From 275a0eb2e62e8aa229401dc936814f021180a938 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 3 Dec 2019 22:52:34 +0100 Subject: [PATCH] Disable iptables DNS not needed lookups --- luci-app-omr-bypass/root/etc/init.d/omr-bypass | 8 ++++---- omr-tracker/files/bin/omr-tracker-ss | 4 ++-- shadowsocks-libev/files/shadowsocks-libev.init | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/luci-app-omr-bypass/root/etc/init.d/omr-bypass b/luci-app-omr-bypass/root/etc/init.d/omr-bypass index dda092725..46a58c8a8 100755 --- a/luci-app-omr-bypass/root/etc/init.d/omr-bypass +++ b/luci-app-omr-bypass/root/etc/init.d/omr-bypass @@ -279,14 +279,14 @@ _intf_rule() { ip -6 rule add prio 1 fwmark 0x6539$count lookup 6$count > /dev/null 2>&1 fi } - if [ "$(iptables -w 40 -t mangle -L | grep omr_dst_bypass_$intf)" = "" ]; then + if [ "$(iptables -w 40 -t mangle -L -n | grep omr_dst_bypass_$intf)" = "" ]; then iptables-restore --wait=60 --noflush <<-EOF *mangle -I omr-bypass 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count COMMIT EOF fi - if [ "$(iptables -w 40 -t nat -L | grep ss_rules_pre_src)" != "" ] && [ "$(iptables -w 40 -t nat -L | grep omr_dst_bypass_$intf)" = "" ]; then + if [ "$(iptables -w 40 -t nat -L -n | grep ss_rules_pre_src)" != "" ] && [ "$(iptables -w 40 -t nat -L -n | grep omr_dst_bypass_$intf)" = "" ]; then iptables-restore --wait=60 --noflush <<-EOF *nat -I ss_rules_dst 1 -m set --match-set omr_dst_bypass_$intf dst -j RETURN @@ -423,14 +423,14 @@ start_service() { ip rule add prio 1 fwmark 0x539 lookup 991337 > /dev/null 2>&1 ip -6 rule add prio 1 fwmark 0x6539 lookup 6991337 > /dev/null 2>&1 - if [ "$(iptables -w 40 -t mangle -L | grep 'match-set omr_dst_bypass_all dst MARK set')" = "" ]; then + if [ "$(iptables -w 40 -t mangle -L -n | grep 'match-set omr_dst_bypass_all dst MARK set')" = "" ]; then iptables-restore --wait=60 --noflush <<-EOF *mangle -A omr-bypass -m set --match-set omr_dst_bypass_all dst -j MARK --set-mark 0x539 COMMIT EOF fi - if [ "$(iptables -w 40 -t nat -L | grep ss_rules_pre_src)" != "" ] && [ "$(iptables -w 40 -t nat -L | grep omr_dst_bypass_all)" = "" ]; then + if [ "$(iptables -w 40 -t nat -L -n | grep ss_rules_pre_src)" != "" ] && [ "$(iptables -w 40 -t nat -L -n | grep omr_dst_bypass_all)" = "" ]; then iptables-restore --wait=60 --noflush <<-EOF *nat -I ss_rules_dst 1 -m set --match-set omr_dst_bypass_all dst -j RETURN diff --git a/omr-tracker/files/bin/omr-tracker-ss b/omr-tracker/files/bin/omr-tracker-ss index 20dcaeb18..8d5191a04 100755 --- a/omr-tracker/files/bin/omr-tracker-ss +++ b/omr-tracker/files/bin/omr-tracker-ss @@ -63,7 +63,7 @@ while true; do uci -q set openmptcprouter.omr.shadowsocks="up" uci -q commit openmptcprouter.omr } - if [ -z "$(iptables -t nat -L | grep ss_rules_forward)" ] && [ "$(uci -q get shadowsocks-libev.ss_rules.disabled)" != "1" ]; then + if [ -z "$(iptables -t nat -L -n | grep ss_rules_forward)" ] && [ "$(uci -q get shadowsocks-libev.ss_rules.disabled)" != "1" ]; then _log "Reload Shadowsocks rules" /etc/init.d/shadowsocks-libev rules_up 2> /dev/null _get_ip @@ -74,7 +74,7 @@ while true; do last=$((last + 1 )) [ -z "$nocontact" ] && nocontact="$host" || nocontact="$nocontact, $host" [ "${last}" -ge "${retry}" ] && { - if [ -n "$(iptables -t nat -L | grep ss_rules_forward)" ]; then + if [ -n "$(iptables -t nat -L -n | grep ss_rules_forward)" ]; then _log "Shadowsocks is down (can't contact ${nocontact})" uci -q set openmptcprouter.omr.shadowsocks="down" uci -q commit openmptcprouter.omr diff --git a/shadowsocks-libev/files/shadowsocks-libev.init b/shadowsocks-libev/files/shadowsocks-libev.init index a2f5e7ca7..4dc38695c 100644 --- a/shadowsocks-libev/files/shadowsocks-libev.init +++ b/shadowsocks-libev/files/shadowsocks-libev.init @@ -249,7 +249,7 @@ stop_service() { } rules_exist() { - [ -n "$(iptables -t nat -L | grep ss_rules_forward)" ] && return 0 + [ -n "$(iptables -t nat -L -n | grep ss_rules_forward)" ] && return 0 return 1 }