mirror of
https://github.com/Ysurac/openmptcprouter-feeds.git
synced 2025-02-15 03:51:51 +00:00
Fix issue when VPS have multiples IPs and IPs are redirected to multiples LAN IP
This commit is contained in:
Ycarus (Yannick Chabanois)
suyuan
parent
d2868954fb
commit
35e7190c47
4 changed files with 89 additions and 89 deletions
|
|
@ -125,28 +125,28 @@ ss_rules_flush() {
|
||||||
iptables-save --counters | grep -v ssr_ | iptables-restore -w --counters
|
iptables-save --counters | grep -v ssr_ | iptables-restore -w --counters
|
||||||
while ip rule del fwmark 1 lookup 100 2>/dev/null; do true; done
|
while ip rule del fwmark 1 lookup 100 2>/dev/null; do true; done
|
||||||
ip route flush table 100 || true
|
ip route flush table 100 || true
|
||||||
for setname in $(ipset -n list | grep "ss_rules_"); do
|
for setname in $(ipset -n list | grep "ssr_${rule}"); do
|
||||||
ipset destroy "$setname" 2>/dev/null || true
|
ipset destroy "$setname" 2>/dev/null || true
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
ss_rules_ipset_init() {
|
ss_rules_ipset_init() {
|
||||||
ipset --exist restore <<-EOF
|
ipset --exist restore <<-EOF
|
||||||
create ss_rules_src_bypass hash:net hashsize 64
|
create ssr_${rule}_src_bypass hash:net hashsize 64
|
||||||
create ss_rules_src_forward hash:net hashsize 64
|
create ssr_${rule}_src_forward hash:net hashsize 64
|
||||||
create ss_rules_src_checkdst hash:net hashsize 64
|
create ssr_${rule}_src_checkdst hash:net hashsize 64
|
||||||
create ss_rules_dst_bypass_all hash:net hashsize 64
|
create ssr_rules_dst_bypass_all hash:net hashsize 64
|
||||||
create ss_rules_dst_bypass hash:net hashsize 64
|
create ssr_${rule}_dst_bypass hash:net hashsize 64
|
||||||
create ss_rules_dst_bypass_ hash:net hashsize 64
|
create ssr_${rule}_dst_bypass_ hash:net hashsize 64
|
||||||
create ss_rules_dst_forward hash:net hashsize 64
|
create ssr_${rule}_dst_forward hash:net hashsize 64
|
||||||
create ss_rules_dst_forward_recentrst_ hash:ip hashsize 64 timeout 3600
|
create ss_rules_dst_forward_recentrst_ hash:ip hashsize 64 timeout 3600
|
||||||
$(ss_rules_ipset_mkadd ss_rules_dst_bypass_ "$o_dst_bypass_ $o_remote_servers")
|
$(ss_rules_ipset_mkadd ssr_${rule}_dst_bypass_ "$o_dst_bypass_ $o_remote_servers")
|
||||||
$(ss_rules_ipset_mkadd ss_rules_dst_bypass_all "$o_dst_bypass_all")
|
$(ss_rules_ipset_mkadd ss_rules_dst_bypass_all "$o_dst_bypass_all")
|
||||||
$(ss_rules_ipset_mkadd ss_rules_dst_bypass "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')")
|
$(ss_rules_ipset_mkadd ssr_${rule}_dst_bypass "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')")
|
||||||
$(ss_rules_ipset_mkadd ss_rules_src_bypass "$o_src_bypass")
|
$(ss_rules_ipset_mkadd ssr_${rule}_src_bypass "$o_src_bypass")
|
||||||
$(ss_rules_ipset_mkadd ss_rules_src_forward "$o_src_forward")
|
$(ss_rules_ipset_mkadd ssr_${rule}_src_forward "$o_src_forward")
|
||||||
$(ss_rules_ipset_mkadd ss_rules_src_checkdst "$o_src_checkdst")
|
$(ss_rules_ipset_mkadd ssr_${rule}_src_checkdst "$o_src_checkdst")
|
||||||
$(ss_rules_ipset_mkadd ss_rules_dst_forward "$o_dst_forward $(cat "$o_dst_forward_file" 2>/dev/null | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')")
|
$(ss_rules_ipset_mkadd ssr_${rule}_dst_forward "$o_dst_forward $(cat "$o_dst_forward_file" 2>/dev/null | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')")
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -192,9 +192,9 @@ ss_rules_iptchains_init_tcp() {
|
||||||
*nat
|
*nat
|
||||||
:ssr_${rule}_local_out -
|
:ssr_${rule}_local_out -
|
||||||
-I OUTPUT 1 -p tcp -j ssr_${rule}_local_out
|
-I OUTPUT 1 -p tcp -j ssr_${rule}_local_out
|
||||||
-A ssr_${rule}_local_out -m set --match-set ss_rules_dst_bypass dst -j RETURN
|
-A ssr_${rule}_local_out -m set --match-set ssr_${rule}_dst_bypass dst -j RETURN
|
||||||
-A ssr_${rule}_local_out -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
|
-A ssr_${rule}_local_out -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
|
||||||
-A ssr_${rule}_local_out -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
|
-A ssr_${rule}_local_out -m set --match-set ssr_${rule}_dst_bypass_ dst -j RETURN
|
||||||
-A ssr_${rule}_local_out -m mark --mark 0x539 -j RETURN
|
-A ssr_${rule}_local_out -m mark --mark 0x539 -j RETURN
|
||||||
-A ssr_${rule}_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
|
-A ssr_${rule}_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
|
||||||
COMMIT
|
COMMIT
|
||||||
|
|
@ -250,19 +250,19 @@ ss_rules_iptchains_init_() {
|
||||||
:ssr_${rule}_dst -
|
:ssr_${rule}_dst -
|
||||||
:ssr_${rule}_forward -
|
:ssr_${rule}_forward -
|
||||||
$(ss_rules_iptchains_mkprerules "$proto")
|
$(ss_rules_iptchains_mkprerules "$proto")
|
||||||
-A ssr_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
|
-A ssr_${rule}_pre_src -m set --match-set ssr_${rule}_dst_bypass_ dst -j RETURN
|
||||||
-A ssr_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-mark 0x539
|
-A ssr_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-mark 0x539
|
||||||
-A ssr_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
|
-A ssr_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
|
||||||
-A ssr_${rule}_pre_src -m set --match-set ss_rules_dst_bypass dst -j RETURN
|
-A ssr_${rule}_pre_src -m set --match-set ssr_${rule}_dst_bypass dst -j RETURN
|
||||||
-A ssr_${rule}_pre_src -m mark --mark 0x539 -j RETURN
|
-A ssr_${rule}_pre_src -m mark --mark 0x539 -j RETURN
|
||||||
-A ssr_${rule}_dst -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
|
-A ssr_${rule}_dst -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
|
||||||
-A ssr_${rule}_dst -m set --match-set ss_rules_dst_bypass dst -j RETURN
|
-A ssr_${rule}_dst -m set --match-set ssr_${rule}_dst_bypass dst -j RETURN
|
||||||
-A ssr_${rule}_pre_src -p $proto $o_ipt_extra -j ssr_${rule}_src
|
-A ssr_${rule}_pre_src -p $proto $o_ipt_extra -j ssr_${rule}_src
|
||||||
-A ssr_${rule}_src -m set --match-set ss_rules_src_bypass src -j RETURN
|
-A ssr_${rule}_src -m set --match-set ssr_${rule}_src_bypass src -j RETURN
|
||||||
-A ssr_${rule}_src -m set --match-set ss_rules_src_forward src -j ssr_${rule}_forward
|
-A ssr_${rule}_src -m set --match-set ssr_${rule}_src_forward src -j ssr_${rule}_forward
|
||||||
-A ssr_${rule}_src -m set --match-set ss_rules_src_checkdst src -j ssr_${rule}_dst
|
-A ssr_${rule}_src -m set --match-set ssr_${rule}_src_checkdst src -j ssr_${rule}_dst
|
||||||
-A ssr_${rule}_src -j $src_default_target -m comment --comment "src_default: $o_src_default"
|
-A ssr_${rule}_src -j $src_default_target -m comment --comment "src_default: $o_src_default"
|
||||||
-A ssr_${rule}_dst -m set --match-set ss_rules_dst_forward dst -j ssr_${rule}_forward
|
-A ssr_${rule}_dst -m set --match-set ssr_${rule}_dst_forward dst -j ssr_${rule}_forward
|
||||||
$recentrst_addset_rules
|
$recentrst_addset_rules
|
||||||
