mirror of
https://github.com/Ysurac/openmptcprouter-feeds.git
synced 2025-03-09 15:40:03 +00:00
Rename ss_rules to ssr
This commit is contained in:
Ycarus (Yannick Chabanois)
parent
a03d73bfc7
commit
28db354146
3 changed files with 75 additions and 75 deletions
|
|
@ -290,7 +290,7 @@ stop_service() {
|
|||
}
|
||||
|
||||
rules_exist() {
|
||||
[ -n "$(iptables -t nat -L -n | grep ss_rules)" ] && return 0
|
||||
[ -n "$(iptables -t nat -L -n | grep ssr)" ] && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -122,7 +122,7 @@ ss_rules_parse_args() {
|
|||
ss_rules_flush() {
|
||||
local setname
|
||||
|
||||
iptables-save --counters | grep -v ss_rules_ | iptables-restore -w --counters
|
||||
iptables-save --counters | grep -v ssr_ | iptables-restore -w --counters
|
||||
while ip rule del fwmark 1 lookup 100 2>/dev/null; do true; done
|
||||
ip route flush table 100 || true
|
||||
for setname in $(ipset -n list | grep "ss_rules_"); do
|
||||
|
|
@ -181,20 +181,20 @@ ss_rules_iptchains_init_tcp() {
|
|||
ss_rules_iptchains_init_ nat tcp
|
||||
|
||||
case "$o_local_default" in
|
||||
checkdst) local_target=ss_rules_${rule}_dst ;;
|
||||
forward) local_target=ss_rules_${rule}_forward ;;
|
||||
checkdst) local_target=ssr_${rule}_dst ;;
|
||||
forward) local_target=ssr_${rule}_forward ;;
|
||||
bypass|*) return 0;;
|
||||
esac
|
||||
|
||||
iptables-restore -w --noflush <<-EOF
|
||||
*nat
|
||||
:ss_rules_${rule}_local_out -
|
||||
-I OUTPUT 1 -p tcp -j ss_rules_${rule}_local_out
|
||||
-A ss_rules_${rule}_local_out -m set --match-set ss_rules_dst_bypass dst -j RETURN
|
||||
-A ss_rules_${rule}_local_out -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
|
||||
-A ss_rules_${rule}_local_out -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
|
||||
-A ss_rules_${rule}_local_out -m mark --mark 0x539 -j RETURN
|
||||
-A ss_rules_${rule}_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
|
||||
:ssr_${rule}_local_out -
|
||||
-I OUTPUT 1 -p tcp -j ssr_${rule}_local_out
|
||||
-A ssr_${rule}_local_out -m set --match-set ss_rules_dst_bypass dst -j RETURN
|
||||
-A ssr_${rule}_local_out -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
|
||||
-A ssr_${rule}_local_out -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
|
||||
-A ssr_${rule}_local_out -m mark --mark 0x539 -j RETURN
|
||||
-A ssr_${rule}_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
|
||||
COMMIT
|
||||
EOF
|
||||
}
|
||||
|
|
@ -213,7 +213,7 @@ ss_rules_iptchains_init_() {
|
|||
|
||||
case "$proto" in
|
||||
tcp)
|
||||
forward_rules="-A ss_rules_${rule}_forward -p tcp -j REDIRECT --to-ports $o_redir_tcp_port"
|
||||
forward_rules="-A ssr_${rule}_forward -p tcp -j REDIRECT --to-ports $o_redir_tcp_port"
|
||||
if [ -n "$o_dst_forward_recentrst" ]; then
|
||||
recentrst_mangle_rules="
|
||||
*mangle
|
||||
|
|
@ -221,48 +221,48 @@ ss_rules_iptchains_init_() {
|
|||
COMMIT
|
||||
"
|
||||
recentrst_addset_rules="
|
||||
-A ss_rules_${rule}_dst -m recent --name ss_rules_recentrst --rcheck --rdest --seconds 3 --hitcount 3 -j SET --add-set ss_rules_dst_forward_recentrst_ dst --exist
|
||||
-A ss_rules_${rule}_dst -m set --match-set ss_rules_dst_forward_recentrst_ dst -j ss_rules_${rule}_forward
|
||||
-A ssr_${rule}_dst -m recent --name ss_rules_recentrst --rcheck --rdest --seconds 3 --hitcount 3 -j SET --add-set ss_rules_dst_forward_recentrst_ dst --exist
|
||||
-A ssr_${rule}_dst -m set --match-set ss_rules_dst_forward_recentrst_ dst -j ssr_${rule}_forward
|
||||
"
|
||||
fi
|
||||
;;
|
||||
udp)
|
||||
ip rule add fwmark 1 lookup 100
|
||||
ip route add local default dev lo table 100
|
||||
forward_rules="-A ss_rules_${rule}_forward -p udp -j TPROXY --on-port "$o_redir_udp_port" --tproxy-mark 0x01/0x01"
|
||||
forward_rules="-A ssr_${rule}_forward -p udp -j TPROXY --on-port "$o_redir_udp_port" --tproxy-mark 0x01/0x01"
|
||||
;;
|
||||
esac
|
||||
case "$o_src_default" in
|
||||
forward) src_default_target=ss_rules_${rule}_forward ;;
|
||||
checkdst) src_default_target=ss_rules_${rule}_dst ;;
|
||||
forward) src_default_target=ssr_${rule}_forward ;;
|
||||
checkdst) src_default_target=ssr_${rule}_dst ;;
|
||||
bypass|*) src_default_target=RETURN ;;
|
||||
esac
|
||||
case "$o_dst_default" in
|
||||
forward) dst_default_target=ss_rules_${rule}_forward ;;
|
||||
forward) dst_default_target=ssr_${rule}_forward ;;
|
||||
bypass|*) dst_default_target=RETURN ;;
|
||||
esac
|
||||
sed -e '/^\s*$/d' -e 's/^\s\+//' <<-EOF | iptables-restore -w --noflush
|
||||
*$table
|
||||
:ss_rules_${rule}_pre_src -
|
||||
:ss_rules_${rule}_src -
|
||||
:ss_rules_${rule}_dst -
|
||||
:ss_rules_${rule}_forward -
|
||||
:ssr_${rule}_pre_src -
|
||||
:ssr_${rule}_src -
|
||||
:ssr_${rule}_dst -
|
||||
:ssr_${rule}_forward -
|
||||
$(ss_rules_iptchains_mkprerules "$proto")
|
||||
-A ss_rules_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
|
||||
-A ss_rules_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-mark 0x539
|
||||
-A ss_rules_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
|
||||
-A ss_rules_${rule}_pre_src -m set --match-set ss_rules_dst_bypass dst -j RETURN
|
||||
-A ss_rules_${rule}_pre_src -m mark --mark 0x539 -j RETURN
|
||||
-A ss_rules_${rule}_dst -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
|
||||
-A ss_rules_${rule}_dst -m set --match-set ss_rules_dst_bypass dst -j RETURN
|
||||
-A ss_rules_${rule}_pre_src -p $proto $o_ipt_extra -j ss_rules_${rule}_src
|
||||
-A ss_rules_${rule}_src -m set --match-set ss_rules_src_bypass src -j RETURN
|
||||
-A ss_rules_${rule}_src -m set --match-set ss_rules_src_forward src -j ss_rules_${rule}_forward
|
||||
-A ss_rules_${rule}_src -m set --match-set ss_rules_src_checkdst src -j ss_rules_${rule}_dst
|
||||
-A ss_rules_${rule}_src -j $src_default_target -m comment --comment "src_default: $o_src_default"
|
||||
-A ss_rules_${rule}_dst -m set --match-set ss_rules_dst_forward dst -j ss_rules_${rule}_forward
|
||||
-A ssr_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
|
||||
-A ssr_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-mark 0x539
|
||||
