mirror of
https://github.com/Ysurac/openmptcprouter-feeds.git
synced 2025-03-09 15:40:03 +00:00
Fix shadowsocks rules
This commit is contained in:
Ycarus
parent
e83274c97a
commit
1a6ce527be
4 changed files with 29 additions and 11 deletions
|
|
@ -104,6 +104,12 @@ uci batch <<-EOF
|
||||||
delete $$s
|
delete $$s
|
||||||
commit firewall
|
commit firewall
|
||||||
EOF
|
EOF
|
||||||
|
s=firewall.ss_rules6
|
||||||
|
uci get "$$s" >/dev/null || exit 0
|
||||||
|
uci batch <<-EOF
|
||||||
|
delete $$s
|
||||||
|
commit firewall
|
||||||
|
EOF
|
||||||
endef
|
endef
|
||||||
|
|
||||||
define Build/Prepare
|
define Build/Prepare
|
||||||
|
|
|
||||||
|
|
@ -136,10 +136,10 @@ ss_rules_ipset_init() {
|
||||||
create ss_rules_dst_forward hash:net hashsize 64
|
create ss_rules_dst_forward hash:net hashsize 64
|
||||||
create ss_rules_dst_forward_recentrst_ hash:ip hashsize 64 timeout 3600
|
create ss_rules_dst_forward_recentrst_ hash:ip hashsize 64 timeout 3600
|
||||||
$(ss_rules_ipset_mkadd ss_rules_dst_bypass_ "$o_dst_bypass_ $o_remote_servers")
|
$(ss_rules_ipset_mkadd ss_rules_dst_bypass_ "$o_dst_bypass_ $o_remote_servers")
|
||||||
|
$(ss_rules_ipset_mkadd ss_rules_dst_bypass "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')")
|
||||||
$(ss_rules_ipset_mkadd ss_rules_src_bypass "$o_src_bypass")
|
$(ss_rules_ipset_mkadd ss_rules_src_bypass "$o_src_bypass")
|
||||||
$(ss_rules_ipset_mkadd ss_rules_src_forward "$o_src_forward")
|
$(ss_rules_ipset_mkadd ss_rules_src_forward "$o_src_forward")
|
||||||
$(ss_rules_ipset_mkadd ss_rules_src_checkdst "$o_src_checkdst")
|
$(ss_rules_ipset_mkadd ss_rules_src_checkdst "$o_src_checkdst")
|
||||||
$(ss_rules_ipset_mkadd ss_rules_dst_bypass "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')")
|
|
||||||
$(ss_rules_ipset_mkadd ss_rules_dst_forward "$o_dst_forward $(cat "$o_dst_forward_file" 2>/dev/null | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')")
|
$(ss_rules_ipset_mkadd ss_rules_dst_forward "$o_dst_forward $(cat "$o_dst_forward_file" 2>/dev/null | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')")
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
|
@ -176,6 +176,7 @@ ss_rules_iptchains_init_tcp() {
|
||||||
:ss_rules_local_out -
|
:ss_rules_local_out -
|
||||||
-I OUTPUT 1 -p tcp -j ss_rules_local_out
|
-I OUTPUT 1 -p tcp -j ss_rules_local_out
|
||||||
-A ss_rules_local_out -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
|
-A ss_rules_local_out -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
|
||||||
|
-A ss_rules_local_out -m set --match-set ss_rules_dst_bypass dst -j RETURN
|
||||||
-A ss_rules_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
|
-A ss_rules_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
|
||||||
COMMIT
|
COMMIT
|
||||||
EOF
|
EOF
|
||||||
|
|
@ -231,12 +232,12 @@ ss_rules_iptchains_init_() {
|
||||||
:ss_rules_forward -
|
:ss_rules_forward -
|
||||||
$(ss_rules_iptchains_mkprerules "$proto")
|
$(ss_rules_iptchains_mkprerules "$proto")
|
||||||
-A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
|
-A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
|
||||||
|
-A ss_rules_dst -m set --match-set ss_rules_dst_bypass dst -j RETURN
|
||||||
-A ss_rules_pre_src -p $proto $o_ipt_extra -j ss_rules_src
|
-A ss_rules_pre_src -p $proto $o_ipt_extra -j ss_rules_src
|
||||||
-A ss_rules_src -m set --match-set ss_rules_src_bypass src -j RETURN
|
-A ss_rules_src -m set --match-set ss_rules_src_bypass src -j RETURN
|
||||||
-A ss_rules_src -m set --match-set ss_rules_src_forward src -j ss_rules_forward
|
-A ss_rules_src -m set --match-set ss_rules_src_forward src -j ss_rules_forward
|
||||||
-A ss_rules_src -m set --match-set ss_rules_src_checkdst src -j ss_rules_dst
|
-A ss_rules_src -m set --match-set ss_rules_src_checkdst src -j ss_rules_dst
|
||||||
-A ss_rules_src -j $src_default_target -m comment --comment "src_default: $o_src_default"
|
-A ss_rules_src -j $src_default_target -m comment --comment "src_default: $o_src_default"
|
||||||
-A ss_rules_dst -m set --match-set ss_rules_dst_bypass dst -j RETURN
|
|
||||||
-A ss_rules_dst -m set --match-set ss_rules_dst_forward dst -j ss_rules_forward
|
-A ss_rules_dst -m set --match-set ss_rules_dst_forward dst -j ss_rules_forward
|
||||||
$recentrst_addset_rules
|
$recentrst_addset_rules
|
||||||
-A ss_rules_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default"
|
-A ss_rules_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default"
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,20 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
s=firewall.ss_rules
|
s=firewall.ss_rules
|
