zhao/openwrt_helloworld
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

luci-app-ssr-plus: server: use uci open firewall ports

Browse Source
This commit is contained in:
sbwml 2023-08-23 13:43:31 +08:00
parent bc4dfc16d5
commit c245154204
1 changed files with 13 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
luci-app-ssr-plus/root/etc/init.d/shadowsocksr
View File

@ -755,11 +755,6 @@ start_server() {
server_service() { server_service() {
[ "$(uci_get_by_name $1 enable 0)" == "0" ] && return 1 [ "$(uci_get_by_name $1 enable 0)" == "0" ] && return 1
let server_count=server_count+1 let server_count=server_count+1
if [ "$server_count" == "1" ]; then
if ! (iptables-save -t filter | grep SSR-SERVER-RULE >/dev/null); then
iptables -N SSR-SERVER-RULE && iptables -t filter -I INPUT -j SSR-SERVER-RULE
fi
fi
local type=$(uci_get_by_name $1 type) local type=$(uci_get_by_name $1 type)
case "$type" in case "$type" in
ss | ssr) ss | ssr)
@ -773,32 +768,21 @@ start_server() {
echolog "Server:Socks5 Server$server_count Started!" echolog "Server:Socks5 Server$server_count Started!"
;; ;;
esac esac
iptables -t filter -A SSR-SERVER-RULE -p tcp --dport $(uci_get_by_name $1 server_port) -j ACCEPT ssr_server_port=$(uci show shadowsocksr | grep 'server_config.*server_port' | awk -F"'" '{print $2}' | tr "\n" " ")
iptables -t filter -A SSR-SERVER-RULE -p udp --dport $(uci_get_by_name $1 server_port) -j ACCEPT uci -q delete firewall.shadowsocksr_server
uci set firewall.shadowsocksr_server=rule
uci set firewall.shadowsocksr_server.name="shadowsocksr_server"
uci set firewall.shadowsocksr_server.target="ACCEPT"
uci set firewall.shadowsocksr_server.src="wan"
uci set firewall.shadowsocksr_server.dest_port="$ssr_server_port"
uci set firewall.shadowsocksr_server.enabled="1"
uci commit firewall
/etc/init.d/firewall reload >/dev/null 2>&1
return 0 return 0
} }
gen_serv_include() {
local FWI=$(uci get firewall.shadowsocksr.path 2>/dev/null)
[ -n "$FWI" ] || return 0
if [ ! -f $FWI ]; then
echo '#!/bin/sh' >$FWI
fi
extract_rules() {
echo "*filter"
iptables-save -t filter | grep SSR-SERVER-RULE | sed -e "s/^-A INPUT/-I INPUT/"
echo 'COMMIT'
}
cat <<-EOF >>$FWI
iptables-save -c | grep -v "SSR-SERVER" | iptables-restore -c
iptables-restore -n <<-EOT
$(extract_rules)
EOT
EOF
}
config_load $NAME config_load $NAME
config_foreach server_service server_config config_foreach server_service server_config
gen_serv_include
return 0 return 0
} }
@ -923,12 +907,6 @@ stop() {
unlock unlock
set_lock set_lock
/usr/bin/ssr-rules -f /usr/bin/ssr-rules -f
local srulecount=$(iptables -L | grep SSR-SERVER-RULE | wc -l)
if [ $srulecount -gt 0 ]; then
iptables -F SSR-SERVER-RULE
iptables -t filter -D INPUT -j SSR-SERVER-RULE
iptables -X SSR-SERVER-RULE 2>/dev/null
fi
if [ -z "$switch_server" ]; then if [ -z "$switch_server" ]; then
$PS -w | grep -v "grep" | grep ssr-switch | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 & $PS -w | grep -v "grep" | grep ssr-switch | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 &
rm -f /var/lock/ssr-switch.lock rm -f /var/lock/ssr-switch.lock
@ -957,6 +935,9 @@ stop() {
rm -rf /tmp/dnsmasq.d/dnsmasq-ssrplus.conf $TMP_DNSMASQ_PATH $TMP_PATH/*-ssr-*.json $TMP_PATH/ssr-server*.json rm -rf /tmp/dnsmasq.d/dnsmasq-ssrplus.conf $TMP_DNSMASQ_PATH $TMP_PATH/*-ssr-*.json $TMP_PATH/ssr-server*.json
/etc/init.d/dnsmasq restart >/dev/null 2>&1 /etc/init.d/dnsmasq restart >/dev/null 2>&1
fi fi
uci -q delete firewall.shadowsocksr_server
uci commit firewall
/etc/init.d/firewall reload >/dev/null 2>&1
del_cron del_cron
unset_lock unset_lock
} }