-A ssr_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
|
||||
-A ssr_${rule}_pre_src -m set --match-set ss_rules_dst_bypass dst -j RETURN
|
||||
-A ssr_${rule}_pre_src -m mark --mark 0x539 -j RETURN
|
||||
-A ssr_${rule}_dst -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
|
||||
-A ssr_${rule}_dst -m set --match-set ss_rules_dst_bypass dst -j RETURN
|
||||
-A ssr_${rule}_pre_src -p $proto $o_ipt_extra -j ssr_${rule}_src
|
||||
-A ssr_${rule}_src -m set --match-set ss_rules_src_bypass src -j RETURN
|
||||
-A ssr_${rule}_src -m set --match-set ss_rules_src_forward src -j ssr_${rule}_forward
|
||||
-A ssr_${rule}_src -m set --match-set ss_rules_src_checkdst src -j ssr_${rule}_dst
|
||||
-A ssr_${rule}_src -j $src_default_target -m comment --comment "src_default: $o_src_default"
|
||||
-A ssr_${rule}_dst -m set --match-set ss_rules_dst_forward dst -j ssr_${rule}_forward
|
||||
$recentrst_addset_rules
|
||||
-A ss_rules_${rule}_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default"
|
||||
-A ssr_${rule}_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default"
|
||||
$forward_rules
|
||||
COMMIT
|
||||
$recentrst_mangle_rules
|
||||
|
|
@ -273,11 +273,11 @@ ss_rules_iptchains_mkprerules() {
|
|||
local proto="$1"
|
||||
|
||||
if [ -z "$o_ifnames" ]; then
|
||||
echo "-I PREROUTING 1 -p $proto -j ss_rules_${rule}_pre_src"
|
||||
echo "-I PREROUTING 1 -p $proto -j ssr_${rule}_pre_src"
|
||||
else
|
||||
echo $o_ifnames \
|
||||
| tr ' ' '\n' \
|
||||
| sed "s/.*/-I PREROUTING 1 -i \\0 -p $proto -j ss_rules_${rule}_pre_src/"
|
||||
| sed "s/.*/-I PREROUTING 1 -i \\0 -p $proto -j ssr_${rule}_pre_src/"
|
||||
fi
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -105,7 +105,7 @@ ss_rules6_parse_args() {
|
|||
ss_rules6_flush() {
|
||||
local setname
|
||||
|
||||
ip6tables-save --counters | grep -v ss_rules6_ | ip6tables-restore -w --counters
|
||||
ip6tables-save --counters | grep -v ssr6_ | ip6tables-restore -w --counters
|
||||
while ip -f inet6 rule del fwmark 1 lookup 100 2>/dev/null; do true; done
|
||||
ip -f inet6 route flush table 100 || true
|
||||
for setname in $(ipset -n list | grep "ss_rules6_"); do
|
||||
|
|
@ -165,20 +165,20 @@ ss_rules6_iptchains_init_tcp() {
|
|||
ss_rules6_iptchains_init_ nat tcp
|
||||
|
||||
case "$o_local_default" in
|
||||
checkdst) local_target=ss_rules6_${rule}_dst ;;
|
||||
forward) local_target=ss_rules6_${rule}_forward ;;
|
||||
checkdst) local_target=ssr6_${rule}_dst ;;
|
||||
forward) local_target=ssr6_${rule}_forward ;;
|
||||
bypass|*) return 0;;
|
||||
esac
|
||||
|
||||
ip6tables-restore -w --noflush <<-EOF
|
||||
*nat
|
||||
:ss_rules6_${rule}_local_out -
|
||||
-I OUTPUT 1 -p tcp -j ss_rules6_${rule}_local_out
|
||||
-A ss_rules6_${rule}_local_out -m set --match-set ss_rules6_dst_bypass dst -j RETURN
|
||||
-A ss_rules6_${rule}_local_out -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN
|
||||
-A ss_rules6_${rule}_local_out -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN
|
||||
-A ss_rules6_${rule}_local_out -m mark --mark 0x6539 -j RETURN
|
||||
-A ss_rules6_${rule}_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
|
||||
:ssr6_${rule}_local_out -
|
||||
-I OUTPUT 1 -p tcp -j ssr6_${rule}_local_out
|
||||
-A ssr6_${rule}_local_out -m set --match-set ss_rules6_dst_bypass dst -j RETURN
|
||||
-A ssr6_${rule}_local_out -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN
|
||||
-A ssr6_${rule}_local_out -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN
|
||||
-A ssr6_${rule}_local_out -m mark --mark 0x6539 -j RETURN
|
||||
-A ssr6_${rule}_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
|
||||
COMMIT
|
||||
EOF
|
||||
}
|
||||
|
|
@ -197,7 +197,7 @@ ss_rules6_iptchains_init_() {
|
|||
|
||||
case "$proto" in
|
||||
tcp)
|
||||
forward_rules="-A ss_rules6_${rule}_forward -p tcp -j REDIRECT --to-ports $o_redir_tcp_port"
|
||||
forward_rules="-A ssr6_${rule}_forward -p tcp -j REDIRECT --to-ports $o_redir_tcp_port"
|
||||
if [ -n "$o_dst_forward_recentrst" ]; then
|
||||
recentrst_mangle_rules="
|
||||
*mangle
|
||||
|
|
@ -205,48 +205,48 @@ ss_rules6_iptchains_init_() {
|
|||
COMMIT
|
||||
"
|
||||
recentrst_addset_rules="
|
||||
-A ss_rules6_${rule}_dst -m recent --name ss_rules6_recentrst --rcheck --rdest --seconds 3 --hitcount 3 -j SET --add-set ss_rules6_dst_forward_recrst_ dst --exist
|
||||
-A ss_rules6_${rule}_dst -m set --match-set ss_rules6_dst_forward_recrst_ dst -j ss_rules6_${rule}_forward
|
||||
-A ssr6_${rule}_dst -m recent --name ss_rules6_recentrst --rcheck --rdest --seconds 3 --hitcount 3 -j SET --add-set ss_rules6_dst_forward_recrst_ dst --exist
|
||||
-A ssr6_${rule}_dst -m set --match-set ss_rules6_dst_forward_recrst_ dst -j ssr6_${rule}_forward
|
||||
"
|
||||
fi
|
||||
;;
|
||||
udp)
|
||||
ip -f inet6 rule add fwmark 1 lookup 100
|
||||
ip -f inet6 route add local default dev lo table 100
|
||||
forward_rules="-A ss_rules6_${rule}_forward -p udp -j TPROXY --on-port "$o_redir_udp_port" --tproxy-mark 0x01/0x01"
|
||||
forward_rules="-A ssr6_${rule}_forward -p udp -j TPROXY --on-port "$o_redir_udp_port" --tproxy-mark 0x01/0x01"
|
||||
;;
|
||||
esac
|
||||
case "$o_src_default" in
|
||||
forward) src_default_target=ss_rules6_${rule}_forward ;;
|
||||
checkdst) src_default_target=ss_rules6_${rule}_dst ;;
|
||||
forward) src_default_target=ssr6_${rule}_forward ;;
|
||||
checkdst) src_default_target=ssr6_${rule}_dst ;;
|
||||
bypass|*) src_default_target=RETURN ;;
|
||||
esac
|
||||
case "$o_dst_default" in
|
||||
forward) dst_default_target=ss_rules6_${rule}_forward ;;
|
||||
forward) dst_default_target=ssr6_${rule}_forward ;;
|
||||
bypass|*) dst_default_target=RETURN ;;
|
||||
esac
|
||||
sed -e '/^\s*$/d' -e 's/^\s\+//' <<-EOF | ip6tables-restore -w --noflush
|
||||
*$table
|
||||
:ss_rules6_${rule}_pre_src -
|
||||
:ss_rules6_${rule}_src -
|
||||
:ss_rules6_${rule}_dst -
|
||||
:ss_rules6_${rule}_forward -
|
||||
:ssr6_${rule}_pre_src -
|
||||
:ssr6_${rule}_src -
|
||||
:ssr6_${rule}_dst -
|
||||
:ssr6_${rule}_forward -
|
||||
$(ss_rules6_iptchains_mkprerules "$proto")
|
||||
-A ss_rules6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN
|
||||
-A ss_rules6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_all dst -j MARK --set-mark 0x6539
|
||||
-A ss_rules6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN
|
||||
-A ss_rules6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass dst -j RETURN
|
||||
-A ss_rules6_${rule}_pre_src -m mark --mark 0x6539 -j RETURN
|
||||
-A ss_rules6_${rule}_dst -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN
|
||||
-A ss_rules6_${rule}_dst -m set --match-set ss_rules6_dst_bypass dst -j RETURN
|
||||
-A ss_rules6_${rule}_pre_src -p $proto $o_ipt_extra -j ss_rules6_${rule}_src
|
||||
-A ss_rules6_${rule}_src -m set --match-set ss_rules6_src_bypass src -j RETURN
|
||||
-A ss_rules6_${rule}_src -m set --match-set ss_rules6_src_forward src -j ss_rules6_${rule}_forward
|
||||
-A ss_rules6_${rule}_src -m set --match-set ss_rules6_src_checkdst src -j ss_rules6_${rule}_dst
|
||||
-A ss_rules6_${rule}_src -j $src_default_target -m comment --comment "src_default: $o_src_default"
|
||||
-A ss_rules6_${rule}_dst -m set --match-set ss_rules6_dst_forward dst -j ss_rules6_${rule}_forward
|
||||
-A ssr6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN
|
||||
-A ssr6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_all dst -j MARK --set-mark 0x6539
|
||||
-A ssr6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN
|
||||
-A ssr6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass dst -j RETURN
|
||||
-A ssr6_${rule}_pre_src -m mark --mark 0x6539 -j RETURN
|
||||
-A ssr6_${rule}_dst -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN
|
||||
-A ssr6_${rule}_dst -m set --match-set ss_rules6_dst_bypass dst -j RETURN
|
||||
-A ssr6_${rule}_pre_src -p $proto $o_ipt_extra -j ssr6_${rule}_src
|
||||
-A ssr6_${rule}_src -m set --match-set ss_rules6_src_bypass src -j RETURN
|
||||
-A ssr6_${rule}_src -m set --match-set ss_rules6_src_forward src -j ssr6_${rule}_forward
|
||||
-A ssr6_${rule}_src -m set --match-set ss_rules6_src_checkdst src -j ssr6_${rule}_dst
|
||||
-A ssr6_${rule}_src -j $src_default_target -m comment --comment "src_default: $o_src_default"
|
||||
-A ssr6_${rule}_dst -m set --match-set ss_rules6_dst_forward dst -j ssr6_${rule}_forward
|
||||
$recentrst_addset_rules
|
||||
-A ss_rules6_${rule}_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default"
|
||||
-A ssr6_${rule}_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default"
|
||||
$forward_rules
|
||||
COMMIT
|
||||
$recentrst_mangle_rules
|
||||
|
|
@ -257,11 +257,11 @@ ss_rules6_iptchains_mkprerules() {
|
|||
local proto="$1"
|
||||
|
||||
if [ -z "$o_ifnames" ]; then
|
||||
echo "-I PREROUTING 1 -p $proto -j ss_rules6_${rule}_pre_src"
|
||||
echo "-I PREROUTING 1 -p $proto -j ssr6_${rule}_pre_src"
|
||||
else
|
||||
echo $o_ifnames \
|
||||
| tr ' ' '\n' \
|
||||
| sed "s/.*/-I PREROUTING 1 -i \\0 -p $proto -j ss_rules6_${rule}_pre_src/"
|
||||
| sed "s/.*/-I PREROUTING 1 -i \\0 -p $proto -j ssr6_${rule}_pre_src/"
|
||||
fi
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue