv6 '0' option filter_proxy_ipv6 '0'
option tcp_proxy_mode 'chnroute' option tcp_proxy_mode 'chnroute'
option udp_proxy_mode 'chnroute' option udp_proxy_mode 'chnroute'

79
luci-app-passwall/root/usr/share/passwall/app.sh
View File

@ -20,7 +20,7 @@ LOG_FILE=/tmp/log/$CONFIG.log
APP_PATH=/usr/share/$CONFIG APP_PATH=/usr/share/$CONFIG
RULES_PATH=/usr/share/${CONFIG}/rules RULES_PATH=/usr/share/${CONFIG}/rules
DNS_N=dnsmasq DNS_N=dnsmasq
DNS_PORT=7913 DNS_PORT=15353
TUN_DNS="127.0.0.1#${DNS_PORT}" TUN_DNS="127.0.0.1#${DNS_PORT}"
LOCAL_DNS=119.29.29.29 LOCAL_DNS=119.29.29.29
DEFAULT_DNS= DEFAULT_DNS=
@ -291,7 +291,9 @@ run_ipt2socks() {
} }
run_v2ray() { run_v2ray() {
local flag type node tcp_redir_port udp_redir_port socks_address socks_port socks_username socks_password http_address http_port http_username http_password dns_socks_address dns_socks_port dns_listen_port dns_proto dns_tcp_server doh dns_client_ip dns_query_strategy dns_cache loglevel log_file config_file local flag type node tcp_redir_port udp_redir_port socks_address socks_port socks_username socks_password http_address http_port http_username http_password
local dns_listen_port remote_dns_protocol remote_dns_udp_server remote_dns_tcp_server remote_dns_doh dns_client_ip dns_query_strategy dns_cache dns_socks_address dns_socks_port
local loglevel log_file config_file
local _extra_param="" local _extra_param=""
eval_set_val $@ eval_set_val $@
[ -z "$type" ] && { [ -z "$type" ] && {
@ -332,22 +334,28 @@ run_v2ray() {
} }
local buffer_size=$(config_t_get global_forwarding buffer_size) local buffer_size=$(config_t_get global_forwarding buffer_size)
[ -n "${buffer_size}" ] && _extra_param="${_extra_param} -buffer_size ${buffer_size}" [ -n "${buffer_size}" ] && _extra_param="${_extra_param} -buffer_size ${buffer_size}"
case "$dns_proto" in case "$remote_dns_protocol" in
tcp) tcp)
local _dns_forward=$(get_first_dns dns_tcp_server 53 | sed 's/#/:/g') local _dns=$(get_first_dns remote_dns_tcp_server 53 | sed 's/#/:/g')
local _dns_address=$(echo ${_dns_forward} | awk -F ':' '{print $1}') local _dns_address=$(echo ${_dns} | awk -F ':' '{print $1}')
_extra_param="${_extra_param} -dns_server ${_dns_address} -dns_tcp_server tcp://${_dns_forward}" local _dns_port=$(echo ${_dns} | awk -F ':' '{print $2}')
_extra_param="${_extra_param} -remote_dns_server ${_dns_address} -remote_dns_port ${_dns_port} -remote_dns_tcp_server tcp://${_dns}"
;; ;;
doh) doh)
local _doh_url=$(echo $doh | awk -F ',' '{print $1}') local _doh_url=$(echo $remote_dns_doh | awk -F ',' '{print $1}')
local _doh_host_port=$(echo $_doh_url | sed "s/https:\/\///g" | awk -F '/' '{print $1}') local _doh_host_port=$(lua_api "get_domain_from_url(\"${_doh_url}\")")
#local _doh_host_port=$(echo $_doh_url | sed "s/https:\/\///g" | awk -F '/' '{print $1}')
local _doh_host=$(echo $_doh_host_port | awk -F ':' '{print $1}') local _doh_host=$(echo $_doh_host_port | awk -F ':' '{print $1}')
local is_ip=$(lua_api "is_ip(\"${_doh_host}\")")
local _doh_port=$(echo $_doh_host_port | awk -F ':' '{print $2}') local _doh_port=$(echo $_doh_host_port | awk -F ':' '{print $2}')
local _doh_bootstrap=$(echo $doh | cut -d ',' -sf 2-) [ -z "${_doh_port}" ] && _doh_port=443
_extra_param="${_extra_param} -dns_server ${_doh_bootstrap} -doh_url ${_doh_url} -doh_host ${_doh_host}" local _doh_bootstrap=$(echo $remote_dns_doh | cut -d ',' -sf 2-)
[ "${is_ip}" = "true" ] && _doh_bootstrap=${_doh_host}
[ -n "$_doh_bootstrap" ] && _extra_param="${_extra_param} -remote_dns_server ${_doh_bootstrap}"
_extra_param="${_extra_param} -remote_dns_port ${_doh_port} -remote_dns_doh_url ${_doh_url} -remote_dns_doh_host ${_doh_host}"
;; ;;
fakedns) fakedns)
_extra_param="${_extra_param} -dns_fakedns 1" _extra_param="${_extra_param} -remote_dns_fake 1"
;; ;;
esac esac
_extra_param="${_extra_param} -tcp_proxy_way $tcp_proxy_way" _extra_param="${_extra_param} -tcp_proxy_way $tcp_proxy_way"
@ -666,22 +674,21 @@ run_redir() {
[ -n "${_dns_client_ip}" ] && _v2ray_args="${_v2ray_args} dns_client_ip=${_dns_client_ip}" [ -n "${_dns_client_ip}" ] && _v2ray_args="${_v2ray_args} dns_client_ip=${_dns_client_ip}"
[ "${DNS_CACHE}" == "0" ] && _v2ray_args="${_v2ray_args} dns_cache=0" [ "${DNS_CACHE}" == "0" ] && _v2ray_args="${_v2ray_args} dns_cache=0"
local v2ray_dns_mode=$(config_t_get global v2ray_dns_mode tcp) local v2ray_dns_mode=$(config_t_get global v2ray_dns_mode tcp)
_v2ray_args="${_v2ray_args} dns_proto=${v2ray_dns_mode}" _v2ray_args="${_v2ray_args} remote_dns_protocol=${v2ray_dns_mode}"
_v2ray_args="${_v2ray_args} dns_listen_port=${dns_listen_port}" _v2ray_args="${_v2ray_args} dns_listen_port=${dns_listen_port}"
case "$v2ray_dns_mode" in case "$v2ray_dns_mode" in
tcp) tcp)
_v2ray_args="${_v2ray_args} dns_tcp_server=${DNS_FORWARD}" _v2ray_args="${_v2ray_args} remote_dns_tcp_server=${REMOTE_DNS}"
echolog " - 域名解析 DNS Over TCP..." echolog " - 域名解析 DNS Over TCP..."
;; ;;
doh) doh)
up_trust_doh=$(config_t_get global up_trust_doh "https://cloudflare-dns.com/dns-query,1.1.1.1") remote_dns_doh=$(config_t_get global remote_dns_doh "https://1.1.1.1/dns-query")
_v2ray_args="${_v2ray_args} doh=${up_trust_doh}" _v2ray_args="${_v2ray_args} remote_dns_doh=${remote_dns_doh}"
echolog " - 域名解析 DNS Over HTTPS..." echolog " - 域名解析 DNS Over HTTPS..."
;; ;;
fakedns) fakedns)
fakedns=1 fakedns=1
CHINADNS_NG=0 CHINADNS_NG=0
_v2ray_args="${_v2ray_args} dns_fakedns=1"
echolog " - 域名解析 Fake DNS..." echolog " - 域名解析 Fake DNS..."
;; ;;
esac esac
@ -1078,7 +1085,7 @@ start_dns() {
case "$DNS_MODE" in case "$DNS_MODE" in
dns2socks) dns2socks)
local dns2socks_socks_server=$(echo $(config_t_get global socks_server 127.0.0.1:1080) | sed "s/#/:/g") local dns2socks_socks_server=$(echo $(config_t_get global socks_server 127.0.0.1:1080) | sed "s/#/:/g")
local dns2socks_forward=$(get_first_dns DNS_FORWARD 53 | sed 's/#/:/g') local dns2socks_forward=$(get_first_dns REMOTE_DNS 53 | sed 's/#/:/g')
run_dns2socks socks=$dns2socks_socks_server listen_address=127.0.0.1 listen_port=${dns_listen_port} dns=$dns2socks_forward cache=$DNS_CACHE run_dns2socks socks=$dns2socks_socks_server listen_address=127.0.0.1 listen_port=${dns_listen_port} dns=$dns2socks_forward cache=$DNS_CACHE
echolog " - 域名解析dns2socks(127.0.0.1:${dns_listen_port})${dns2socks_socks_server} -> ${dns2socks_forward}" echolog " - 域名解析dns2socks(127.0.0.1:${dns_listen_port})${dns2socks_socks_server} -> ${dns2socks_forward}"
;; ;;
@ -1096,30 +1103,26 @@ start_dns() {
use_tcp_node_resolve_dns=1 use_tcp_node_resolve_dns=1
local v2ray_dns_mode=$(config_t_get global v2ray_dns_mode tcp) local v2ray_dns_mode=$(config_t_get global v2ray_dns_mode tcp)
_v2ray_args="${_v2ray_args} dns_listen_port=${dns_listen_port}" _v2ray_args="${_v2ray_args} dns_listen_port=${dns_listen_port}"
_v2ray_args="${_v2ray_args} dns_proto=${v2ray_dns_mode}" _v2ray_args="${_v2ray_args} remote_dns_protocol=${v2ray_dns_mode}"
case "$v2ray_dns_mode" in case "$v2ray_dns_mode" in
tcp) tcp)
_v2ray_args="${_v2ray_args} dns_tcp_server=${DNS_FORWARD}" _v2ray_args="${_v2ray_args} remote_dns_tcp_server=${REMOTE_DNS}"
echolog " - 域名解析 DNS Over TCP..." echolog " - 域名解析 DNS Over TCP..."
;; ;;
doh) doh)
up_trust_doh=$(config_t_get global up_trust_doh "https://cloudflare-dns.com/dns-query,1.1.1.1") remote_dns_doh=$(config_t_get global remote_dns_doh "https://1.1.1.1/dns-query")
_v2ray_args="${_v2ray_args} doh=${up_trust_doh}" _v2ray_args="${_v2ray_args} remote_dns_doh=${remote_dns_doh}"
_doh_url=$(echo $up_trust_doh | awk -F ',' '{print $1}') local _doh_url=$(echo $remote_dns_doh | awk -F ',' '{print $1}')
_doh_host_port=$(echo $_doh_url | sed "s/https:\/\///g" | awk -F '/' '{print $1}') local _doh_host_port=$(lua_api "get_domain_from_url(\"${_doh_url}\")")
_doh_host=$(echo $_doh_host_port | awk -F ':' '{print $1}') local _doh_host=$(echo $_doh_host_port | awk -F ':' '{print $1}')
_doh_port=$(echo $_doh_host_port | awk -F ':' '{print $2}') local _is_ip=$(lua_api "is_ip(\"${_doh_host}\")")
_doh_bootstrap=$(echo $up_trust_doh | cut -d ',' -sf 2-) local _doh_port=$(echo $_doh_host_port | awk -F ':' '{print $2}')
[ -z "${_doh_port}" ] && _doh_port=443
DNS_FORWARD="" local _doh_bootstrap=$(echo $remote_dns_doh | cut -d ',' -sf 2-)
_doh_bootstrap_dns=$(echo $_doh_bootstrap | sed "s/,/ /g") [ "${_is_ip}" = "true" ] && _doh_bootstrap=${_doh_host}
for _dns in $_doh_bootstrap_dns; do [ -n "${_doh_bootstrap}" ] && REMOTE_DNS=${_doh_bootstrap}:${_doh_port}
_dns=$(echo $_dns | awk -F ':' '{print $1}'):${_doh_port:-443} unset _doh_url _doh_host_port _doh_host _is_ip _doh_port _doh_bootstrap
[ -n "$DNS_FORWARD" ] && DNS_FORWARD=${DNS_FORWARD},${_dns} || DNS_FORWARD=${_dns}
done
unset _dns _doh_bootstrap_dns
unset _doh_url _doh_port _doh_bootstrap
echolog " - 域名解析 DNS Over HTTPS..." echolog " - 域名解析 DNS Over HTTPS..."
