zhao/openwrt_helloworld
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

luci-app-passwall: sync upstream

Browse Source 
last commit: e0c5ff29fd
This commit is contained in:
gitea-action 2024-12-20 22:33:37 +08:00
parent 54b4d6a5d1
commit cff1c28c2a
6 changed files with 168 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
View File

@ -571,7 +571,7 @@ if api.is_finded("smartdns") then
end end
o = s:taboption("DNS", Flag, "dns_redirect", translate("DNS Redirect"), translate("Force special DNS server to need proxy devices.")) o = s:taboption("DNS", Flag, "dns_redirect", translate("DNS Redirect"), translate("Force special DNS server to need proxy devices."))
o.default = "1" o.default = "0"
o.rmempty = false o.rmempty = false
if (uci:get(appname, "@global_forwarding[0]", "use_nft") or "0") == "1" then if (uci:get(appname, "@global_forwarding[0]", "use_nft") or "0") == "1" then

9
luci-app-passwall/luasrc/passwall/api.lua
View File

@ -219,14 +219,7 @@ end
function is_install(package) function is_install(package)
if package and #package > 0 then if package and #package > 0 then
local file_path = "/usr/lib/opkg/info" return sys.call(string.format('opkg list-installed | grep "%s" > /dev/null 2>&1', package)) == 0
local file_ext = ".control"
local has = sys.call("[ -d " .. file_path .. " ]")
if has == 0 then
file_path = "/lib/apk/packages"
file_ext = ".list"
end
return sys.call(string.format('[ -s "%s/%s%s" ]', file_path, package, file_ext)) == 0
end end
return false return false
end end

39
luci-app-passwall/root/usr/share/passwall/app.sh
View File

@ -1589,9 +1589,7 @@ start_dns() {
[ "$(expr $dnsmasq_version \>= 2.87)" == 0 ] && echolog "Dnsmasq版本低于2.87,有可能无法正常使用!!!" [ "$(expr $dnsmasq_version \>= 2.87)" == 0 ] && echolog "Dnsmasq版本低于2.87,有可能无法正常使用!!!"
} }
local DNSMASQ_TUN_DNS=$(get_first_dns TUN_DNS 53 | sed 's/:/#/g')
local RUN_NEW_DNSMASQ=1 local RUN_NEW_DNSMASQ=1
RUN_NEW_DNSMASQ=${DNS_REDIRECT}
if [ "${RUN_NEW_DNSMASQ}" == "0" ]; then if [ "${RUN_NEW_DNSMASQ}" == "0" ]; then
#The old logic will be removed in the future. #The old logic will be removed in the future.
#Run a copy dnsmasq instance, DNS hijack that don't need a proxy devices. #Run a copy dnsmasq instance, DNS hijack that don't need a proxy devices.
@ -1607,7 +1605,7 @@ start_dns() {
#Modify the default dnsmasq service #Modify the default dnsmasq service
lua $APP_PATH/helper_dnsmasq.lua stretch lua $APP_PATH/helper_dnsmasq.lua stretch
lua $APP_PATH/helper_dnsmasq.lua add_rule -FLAG "default" -TMP_DNSMASQ_PATH ${GLOBAL_DNSMASQ_CONF_PATH} -DNSMASQ_CONF_FILE ${GLOBAL_DNSMASQ_CONF} \ lua $APP_PATH/helper_dnsmasq.lua add_rule -FLAG "default" -TMP_DNSMASQ_PATH ${GLOBAL_DNSMASQ_CONF_PATH} -DNSMASQ_CONF_FILE ${GLOBAL_DNSMASQ_CONF} \
-DEFAULT_DNS ${DEFAULT_DNS} -LOCAL_DNS ${LOCAL_DNS} -TUN_DNS ${DNSMASQ_TUN_DNS} \ -DEFAULT_DNS ${DEFAULT_DNS} -LOCAL_DNS ${LOCAL_DNS} -TUN_DNS ${TUN_DNS} \
-REMOTE_FAKEDNS ${fakedns:-0} -USE_DEFAULT_DNS "${USE_DEFAULT_DNS:-direct}" -CHINADNS_DNS ${china_ng_listen:-0} \ -REMOTE_FAKEDNS ${fakedns:-0} -USE_DEFAULT_DNS "${USE_DEFAULT_DNS:-direct}" -CHINADNS_DNS ${china_ng_listen:-0} \
-USE_DIRECT_LIST "${USE_DIRECT_LIST}" -USE_PROXY_LIST "${USE_PROXY_LIST}" -USE_BLOCK_LIST "${USE_BLOCK_LIST}" -USE_GFW_LIST "${USE_GFW_LIST}" -CHN_LIST "${CHN_LIST}" \ -USE_DIRECT_LIST "${USE_DIRECT_LIST}" -USE_PROXY_LIST "${USE_PROXY_LIST}" -USE_BLOCK_LIST "${USE_BLOCK_LIST}" -USE_GFW_LIST "${USE_GFW_LIST}" -CHN_LIST "${CHN_LIST}" \
-TCP_NODE ${TCP_NODE} -DEFAULT_PROXY_MODE ${TCP_PROXY_MODE} -NO_PROXY_IPV6 ${DNSMASQ_FILTER_PROXY_IPV6:-0} -NFTFLAG ${nftflag:-0} \ -TCP_NODE ${TCP_NODE} -DEFAULT_PROXY_MODE ${TCP_PROXY_MODE} -NO_PROXY_IPV6 ${DNSMASQ_FILTER_PROXY_IPV6:-0} -NFTFLAG ${nftflag:-0} \
@ -1619,7 +1617,7 @@ start_dns() {
GLOBAL_DNSMASQ_CONF=${GLOBAL_ACL_PATH}/dnsmasq.conf GLOBAL_DNSMASQ_CONF=${GLOBAL_ACL_PATH}/dnsmasq.conf
GLOBAL_DNSMASQ_CONF_PATH=${GLOBAL_ACL_PATH}/dnsmasq.d GLOBAL_DNSMASQ_CONF_PATH=${GLOBAL_ACL_PATH}/dnsmasq.d
lua $APP_PATH/helper_dnsmasq.lua add_rule -FLAG "default" -TMP_DNSMASQ_PATH ${GLOBAL_DNSMASQ_CONF_PATH} -DNSMASQ_CONF_FILE ${GLOBAL_DNSMASQ_CONF} \ lua $APP_PATH/helper_dnsmasq.lua add_rule -FLAG "default" -TMP_DNSMASQ_PATH ${GLOBAL_DNSMASQ_CONF_PATH} -DNSMASQ_CONF_FILE ${GLOBAL_DNSMASQ_CONF} \
-LISTEN_PORT ${GLOBAL_DNSMASQ_PORT} -DEFAULT_DNS ${DEFAULT_DNS} -LOCAL_DNS ${LOCAL_DNS} -TUN_DNS ${DNSMASQ_TUN_DNS} \ -LISTEN_PORT ${GLOBAL_DNSMASQ_PORT} -DEFAULT_DNS ${DEFAULT_DNS} -LOCAL_DNS ${LOCAL_DNS} -TUN_DNS ${TUN_DNS} \
-REMOTE_FAKEDNS ${fakedns:-0} -USE_DEFAULT_DNS "${USE_DEFAULT_DNS:-direct}" -CHINADNS_DNS ${china_ng_listen:-0} \ -REMOTE_FAKEDNS ${fakedns:-0} -USE_DEFAULT_DNS "${USE_DEFAULT_DNS:-direct}" -CHINADNS_DNS ${china_ng_listen:-0} \
-USE_DIRECT_LIST "${USE_DIRECT_LIST}" -USE_PROXY_LIST "${USE_PROXY_LIST}" -USE_BLOCK_LIST "${USE_BLOCK_LIST}" -USE_GFW_LIST "${USE_GFW_LIST}" -CHN_LIST "${CHN_LIST}" \ -USE_DIRECT_LIST "${USE_DIRECT_LIST}" -USE_PROXY_LIST "${USE_PROXY_LIST}" -USE_BLOCK_LIST "${USE_BLOCK_LIST}" -USE_GFW_LIST "${USE_GFW_LIST}" -CHN_LIST "${CHN_LIST}" \
-TCP_NODE ${TCP_NODE} -DEFAULT_PROXY_MODE ${TCP_PROXY_MODE} -NO_PROXY_IPV6 ${DNSMASQ_FILTER_PROXY_IPV6:-0} -NFTFLAG ${nftflag:-0} \ -TCP_NODE ${TCP_NODE} -DEFAULT_PROXY_MODE ${TCP_PROXY_MODE} -NO_PROXY_IPV6 ${DNSMASQ_FILTER_PROXY_IPV6:-0} -NFTFLAG ${nftflag:-0} \
@ -1686,7 +1684,8 @@ acl_app() {
socks_port=11100 socks_port=11100
redir_port=11200 redir_port=11200
dns_port=11300 dns_port=11300
dnsmasq_port=${GLOBAL_DNSMASQ_PORT:-11400} dnsmasq_port=11400
[ -n "${GLOBAL_DNSMASQ_PORT}" ] && dnsmasq_port=$(get_new_port $GLOBAL_DNSMASQ_PORT)
chinadns_port=11500 chinadns_port=11500
for item in $items; do for item in $items; do
sid=$(uci -q show "${CONFIG}.${item}" | grep "=acl_rule" | awk -F '=' '{print $1}' | awk -F '.' '{print $2}') sid=$(uci -q show "${CONFIG}.${item}" | grep "=acl_rule" | awk -F '=' '{print $1}' | awk -F '.' '{print $2}')
