mirror of
https://github.com/Ysurac/openmptcprouter-feeds.git
synced 2025-03-09 15:40:03 +00:00
Fix block from lan
This commit is contained in:
parent
240076b993
commit
5e058118c8
6 changed files with 34 additions and 37 deletions
|
@ -339,7 +339,10 @@ server_state() {
|
||||||
}
|
}
|
||||||
|
|
||||||
rules_up() {
|
rules_up() {
|
||||||
rules_exist && return 0
|
rules_exist && {
|
||||||
|
[ -f /bin/blocklanfw ] && /bin/blocklanfw 2>&1 >/dev/null
|
||||||
|
return 0
|
||||||
|
}
|
||||||
[ "$(uci -q get shadowsocks-libev.ss_rules.disabled)" = "1" ] && return 0
|
[ "$(uci -q get shadowsocks-libev.ss_rules.disabled)" = "1" ] && return 0
|
||||||
enabled="0"
|
enabled="0"
|
||||||
passkey=""
|
passkey=""
|
||||||
|
@ -357,6 +360,7 @@ rules_up() {
|
||||||
logger -t "Shadowsocks" "Reload omr-bypass rules"
|
logger -t "Shadowsocks" "Reload omr-bypass rules"
|
||||||
/etc/init.d/omr-bypass reload_rules
|
/etc/init.d/omr-bypass reload_rules
|
||||||
}
|
}
|
||||||
|
[ -f /bin/blocklanfw ] && /bin/blocklanfw 2>&1 >/dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
rules_down() {
|
rules_down() {
|
||||||
|
|
|
@ -284,19 +284,7 @@ ss_rules_iptchains_mkprerules() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
ss_rules_fw_drop() {
|
|
||||||
fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
|
|
||||||
while IFS=$"\n" read -r c; do
|
|
||||||
iptables -t nat -A zone_lan_prerouting $(echo $c | sed 's/reject/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
|
|
||||||
done
|
|
||||||
fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
|
|
||||||
while IFS=$"\n" read -r c; do
|
|
||||||
iptables -t nat -A zone_lan_prerouting $(echo $c | sed 's/drop/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
ss_rules_parse_args "$@"
|
ss_rules_parse_args "$@"
|
||||||
#ss_rules_flush
|
#ss_rules_flush
|
||||||
ss_rules_ipset_init
|
ss_rules_ipset_init
|
||||||
ss_rules_iptchains_init
|
ss_rules_iptchains_init
|
||||||
ss_rules_fw_drop
|
|
|
@ -267,20 +267,7 @@ ss_rules6_iptchains_mkprerules() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
ss_rules6_fw_drop() {
|
|
||||||
fw3 -6 print 2>/dev/null | awk '/ip6tables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
|
|
||||||
while IFS=$"\n" read -r c; do
|
|
||||||
ip6tables -t nat -A zone_lan_prerouting $(echo $c | sed 's/reject/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
|
|
||||||
done
|
|
||||||
fw3 -6 print 2>/dev/null | awk '/ip6tables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
|
|
||||||
while IFS=$"\n" read -r c; do
|
|
||||||
ip6tables -t nat -A zone_lan_prerouting $(echo $c | sed 's/drop/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
ss_rules6_parse_args "$@"
|
ss_rules6_parse_args "$@"
|
||||||
ss_rules6_flush
|
ss_rules6_flush
|
||||||
ss_rules6_ipset_init
|
ss_rules6_ipset_init
|
||||||
ss_rules6_iptchains_init
|
ss_rules6_iptchains_init
|
||||||
ss_rules6_fw_drop
|
|
|
@ -2086,7 +2086,10 @@ rules_exist() {
|
||||||
}
|
}
|
||||||
|
|
||||||
rules_up() {
|
rules_up() {
|
||||||
rules_exist && return 0
|
rules_exist && {
|
||||||
|
[ -f /bin/blocklanfw ] && /bin/blocklanfw 2>&1 >/dev/null
|
||||||
|
return 0
|
||||||
|
}
|
||||||
enabled="0"
|
enabled="0"
|
||||||
config_load v2ray
|
config_load v2ray
|
||||||
config_get enabled main enabled "0"
|
config_get enabled main enabled "0"
|
||||||
|
@ -2098,6 +2101,11 @@ rules_up() {
|
||||||
logger -t "v2ray" "Rules UP"
|
logger -t "v2ray" "Rules UP"
|
||||||
add_v2ray_redirect_rules
|
add_v2ray_redirect_rules
|
||||||
}
|
}
|
||||||
|
[ -f /etc/init.d/omr-bypass ] && {
|
||||||
|
logger -t "v2ray" "Reload omr-bypass rules"
|
||||||
|
/etc/init.d/omr-bypass reload_rules
|
||||||
|
}
|
||||||
|
[ -f /bin/blocklanfw ] && /bin/blocklanfw 2>&1 >/dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
rules_down() {
|
rules_down() {
|
||||||
|
|
|
@ -284,17 +284,22 @@ v2r_rules_iptchains_mkprerules() {
|
||||||
}
|
}
|
||||||
|
|
||||||
v2r_rules_fw_drop() {
|
v2r_rules_fw_drop() {
|
||||||
fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
|
fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
|
||||||
while IFS=$"\n" read -r c; do
|
while IFS=$"\n" read -r c; do
|
||||||
iptables -t nat -A zone_lan_prerouting $(echo $c | sed 's/reject/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
|
fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
|
||||||
|
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
|
||||||
|
eval "iptables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
|
fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
|
||||||
while IFS=$"\n" read -r c; do
|
while IFS=$"\n" read -r c; do
|
||||||
iptables -t nat -A zone_lan_prerouting $(echo $c | sed 's/drop/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
|
fwrule=$(echo "$c" | sed 's/drop/REDIRECT --to-ports 65535/')
|
||||||
|
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
|
||||||
|
eval "iptables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
v2r_rules_parse_args "$@"
|
v2r_rules_parse_args "$@"
|
||||||
#v2r_rules_flush
|
#v2r_rules_flush
|
||||||
v2r_rules_ipset_init
|
v2r_rules_ipset_init
|
||||||
|
|
|
@ -275,17 +275,22 @@ v2ray_rules6_iptchains_mkprerules() {
|
||||||
}
|
}
|
||||||
|
|
||||||
v2ray_rules6_fw_drop() {
|
v2ray_rules6_fw_drop() {
|
||||||
fw3 -6 print 2>/dev/null | awk '/ip6tables/&&/zone_lan_forward/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
|
fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
|
||||||
while IFS=$"\n" read -r c; do
|
while IFS=$"\n" read -r c; do
|
||||||
ip6tables -t nat -A zone_lan_prerouting $(echo $c | sed 's/reject/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
|
fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
|
||||||
|
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
|
||||||
|
eval "ip6tables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
fw3 -6 print 2>/dev/null | awk '/ip6tables/&&/zone_lan_forward/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
|
fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
|
||||||
while IFS=$"\n" read -r c; do
|
while IFS=$"\n" read -r c; do
|
||||||
ip6tables -t nat -A zone_lan_prerouting $(echo $c | sed 's/drop/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
|
fwrule=$(echo "$c" | sed 's/drop/REDIRECT --to-ports 65535/')
|
||||||
|
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
|
||||||
|
eval "ip6tables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
v2ray_rules6_parse_args "$@"
|
v2ray_rules6_parse_args "$@"
|
||||||
v2ray_rules6_flush
|
v2ray_rules6_flush
|
||||||
v2ray_rules6_ipset_init
|
v2ray_rules6_ipset_init
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue