From daa1b335cba2e38b16af6de9d8834f38cbf3b81b Mon Sep 17 00:00:00 2001 From: actions Date: Mon, 4 Mar 2024 21:00:10 +0800 Subject: [PATCH] luci-app-passwall2: sync upstream --- luci-app-passwall2/Makefile | 2 +- .../root/usr/share/passwall2/iptables.sh | 16 ++++++++++++---- .../root/usr/share/passwall2/nftables.sh | 16 ++++++++++++---- 3 files changed, 25 insertions(+), 9 deletions(-) diff --git a/luci-app-passwall2/Makefile b/luci-app-passwall2/Makefile index 40b6b169d..8bdfe1e68 100644 --- a/luci-app-passwall2/Makefile +++ b/luci-app-passwall2/Makefile @@ -5,7 +5,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luci-app-passwall2 -PKG_VERSION:=1.27-1 +PKG_VERSION:=1.27-2 PKG_RELEASE:= PKG_CONFIG_DEPENDS:= \ diff --git a/luci-app-passwall2/root/usr/share/passwall2/iptables.sh b/luci-app-passwall2/root/usr/share/passwall2/iptables.sh index 855d073e2..d118c120a 100755 --- a/luci-app-passwall2/root/usr/share/passwall2/iptables.sh +++ b/luci-app-passwall2/root/usr/share/passwall2/iptables.sh @@ -576,16 +576,16 @@ add_firewall_rule() { [ -n "$ISP_DNS" ] && { #echolog "处理 ISP DNS 例外..." for ispip in $ISP_DNS; do - ipset -! add $IPSET_LANLIST $ispip >/dev/null 2>&1 & - #echolog " - 追加到白名单:${ispip}" + ipset -! add $IPSET_LANLIST $ispip + echolog " - [$?]追加ISP IPv4 DNS到白名单:${ispip}" done } [ -n "$ISP_DNS6" ] && { #echolog "处理 ISP IPv6 DNS 例外..." for ispip6 in $ISP_DNS6; do - ipset -! add $IPSET_LANLIST6 $ispip6 >/dev/null 2>&1 & - #echolog " - 追加到白名单:${ispip6}" + ipset -! add $IPSET_LANLIST6 $ispip6 + echolog " - [$?]追加ISP IPv6 DNS到白名单:${ispip6}" done } @@ -651,6 +651,14 @@ add_firewall_rule() { $ipt_m -N PSW2_OUTPUT $ipt_m -A PSW2_OUTPUT $(dst $IPSET_LANLIST) -j RETURN $ipt_m -A PSW2_OUTPUT $(dst $IPSET_VPSLIST) -j RETURN + [ -n "$AUTO_DNS" ] && { + for auto_dns in $(echo $AUTO_DNS | tr ',' ' '); do + local dns_address=$(echo $auto_dns | awk -F '#' '{print $1}') + local dns_port=$(echo $auto_dns | awk -F '#' '{print $2}') + $ipt_m -A PSW2_OUTPUT -p udp -d ${dns_address} --dport ${dns_port:-53} -j RETURN + echolog " - [$?]追加直连DNS到iptables:${dns_address}:${dns_port:-53}" + done + } $ipt_m -A PSW2_OUTPUT $(dst $ipset_global_whitelist) ! -d $FAKE_IP -j RETURN $ipt_m -A PSW2_OUTPUT -m mark --mark 0xff -j RETURN diff --git a/luci-app-passwall2/root/usr/share/passwall2/nftables.sh b/luci-app-passwall2/root/usr/share/passwall2/nftables.sh index 3545a0cc1..81129faef 100755 --- a/luci-app-passwall2/root/usr/share/passwall2/nftables.sh +++ b/luci-app-passwall2/root/usr/share/passwall2/nftables.sh @@ -595,16 +595,16 @@ add_firewall_rule() { [ -n "$ISP_DNS" ] && { #echolog "处理 ISP DNS 例外..." for ispip in $ISP_DNS; do - insert_nftset $NFTSET_LANLIST "-1" $ispip >/dev/null 2>&1 & - #echolog " - 追加到白名单:${ispip}" + insert_nftset $NFTSET_LANLIST "-1" $ispip + echolog " - [$?]追加ISP IPv4 DNS到白名单:${ispip}" done } [ -n "$ISP_DNS6" ] && { #echolog "处理 ISP IPv6 DNS 例外..." for ispip6 in $ISP_DNS6; do - insert_nftset $NFTSET_LANLIST6 "-1" $ispip6 >/dev/null 2>&1 & - #echolog " - 追加到白名单:${ispip6}" + insert_nftset $NFTSET_LANLIST6 "-1" $ispip6 + echolog " - [$?]追加ISP IPv6 DNS到白名单:${ispip6}" done } @@ -662,6 +662,14 @@ add_firewall_rule() { nft "flush chain inet fw4 PSW2_OUTPUT_MANGLE" nft "add rule inet fw4 PSW2_OUTPUT_MANGLE ip daddr @$NFTSET_LANLIST counter return" nft "add rule inet fw4 PSW2_OUTPUT_MANGLE ip daddr @$NFTSET_VPSLIST counter return" + [ -n "$AUTO_DNS" ] && { + for auto_dns in $(echo $AUTO_DNS | tr ',' ' '); do + local dns_address=$(echo $auto_dns | awk -F '#' '{print $1}') + local dns_port=$(echo $auto_dns | awk -F '#' '{print $2}') + nft "add rule inet fw4 PSW2_OUTPUT_MANGLE ip protocol udp ip daddr ${dns_address} $(factor ${dns_port:-53} "udp dport") counter return" + echolog " - [$?]追加直连DNS到nftables:${dns_address}:${dns_port:-53}" + done + } nft "add rule inet fw4 PSW2_OUTPUT_MANGLE ip daddr @$nftset_global_whitelist counter return" nft "add rule inet fw4 PSW2_OUTPUT_MANGLE meta mark 0xff counter return"