@ -1750,6 +1749,7 @@ acl_app() {
[ -n "$tcp_node" ] && { [ -n "$tcp_node" ] && {
local GLOBAL_TCP_NODE=$(get_cache_var "ACL_GLOBAL_TCP_node") local GLOBAL_TCP_NODE=$(get_cache_var "ACL_GLOBAL_TCP_node")
echolog "${GLOBAL_TCP_NODE}"
[ -n "${GLOBAL_TCP_NODE}" ] && GLOBAL_TCP_redir_port=$(get_cache_var "ACL_GLOBAL_TCP_redir_port") [ -n "${GLOBAL_TCP_NODE}" ] && GLOBAL_TCP_redir_port=$(get_cache_var "ACL_GLOBAL_TCP_redir_port")
if [ "$tcp_node" = "default" ]; then if [ "$tcp_node" = "default" ]; then
if [ -n "${GLOBAL_TCP_NODE}" ]; then if [ -n "${GLOBAL_TCP_NODE}" ]; then
@ -2001,10 +2001,8 @@ start() {
if [ "$ENABLED_DEFAULT_ACL" == 1 ] || [ "$ENABLED_ACLS" == 1 ]; then if [ "$ENABLED_DEFAULT_ACL" == 1 ] || [ "$ENABLED_ACLS" == 1 ]; then
[ "$(uci -q get dhcp.@dnsmasq[0].dns_redirect)" == "1" ] && { [ "$(uci -q get dhcp.@dnsmasq[0].dns_redirect)" == "1" ] && {
uci -q set ${CONFIG}.@global[0].dnsmasq_dns_redirect='1' uci -q set dhcp.@dnsmasq[0].dns_redirect='0' 2>/dev/null
uci -q commit ${CONFIG} uci commit dhcp 2>/dev/null
uci -q set dhcp.@dnsmasq[0].dns_redirect='0'
uci -q commit dhcp
/etc/init.d/dnsmasq restart >/dev/null 2>&1 /etc/init.d/dnsmasq restart >/dev/null 2>&1
} }
fi fi
@ -2047,23 +2045,11 @@ stop() {
source $APP_PATH/helper_smartdns.sh del source $APP_PATH/helper_smartdns.sh del
rm -rf $GLOBAL_DNSMASQ_CONF rm -rf $GLOBAL_DNSMASQ_CONF
rm -rf $GLOBAL_DNSMASQ_CONF_PATH rm -rf $GLOBAL_DNSMASQ_CONF_PATH
[ "1" = "1" ] && { [ -z "$(get_cache_var "ACL_default_dns_port")" ] && lua $APP_PATH/helper_dnsmasq.lua restart -LOG 0
#restore logic bak_bridge_nf_ipt=$(get_cache_var "bak_bridge_nf_ipt")
bak_dnsmasq_dns_redirect=$(config_t_get global dnsmasq_dns_redirect) [ -n "${bak_bridge_nf_ipt}" ] && sysctl -w net.bridge.bridge-nf-call-iptables=${bak_bridge_nf_ipt} >/dev/null 2>&1
[ -n "${bak_dnsmasq_dns_redirect}" ] && { bak_bridge_nf_ip6t=$(get_cache_var "bak_bridge_nf_ip6t")
uci -q set dhcp.@dnsmasq[0].dns_redirect="${bak_dnsmasq_dns_redirect}" [ -n "${bak_bridge_nf_ip6t}" ] && sysctl -w net.bridge.bridge-nf-call-ip6tables=${bak_bridge_nf_ip6t} >/dev/null 2>&1
uci -q commit dhcp
uci -q delete ${CONFIG}.@global[0].dnsmasq_dns_redirect
uci -q commit ${CONFIG}
}
if [ -z "$(get_cache_var "ACL_default_dns_port")" ] || [ -n "${bak_dnsmasq_dns_redirect}" ]; then
lua $APP_PATH/helper_dnsmasq.lua restart -LOG 0
fi
bak_bridge_nf_ipt=$(get_cache_var "bak_bridge_nf_ipt")
[ -n "${bak_bridge_nf_ipt}" ] && sysctl -w net.bridge.bridge-nf-call-iptables=${bak_bridge_nf_ipt} >/dev/null 2>&1
bak_bridge_nf_ip6t=$(get_cache_var "bak_bridge_nf_ip6t")
[ -n "${bak_bridge_nf_ip6t}" ] && sysctl -w net.bridge.bridge-nf-call-ip6tables=${bak_bridge_nf_ip6t} >/dev/null 2>&1
}
rm -rf $TMP_PATH rm -rf $TMP_PATH
rm -rf /tmp/lock/${CONFIG}_socks_auto_switch* rm -rf /tmp/lock/${CONFIG}_socks_auto_switch*
echolog "清空并关闭相关程序和缓存完成。" echolog "清空并关闭相关程序和缓存完成。"
@ -2122,7 +2108,6 @@ DNS_CACHE=0
REMOTE_DNS=$(config_t_get global remote_dns 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g') REMOTE_DNS=$(config_t_get global remote_dns 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')
USE_DEFAULT_DNS=$(config_t_get global use_default_dns direct) USE_DEFAULT_DNS=$(config_t_get global use_default_dns direct)
FILTER_PROXY_IPV6=$(config_t_get global filter_proxy_ipv6 0) FILTER_PROXY_IPV6=$(config_t_get global filter_proxy_ipv6 0)
DNS_REDIRECT=$(config_t_get global dns_redirect 1)
dns_listen_port=${DNS_PORT} dns_listen_port=${DNS_PORT}
REDIRECT_LIST="socks ss ss-rust ssr sing-box xray trojan-plus naiveproxy hysteria2" REDIRECT_LIST="socks ss ss-rust ssr sing-box xray trojan-plus naiveproxy hysteria2"

1
luci-app-passwall/root/usr/share/passwall/iptables.sh
View File

@ -329,7 +329,6 @@ load_acl() {
$ip6t_n -A PSW_DNS $(comment "$remarks") -p udp ${_ipt_source} --dport 53 -j REDIRECT --to-ports ${dns_redirect} 2>/dev/null $ip6t_n -A PSW_DNS $(comment "$remarks") -p udp ${_ipt_source} --dport 53 -j REDIRECT --to-ports ${dns_redirect} 2>/dev/null
$ipt_n -A PSW_DNS $(comment "$remarks") -p tcp ${_ipt_source} --dport 53 -j REDIRECT --to-ports ${dns_redirect} $ipt_n -A PSW_DNS $(comment "$remarks") -p tcp ${_ipt_source} --dport 53 -j REDIRECT --to-ports ${dns_redirect}
$ip6t_n -A PSW_DNS $(comment "$remarks") -p tcp ${_ipt_source} --dport 53 -j REDIRECT --to-ports ${dns_redirect} 2>/dev/null $ip6t_n -A PSW_DNS $(comment "$remarks") -p tcp ${_ipt_source} --dport 53 -j REDIRECT --to-ports ${dns_redirect} 2>/dev/null
[ -z "$(get_cache_var "ACL_${sid}_tcp_default")" ] && echolog " - ${msg}使用与全局配置不相同节点已将DNS强制重定向到专用 DNS 服务器。"
fi fi
[ -n "$tcp_port" -o -n "$udp_port" ] && { [ -n "$tcp_port" -o -n "$udp_port" ] && {

1
luci-app-passwall/root/usr/share/passwall/nftables.sh
View File

@ -379,7 +379,6 @@ load_acl() {
nft "add rule $NFTABLE_NAME PSW_DNS ip protocol tcp ${_ipt_source} tcp dport 53 counter redirect to :${dns_redirect} comment \"$remarks\"" nft "add rule $NFTABLE_NAME PSW_DNS ip protocol tcp ${_ipt_source} tcp dport 53 counter redirect to :${dns_redirect} comment \"$remarks\""
nft "add rule $NFTABLE_NAME PSW_DNS meta l4proto udp ${_ipt_source} udp dport 53 counter redirect to :${dns_redirect} comment \"$remarks\"" nft "add rule $NFTABLE_NAME PSW_DNS meta l4proto udp ${_ipt_source} udp dport 53 counter redirect to :${dns_redirect} comment \"$remarks\""
nft "add rule $NFTABLE_NAME PSW_DNS meta l4proto tcp ${_ipt_source} tcp dport 53 counter redirect to :${dns_redirect} comment \"$remarks\"" nft "add rule $NFTABLE_NAME PSW_DNS meta l4proto tcp ${_ipt_source} tcp dport 53 counter redirect to :${dns_redirect} comment \"$remarks\""
[ -z "$(get_cache_var "ACL_${sid}_tcp_default")" ] && echolog " - ${msg}使用与全局配置不相同节点已将DNS强制重定向到专用 DNS 服务器。"
fi fi
[ -n "$tcp_port" -o -n "$udp_port" ] && { [ -n "$tcp_port" -o -n "$udp_port" ] && {

155
patch-luci-app-passwall.patch
View File

@ -33,7 +33,7 @@ index 6851861..669a612 100644
if code ~= 0 then if code ~= 0 then
local use_time = luci.sys.exec("echo -n '" .. result .. "' | awk -F ':' '{print $2}'") local use_time = luci.sys.exec("echo -n '" .. result .. "' | awk -F ':' '{print $2}'")
diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
index 958ff0a..23b8a29 100644 index 958ff0a..89543b9 100644
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
@@ -474,6 +474,12 @@ o:value("9.9.9.9", "9.9.9.9 (Quad9)") @@ -474,6 +474,12 @@ o:value("9.9.9.9", "9.9.9.9 (Quad9)")
@ -49,6 +49,35 @@ index 958ff0a..23b8a29 100644
o:depends({dns_mode = "dns2socks"}) o:depends({dns_mode = "dns2socks"})
o:depends({dns_mode = "tcp"}) o:depends({dns_mode = "tcp"})
o:depends({dns_mode = "udp"}) o:depends({dns_mode = "udp"})
@@ -565,7 +571,7 @@ if api.is_finded("smartdns") then
end
o = s:taboption("DNS", Flag, "dns_redirect", translate("DNS Redirect"), translate("Force special DNS server to need proxy devices."))
-o.default = "1"
+o.default = "0"
o.rmempty = false
if (uci:get(appname, "@global_forwarding[0]", "use_nft") or "0") == "1" then
diff --git a/luci-app-passwall/luasrc/passwall/api.lua b/luci-app-passwall/luasrc/passwall/api.lua
index 8c4e6ef..81089eb 100644
--- a/luci-app-passwall/luasrc/passwall/api.lua
+++ b/luci-app-passwall/luasrc/passwall/api.lua
@@ -219,14 +219,7 @@ end
function is_install(package)
if package and #package > 0 then
- local file_path = "/usr/lib/opkg/info"
- local file_ext = ".control"
- local has = sys.call("[ -d " .. file_path .. " ]")
- if has == 0 then
- file_path = "/lib/apk/packages"
- file_ext = ".list"
- end
- return sys.call(string.format('[ -s "%s/%s%s" ]', file_path, package, file_ext)) == 0
+ return sys.call(string.format('opkg list-installed | grep "%s" > /dev/null 2>&1', package)) == 0
end
return false
end
diff --git a/luci-app-passwall/luasrc/view/passwall/global/status.htm b/luci-app-passwall/luasrc/view/passwall/global/status.htm diff --git a/luci-app-passwall/luasrc/view/passwall/global/status.htm b/luci-app-passwall/luasrc/view/passwall/global/status.htm
index e8d76ec..a872950 100644 index e8d76ec..a872950 100644
--- a/luci-app-passwall/luasrc/view/passwall/global/status.htm --- a/luci-app-passwall/luasrc/view/passwall/global/status.htm
@ -145,6 +174,130 @@ index 551c824..2a6a814 100644
config global_forwarding config global_forwarding
option tcp_no_redir_ports 'disable' option tcp_no_redir_ports 'disable'
diff --git a/luci-app-passwall/root/usr/share/passwall/app.sh b/luci-app-passwall/root/usr/share/passwall/app.sh
index 57f52f0..14aa4e4 100755
--- a/luci-app-passwall/root/usr/share/passwall/app.sh
+++ b/luci-app-passwall/root/usr/share/passwall/app.sh
@@ -1589,9 +1589,7 @@ start_dns() {
[ "$(expr $dnsmasq_version \>= 2.87)" == 0 ] && echolog "Dnsmasq版本低于2.87,有可能无法正常使用!!!"
}
- local DNSMASQ_TUN_DNS=$(get_first_dns TUN_DNS 53 | sed 's/:/#/g')
local RUN_NEW_DNSMASQ=1
- RUN_NEW_DNSMASQ=${DNS_REDIRECT}
if [ "${RUN_NEW_DNSMASQ}" == "0" ]; then
#The old logic will be removed in the future.
#Run a copy dnsmasq instance, DNS hijack that don't need a proxy devices.
@@ -1607,7 +1605,7 @@ start_dns() {
#Modify the default dnsmasq service
lua $APP_PATH/helper_dnsmasq.lua stretch
lua $APP_PATH/helper_dnsmasq.lua add_rule -FLAG "default" -TMP_DNSMASQ_PATH ${GLOBAL_DNSMASQ_CONF_PATH} -DNSMASQ_CONF_FILE ${GLOBAL_DNSMASQ_CONF} \
- -DEFAULT_DNS ${DEFAULT_DNS} -LOCAL_DNS ${LOCAL_DNS} -TUN_DNS ${DNSMASQ_TUN_DNS} \
+ -DEFAULT_DNS ${DEFAULT_DNS} -LOCAL_DNS ${LOCAL_DNS} -TUN_DNS ${TUN_DNS} \
-REMOTE_FAKEDNS ${fakedns:-0} -USE_DEFAULT_DNS "${USE_DEFAULT_DNS:-direct}" -CHINADNS_DNS ${china_ng_listen:-0} \
-USE_DIRECT_LIST "${USE_DIRECT_LIST}" -USE_PROXY_LIST "${USE_PROXY_LIST}" -USE_BLOCK_LIST "${USE_BLOCK_LIST}" -USE_GFW_LIST "${USE_GFW_LIST}" -CHN_LIST "${CHN_LIST}" \
-TCP_NODE ${TCP_NODE} -DEFAULT_PROXY_MODE ${TCP_PROXY_MODE} -NO_PROXY_IPV6 ${DNSMASQ_FILTER_PROXY_IPV6:-0} -NFTFLAG ${nftflag:-0} \
@@ -1619,7 +1617,7 @@ start_dns() {
GLOBAL_DNSMASQ_CONF=${GLOBAL_ACL_PATH}/dnsmasq.conf
GLOBAL_DNSMASQ_CONF_PATH=${GLOBAL_ACL_PATH}/dnsmasq.d
lua $APP_PATH/helper_dnsmasq.lua add_rule -FLAG "default" -TMP_DNSMASQ_PATH ${GLOBAL_DNSMASQ_CONF_PATH} -DNSMASQ_CONF_FILE ${GLOBAL_DNSMASQ_CONF} \
- -LISTEN_PORT ${GLOBAL_DNSMASQ_PORT} -DEFAULT_DNS ${DEFAULT_DNS} -LOCAL_DNS ${LOCAL_DNS} -TUN_DNS ${DNSMASQ_TUN_DNS} \
+ -LISTEN_PORT ${GLOBAL_DNSMASQ_PORT} -DEFAULT_DNS ${DEFAULT_DNS} -LOCAL_DNS ${LOCAL_DNS} -TUN_DNS ${TUN_DNS} \
-REMOTE_FAKEDNS ${fakedns:-0} -USE_DEFAULT_DNS "${USE_DEFAULT_DNS:-direct}" -CHINADNS_DNS ${china_ng_listen:-0} \
-USE_DIRECT_LIST "${USE_DIRECT_LIST}" -USE_PROXY_LIST "${USE_PROXY_LIST}" -USE_BLOCK_LIST "${USE_BLOCK_LIST}" -USE_GFW_LIST "${USE_GFW_LIST}" -CHN_LIST "${CHN_LIST}" \
-TCP_NODE ${TCP_NODE} -DEFAULT_PROXY_MODE ${TCP_PROXY_MODE} -NO_PROXY_IPV6 ${DNSMASQ_FILTER_PROXY_IPV6:-0} -NFTFLAG ${nftflag:-0} \
@@ -1686,7 +1684,8 @@ acl_app() {
socks_port=11100
redir_port=11200
dns_port=11300
- dnsmasq_port=${GLOBAL_DNSMASQ_PORT:-11400}
+ dnsmasq_port=11400
+ [ -n "${GLOBAL_DNSMASQ_PORT}" ] && dnsmasq_port=$(get_new_port $GLOBAL_DNSMASQ_PORT)
chinadns_port=11500
for item in $items; do
sid=$(uci -q show "${CONFIG}.${item}" | grep "=acl_rule" | awk -F '=' '{print $1}' | awk -F '.' '{print $2}')
@@ -1750,6 +1749,7 @@ acl_app() {
[ -n "$tcp_node" ] && {
local GLOBAL_TCP_NODE=$(get_cache_var "ACL_GLOBAL_TCP_node")
+ echolog "${GLOBAL_TCP_NODE}"
[ -n "${GLOBAL_TCP_NODE}" ] && GLOBAL_TCP_redir_port=$(get_cache_var "ACL_GLOBAL_TCP_redir_port")
if [ "$tcp_node" = "default" ]; then
if [ -n "${GLOBAL_TCP_NODE}" ]; then
@@ -2001,10 +2001,8 @@ start() {
if [ "$ENABLED_DEFAULT_ACL" == 1 ] || [ "$ENABLED_ACLS" == 1 ]; then
[ "$(uci -q get dhcp.@dnsmasq[0].dns_redirect)" == "1" ] && {
- uci -q set ${CONFIG}.@global[0].dnsmasq_dns_redirect='1'
- uci -q commit ${CONFIG}
- uci -q set dhcp.@dnsmasq[0].dns_redirect='0'
- uci -q commit dhcp
+ uci -q set dhcp.@dnsmasq[0].dns_redirect='0' 2>/dev/null
+ uci commit dhcp 2>/dev/null
/etc/init.d/dnsmasq restart >/dev/null 2>&1
}
fi
@@ -2047,23 +2045,11 @@ stop() {
source $APP_PATH/helper_smartdns.sh del
rm -rf $GLOBAL_DNSMASQ_CONF
rm -rf $GLOBAL_DNSMASQ_CONF_PATH
- [ "1" = "1" ] && {
- #restore logic
- bak_dnsmasq_dns_redirect=$(config_t_get global dnsmasq_dns_redirect)
- [ -n "${bak_dnsmasq_dns_redirect}" ] && {
- uci -q set dhcp.@dnsmasq[0].dns_redirect="${bak_dnsmasq_dns_redirect}"
- uci -q commit dhcp
- uci -q delete ${CONFIG}.@global[0].dnsmasq_dns_redirect
- uci -q commit ${CONFIG}
- }
- if [ -z "$(get_cache_var "ACL_default_dns_port")" ] || [ -n "${bak_dnsmasq_dns_redirect}" ]; then
- lua $APP_PATH/helper_dnsmasq.lua restart -LOG 0
- fi
- bak_bridge_nf_ipt=$(get_cache_var "bak_bridge_nf_ipt")
- [ -n "${bak_bridge_nf_ipt}" ] && sysctl -w net.bridge.bridge-nf-call-iptables=${bak_bridge_nf_ipt} >/dev/null 2>&1
- bak_bridge_nf_ip6t=$(get_cache_var "bak_bridge_nf_ip6t")
- [ -n "${bak_bridge_nf_ip6t}" ] && sysctl -w net.bridge.bridge-nf-call-ip6tables=${bak_bridge_nf_ip6t} >/dev/null 2>&1
- }
+ [ -z "$(get_cache_var "ACL_default_dns_port")" ] && lua $APP_PATH/helper_dnsmasq.lua restart -LOG 0
+ bak_bridge_nf_ipt=$(get_cache_var "bak_bridge_nf_ipt")
+ [ -n "${bak_bridge_nf_ipt}" ] && sysctl -w net.bridge.bridge-nf-call-iptables=${bak_bridge_nf_ipt} >/dev/null 2>&1
+ bak_bridge_nf_ip6t=$(get_cache_var "bak_bridge_nf_ip6t")
+ [ -n "${bak_bridge_nf_ip6t}" ] && sysctl -w net.bridge.bridge-nf-call-ip6tables=${bak_bridge_nf_ip6t} >/dev/null 2>&1
rm -rf $TMP_PATH
rm -rf /tmp/lock/${CONFIG}_socks_auto_switch*
echolog "清空并关闭相关程序和缓存完成。"
@@ -2122,7 +2108,6 @@ DNS_CACHE=0
REMOTE_DNS=$(config_t_get global remote_dns 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')
USE_DEFAULT_DNS=$(config_t_get global use_default_dns direct)
FILTER_PROXY_IPV6=$(config_t_get global filter_proxy_ipv6 0)
-DNS_REDIRECT=$(config_t_get global dns_redirect 1)
dns_listen_port=${DNS_PORT}
REDIRECT_LIST="socks ss ss-rust ssr sing-box xray trojan-plus naiveproxy hysteria2"
diff --git a/luci-app-passwall/root/usr/share/passwall/iptables.sh b/luci-app-passwall/root/usr/share/passwall/iptables.sh
index a1e44f2..c5d23ba 100755
--- a/luci-app-passwall/root/usr/share/passwall/iptables.sh
+++ b/luci-app-passwall/root/usr/share/passwall/iptables.sh
@@ -329,7 +329,6 @@ load_acl() {
$ip6t_n -A PSW_DNS $(comment "$remarks") -p udp ${_ipt_source} --dport 53 -j REDIRECT --to-ports ${dns_redirect} 2>/dev/null
$ipt_n -A PSW_DNS $(comment "$remarks") -p tcp ${_ipt_source} --dport 53 -j REDIRECT --to-ports ${dns_redirect}
$ip6t_n -A PSW_DNS $(comment "$remarks") -p tcp ${_ipt_source} --dport 53 -j REDIRECT --to-ports ${dns_redirect} 2>/dev/null
- [ -z "$(get_cache_var "ACL_${sid}_tcp_default")" ] && echolog " - ${msg}使用与全局配置不相同节点已将DNS强制重定向到专用 DNS 服务器。"
fi
[ -n "$tcp_port" -o -n "$udp_port" ] && {
diff --git a/luci-app-passwall/root/usr/share/passwall/nftables.sh b/luci-app-passwall/root/usr/share/passwall/nftables.sh
index 3bd9dd0..4cf6f6e 100755
--- a/luci-app-passwall/root/usr/share/passwall/nftables.sh
+++ b/luci-app-passwall/root/usr/share/passwall/nftables.sh
@@ -379,7 +379,6 @@ load_acl() {
nft "add rule $NFTABLE_NAME PSW_DNS ip protocol tcp ${_ipt_source} tcp dport 53 counter redirect to :${dns_redirect} comment \"$remarks\""
nft "add rule $NFTABLE_NAME PSW_DNS meta l4proto udp ${_ipt_source} udp dport 53 counter redirect to :${dns_redirect} comment \"$remarks\""
nft "add rule $NFTABLE_NAME PSW_DNS meta l4proto tcp ${_ipt_source} tcp dport 53 counter redirect to :${dns_redirect} comment \"$remarks\""
- [ -z "$(get_cache_var "ACL_${sid}_tcp_default")" ] && echolog " - ${msg}使用与全局配置不相同节点已将DNS强制重定向到专用 DNS 服务器。"
fi
[ -n "$tcp_port" -o -n "$udp_port" ] && {
diff --git a/luci-app-passwall/root/usr/share/passwall/rules/direct_host b/luci-app-passwall/root/usr/share/passwall/rules/direct_host diff --git a/luci-app-passwall/root/usr/share/passwall/rules/direct_host b/luci-app-passwall/root/usr/share/passwall/rules/direct_host
index a3b1464..90bcf58 100644 index a3b1464..90bcf58 100644
--- a/luci-app-passwall/root/usr/share/passwall/rules/direct_host --- a/luci-app-passwall/root/usr/share/passwall/rules/direct_host