;; ;;
esac esac
@ -1128,13 +1131,13 @@ start_dns() {
;; ;;
pdnsd) pdnsd)
use_tcp_node_resolve_dns=1 use_tcp_node_resolve_dns=1
gen_pdnsd_config "${dns_listen_port}" "${DNS_FORWARD}" "${DNS_CACHE}" gen_pdnsd_config "${dns_listen_port}" "${REMOTE_DNS}" "${DNS_CACHE}"
ln_run "$(first_type pdnsd)" pdnsd "/dev/null" --daemon -c "${TMP_PATH}/pdnsd/pdnsd.conf" -d ln_run "$(first_type pdnsd)" pdnsd "/dev/null" --daemon -c "${TMP_PATH}/pdnsd/pdnsd.conf" -d
echolog " - 域名解析pdnsd + 使用(TCP节点)解析域名..." echolog " - 域名解析pdnsd + 使用(TCP节点)解析域名..."
;; ;;
udp) udp)
use_udp_node_resolve_dns=1 use_udp_node_resolve_dns=1
TUN_DNS="$(echo ${DNS_FORWARD} | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')" TUN_DNS="$(echo ${REMOTE_DNS} | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')"
echolog " - 域名解析使用UDP协议请求DNS$TUN_DNS..." echolog " - 域名解析使用UDP协议请求DNS$TUN_DNS..."
;; ;;
esac esac
@ -1484,8 +1487,8 @@ gfwlist=$(echo "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${UDP_PROXY_MODE}${L
DNS_SHUNT=$(config_t_get global dns_shunt dnsmasq) DNS_SHUNT=$(config_t_get global dns_shunt dnsmasq)
[ -z "$(first_type $DNS_SHUNT)" ] && DNS_SHUNT="dnsmasq" [ -z "$(first_type $DNS_SHUNT)" ] && DNS_SHUNT="dnsmasq"
DNS_MODE=$(config_t_get global dns_mode pdnsd) DNS_MODE=$(config_t_get global dns_mode pdnsd)
DNS_FORWARD=$(config_t_get global dns_forward 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')
DNS_CACHE=$(config_t_get global dns_cache 0) DNS_CACHE=$(config_t_get global dns_cache 0)
REMOTE_DNS=$(config_t_get global remote_dns 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')
CHINADNS_NG=$(config_t_get global chinadns_ng 0) CHINADNS_NG=$(config_t_get global chinadns_ng 0)
filter_proxy_ipv6=$(config_t_get global filter_proxy_ipv6 0) filter_proxy_ipv6=$(config_t_get global filter_proxy_ipv6 0)
dns_listen_port=${DNS_PORT} dns_listen_port=${DNS_PORT}

26
luci-app-passwall/root/usr/share/passwall/iptables.sh
View File

@ -271,7 +271,7 @@ load_acl() {
dnsmasq_port=11400 dnsmasq_port=11400
echolog "访问控制:" echolog "访问控制:"
for item in $items; do for item in $items; do
local enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node dns_mode dns_forward v2ray_dns_mode dns_doh dns_client_ip local enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip
local _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark config_file _extra_param local _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark config_file _extra_param
sid=$(uci -q show "${CONFIG}.${item}" | grep "=acl_rule" | awk -F '=' '{print $1}' | awk -F '.' '{print $2}') sid=$(uci -q show "${CONFIG}.${item}" | grep "=acl_rule" | awk -F '=' '{print $1}' | awk -F '.' '{print $2}')
eval $(uci -q show "${CONFIG}.${item}" | cut -d'.' -sf 3-) eval $(uci -q show "${CONFIG}.${item}" | cut -d'.' -sf 3-)
@ -306,9 +306,9 @@ load_acl() {
tcp_node=${tcp_node:-default} tcp_node=${tcp_node:-default}
udp_node=${udp_node:-default} udp_node=${udp_node:-default}
dns_mode=${dns_mode:-dns2socks} dns_mode=${dns_mode:-dns2socks}
dns_forward=${dns_forward:-1.1.1.1} remote_dns=${remote_dns:-1.1.1.1}
[ "$dns_mode" = "v2ray" -o "$dns_mode" = "xray" ] && { [ "$dns_mode" = "v2ray" -o "$dns_mode" = "xray" ] && {
[ "$v2ray_dns_mode" = "doh" ] && dns_forward=${dns_doh:-https://cloudflare-dns.com/dns-query,1.1.1.1} [ "$v2ray_dns_mode" = "doh" ] && remote_dns=${remote_dns_doh:-https://1.1.1.1/dns-query}
} }
[ "$tcp_proxy_mode" = "default" ] && tcp_proxy_mode=$TCP_PROXY_MODE [ "$tcp_proxy_mode" = "default" ] && tcp_proxy_mode=$TCP_PROXY_MODE
[ "$udp_proxy_mode" = "default" ] && udp_proxy_mode=$UDP_PROXY_MODE [ "$udp_proxy_mode" = "default" ] && udp_proxy_mode=$UDP_PROXY_MODE
@ -331,12 +331,12 @@ load_acl() {
dns_port=$(get_new_port $(expr $dns_port + 1)) dns_port=$(get_new_port $(expr $dns_port + 1))
_dns_port=$dns_port _dns_port=$dns_port
if [ "$dns_mode" = "dns2socks" ]; then if [ "$dns_mode" = "dns2socks" ]; then
run_dns2socks flag=acl_${sid} socks_address=127.0.0.1 socks_port=$socks_port listen_address=0.0.0.0 listen_port=${_dns_port} dns=$dns_forward cache=1 run_dns2socks flag=acl_${sid} socks_address=127.0.0.1 socks_port=$socks_port listen_address=0.0.0.0 listen_port=${_dns_port} dns=$remote_dns cache=1
elif [ "$dns_mode" = "v2ray" -o "$dns_mode" = "xray" ]; then elif [ "$dns_mode" = "v2ray" -o "$dns_mode" = "xray" ]; then
config_file=$TMP_ACL_PATH/${tcp_node}_SOCKS_${socks_port}_DNS.json config_file=$TMP_ACL_PATH/${tcp_node}_SOCKS_${socks_port}_DNS.json
run_v2ray flag=acl_${sid} type=$dns_mode dns_socks_address=127.0.0.1 dns_socks_port=$socks_port dns_listen_port=${_dns_port} dns_proto=${v2ray_dns_mode} dns_tcp_server=${dns_forward} doh="${dns_forward}" dns_client_ip=${dns_client_ip} dns_query_strategy=${DNS_QUERY_STRATEGY} config_file=$config_file run_v2ray flag=acl_${sid} type=$dns_mode dns_socks_address=127.0.0.1 dns_socks_port=$socks_port dns_listen_port=${_dns_port} remote_dns_protocol=${v2ray_dns_mode} remote_dns_tcp_server=${remote_dns} remote_dns_doh="${remote_dns}" dns_client_ip=${dns_client_ip} dns_query_strategy=${DNS_QUERY_STRATEGY} config_file=$config_file
fi fi
eval node_${tcp_node}_$(echo -n "${dns_forward}" | md5sum | cut -d " " -f1)=${_dns_port} eval node_${tcp_node}_$(echo -n "${remote_dns}" | md5sum | cut -d " " -f1)=${_dns_port}
} }
dnsmasq_port=$(get_new_port $(expr $dnsmasq_port + 1)) dnsmasq_port=$(get_new_port $(expr $dnsmasq_port + 1))
@ -349,7 +349,7 @@ load_acl() {