-A ssr_${rule}_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default"
|
-A ssr_${rule}_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default"
|
||||||
$forward_rules
|
$forward_rules
|
||||||
|
|
|
||||||
|
|
@ -108,28 +108,28 @@ ss_rules6_flush() {
|
||||||
ip6tables-save --counters | grep -v ssr6_ | ip6tables-restore -w --counters
|
ip6tables-save --counters | grep -v ssr6_ | ip6tables-restore -w --counters
|
||||||
while ip -f inet6 rule del fwmark 1 lookup 100 2>/dev/null; do true; done
|
while ip -f inet6 rule del fwmark 1 lookup 100 2>/dev/null; do true; done
|
||||||
ip -f inet6 route flush table 100 || true
|
ip -f inet6 route flush table 100 || true
|
||||||
for setname in $(ipset -n list | grep "ss_rules6_"); do
|
for setname in $(ipset -n list | grep "ssr6_${rule}"); do
|
||||||
ipset destroy "$setname" 2>/dev/null || true
|
ipset destroy "$setname" 2>/dev/null || true
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
ss_rules6_ipset_init() {
|
ss_rules6_ipset_init() {
|
||||||
ipset --exist restore <<-EOF
|
ipset --exist restore <<-EOF
|
||||||
create ss_rules6_src_bypass hash:net family inet6 hashsize 64
|
create ssr6_${rule}_src_bypass hash:net family inet6 hashsize 64
|
||||||
create ss_rules6_src_forward hash:net family inet6 hashsize 64
|
create ssr6_${rule}_src_forward hash:net family inet6 hashsize 64
|
||||||
create ss_rules6_src_checkdst hash:net family inet6 hashsize 64
|
create ssr6_${rule}_src_checkdst hash:net family inet6 hashsize 64
|
||||||
create ss_rules6_dst_bypass hash:net family inet6 hashsize 64
|
create ssr6_${rule}_dst_bypass hash:net family inet6 hashsize 64
|
||||||
create ss_rules6_dst_bypass_all hash:net family inet6 hashsize 64
|
create ss_rules6_dst_bypass_all hash:net family inet6 hashsize 64
|
||||||
create ss_rules6_dst_bypass_ hash:net family inet6 hashsize 64
|
create ssr6_${rule}_dst_bypass_ hash:net family inet6 hashsize 64
|
||||||
create ss_rules6_dst_forward hash:net family inet6 hashsize 64
|
create ssr6_${rule}_dst_forward hash:net family inet6 hashsize 64
|
||||||
create ss_rules6_dst_forward_recrst_ hash:ip family inet6 hashsize 64 timeout 3600
|
create ssr6_${rule}_dst_forward_recrst_ hash:ip family inet6 hashsize 64 timeout 3600
|
||||||
$(ss_rules6_ipset_mkadd ss_rules6_dst_bypass_ "$o_dst_bypass_ $o_remote_servers")
|
$(ss_rules6_ipset_mkadd ssr6_${rule}_dst_bypass_ "$o_dst_bypass_ $o_remote_servers")
|
||||||
$(ss_rules6_ipset_mkadd ss_rules6_dst_bypass_all "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')")
|
$(ss_rules6_ipset_mkadd ss_rules6_dst_bypass_all "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')")
|
||||||
$(ss_rules6_ipset_mkadd ss_rules6_dst_bypass "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')")
|
$(ss_rules6_ipset_mkadd ssr6_${rule}_dst_bypass "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')")
|
||||||
$(ss_rules6_ipset_mkadd ss_rules6_src_bypass "$o_src_bypass")
|
$(ss_rules6_ipset_mkadd ssr6_${rule}_src_bypass "$o_src_bypass")
|
||||||
$(ss_rules6_ipset_mkadd ss_rules6_src_forward "$o_src_forward")
|
$(ss_rules6_ipset_mkadd ssr6_${rule}_src_forward "$o_src_forward")
|
||||||
$(ss_rules6_ipset_mkadd ss_rules6_src_checkdst "$o_src_checkdst")
|
$(ss_rules6_ipset_mkadd ssr6_${rule}_src_checkdst "$o_src_checkdst")
|
||||||
$(ss_rules6_ipset_mkadd ss_rules6_dst_forward "$o_dst_forward $(cat "$o_dst_forward_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')")
|
