zhao/openwrt_helloworld
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

luci-app-passwall: sync upstream

Browse Source 
last commit: f5ab6219bd
This commit is contained in:
gitea-action 2024-09-14 11:00:12 +08:00
parent 56a46a39b6
commit fa83e69fe1
1 changed files with 20 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
luci-app-passwall/root/usr/share/passwall/iptables.sh
View File

@ -717,20 +717,20 @@ add_firewall_rule() {
ipset -! create $IPSET_LANLIST nethash maxelem 1048576 ipset -! create $IPSET_LANLIST nethash maxelem 1048576
ipset -! create $IPSET_VPSLIST nethash maxelem 1048576 ipset -! create $IPSET_VPSLIST nethash maxelem 1048576
ipset -! create $IPSET_SHUNTLIST nethash maxelem 1048576 ipset -! create $IPSET_SHUNTLIST nethash maxelem 1048576
ipset -! create $IPSET_GFW nethash maxelem 1048576 ipset -! create $IPSET_GFW nethash maxelem 1048576 timeout 172800
ipset -! create $IPSET_CHN nethash maxelem 1048576 ipset -! create $IPSET_CHN nethash maxelem 1048576 timeout 172800
ipset -! create $IPSET_BLACKLIST nethash maxelem 1048576 ipset -! create $IPSET_BLACKLIST nethash maxelem 1048576 timeout 172800
ipset -! create $IPSET_WHITELIST nethash maxelem 1048576 ipset -! create $IPSET_WHITELIST nethash maxelem 1048576 timeout 172800
ipset -! create $IPSET_BLOCKLIST nethash maxelem 1048576 ipset -! create $IPSET_BLOCKLIST nethash maxelem 1048576 timeout 172800
ipset -! create $IPSET_LANLIST6 nethash family inet6 maxelem 1048576 ipset -! create $IPSET_LANLIST6 nethash family inet6 maxelem 1048576
ipset -! create $IPSET_VPSLIST6 nethash family inet6 maxelem 1048576 ipset -! create $IPSET_VPSLIST6 nethash family inet6 maxelem 1048576
ipset -! create $IPSET_SHUNTLIST6 nethash family inet6 maxelem 1048576 ipset -! create $IPSET_SHUNTLIST6 nethash family inet6 maxelem 1048576
ipset -! create $IPSET_GFW6 nethash family inet6 maxelem 1048576 ipset -! create $IPSET_GFW6 nethash family inet6 maxelem 1048576 timeout 172800
ipset -! create $IPSET_CHN6 nethash family inet6 maxelem 1048576 ipset -! create $IPSET_CHN6 nethash family inet6 maxelem 1048576 timeout 172800
ipset -! create $IPSET_BLACKLIST6 nethash family inet6 maxelem 1048576 ipset -! create $IPSET_BLACKLIST6 nethash family inet6 maxelem 1048576 timeout 172800
ipset -! create $IPSET_WHITELIST6 nethash family inet6 maxelem 1048576 ipset -! create $IPSET_WHITELIST6 nethash family inet6 maxelem 1048576 timeout 172800
ipset -! create $IPSET_BLOCKLIST6 nethash family inet6 maxelem 1048576 ipset -! create $IPSET_BLOCKLIST6 nethash family inet6 maxelem 1048576 timeout 172800
local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}') local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
@ -742,15 +742,15 @@ add_firewall_rule() {
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_SHUNTLIST6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_SHUNTLIST6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
done done
cat $RULES_PATH/chnroute | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R cat $RULES_PATH/chnroute | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/proxy_ip | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLACKLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R cat $RULES_PATH/proxy_ip | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLACKLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/direct_ip | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_WHITELIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R cat $RULES_PATH/direct_ip | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_WHITELIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/block_ip | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLOCKLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R cat $RULES_PATH/block_ip | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLOCKLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/chnroute6 | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R cat $RULES_PATH/chnroute6 | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/proxy_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R cat $RULES_PATH/proxy_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/direct_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_WHITELIST6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R cat $RULES_PATH/direct_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_WHITELIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/block_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLOCKLIST6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R cat $RULES_PATH/block_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLOCKLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
ipset -! -R <<-EOF ipset -! -R <<-EOF
$(gen_lanlist | sed -e "s/^/add $IPSET_LANLIST /") $(gen_lanlist | sed -e "s/^/add $IPSET_LANLIST /")
@ -781,7 +781,7 @@ add_firewall_rule() {
[ -n "$ISP_DNS" ] && { [ -n "$ISP_DNS" ] && {
#echolog "处理 ISP DNS 例外..." #echolog "处理 ISP DNS 例外..."
for ispip in $ISP_DNS; do for ispip in $ISP_DNS; do
ipset -! add $IPSET_WHITELIST $ispip ipset -! add $IPSET_WHITELIST $ispip timeout 0
echolog " - [$?]追加ISP IPv4 DNS到白名单${ispip}" echolog " - [$?]追加ISP IPv4 DNS到白名单${ispip}"
done done
} }
@ -789,7 +789,7 @@ add_firewall_rule() {
[ -n "$ISP_DNS6" ] && { [ -n "$ISP_DNS6" ] && {
#echolog "处理 ISP IPv6 DNS 例外..." #echolog "处理 ISP IPv6 DNS 例外..."
for ispip6 in $ISP_DNS6; do for ispip6 in $ISP_DNS6; do
ipset -! add $IPSET_WHITELIST6 $ispip6 ipset -! add $IPSET_WHITELIST6 $ispip6 timeout 0
echolog " - [$?]追加ISP IPv6 DNS到白名单${ispip6}" echolog " - [$?]追加ISP IPv6 DNS到白名单${ispip6}"
done done
} }