mptcp/openmptcprouter-feeds
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-feeds.git synced 2025-03-09 15:40:03 +00:00
Code Issues Releases Wiki Activity

Merge branch 'develop' of https://github.com/Ysurac/openmptcprouter-feeds into test

Browse source
This commit is contained in:
suyuan 2024-01-11 23:07:47 +08:00
commit 31ad833a71
45 changed files with 8194 additions and 539 deletions
Download patch file Download diff file Expand all files Collapse all files

23
openmptcprouter/files/etc/init.d/openmptcprouter-vps
View file

@ -10,13 +10,13 @@ EXTRA_COMMANDS="set_pihole backup_send backup_get backup_list set_vps_firewall g
. /usr/lib/unbound/iptools.sh
if [ -f /usr/sbin/iptables-legacy ]; then
IPTABLES="/usr/sbin/iptables-legacy"
IPTABLESRESTORE="/usr/sbin/iptables-legacy-restore"
IPTABLESSAVE="/usr/sbin/iptables-legacy-save"
IP6TABLES="/usr/sbin/ip6tables-legacy"
IP6TABLESRESTORE="/usr/sbin/ip6tables-legacy-restore"
IP6TABLESSAVE="/usr/sbin/ip6tables-legacy-save"
if [ -e /usr/sbin/iptables-nft ]; then
IPTABLES="/usr/sbin/iptables-nft"
IPTABLESRESTORE="/usr/sbin/iptables-nft-restore"
IPTABLESSAVE="/usr/sbin/iptables-nft-save"
IP6TABLES="/usr/sbin/ip6tables-nft"
IP6TABLESRESTORE="/usr/sbin/ip6tables-nft-restore"
IP6TABLESSAVE="/usr/sbin/ip6tables-nft-save"
else
IPTABLES="/usr/sbin/iptables"
IPTABLESRESTORE="/usr/sbin/iptables-restore"
@ -947,8 +947,11 @@ _set_lan_ip() {
_set_bypass_ips() {
local settings
[ -z "$servername" ] && servername=$1
bypassipv4s=$(ipset -q -o save list omr_dst_bypass_srv_vpn1 | awk '/add/ NF {print "\""$3"\""}' | tr '\n' ',' | sed 's/,$//')
bypassipv6s=$(ipset -q -o save list omr6_dst_bypass_srv_vpn1 | awk '/add/ NF {print "\""$3"\""}' | tr '\n' ',' | sed 's/,$//')
bypassipv4s=$(ipset -q -o save list omr_dst_bypass_srv_vpn1_4 | awk '/add/ NF {print "\""$3"\""}' | tr '\n' ',' | sed 's/,$//')
[ -z "$bypassipvs4" ] && bypassipv4s=$(nft -j list set inet fw4 "omr_dst_bypass_srv_vpn1_4" | jsonfilter -e @.nftables[1].set.elem[*].prefix | awk '{gsub(/"/,"",$3);gsub(/,/,"/",$3); print $3 $5}')
bypassipv6s=$(ipset -q -o save list omr6_dst_bypass_srv_vpn1_6 | awk '/add/ NF {print "\""$3"\""}' | tr '\n' ',' | sed 's/,$//')
[ -z "$bypassipvs6" ] && bypassipv4s=$(nft -j list set inet fw4 "omr_dst_bypass_srv_vpn1_6" | jsonfilter -e @.nftables[1].set.elem[*].prefix | awk '{gsub(/"/,"",$3);gsub(/,/,"/",$3); print $3 $5}')
# "
if [ "$bypassipv4s" != "" ] || [ "$bypassipv6s" != "" ]; then
settings='{"ipv4s" : ['$bypassipv4s'],"ipv6s" : ['$bypassipv6s'],"intf" : "vpn1"}'
result=$(_set_json "bypass" "$settings")
@ -1041,6 +1044,8 @@ _vps_firewall_redirect_port() {
config_get name $1 name
config_get dmz $1 dmz "0"
config_get target $1 target "REDIRECT"
[ "$target" = "MARK" ] && return
[ "$target" = "DSCP" ] && return
if [ -z "$src_dport" ] && [ -n "$dest_port" ]; then
src_dport=$dest_port
fi

63
openmptcprouter/files/etc/sysctl.d/openmptcprouter.conf Executable file
View file

@ -0,0 +1,63 @@
# local sysctl settings can be stored in this directory
# max open files
fs.file-max = 512000
# max read buffer
net.core.rmem_max = 16777216
# max write buffer
net.core.wmem_max = 16777216
#net.core.optmem_max = 33554432
# default read buffer
net.core.rmem_default = 16777216
# default write buffer
net.core.wmem_default = 16777216
# max processor input queue
net.core.netdev_max_backlog = 8192
# max backlog
net.core.somaxconn = 8192
# resist SYN flood attacks
net.ipv4.tcp_syncookies = 1
# reuse timewait sockets when safe
net.ipv4.tcp_tw_reuse = 1
# turn off fast timewait sockets recycling
#net.ipv4.tcp_tw_recycle = 0
# short FIN timeout
#net.ipv4.tcp_fin_timeout = 60
# increase max orphans
net.ipv4.tcp_max_orphans = 16384
# short keepalive time
#net.ipv4.tcp_keepalive_time = 2400
# outbound port range
net.ipv4.ip_local_port_range = 9999 65000
# max SYN backlog
net.ipv4.tcp_max_syn_backlog = 10240
# max timewait sockets held by system simultaneously
net.ipv4.tcp_max_tw_buckets = 10000
# turn on TCP Fast Open on both client and server side
#net.ipv4.tcp_fastopen = 3
# TCP receive buffer
net.ipv4.tcp_rmem = 4096 87380 16777216
# TCP write buffer
net.ipv4.tcp_wmem = 4096 87380 16777216
# TCP buffer
net.ipv4.tcp_mem = 1638400 1638400 1638400
# UDP buffer
net.ipv4.udp_mem = 4096 131072 67108864
# turn off path MTU discovery
net.ipv4.tcp_mtu_probing = 0
# for low-latency network, use cubic instead
# net.ipv4.tcp_congestion_control = balia
# Default conntrack is too small
net.netfilter.nf_conntrack_max = 131072
net.ipv4.conf.all.ignore_routes_with_linkdown = 1
net.ipv4.conf.default.ignore_routes_with_linkdown = 1
net.ipv4.tcp_ecn = 2
#net.ipv4.tcp_sack = 0
#net.ipv4.tcp_dsack = 0
#net.ipv4.tcp_fack = 0
net.ipv4.tcp_slow_start_after_idle = 0
net.ipv4.route.gc_timeout = 150