$(ss_rules6_ipset_mkadd ssr6_${rule}_dst_forward "$o_dst_forward $(cat "$o_dst_forward_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')")
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -174,9 +174,9 @@ ss_rules6_iptchains_init_tcp() {
|
||||||
*nat
|
*nat
|
||||||
:ssr6_${rule}_local_out -
|
:ssr6_${rule}_local_out -
|
||||||
-I OUTPUT 1 -p tcp -j ssr6_${rule}_local_out
|
-I OUTPUT 1 -p tcp -j ssr6_${rule}_local_out
|
||||||
-A ssr6_${rule}_local_out -m set --match-set ss_rules6_dst_bypass dst -j RETURN
|
-A ssr6_${rule}_local_out -m set --match-set ssr6_${rule}_dst_bypass dst -j RETURN
|
||||||
-A ssr6_${rule}_local_out -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN
|
-A ssr6_${rule}_local_out -m set --match-set ssr6_${rule}_dst_bypass_all dst -j RETURN
|
||||||
-A ssr6_${rule}_local_out -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN
|
-A ssr6_${rule}_local_out -m set --match-set ssr6_${rule}_dst_bypass_ dst -j RETURN
|
||||||
-A ssr6_${rule}_local_out -m mark --mark 0x6539 -j RETURN
|
-A ssr6_${rule}_local_out -m mark --mark 0x6539 -j RETURN
|
||||||
-A ssr6_${rule}_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
|
-A ssr6_${rule}_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
|
||||||
COMMIT
|
COMMIT
|
||||||
|
|
@ -232,19 +232,19 @@ ss_rules6_iptchains_init_() {
|
||||||
:ssr6_${rule}_dst -
|
:ssr6_${rule}_dst -
|
||||||
:ssr6_${rule}_forward -
|
:ssr6_${rule}_forward -
|
||||||
$(ss_rules6_iptchains_mkprerules "$proto")
|
$(ss_rules6_iptchains_mkprerules "$proto")
|
||||||
-A ssr6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN
|
-A ssr6_${rule}_pre_src -m set --match-set ssr6_${rule}_dst_bypass_ dst -j RETURN
|
||||||
-A ssr6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_all dst -j MARK --set-mark 0x6539
|
-A ssr6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_all dst -j MARK --set-mark 0x6539
|
||||||
-A ssr6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN
|
-A ssr6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN
|
||||||
-A ssr6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass dst -j RETURN
|
-A ssr6_${rule}_pre_src -m set --match-set ssr6_${rule}_dst_bypass dst -j RETURN
|
||||||
-A ssr6_${rule}_pre_src -m mark --mark 0x6539 -j RETURN
|
-A ssr6_${rule}_pre_src -m mark --mark 0x6539 -j RETURN
|
||||||
-A ssr6_${rule}_dst -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN
|
-A ssr6_${rule}_dst -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN
|
||||||
-A ssr6_${rule}_dst -m set --match-set ss_rules6_dst_bypass dst -j RETURN
|
-A ssr6_${rule}_dst -m set --match-set ssr6_${rule}_dst_bypass dst -j RETURN
|
||||||
-A ssr6_${rule}_pre_src -p $proto $o_ipt_extra -j ssr6_${rule}_src
|
-A ssr6_${rule}_pre_src -p $proto $o_ipt_extra -j ssr6_${rule}_src
|
||||||
-A ssr6_${rule}_src -m set --match-set ss_rules6_src_bypass src -j RETURN
|
-A ssr6_${rule}_src -m set --match-set ssr6_${rule}_src_bypass src -j RETURN
|
||||||
-A ssr6_${rule}_src -m set --match-set ss_rules6_src_forward src -j ssr6_${rule}_forward
|
-A ssr6_${rule}_src -m set --match-set ssr6_${rule}_src_forward src -j ssr6_${rule}_forward
|
||||||
-A ssr6_${rule}_src -m set --match-set ss_rules6_src_checkdst src -j ssr6_${rule}_dst
|
-A ssr6_${rule}_src -m set --match-set ssr6_${rule}_src_checkdst src -j ssr6_${rule}_dst
|
||||||
-A ssr6_${rule}_src -j $src_default_target -m comment --comment "src_default: $o_src_default"
|
-A ssr6_${rule}_src -j $src_default_target -m comment --comment "src_default: $o_src_default"
|
||||||
-A ssr6_${rule}_dst -m set --match-set ss_rules6_dst_forward dst -j ssr6_${rule}_forward
|
-A ssr6_${rule}_dst -m set --match-set ssr6_${rule}_dst_forward dst -j ssr6_${rule}_forward
|
||||||
$recentrst_addset_rules
|
$recentrst_addset_rules
|
||||||
-A ssr6_${rule}_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default"
|
-A ssr6_${rule}_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default"
|
||||||
$forward_rules
|
$forward_rules
|
||||||
|
|
|
||||||
|
|
@ -125,28 +125,28 @@ v2r_rules_flush() {
|
||||||
iptables-save --counters | grep -v v2r_ | iptables-restore -w --counters
|
iptables-save --counters | grep -v v2r_ | iptables-restore -w --counters
|
||||||
while ip rule del fwmark 1 lookup 100 2>/dev/null; do true; done
|
while ip rule del fwmark 1 lookup 100 2>/dev/null; do true; done
|
||||||
ip route flush table 100 || true
|
ip route flush table 100 || true
|
||||||
for setname in $(ipset -n list | grep "ss_rules_"); do
|
for setname in $(ipset -n list | grep "ssr_${rule}"); do
|
||||||
ipset destroy "$setname" 2>/dev/null || true
|
ipset destroy "$setname" 2>/dev/null || true
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
v2r_rules_ipset_init() {
|
v2r_rules_ipset_init() {
|
||||||
ipset --exist restore <<-EOF
|
ipset --exist restore <<-EOF
|
||||||
create ss_rules_src_bypass hash:net hashsize 64
|
create ssr_${rule}_src_bypass hash:net hashsize 64
|
||||||
create ss_rules_src_forward hash:net hashsize 64
|
create ssr_${rule}_src_forward hash:net hashsize 64
|
||||||
create ss_rules_src_checkdst hash:net hashsize 64
|
create ssr_${rule}_src_checkdst hash:net hashsize 64
|
||||||
create ss_rules_dst_bypass_all hash:net hashsize 64
|
create ss_rules_dst_bypass_all hash:net hashsize 64
|
||||||
create ss_rules_dst_bypass hash:net hashsize 64
|
create ssr_${rule}_dst_bypass hash:net hashsize 64
|
||||||
create ss_rules_dst_bypass_ hash:net hashsize 64
|
create ssr_${rule}_dst_bypass_ hash:net hashsize 64
|
||||||
create ss_rules_dst_forward hash:net hashsize 64
|
create ssr_${rule}_dst_forward hash:net hashsize 64
|
||||||
create ss_rules_dst_forward_recentrst_ hash:ip hashsize 64 timeout 3600
|
create ss_rules_dst_forward_recentrst_ hash:ip hashsize 64 timeout 3600
|
||||||
$(v2r_rules_ipset_mkadd ss_rules_dst_bypass_ "$o_dst_bypass_ $o_remote_servers")
|
$(v2r_rules_ipset_mkadd ssr_${rule}_dst_bypass_ "$o_dst_bypass_ $o_remote_servers")
|
||||||
$(v2r_rules_ipset_mkadd ss_rules_dst_bypass_all "$o_dst_bypass_all")
|
$(v2r_rules_ipset_mkadd ss_rules_dst_bypass_all "$o_dst_bypass_all")
|
||||||
$(v2r_rules_ipset_mkadd ss_rules_dst_bypass "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')")
|
$(v2r_rules_ipset_mkadd ssr_${rule}_dst_bypass "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')")
|
||||||
$(v2r_rules_ipset_mkadd ss_rules_src_bypass "$o_src_bypass")
|
$(v2r_rules_ipset_mkadd ssr_${rule}_src_bypass "$o_src_bypass")
|
||||||
$(v2r_rules_ipset_mkadd ss_rules_src_forward "$o_src_forward")
|
$(v2r_rules_ipset_mkadd ssr_${rule}_src_forward "$o_src_forward")
|
||||||
$(v2r_rules_ipset_mkadd ss_rules_src_checkdst "$o_src_checkdst")
|
$(v2r_rules_ipset_mkadd ssr_${rule}_src_checkdst "$o_src_checkdst")
|
||||||
$(v2r_rules_ipset_mkadd ss_rules_dst_forward "$o_dst_forward $(cat "$o_dst_forward_file" 2>/dev/null | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')")
