From f6e67974813179e0e39c6241c7a412c2c961ed7d Mon Sep 17 00:00:00 2001 From: xiaorouji <60100640+xiaorouji@users.noreply.github.com> Date: Tue, 28 Feb 2023 14:34:45 +0800 Subject: [PATCH] luci: update filter proxy ipv6 for ChinaDNS-NG --- luci-app-passwall/Makefile | 2 +- luci-app-passwall/root/usr/share/passwall/app.sh | 11 ++++++++--- luci-app-passwall/root/usr/share/passwall/iptables.sh | 1 + 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/luci-app-passwall/Makefile b/luci-app-passwall/Makefile index debfe6e5c..c1501da31 100644 --- a/luci-app-passwall/Makefile +++ b/luci-app-passwall/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luci-app-passwall PKG_VERSION:=4.59 -PKG_RELEASE:=3 +PKG_RELEASE:=4 PKG_CONFIG_DEPENDS:= \ CONFIG_PACKAGE_$(PKG_NAME)_Iptables_Transparent_Proxy \ diff --git a/luci-app-passwall/root/usr/share/passwall/app.sh b/luci-app-passwall/root/usr/share/passwall/app.sh index c70c93254..cebc48946 100755 --- a/luci-app-passwall/root/usr/share/passwall/app.sh +++ b/luci-app-passwall/root/usr/share/passwall/app.sh @@ -1044,6 +1044,7 @@ stop_crontab() { start_dns() { TUN_DNS="127.0.0.1#${dns_listen_port}" + DNSMASQ_FILTER_IPV6=$FILTER_PROXY_IPV6 echolog "过滤服务配置:准备接管域名解析..." local items=$(uci show ${CONFIG} | grep "=acl_rule" | cut -d '.' -sf 2 | cut -d '=' -sf 1) @@ -1150,7 +1151,11 @@ start_dns() { chnlist_param=${chnlist_param:+-m "${chnlist_param}" -M} local log_path="${TMP_PATH}/chinadns-ng.log" log_path="/dev/null" - ln_run "$(first_type chinadns-ng)" chinadns-ng "$log_path" -v -b 0.0.0.0 -l "${china_ng_listen_port}" ${china_ng_chn:+-c "${china_ng_chn}"} ${chnlist_param} ${china_ng_gfw:+-t "${china_ng_gfw}"} ${gfwlist_param:+-g "${gfwlist_param}"} -f + [ "$FILTER_PROXY_IPV6" = "1" ] && { + noipv6="-N=gt" + DNSMASQ_FILTER_IPV6=0 + } + ln_run "$(first_type chinadns-ng)" chinadns-ng "$log_path" -v -b 0.0.0.0 -l "${china_ng_listen_port}" ${china_ng_chn:+-c "${china_ng_chn}"} ${chnlist_param} ${china_ng_gfw:+-t "${china_ng_gfw}"} ${gfwlist_param:+-g "${gfwlist_param}"} -f ${noipv6} echolog " + 过滤服务:ChinaDNS-NG(:${china_ng_listen_port}):国内DNS:${china_ng_chn},可信DNS:${china_ng_gfw}" } @@ -1159,7 +1164,7 @@ start_dns() { lua $APP_PATH/helper_dnsmasq_add.lua -FLAG "default" -TMP_DNSMASQ_PATH ${TMP_DNSMASQ_PATH} \ -DNSMASQ_CONF_FILE "/tmp/dnsmasq.d/dnsmasq-passwall.conf" -DEFAULT_DNS ${DEFAULT_DNS} -LOCAL_DNS ${LOCAL_DNS} \ -TUN_DNS ${TUN_DNS} -REMOTE_FAKEDNS ${fakedns:-0} -CHINADNS_DNS ${china_ng_listen:-0} \ - -TCP_NODE ${TCP_NODE} -PROXY_MODE "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${ACL_TCP_PROXY_MODE}" -NO_PROXY_IPV6 ${filter_proxy_ipv6:-0} -NFTFLAG ${nftflag:-0} \ + -TCP_NODE ${TCP_NODE} -PROXY_MODE "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${ACL_TCP_PROXY_MODE}" -NO_PROXY_IPV6 ${DNSMASQ_FILTER_IPV6:-0} -NFTFLAG ${nftflag:-0} \ -NO_LOGIC_LOG ${NO_LOGIC_LOG:-0} } } @@ -1410,7 +1415,7 @@ DNS_MODE=$(config_t_get global dns_mode dns2tcp) DNS_CACHE=$(config_t_get global dns_cache 0) REMOTE_DNS=$(config_t_get global remote_dns 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g') CHINADNS_NG=$(config_t_get global chinadns_ng 0) -filter_proxy_ipv6=$(config_t_get global filter_proxy_ipv6 0) +FILTER_PROXY_IPV6=$(config_t_get global filter_proxy_ipv6 0) dns_listen_port=${DNS_PORT} DEFAULT_DNS=$(uci show dhcp | grep "@dnsmasq" | grep "\.server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' '\n' | grep -v "\/" | head -2 | sed ':label;N;s/\n/,/;b label') diff --git a/luci-app-passwall/root/usr/share/passwall/iptables.sh b/luci-app-passwall/root/usr/share/passwall/iptables.sh index 898694070..bb061210e 100755 --- a/luci-app-passwall/root/usr/share/passwall/iptables.sh +++ b/luci-app-passwall/root/usr/share/passwall/iptables.sh @@ -307,6 +307,7 @@ load_acl() { udp_node=${udp_node:-default} dns_mode=${dns_mode:-dns2socks} remote_dns=${remote_dns:-1.1.1.1} + filter_proxy_ipv6=${FILTER_PROXY_IPV6} [ "$dns_mode" = "v2ray" -o "$dns_mode" = "xray" ] && { [ "$v2ray_dns_mode" = "doh" ] && remote_dns=${remote_dns_doh:-https://1.1.1.1/dns-query} }