Fix block from lan

shadowsocks-libev/files/shadowsocks-libev.init

@@ -339,7 +339,10 @@ server_state() {
 }
 
 rules_up() {
-	rules_exist && return 0
+	rules_exist && {
+		[ -f /bin/blocklanfw ] && /bin/blocklanfw 2>&1 >/dev/null
+		return 0
+	}
 	[ "$(uci -q get shadowsocks-libev.ss_rules.disabled)" = "1" ] && return 0
 	enabled="0"
 	passkey=""
@@ -357,6 +360,7 @@ rules_up() {
 		logger -t "Shadowsocks" "Reload omr-bypass rules"
 		/etc/init.d/omr-bypass reload_rules
 	}
+	[ -f /bin/blocklanfw ] && /bin/blocklanfw 2>&1 >/dev/null
 }
 
 rules_down() {

shadowsocks-libev/files/ss-rules

@@ -284,19 +284,7 @@ ss_rules_iptchains_mkprerules() {
 	fi
 }
 
-ss_rules_fw_drop() {
-	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
-	while IFS=$"\n" read -r c; do
-		iptables -t nat -A zone_lan_prerouting $(echo $c | sed 's/reject/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
-	done
-	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
-	while IFS=$"\n" read -r c; do
-		iptables -t nat -A zone_lan_prerouting $(echo $c | sed 's/drop/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
-	done
-}
-
 ss_rules_parse_args "$@"
 #ss_rules_flush
 ss_rules_ipset_init
 ss_rules_iptchains_init
-ss_rules_fw_drop

shadowsocks-libev/files/ss-rules6

@@ -267,20 +267,7 @@ ss_rules6_iptchains_mkprerules() {
 	fi
 }
 
-
-ss_rules6_fw_drop() {
-	fw3 -6 print 2>/dev/null | awk '/ip6tables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
-	while IFS=$"\n" read -r c; do
-		ip6tables -t nat -A zone_lan_prerouting $(echo $c | sed 's/reject/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
-	done
-	fw3 -6 print 2>/dev/null | awk '/ip6tables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
-	while IFS=$"\n" read -r c; do
-		ip6tables -t nat -A zone_lan_prerouting $(echo $c | sed 's/drop/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
-	done
-}
-
 ss_rules6_parse_args "$@"
 ss_rules6_flush
 ss_rules6_ipset_init
 ss_rules6_iptchains_init
-ss_rules6_fw_drop

v2ray-core/files/etc/init.d/v2ray

@@ -2086,7 +2086,10 @@ rules_exist() {
 }
 
 rules_up() {
-	rules_exist && return 0
+	rules_exist && {
+		[ -f /bin/blocklanfw ] && /bin/blocklanfw 2>&1 >/dev/null
+		return 0
+	}
 	enabled="0"
 	config_load v2ray
 	config_get enabled main enabled "0"
@@ -2098,6 +2101,11 @@ rules_up() {
 		logger -t "v2ray" "Rules UP"
 		add_v2ray_redirect_rules
 	}
+	[ -f /etc/init.d/omr-bypass ] && {
+		logger -t "v2ray" "Reload omr-bypass rules"
+		/etc/init.d/omr-bypass reload_rules
+	}
+	[ -f /bin/blocklanfw ] && /bin/blocklanfw 2>&1 >/dev/null
 }
 
 rules_down() {

v2ray-core/files/usr/bin/v2ray-rules

@@ -284,17 +284,22 @@ v2r_rules_iptchains_mkprerules() {
 }
 
 v2r_rules_fw_drop() {
-	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
+	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
-		iptables -t nat -A zone_lan_prerouting $(echo $c | sed 's/reject/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
+		fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
+		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
+			eval "iptables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
+		fi
 	done
-	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
+	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
-		iptables -t nat -A zone_lan_prerouting $(echo $c | sed 's/drop/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
+		fwrule=$(echo "$c" | sed 's/drop/REDIRECT --to-ports 65535/')
+		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
+			eval "iptables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
+		fi
 	done
 }
 
-
 v2r_rules_parse_args "$@"
 #v2r_rules_flush
 v2r_rules_ipset_init

v2ray-core/files/usr/bin/v2ray-rules6

@@ -275,17 +275,22 @@ v2ray_rules6_iptchains_mkprerules() {
 }
 
 v2ray_rules6_fw_drop() {
-	fw3 -6 print 2>/dev/null | awk '/ip6tables/&&/zone_lan_forward/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
+	fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
-		ip6tables -t nat -A zone_lan_prerouting $(echo $c | sed 's/reject/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
+		fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
+		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
+			eval "ip6tables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
+		fi
 	done
-	fw3 -6 print 2>/dev/null | awk '/ip6tables/&&/zone_lan_forward/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
+	fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
-		ip6tables -t nat -A zone_lan_prerouting $(echo $c | sed 's/drop/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
+		fwrule=$(echo "$c" | sed 's/drop/REDIRECT --to-ports 65535/')
+		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
+			eval "ip6tables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
+		fi
 	done
 }
 
-
 v2ray_rules6_parse_args "$@"
 v2ray_rules6_flush
 v2ray_rules6_ipset_init