|
$(v2r_rules_ipset_mkadd ssr_${rule}_dst_forward "$o_dst_forward $(cat "$o_dst_forward_file" 2>/dev/null | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')")
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -192,9 +192,9 @@ v2r_rules_iptchains_init_tcp() {
|
||||||
*nat
|
*nat
|
||||||
:v2r_${rule}_local_out -
|
:v2r_${rule}_local_out -
|
||||||
-I OUTPUT 1 -p tcp -j v2r_${rule}_local_out
|
-I OUTPUT 1 -p tcp -j v2r_${rule}_local_out
|
||||||
-A v2r_${rule}_local_out -m set --match-set ss_rules_dst_bypass dst -j RETURN
|
-A v2r_${rule}_local_out -m set --match-set ssr_${rule}_dst_bypass dst -j RETURN
|
||||||
-A v2r_${rule}_local_out -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
|
-A v2r_${rule}_local_out -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
|
||||||
-A v2r_${rule}_local_out -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
|
-A v2r_${rule}_local_out -m set --match-set ssr_${rule}_dst_bypass_ dst -j RETURN
|
||||||
-A v2r_${rule}_local_out -m mark --mark 0x539 -j RETURN
|
-A v2r_${rule}_local_out -m mark --mark 0x539 -j RETURN
|
||||||
-A v2r_${rule}_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
|
-A v2r_${rule}_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
|
||||||
COMMIT
|
COMMIT
|
||||||
|
|
@ -250,19 +250,19 @@ v2r_rules_iptchains_init_() {
|
||||||
:v2r_${rule}_dst -
|
:v2r_${rule}_dst -
|
||||||
:v2r_${rule}_forward -
|
:v2r_${rule}_forward -
|
||||||
$(v2r_rules_iptchains_mkprerules "$proto")
|
$(v2r_rules_iptchains_mkprerules "$proto")
|
||||||
-A v2r_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
|
-A v2r_${rule}_pre_src -m set --match-set ssr_${rule}_dst_bypass_ dst -j RETURN
|
||||||
-A v2r_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-mark 0x539
|
-A v2r_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-mark 0x539
|
||||||
-A v2r_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
|
-A v2r_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
|
||||||
-A v2r_${rule}_pre_src -m set --match-set ss_rules_dst_bypass dst -j RETURN
|
-A v2r_${rule}_pre_src -m set --match-set ssr_${rule}_dst_bypass dst -j RETURN
|
||||||
-A v2r_${rule}_pre_src -m mark --mark 0x539 -j RETURN
|
-A v2r_${rule}_pre_src -m mark --mark 0x539 -j RETURN
|
||||||
-A v2r_${rule}_dst -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
|
-A v2r_${rule}_dst -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
|
||||||
-A v2r_${rule}_dst -m set --match-set ss_rules_dst_bypass dst -j RETURN
|
-A v2r_${rule}_dst -m set --match-set ssr_${rule}_dst_bypass dst -j RETURN
|
||||||
-A v2r_${rule}_pre_src -p $proto $o_ipt_extra -j v2r_${rule}_src
|
-A v2r_${rule}_pre_src -p $proto $o_ipt_extra -j v2r_${rule}_src
|
||||||
-A v2r_${rule}_src -m set --match-set ss_rules_src_bypass src -j RETURN
|
-A v2r_${rule}_src -m set --match-set ssr_${rule}_src_bypass src -j RETURN
|
||||||
-A v2r_${rule}_src -m set --match-set ss_rules_src_forward src -j v2r_${rule}_forward
|
-A v2r_${rule}_src -m set --match-set ssr_${rule}_src_forward src -j v2r_${rule}_forward
|
||||||
-A v2r_${rule}_src -m set --match-set ss_rules_src_checkdst src -j v2r_${rule}_dst
|
-A v2r_${rule}_src -m set --match-set ssr_${rule}_src_checkdst src -j v2r_${rule}_dst
|
||||||
-A v2r_${rule}_src -j $src_default_target -m comment --comment "src_default: $o_src_default"
|
-A v2r_${rule}_src -j $src_default_target -m comment --comment "src_default: $o_src_default"
|
||||||
-A v2r_${rule}_dst -m set --match-set ss_rules_dst_forward dst -j v2r_${rule}_forward
|
-A v2r_${rule}_dst -m set --match-set ssr_${rule}_dst_forward dst -j v2r_${rule}_forward
|
||||||
$recentrst_addset_rules
|
$recentrst_addset_rules
|
||||||
-A v2r_${rule}_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default"
|
-A v2r_${rule}_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default"
|
||||||
$forward_rules
|
$forward_rules
|
||||||
|
|
|
||||||
|
|
@ -108,28 +108,28 @@ v2ray_rules6_flush() {
|
||||||
ip6tables-save --counters | grep -v v2r6_ | ip6tables-restore -w --counters
|
ip6tables-save --counters | grep -v v2r6_ | ip6tables-restore -w --counters
|
||||||
while ip -f inet6 rule del fwmark 1 lookup 100 2>/dev/null; do true; done
|
while ip -f inet6 rule del fwmark 1 lookup 100 2>/dev/null; do true; done
|
||||||
ip -f inet6 route flush table 100 || true
|
ip -f inet6 route flush table 100 || true
|
||||||
for setname in $(ipset -n list | grep "ss_rules6_"); do
|
for setname in $(ipset -n list | grep "ssr6_${rule}"); do
|
||||||
ipset destroy "$setname" 2>/dev/null || true
|
ipset destroy "$setname" 2>/dev/null || true
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
v2ray_rules6_ipset_init() {
|
v2ray_rules6_ipset_init() {
|
||||||
ipset --exist restore <<-EOF
|
ipset --exist restore <<-EOF
|
||||||
create ss_rules6_src_bypass hash:net family inet6 hashsize 64
|
create ssr6_${rule}_src_bypass hash:net family inet6 hashsize 64
|
||||||
create ss_rules6_src_forward hash:net family inet6 hashsize 64
|
create ssr6_${rule}_src_forward hash:net family inet6 hashsize 64
|
||||||
create ss_rules6_src_checkdst hash:net family inet6 hashsize 64
|
create ssr6_${rule}_src_checkdst hash:net family inet6 hashsize 64
|
||||||
create ss_rules6_dst_bypass hash:net family inet6 hashsize 64
|
create ssr6_${rule}_dst_bypass hash:net family inet6 hashsize 64
|
||||||
create ss_rules6_dst_bypass_all hash:net family inet6 hashsize 64
|
create ss_rules6_dst_bypass_all hash:net family inet6 hashsize 64
|
||||||
create ss_rules6_dst_bypass_ hash:net family inet6 hashsize 64
|
create ssr6_${rule}_dst_bypass_ hash:net family inet6 hashsize 64
|
||||||
create ss_rules6_dst_forward hash:net family inet6 hashsize 64
|
create ssr6_${rule}_dst_forward hash:net family inet6 hashsize 64
|
||||||
create ss_rules6_dst_forward_recrst_ hash:ip family inet6 hashsize 64 timeout 3600
|
create ss_rules6_dst_forward_recrst_ hash:ip family inet6 hashsize 64 timeout 3600
|
||||||
$(v2ray_rules6_ipset_mkadd ss_rules6_dst_bypass_ "$o_dst_bypass_ $o_remote_servers")
|
$(v2ray_rules6_ipset_mkadd ssr6_${rule}_dst_bypass_ "$o_dst_bypass_ $o_remote_servers")
|
||||||
$(v2ray_rules6_ipset_mkadd ss_rules6_dst_bypass_all "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')")
|
$(v2ray_rules6_ipset_mkadd ss_rules6_dst_bypass_all "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')")
|
||||||
$(v2ray_rules6_ipset_mkadd ss_rules6_dst_bypass "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')")
|
$(v2ray_rules6_ipset_mkadd ssr6_${rule}_dst_bypass "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')")
|
||||||
$(v2ray_rules6_ipset_mkadd ss_rules6_src_bypass "$o_src_bypass")
|
$(v2ray_rules6_ipset_mkadd ssr6_${rule}_src_bypass "$o_src_bypass")
|
||||||
$(v2ray_rules6_ipset_mkadd ss_rules6_src_forward "$o_src_forward")
|
$(v2ray_rules6_ipset_mkadd ssr6_${rule}_src_forward "$o_src_forward")
|
||||||
$(v2ray_rules6_ipset_mkadd ss_rules6_src_checkdst "$o_src_checkdst")
|
$(v2ray_rules6_ipset_mkadd ssr6_${rule}_src_checkdst "$o_src_checkdst")
|
||||||
$(v2ray_rules6_ipset_mkadd ss_rules6_dst_forward "$o_dst_forward $(cat "$o_dst_forward_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')")
|
$(v2ray_rules6_ipset_mkadd ssr6_${rule}_dst_forward "$o_dst_forward $(cat "$o_dst_forward_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')")
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -240,20 +240,20 @@ v2ray_rules6_iptchains_init_() {
|
||||||
:v2r6_${rule}_forward -
|
:v2r6_${rule}_forward -
|
||||||
$(v2ray_rules6_iptchains_mkprerules "udp")
|
$(v2ray_rules6_iptchains_mkprerules "udp")
|
||||||
$(v2ray_rules6_iptchains_mkprerules "tcp")
|
$(v2ray_rules6_iptchains_mkprerules "tcp")
|
||||||
-A v2r6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN
|
-A v2r6_${rule}_pre_src -m set --match-set ssr6_${rule}_dst_bypass_ dst -j RETURN
|
||||||
-A v2r6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_all dst -j MARK --set-mark 0x6539
|
-A v2r6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_all dst -j MARK --set-mark 0x6539
|
||||||
-A v2r6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN
|
-A v2r6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN
|
||||||
-A v2r6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass dst -j RETURN
|
-A v2r6_${rule}_pre_src -m set --match-set ssr6_${rule}_dst_bypass dst -j RETURN
|
||||||
-A v2r6_${rule}_pre_src -m mark --mark 0x6539 -j RETURN
|
-A v2r6_${rule}_pre_src -m mark --mark 0x6539 -j RETURN
|
||||||
-A v2r6_${rule}_dst -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN
|
-A v2r6_${rule}_dst -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN
|
||||||
-A v2r6_${rule}_dst -m set --match-set ss_rules6_dst_bypass dst -j RETURN
|
-A v2r6_${rule}_dst -m set --match-set ssr6_${rule}_dst_bypass dst -j RETURN
|
||||||
-A v2r6_${rule}_pre_src -p tcp $o_ipt_extra -j v2r6_${rule}_src
|
-A v2r6_${rule}_pre_src -p tcp $o_ipt_extra -j v2r6_${rule}_src
|
||||||
-A v2r6_${rule}_pre_src -p udp $o_ipt_extra -j v2r6_${rule}_src
|
-A v2r6_${rule}_pre_src -p udp $o_ipt_extra -j v2r6_${rule}_src
|
||||||
-A v2r6_${rule}_src -m set --match-set ss_rules6_src_bypass src -j RETURN
|
-A v2r6_${rule}_src -m set --match-set ssr6_${rule}_src_bypass src -j RETURN
|
||||||
-A v2r6_${rule}_src -m set --match-set ss_rules6_src_forward src -j v2r6_${rule}_forward
|
-A v2r6_${rule}_src -m set --match-set ssr6_${rule}_src_forward src -j v2r6_${rule}_forward
|
||||||
-A v2r6_${rule}_src -m set --match-set ss_rules6_src_checkdst src -j v2r6_${rule}_dst
|
-A v2r6_${rule}_src -m set --match-set ssr6_${rule}_src_checkdst src -j v2r6_${rule}_dst
|
||||||
-A v2r6_${rule}_src -j $src_default_target -m comment --comment "src_default: $o_src_default"
|
-A v2r6_${rule}_src -j $src_default_target -m comment --comment "src_default: $o_src_default"
|
||||||
-A v2r6_${rule}_dst -m set --match-set ss_rules6_dst_forward dst -j v2r6_${rule}_forward
|
-A v2r6_${rule}_dst -m set --match-set ssr6_${rule}_dst_forward dst -j v2r6_${rule}_forward
|
||||||
$recentrst_addset_rules
|
$recentrst_addset_rules
|
||||||
-A v2r6_${rule}_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default"
|
-A v2r6_${rule}_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default"
|
||||||
$forward_rules
|
$forward_rules
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue