mptcp/openmptcprouter-feeds
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-feeds.git synced 2025-03-09 15:40:03 +00:00
Code Issues Releases Wiki Activity

Fix block from lan

Browse source
This commit is contained in:
Ycarus (Yannick Chabanois) 2021-06-17 12:30:16 +02:00
parent 240076b993
commit 5e058118c8
6 changed files with 34 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

6
shadowsocks-libev/files/shadowsocks-libev.init
View file

@ -339,7 +339,10 @@ server_state() {
} }
rules_up() { rules_up() {
rules_exist && return 0 rules_exist && {
[ -f /bin/blocklanfw ] && /bin/blocklanfw 2>&1 >/dev/null
return 0
}
[ "$(uci -q get shadowsocks-libev.ss_rules.disabled)" = "1" ] && return 0 [ "$(uci -q get shadowsocks-libev.ss_rules.disabled)" = "1" ] && return 0
enabled="0" enabled="0"
passkey="" passkey=""
@ -357,6 +360,7 @@ rules_up() {
logger -t "Shadowsocks" "Reload omr-bypass rules" logger -t "Shadowsocks" "Reload omr-bypass rules"
/etc/init.d/omr-bypass reload_rules /etc/init.d/omr-bypass reload_rules
} }
[ -f /bin/blocklanfw ] && /bin/blocklanfw 2>&1 >/dev/null
} }
rules_down() { rules_down() {

12
shadowsocks-libev/files/ss-rules
View file

@ -284,19 +284,7 @@ ss_rules_iptchains_mkprerules() {
fi fi
} }
ss_rules_fw_drop() {
fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
while IFS=$"\n" read -r c; do
iptables -t nat -A zone_lan_prerouting $(echo $c | sed 's/reject/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
done
fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
while IFS=$"\n" read -r c; do
iptables -t nat -A zone_lan_prerouting $(echo $c | sed 's/drop/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
done
}
ss_rules_parse_args "$@" ss_rules_parse_args "$@"
#ss_rules_flush #ss_rules_flush
ss_rules_ipset_init ss_rules_ipset_init
ss_rules_iptchains_init ss_rules_iptchains_init
ss_rules_fw_drop

13
shadowsocks-libev/files/ss-rules6
View file

@ -267,20 +267,7 @@ ss_rules6_iptchains_mkprerules() {
fi fi
} }
ss_rules6_fw_drop() {
fw3 -6 print 2>/dev/null | awk '/ip6tables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
while IFS=$"\n" read -r c; do
ip6tables -t nat -A zone_lan_prerouting $(echo $c | sed 's/reject/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
done
fw3 -6 print 2>/dev/null | awk '/ip6tables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
while IFS=$"\n" read -r c; do
ip6tables -t nat -A zone_lan_prerouting $(echo $c | sed 's/drop/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
done
}
ss_rules6_parse_args "$@" ss_rules6_parse_args "$@"
ss_rules6_flush ss_rules6_flush
ss_rules6_ipset_init ss_rules6_ipset_init
ss_rules6_iptchains_init ss_rules6_iptchains_init
ss_rules6_fw_drop

10
v2ray-core/files/etc/init.d/v2ray
View file

@ -2086,7 +2086,10 @@ rules_exist() {
} }
rules_up() { rules_up() {
rules_exist && return 0 rules_exist && {
[ -f /bin/blocklanfw ] && /bin/blocklanfw 2>&1 >/dev/null
return 0
}
enabled="0" enabled="0"
config_load v2ray config_load v2ray
config_get enabled main enabled "0" config_get enabled main enabled "0"
@ -2098,6 +2101,11 @@ rules_up() {
logger -t "v2ray" "Rules UP" logger -t "v2ray" "Rules UP"
add_v2ray_redirect_rules add_v2ray_redirect_rules
} }
[ -f /etc/init.d/omr-bypass ] && {
logger -t "v2ray" "Reload omr-bypass rules"
/etc/init.d/omr-bypass reload_rules
}
[ -f /bin/blocklanfw ] && /bin/blocklanfw 2>&1 >/dev/null
} }
rules_down() { rules_down() {

15
v2ray-core/files/usr/bin/v2ray-rules
View file

@ -284,17 +284,22 @@ v2r_rules_iptchains_mkprerules() {
} }
v2r_rules_fw_drop() { v2r_rules_fw_drop() {
fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) printf "%s ",$i }' | fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do while IFS=$"\n" read -r c; do
iptables -t nat -A zone_lan_prerouting $(echo $c | sed 's/reject/REDIRECT --to-ports 65535/') 2>&1 >/dev/null fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
eval "iptables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
fi
done done
fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) printf "%s ",$i }' | fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do while IFS=$"\n" read -r c; do
iptables -t nat -A zone_lan_prerouting $(echo $c | sed 's/drop/REDIRECT --to-ports 65535/') 2>&1 >/dev/null fwrule=$(echo "$c" | sed 's/drop/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
eval "iptables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
fi
done done
} }
v2r_rules_parse_args "$@" v2r_rules_parse_args "$@"
#v2r_rules_flush #v2r_rules_flush
v2r_rules_ipset_init v2r_rules_ipset_init

15
v2ray-core/files/usr/bin/v2ray-rules6
View file

@ -275,17 +275,22 @@ v2ray_rules6_iptchains_mkprerules() {
} }
v2ray_rules6_fw_drop() { v2ray_rules6_fw_drop() {
fw3 -6 print 2>/dev/null | awk '/ip6tables/&&/zone_lan_forward/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) printf "%s ",$i }' | fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do while IFS=$"\n" read -r c; do
ip6tables -t nat -A zone_lan_prerouting $(echo $c | sed 's/reject/REDIRECT --to-ports 65535/') 2>&1 >/dev/null fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
eval "ip6tables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
fi
done done
fw3 -6 print 2>/dev/null | awk '/ip6tables/&&/zone_lan_forward/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) printf "%s ",$i }' | fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do while IFS=$"\n" read -r c; do
ip6tables -t nat -A zone_lan_prerouting $(echo $c | sed 's/drop/REDIRECT --to-ports 65535/') 2>&1 >/dev/null fwrule=$(echo "$c" | sed 's/drop/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
eval "ip6tables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
fi
done done
} }
v2ray_rules6_parse_args "$@" v2ray_rules6_parse_args "$@"
v2ray_rules6_flush v2ray_rules6_flush
v2ray_rules6_ipset_init v2ray_rules6_ipset_init