||||||
uci get "$s" >/dev/null && exit 0
|
uci get "$s" >/dev/null || {
|
||||||
uci batch <<-EOF
|
uci batch <<-EOF
|
||||||
set $s=include
|
set $s=include
|
||||||
set $s.path=/etc/firewall.ss-rules
|
set $s.path=/etc/firewall.ss-rules
|
||||||
set $s.reload=1
|
set $s.reload=1
|
||||||
commit firewall
|
commit firewall
|
||||||
EOF
|
EOF
|
||||||
|
}
|
||||||
|
s=firewall.ss_rules6
|
||||||
|
uci get "$s" >/dev/null || {
|
||||||
|
uci batch <<-EOF
|
||||||
|
set $s=include
|
||||||
|
set $s.path=/etc/firewall.ss-rules6
|
||||||
|
set $s.reload=1
|
||||||
|
commit firewall
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -119,10 +119,10 @@ ss_rules6_ipset_init() {
|
||||||
create ss_rules6_dst_forward hash:net family inet6 hashsize 64
|
create ss_rules6_dst_forward hash:net family inet6 hashsize 64
|
||||||
create ss_rules6_dst_forward_recrst_ hash:ip family inet6 hashsize 64 timeout 3600
|
create ss_rules6_dst_forward_recrst_ hash:ip family inet6 hashsize 64 timeout 3600
|
||||||
$(ss_rules6_ipset_mkadd ss_rules6_dst_bypass_ "$o_dst_bypass_ $o_remote_servers")
|
$(ss_rules6_ipset_mkadd ss_rules6_dst_bypass_ "$o_dst_bypass_ $o_remote_servers")
|
||||||
|
$(ss_rules6_ipset_mkadd ss_rules6_dst_bypass "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')")
|
||||||
$(ss_rules6_ipset_mkadd ss_rules6_src_bypass "$o_src_bypass")
|
$(ss_rules6_ipset_mkadd ss_rules6_src_bypass "$o_src_bypass")
|
||||||
$(ss_rules6_ipset_mkadd ss_rules6_src_forward "$o_src_forward")
|
$(ss_rules6_ipset_mkadd ss_rules6_src_forward "$o_src_forward")
|
||||||
$(ss_rules6_ipset_mkadd ss_rules6_src_checkdst "$o_src_checkdst")
|
$(ss_rules6_ipset_mkadd ss_rules6_src_checkdst "$o_src_checkdst")
|
||||||
$(ss_rules6_ipset_mkadd ss_rules6_dst_bypass "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')")
|
|
||||||
$(ss_rules6_ipset_mkadd ss_rules6_dst_forward "$o_dst_forward $(cat "$o_dst_forward_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')")
|
$(ss_rules6_ipset_mkadd ss_rules6_dst_forward "$o_dst_forward $(cat "$o_dst_forward_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')")
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
|
@ -159,6 +159,7 @@ ss_rules6_iptchains_init_tcp() {
|
||||||
:ss_rules6_local_out -
|
:ss_rules6_local_out -
|
||||||
-I OUTPUT 1 -p tcp -j ss_rules6_local_out
|
-I OUTPUT 1 -p tcp -j ss_rules6_local_out
|
||||||
-A ss_rules6_local_out -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN
|
-A ss_rules6_local_out -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN
|
||||||
|
-A ss_rules6_local_out -m set --match-set ss_rules6_dst_bypass dst -j RETURN
|
||||||
-A ss_rules6_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
|
-A ss_rules6_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
|
||||||
COMMIT
|
COMMIT
|
||||||
EOF
|
EOF
|
||||||
|
|
@ -215,12 +216,12 @@ ss_rules6_iptchains_init_() {
|
||||||
:ss_rules6_forward -
|
:ss_rules6_forward -
|
||||||
$(ss_rules6_iptchains_mkprerules "$proto")
|
$(ss_rules6_iptchains_mkprerules "$proto")
|
||||||
-A ss_rules6_pre_src -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN
|
-A ss_rules6_pre_src -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN
|
||||||
|
-A ss_rules6_dst -m set --match-set ss_rules6_dst_bypass dst -j RETURN
|
||||||
-A ss_rules6_pre_src -p $proto $o_ipt_extra -j ss_rules6_src
|
-A ss_rules6_pre_src -p $proto $o_ipt_extra -j ss_rules6_src
|
||||||
-A ss_rules6_src -m set --match-set ss_rules6_src_bypass src -j RETURN
|
-A ss_rules6_src -m set --match-set ss_rules6_src_bypass src -j RETURN
|
||||||
-A ss_rules6_src -m set --match-set ss_rules6_src_forward src -j ss_rules6_forward
|
-A ss_rules6_src -m set --match-set ss_rules6_src_forward src -j ss_rules6_forward
|
||||||
-A ss_rules6_src -m set --match-set ss_rules6_src_checkdst src -j ss_rules6_dst
|
-A ss_rules6_src -m set --match-set ss_rules6_src_checkdst src -j ss_rules6_dst
|
||||||
-A ss_rules6_src -j $src_default_target -m comment --comment "src_default: $o_src_default"
|
-A ss_rules6_src -j $src_default_target -m comment --comment "src_default: $o_src_default"
|
||||||
-A ss_rules6_dst -m set --match-set ss_rules6_dst_bypass dst -j RETURN
|
|
||||||
-A ss_rules6_dst -m set --match-set ss_rules6_dst_forward dst -j ss_rules6_forward
|
-A ss_rules6_dst -m set --match-set ss_rules6_dst_forward dst -j ss_rules6_forward
|
||||||
$recentrst_addset_rules
|
$recentrst_addset_rules
|
||||||
-A ss_rules6_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default"
|
-A ss_rules6_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default"
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue