diff --git a/luci-app-passwall/Makefile b/luci-app-passwall/Makefile index 6844e497f..8f228699a 100644 --- a/luci-app-passwall/Makefile +++ b/luci-app-passwall/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luci-app-passwall -PKG_VERSION:=4.77-2 +PKG_VERSION:=4.77-3 PKG_RELEASE:= PKG_CONFIG_DEPENDS:= \ diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua index 5a3773f41..7ea123f40 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua @@ -362,33 +362,33 @@ if has_singbox or has_xray then end if api.is_finded("chinadns-ng") then - o = s:option(Flag, "chinadns_ng", translate("ChinaDNS-NG"), translate("The effect is better, but will increase the memory.")) + o = s:option(Flag, "chinadns_ng", translate("ChinaDNS-NG"), translate("The effect is better, recommend.")) o.default = "0" - o:depends({ use_gfw_list = true }) - o:depends({ chn_list = "direct" }) + o:depends({ dns_mode = "", ['!reverse'] = true }) o = s:option(ListValue, "chinadns_ng_default_tag", translate("ChinaDNS-NG Domain Default Tag")) - o.default = "smart" - o:value("smart", translate("Smart DNS")) + o.default = "none" + o:value("none", translate("Default")) o:value("gfw", translate("Remote DNS")) o:value("chn", translate("Direct DNS")) o.description = "" - o:depends("chinadns_ng", true) + o:depends({chinadns_ng = true, chn_list = "direct"}) end o = s:option(ListValue, "use_default_dns", translate("Default DNS")) o.default = "direct" o:value("remote", translate("Remote DNS")) o:value("direct", translate("Direct DNS")) -o.description = translate("The default DNS used when not in the domain name rules list.") -.. "" +o.description = "" local _depends = {tcp_proxy_mode = "proxy"} if api.is_finded("chinadns-ng") then _depends["chinadns_ng"] = false diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua index 5c985e9e7..a57de3199 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua @@ -388,33 +388,33 @@ o:depends({dns_mode = "xray"}) o.rmempty = false if api.is_finded("chinadns-ng") then - o = s:taboption("DNS", Flag, "chinadns_ng", translate("ChinaDNS-NG"), translate("The effect is better, but will increase the memory.")) + o = s:taboption("DNS", Flag, "chinadns_ng", translate("ChinaDNS-NG"), translate("The effect is better, recommend.")) o.default = "0" - o:depends({remote_fakedns = false, use_gfw_list = true}) - o:depends({remote_fakedns = false, chn_list = "direct"}) + o:depends({remote_fakedns = false}) o = s:taboption("DNS", ListValue, "chinadns_ng_default_tag", translate("ChinaDNS-NG Domain Default Tag")) - o.default = "smart" - o:value("smart", translate("Smart DNS")) + o.default = "none" + o:value("none", translate("Default")) o:value("gfw", translate("Remote DNS")) o:value("chn", translate("Direct DNS")) o.description = "" - o:depends("chinadns_ng", true) + o:depends({chinadns_ng = true, chn_list = "direct"}) end o = s:taboption("DNS", ListValue, "use_default_dns", translate("Default DNS")) o.default = "direct" o:value("remote", translate("Remote DNS")) o:value("direct", translate("Direct DNS")) -o.description = translate("The default DNS used when not in the domain name rules list.") -.. "" +o.description = "" local _depends = {tcp_proxy_mode = "proxy"} if api.is_finded("chinadns-ng") then _depends["chinadns_ng"] = false @@ -482,10 +482,12 @@ o.cfgvalue = function(t, n) end s:tab("log", translate("Log")) -o = s:taboption("log", Flag, "close_log_tcp", translatef("%s Node Log Close", "TCP")) +o = s:taboption("log", Flag, "log_tcp", translate("Enable") .. " " .. translatef("%s Node Log", "TCP")) +o.default = "1" o.rmempty = false -o = s:taboption("log", Flag, "close_log_udp", translatef("%s Node Log Close", "UDP")) +o = s:taboption("log", Flag, "log_udp", translate("Enable") .. " " .. translatef("%s Node Log", "UDP")) +o.default = "1" o.rmempty = false loglevel = s:taboption("log", ListValue, "loglevel", "Sing-Box/Xray " .. translate("Log Level")) diff --git a/luci-app-passwall/po/zh-cn/passwall.po b/luci-app-passwall/po/zh-cn/passwall.po index 6630c5eca..f4ff64d74 100644 --- a/luci-app-passwall/po/zh-cn/passwall.po +++ b/luci-app-passwall/po/zh-cn/passwall.po @@ -157,29 +157,26 @@ msgstr "用于 DNS 查询时通知 DNS 服务器,客户端所在的地理位 msgid "This feature requires the DNS server to support the Edns Client Subnet (RFC7871)." msgstr "此功能需要 DNS 服务器支持 EDNS Client Subnet(RFC7871)。" -msgid "The effect is better, but will increase the memory." -msgstr "效果更好,但会增加内存使用。" +msgid "The effect is better, recommend." +msgstr "效果更好,推荐使用。" msgid "Default DNS" msgstr "默认DNS" -msgid "The default DNS used when not in the domain name rules list." -msgstr "当域名不在规则列表中时使用的默认DNS。" +msgid "When not matching any domain name list:" +msgstr "当不匹配任何域名列表时:" -msgid "Remote DNS can avoid more DNS leaks, but some domestic domain names maybe to proxy!" -msgstr "远程DNS可以避免更多的DNS泄露,但会导致规则列表外的某些国内域名可能会走代理!" +msgid "Remote DNS: Can avoid more DNS leaks, but some domestic domain names maybe to proxy!" +msgstr "远程DNS:可以避免更多的DNS泄露,但会导致规则列表外的某些国内域名可能会走代理!" -msgid "Direct DNS Internet experience may be better, but DNS will be leaked!" -msgstr "直连DNS上网体验可能会更佳,但是会泄露DNS!" +msgid "Direct DNS: Internet experience may be better, but DNS will be leaked!" +msgstr "直连DNS:上网体验可能会更佳,但是会泄露DNS!" msgid "ChinaDNS-NG Domain Default Tag" msgstr "ChinaDNS-NG 域名默认标签" -msgid "Smart DNS" -msgstr "智能 DNS" - -msgid "Forward to both remote and direct DNS, if the direct DNS resolution result is a mainland China ip, then use the direct result, otherwise use the remote result" -msgstr "同时转发给远程和直连DNS,如果直连DNS解析结果是大陆ip,则使用直连结果,否则使用远程结果" +msgid "Default: Forward to both direct and remote DNS, if the direct DNS resolution result is a mainland China ip, then use the direct result, otherwise use the remote result." +msgstr "默认:同时转发给直连和远程DNS,如果直连DNS解析结果是大陆ip,则使用直连结果,否则使用远程结果。" msgid "Filter Proxy Host IPv6" msgstr "过滤代理域名 IPv6" diff --git a/luci-app-passwall/root/usr/share/passwall/0_default_config b/luci-app-passwall/root/usr/share/passwall/0_default_config index c0157c269..2dcafa3fc 100644 --- a/luci-app-passwall/root/usr/share/passwall/0_default_config +++ b/luci-app-passwall/root/usr/share/passwall/0_default_config @@ -10,7 +10,7 @@ config global option remote_dns '1.1.1.1' option use_default_dns 'direct' option chinadns_ng '1' - option chinadns_ng_default_tag 'smart' + option chinadns_ng_default_tag 'none' option use_direct_list '1' option use_proxy_list '1' option use_block_list '1' @@ -21,8 +21,8 @@ config global option localhost_proxy '1' option client_proxy '1' option acl_enable '0' - option close_log_tcp '0' - option close_log_udp '0' + option log_tcp '1' + option log_udp '1' option loglevel 'error' option trojan_loglevel '4' diff --git a/luci-app-passwall/root/usr/share/passwall/0_default_config.orig b/luci-app-passwall/root/usr/share/passwall/0_default_config.orig index c0b26cb4f..b9ad81e5f 100644 --- a/luci-app-passwall/root/usr/share/passwall/0_default_config.orig +++ b/luci-app-passwall/root/usr/share/passwall/0_default_config.orig @@ -10,7 +10,7 @@ config global option remote_dns '1.1.1.1' option use_default_dns 'direct' option chinadns_ng '1' - option chinadns_ng_default_tag 'smart' + option chinadns_ng_default_tag 'none' option use_direct_list '1' option use_proxy_list '1' option use_block_list '1' @@ -21,8 +21,8 @@ config global option localhost_proxy '1' option client_proxy '1' option acl_enable '0' - option close_log_tcp '0' - option close_log_udp '0' + option log_tcp '1' + option log_udp '1' option loglevel 'error' option trojan_loglevel '4' diff --git a/luci-app-passwall/root/usr/share/passwall/app.sh b/luci-app-passwall/root/usr/share/passwall/app.sh index 863639830..5ba4da30c 100755 --- a/luci-app-passwall/root/usr/share/passwall/app.sh +++ b/luci-app-passwall/root/usr/share/passwall/app.sh @@ -483,7 +483,7 @@ run_dns2socks() { } run_chinadns_ng() { - local _flag _listen_port _dns_china _dns_trust _use_direct_list _use_proxy_list _chnlist _gfwlist _no_ipv6_dns + local _flag _listen_port _dns_local _dns_trust _no_ipv6_trust _use_direct_list _use_proxy_list _gfwlist _chnlist _default_mode _default_tag eval_set_val $@ local _CONF_FILE=$TMP_ACL_PATH/$_flag/chinadns_ng.conf @@ -494,7 +494,7 @@ run_chinadns_ng() { verbose bind-addr 127.0.0.1 bind-port ${_listen_port}@udp - china-dns ${_dns_china} + china-dns ${_dns_local} trust-dns udp://${_dns_trust} filter-qtype 65 EOF @@ -509,10 +509,9 @@ run_chinadns_ng() { cat <<-EOF >> ${_CONF_FILE} group directlist group-dnl ${RULES_PATH}/direct_host - group-upstream ${_dns_china} + group-upstream ${_dns_local} group-ipset ${whitelist4_set},${whitelist6_set} EOF - [ "${_no_ipv6_dns}" = "china" ] && echo "no-ipv6 tag:directlist" >> ${_CONF_FILE} } [ "${_use_proxy_list}" = "1" ] && [ -s "${RULES_PATH}/proxy_host" ] && { @@ -528,18 +527,32 @@ run_chinadns_ng() { group-upstream udp://${_dns_trust} group-ipset ${blacklist4_set},${blacklist6_set} EOF - [ "${_no_ipv6_dns}" = "trust" ] && echo "no-ipv6 tag:proxylist" >> ${_CONF_FILE} + [ "${_no_ipv6_trust}" = "1" ] && echo "no-ipv6 tag:proxylist" >> ${_CONF_FILE} } + + [ "${_gfwlist}" = "1" ] && [ -s "${RULES_PATH}/gfwlist" ] && { + local gfwlist4_set="passwall_gfwlist" + local gfwlist6_set="passwall_gfwlist6" + [ "$nftflag" = "1" ] && { + gfwlist4_set="inet@fw4@${gfwlist4_set}" + gfwlist6_set="inet@fw4@${gfwlist6_set}" + } + cat <<-EOF >> ${_CONF_FILE} + gfwlist-file ${RULES_PATH}/gfwlist + add-taggfw-ip ${gfwlist4_set},${gfwlist6_set} + EOF + [ "${_no_ipv6_trust}" = "1" ] && echo "no-ipv6 tag:gfw" >> ${_CONF_FILE} + } + + [ "${_chnlist}" != "0" ] && [ -s "${RULES_PATH}/chnlist" ] && { + local chnroute4_set="passwall_chnroute" + local chnroute6_set="passwall_chnroute6" + [ "$nftflag" = "1" ] && { + chnroute4_set="inet@fw4@${chnroute4_set}" + chnroute6_set="inet@fw4@${chnroute6_set}" + } - local _default_tag=$(config_t_get global chinadns_ng_default_tag smart) - [ "${_chnlist}" = "direct" ] && { - [ -s "${RULES_PATH}/chnlist" ] && { - local chnroute4_set="passwall_chnroute" - local chnroute6_set="passwall_chnroute6" - [ "$nftflag" = "1" ] && { - chnroute4_set="inet@fw4@${chnroute4_set}" - chnroute6_set="inet@fw4@${chnroute6_set}" - } + [ "${_chnlist}" = "direct" ] && { cat <<-EOF >> ${_CONF_FILE} chnlist-file ${RULES_PATH}/chnlist ipset-name4 ${chnroute4_set} @@ -547,28 +560,32 @@ run_chinadns_ng() { add-tagchn-ip chnlist-first EOF - [ "${_no_ipv6_dns}" = "china" ] && echo "no-ipv6 tag:chn" >> ${_CONF_FILE} } - } - [ "${_gfwlist}" = "1" ] && { - [ -s "${RULES_PATH}/gfwlist" ] && { - local gfwlist4_set="passwall_gfwlist" - local gfwlist6_set="passwall_gfwlist6" - [ "$nftflag" = "1" ] && { - gfwlist4_set="inet@fw4@${gfwlist4_set}" - gfwlist6_set="inet@fw4@${gfwlist6_set}" - } - cat <<-EOF >> ${_CONF_FILE} - gfwlist-file ${RULES_PATH}/gfwlist - add-taggfw-ip ${gfwlist4_set},${gfwlist6_set} - EOF - [ "${_no_ipv6_dns}" = "trust" ] && echo "no-ipv6 tag:gfw" >> ${_CONF_FILE} - #当只有使用gfwlist模式时设置默认DNS为本地直连 - [ "${_chnlist}" = "0" ] && _default_tag="chn" - } - } - [ -n "$_default_tag" ] && [ "$_default_tag" != "smart" ] && echo "default-tag ${_default_tag}" >> ${_CONF_FILE} + #回中国模式 + [ "${_chnlist}" = "proxy" ] && { + cat <<-EOF >> ${_CONF_FILE} + group chn_proxy + group-dnl ${RULES_PATH}/chnlist + group-upstream udp://${_dns_trust} + group-ipset ${chnroute4_set},${chnroute6_set} + EOF + [ "${_no_ipv6_trust}" = "1" ] && echo "no-ipv6 tag:chn_proxy" >> ${_CONF_FILE} + } + } + + #只使用gfwlist模式,GFW列表以外的域名及默认使用本地DNS + [ "${_gfwlist}" = "1" ] && [ "${_chnlist}" = "0" ] && _default_tag="chn" + #回中国模式,中国列表以外的域名及默认使用本地DNS + [ "${_chnlist}" = "proxy" ] && _default_tag="chn" + #全局模式,默认使用远程DNS + [ "${_default_mode}" = "proxy" ] && [ "${_chnlist}" = "0" ] && [ "${_gfwlist}" = "0" ] && { + _default_tag="gfw" + [ "${_no_ipv6_trust}" = "1" ] && echo "no-ipv6" >> ${_CONF_FILE} + } + + ([ -z "${_default_tag}" ] || [ "${_default_tag}" = "smart" ]) && _default_tag="none" + echo "default-tag ${_default_tag}" >> ${_CONF_FILE} ln_run "$(first_type chinadns-ng)" chinadns-ng "${_LOG_FILE}" -C ${_CONF_FILE} } @@ -734,8 +751,8 @@ run_redir() { local proto=$(echo $proto | tr 'A-Z' 'a-z') local PROTO=$(echo $proto | tr 'a-z' 'A-Z') local type=$(echo $(config_n_get $node type) | tr 'A-Z' 'a-z') - local close_log=$(config_t_get global close_log_${proto} 1) - [ "$close_log" = "1" ] && log_file="/dev/null" + local enable_log=$(config_t_get global log_${proto} 1) + [ "$enable_log" != "1" ] && log_file="/dev/null" local remarks=$(config_n_get $node remarks) local server_host=$(config_n_get $node address) local port=$(config_n_get $node port) @@ -1303,25 +1320,25 @@ start_dns() { [ "${use_tcp_node_resolve_dns}" = "1" ] && echolog " * 请确认上游 DNS 支持 TCP 查询,如非直连地址,确保 TCP 代理打开,并且已经正确转发!" [ "${use_udp_node_resolve_dns}" = "1" ] && echolog " * 要求代理 DNS 请求,如上游 DNS 非直连地址,确保 UDP 代理打开,并且已经正确转发!" - [ "$CHINADNS_NG" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && ([ "${CHN_LIST}" = "direct" ] || [ "${USE_GFW_LIST}" = "1" ]) && { - [ "$FILTER_PROXY_IPV6" = "1" ] && { - local _no_ipv6_dns="trust" - DNSMASQ_FILTER_PROXY_IPV6=0 - } + [ "$CHINADNS_NG" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && { + [ "$FILTER_PROXY_IPV6" = "1" ] && DNSMASQ_FILTER_PROXY_IPV6=0 local china_ng_listen_port=$(expr $dns_listen_port + 1) local china_ng_listen="127.0.0.1#${china_ng_listen_port}" + run_chinadns_ng \ _flag="default" \ _listen_port=${china_ng_listen_port} \ - _dns_china=$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",") \ - _dns_trust="${TUN_DNS}" \ - _use_direct_list="${USE_DIRECT_LIST}" \ - _use_proxy_list="${USE_PROXY_LIST}" \ - _chnlist="${CHN_LIST}" \ - _gfwlist="${USE_GFW_LIST}" \ - _no_ipv6_dns="${_no_ipv6_dns}" - - echolog " - ChinaDNS-NG(127.0.0.1#${china_ng_listen_port}):国内DNS:$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ","),可信DNS:${TUN_DNS}" + _dns_local=$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",") \ + _dns_trust=${TUN_DNS} \ + _no_ipv6_trust=${FILTER_PROXY_IPV6} \ + _use_direct_list=${USE_DIRECT_LIST} \ + _use_proxy_list=${USE_PROXY_LIST} \ + _gfwlist=${USE_GFW_LIST} \ + _chnlist=${CHN_LIST} \ + _default_mode=${TCP_PROXY_MODE} \ + _default_tag=$(config_t_get global chinadns_ng_default_tag smart) + + echolog " - ChinaDNS-NG(127.0.0.1#${china_ng_listen_port}):直连DNS:$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ","),可信DNS:${TUN_DNS}" USE_DEFAULT_DNS="chinadns_ng" } @@ -1335,7 +1352,7 @@ start_dns() { -DNSMASQ_CONF_FILE "/tmp/dnsmasq.d/dnsmasq-passwall.conf" -DEFAULT_DNS ${DEFAULT_DNS} -LOCAL_DNS ${LOCAL_DNS} \ -TUN_DNS ${TUN_DNS} -REMOTE_FAKEDNS ${fakedns:-0} -USE_DEFAULT_DNS "${USE_DEFAULT_DNS:-direct}" -CHINADNS_DNS ${china_ng_listen:-0} \ -USE_DIRECT_LIST "${USE_DIRECT_LIST}" -USE_PROXY_LIST "${USE_PROXY_LIST}" -USE_BLOCK_LIST "${USE_BLOCK_LIST}" -USE_GFW_LIST "${USE_GFW_LIST}" -CHN_LIST "${CHN_LIST}" \ - -TCP_NODE ${TCP_NODE} -DEFAULT_PROXY_MODE "${TCP_PROXY_MODE}" -NO_PROXY_IPV6 ${DNSMASQ_FILTER_PROXY_IPV6:-0} -NFTFLAG ${nftflag:-0} \ + -TCP_NODE ${TCP_NODE} -DEFAULT_PROXY_MODE ${TCP_PROXY_MODE} -NO_PROXY_IPV6 ${DNSMASQ_FILTER_PROXY_IPV6:-0} -NFTFLAG ${nftflag:-0} \ -NO_LOGIC_LOG ${NO_LOGIC_LOG:-0} } @@ -1471,24 +1488,23 @@ acl_app() { eval node_${tcp_node}_$(echo -n "${remote_dns}" | md5sum | cut -d " " -f1)=${_dns_port} } - [ "$chinadns_ng" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && ([ "${chn_list}" = "direct" ] || [ "${use_gfw_list}" = "1" ]) && { - [ "$filter_proxy_ipv6" = "1" ] && { - local _no_ipv6_dns="trust" - dnsmasq_filter_proxy_ipv6=0 - } + [ "$chinadns_ng" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && { + [ "$filter_proxy_ipv6" = "1" ] && dnsmasq_filter_proxy_ipv6=0 chinadns_port=$(expr $chinadns_port + 1) _china_ng_listen="127.0.0.1#${chinadns_port}" run_chinadns_ng \ _flag="$sid" \ _listen_port=${chinadns_port} \ - _dns_china=$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",") \ - _dns_trust="127.0.0.1#${_dns_port}" \ - _use_direct_list="${use_direct_list}" \ - _use_proxy_list="${use_proxy_list}" \ - _chnlist=${chn_list} \ + _dns_local=$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",") \ + _dns_trust=127.0.0.1#${_dns_port} \ + _no_ipv6_trust=${filter_proxy_ipv6} \ + _use_direct_list=${use_direct_list} \ + _use_proxy_list=${use_proxy_list} \ _gfwlist=${use_gfw_list} \ - _no_ipv6_dns="${_no_ipv6_dns}" + _chnlist=${chn_list} \ + _default_mode=${tcp_proxy_mode} \ + _default_tag=${chinadns_ng_default_tag:-smart} use_default_dns="chinadns_ng" } @@ -1628,7 +1644,7 @@ acl_app() { [ -n "$redirect_dns_port" ] && echo "${redirect_dns_port}" > $TMP_ACL_PATH/$sid/var_redirect_dns_port unset enabled sid remarks sources use_global_config tcp_node udp_node use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode filter_proxy_ipv6 dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port config_file _extra_param - unset _china_ng_listen _china_ng_chn _china_ng_gfw _gfwlist_file _chnlist_file _china_ng_log_file _no_ipv6_dns _china_ng_extra_param dnsmasq_filter_proxy_ipv6 + unset _china_ng_listen chinadns_ng_default_tag dnsmasq_filter_proxy_ipv6 unset redirect_dns_port done unset socks_port redir_port dns_port dnsmasq_port chinadns_port diff --git a/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua b/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua index 2b856a224..ebce2fc05 100644 --- a/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua +++ b/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua @@ -162,8 +162,6 @@ if cache_text ~= new_text then api.remove(CACHE_DNS_PATH .. "*") end -local only_global - local dnsmasq_default_dns if USE_DEFAULT_DNS ~= "nil" then if USE_DEFAULT_DNS == "direct" then @@ -175,16 +173,17 @@ if USE_DEFAULT_DNS ~= "nil" then if USE_DEFAULT_DNS == "remote" and CHN_LIST == "direct" then dnsmasq_default_dns = TUN_DNS end - if USE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" and (CHN_LIST == "direct" or USE_GFW_LIST == "1") then - dnsmasq_default_dns = CHINADNS_DNS - end end +local only_global if DEFAULT_PROXY_MODE == "proxy" and CHN_LIST == "0" and USE_GFW_LIST == "0" then --没有启用中国列表和GFW列表时 dnsmasq_default_dns = TUN_DNS only_global = 1 end +if USE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" then + dnsmasq_default_dns = CHINADNS_DNS +end local setflag_4= (NFTFLAG == "1") and "4#inet#fw4#" or "" local setflag_6= (NFTFLAG == "1") and "6#inet#fw4#" or "" @@ -304,15 +303,16 @@ if not fs.access(CACHE_DNS_PATH) then --中国列表 if CHN_LIST ~= "0" then if fs.access("/usr/share/passwall/rules/chnlist") then - fwd_dns = LOCAL_DNS + fwd_dns = nil if CHN_LIST == "direct" then - if USE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" then - fwd_dns = nil - end + fwd_dns = LOCAL_DNS end if CHN_LIST == "proxy" then fwd_dns = TUN_DNS end + if USE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" then + fwd_dns = nil + end if fwd_dns then local ipset_flag = setflag_4 .. "passwall_chnroute," .. setflag_6 .. "passwall_chnroute6" if CHN_LIST == "proxy" then