echo "server=${d_server}" >> $TMP_ACL_PATH/$sid/dnsmasq.conf echo "server=${d_server}" >> $TMP_ACL_PATH/$sid/dnsmasq.conf
source $APP_PATH/helper_${DNS_N}.sh add FLAG=${sid} DNS_MODE=$dns_mode TMP_DNSMASQ_PATH=$TMP_ACL_PATH/$sid/dnsmasq.d DNSMASQ_CONF_FILE=/dev/null LOCAL_DNS=$LOCAL_DNS TUN_DNS=127.0.0.1#${_dns_port} TCP_NODE=$tcp_node PROXY_MODE=${tcp_proxy_mode} NO_LOGIC_LOG=1 NO_PROXY_IPV6=${filter_proxy_ipv6} source $APP_PATH/helper_${DNS_N}.sh add FLAG=${sid} DNS_MODE=$dns_mode TMP_DNSMASQ_PATH=$TMP_ACL_PATH/$sid/dnsmasq.d DNSMASQ_CONF_FILE=/dev/null LOCAL_DNS=$LOCAL_DNS TUN_DNS=127.0.0.1#${_dns_port} TCP_NODE=$tcp_node PROXY_MODE=${tcp_proxy_mode} NO_LOGIC_LOG=1 NO_PROXY_IPV6=${filter_proxy_ipv6}
ln_run "$(first_type dnsmasq)" "dnsmasq_${sid}" "/dev/null" -C $TMP_ACL_PATH/$sid/dnsmasq.conf -x $TMP_ACL_PATH/$sid/dnsmasq.pid ln_run "$(first_type dnsmasq)" "dnsmasq_${sid}" "/dev/null" -C $TMP_ACL_PATH/$sid/dnsmasq.conf -x $TMP_ACL_PATH/$sid/dnsmasq.pid
eval node_${tcp_node}_$(echo -n "${tcp_proxy_mode}${dns_forward}" | md5sum | cut -d " " -f1)=${dnsmasq_port} eval node_${tcp_node}_$(echo -n "${tcp_proxy_mode}${remote_dns}" | md5sum | cut -d " " -f1)=${dnsmasq_port}
} }
if [ "$tcp_node" = "$TCP_NODE" ]; then if [ "$tcp_node" = "$TCP_NODE" ]; then
tcp_port=$TCP_REDIR_PORT tcp_port=$TCP_REDIR_PORT
@ -359,9 +359,9 @@ load_acl() {
if [ -n "${_socks_port}" ] && [ -n "${_redir_port}" ]; then if [ -n "${_socks_port}" ] && [ -n "${_redir_port}" ]; then
socks_port=${_socks_port} socks_port=${_socks_port}
tcp_port=${_redir_port} tcp_port=${_redir_port}
_dnsmasq_port=$(eval echo \${node_${tcp_node}_$(echo -n "${tcp_proxy_mode}${dns_forward}" | md5sum | cut -d " " -f1)}) _dnsmasq_port=$(eval echo \${node_${tcp_node}_$(echo -n "${tcp_proxy_mode}${remote_dns}" | md5sum | cut -d " " -f1)})
if [ -z "${_dnsmasq_port}" ]; then if [ -z "${_dnsmasq_port}" ]; then
_dns_port=$(eval echo \${node_${tcp_node}_$(echo -n "${dns_forward}" | md5sum | cut -d " " -f1)}) _dns_port=$(eval echo \${node_${tcp_node}_$(echo -n "${remote_dns}" | md5sum | cut -d " " -f1)})
run_dns ${_dns_port} run_dns ${_dns_port}
else else
redirect_dns_port=${_dnsmasq_port} redirect_dns_port=${_dnsmasq_port}
@ -382,7 +382,7 @@ load_acl() {
config_file=$(echo $config_file | sed "s/SOCKS_${socks_port}/DNS/g") config_file=$(echo $config_file | sed "s/SOCKS_${socks_port}/DNS/g")
dns_port=$(get_new_port $(expr $dns_port + 1)) dns_port=$(get_new_port $(expr $dns_port + 1))
_dns_port=$dns_port _dns_port=$dns_port
_extra_param="dns_listen_port=${_dns_port} dns_proto=${v2ray_dns_mode} dns_tcp_server=${dns_forward} doh=${dns_forward} dns_client_ip=${dns_client_ip} dns_query_strategy=${DNS_QUERY_STRATEGY}" _extra_param="dns_listen_port=${_dns_port} remote_dns_protocol=${v2ray_dns_mode} remote_dns_tcp_server=${remote_dns} remote_dns_doh=${remote_dns} dns_client_ip=${dns_client_ip} dns_query_strategy=${DNS_QUERY_STRATEGY}"
fi fi
config_file="$TMP_PATH/$config_file" config_file="$TMP_PATH/$config_file"
run_v2ray flag=$tcp_node node=$tcp_node tcp_redir_port=$redir_port ${_extra_param} config_file=$config_file run_v2ray flag=$tcp_node node=$tcp_node tcp_redir_port=$redir_port ${_extra_param} config_file=$config_file
@ -585,7 +585,7 @@ load_acl() {
$ip6t_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -j RETURN 2>/dev/null $ip6t_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -j RETURN 2>/dev/null
$ipt_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -j RETURN $ipt_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -j RETURN
done done
unset enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node dns_mode dns_forward v2ray_dns_mode dns_doh dns_client_ip unset enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip
unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark config_file _extra_param unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark config_file _extra_param
unset ipt_tmp msg msg2 unset ipt_tmp msg msg2
unset redirect_dns_port unset redirect_dns_port
@ -1074,7 +1074,7 @@ add_firewall_rule() {
echolog " - [$?]将上游 DNS 服务器 ${2}:${3} 加入到路由器自身代理的 TCP 转发链" echolog " - [$?]将上游 DNS 服务器 ${2}:${3} 加入到路由器自身代理的 TCP 转发链"
} }
[ "$use_tcp_node_resolve_dns" == 1 ] && hosts_foreach DNS_FORWARD _proxy_tcp_access 53 [ "$use_tcp_node_resolve_dns" == 1 ] && hosts_foreach REMOTE_DNS _proxy_tcp_access 53
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && { [ "$TCP_NO_REDIR_PORTS" != "disable" ] && {
$ipt_tmp -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN $ipt_tmp -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
$ip6t_m -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN $ip6t_m -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
@ -1175,7 +1175,7 @@ add_firewall_rule() {
$ipt_m -I PSW $(comment "本机") -p udp -i lo -d ${2} --dport ${3} $(REDIRECT $UDP_REDIR_PORT TPROXY) $ipt_m -I PSW $(comment "本机") -p udp -i lo -d ${2} --dport ${3} $(REDIRECT $UDP_REDIR_PORT TPROXY)
echolog " - [$?]将上游 DNS 服务器 ${2}:${3} 加入到路由器自身代理的 UDP 转发链" echolog " - [$?]将上游 DNS 服务器 ${2}:${3} 加入到路由器自身代理的 UDP 转发链"
} }
[ "$use_udp_node_resolve_dns" == 1 ] && hosts_foreach DNS_FORWARD _proxy_udp_access 53 [ "$use_udp_node_resolve_dns" == 1 ] && hosts_foreach REMOTE_DNS _proxy_udp_access 53
[ "$UDP_NO_REDIR_PORTS" != "disable" ] && { [ "$UDP_NO_REDIR_PORTS" != "disable" ] && {
$ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN
$ip6t_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN $ip6t_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN