mptcp/openmptcprouter-feeds
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-feeds.git synced 2025-03-09 15:40:03 +00:00
Code Issues Releases Wiki Activity

Merge branch 'test' into develop

Browse source
This commit is contained in:
suyuan 2020-10-31 17:03:59 +08:00
commit 87e94457b3
16 changed files with 123 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

6
openmptcprouter/files/etc/firewall.gre-tunnel
View file

@ -11,8 +11,10 @@ _setup_rules() {
_setup_routes() {
config_get lookup $1 lookup
config_get gateway $1 gateway
intf=$(ifstatus | jsonfilter -e '@.l3_device' | tr -d "\n")
ip route replace default via $gateway dev $intf table $lookup
intf=$(ifstatus $1 | jsonfilter -e '@.l3_device' | tr -d "\n")
if [ -n "$lookup" ] && [ -n "$intf" ] && [ -n "$gateway" ]; then
ip route replace default via $gateway dev $intf table $lookup
fi
}
config_load network
config_foreach _setup_rules interface

3
openmptcprouter/files/etc/init.d/openmptcprouter-vps
View file

@ -668,6 +668,7 @@ _set_vpn_ip() {
vpnip_remote=$(ip -4 r list dev ${vpnifname} | grep via | grep -v default | grep -v / | grep -v metric | awk '{print $1}' | tr -d "\n")
[ -z "$vpnip_remote" ] && vpnip_remote=$(ip -4 r list dev ${vpnifname} | grep kernel | awk '{print $1}' | tr -d "\n")
[ -z "$vpnip_remote" ] && vpnip_remote=$(ip -4 r list dev ${vpnifname} | grep "proto static src" | awk '{print $3}' | tr -d "\n")
[ -z "$vpnip_remote" ] && vpnip_remote=$(ifstatus omrvpn | jsonfilter -e '@.route[0].nexthop')
ula="$(uci -q get network.globals.ula_prefix)"
ula_current="$(echo "$vps_config" | jsonfilter -q -e '@.ip6in4.ula')"
if [ "$vpnip_remote" != "" ] && [ "$vpnip_local" != "" ] && ([ "$vpnip_remote" != "$vpnip_remote_current" ] || [ "$vpnip_local" != "$vpnip_local_current" ] || [ "$ula" != "$ula_current" ]); then
@ -724,7 +725,7 @@ _vps_firewall_redirect_port() {
#uci -q delete firewall.$1
#return
fi
[ "$(v2ray.main.enabled)" = "0" ] && v2ray="0"
[ "$(uci -q get v2ray.main.enabled)" = "0" ] && v2ray="0"
[ "$proto" = "all" ] && proto="tcp udp"
[ "$proto" = "" ] && proto="tcp udp"
[ "$src" = "vpn" ] && [ -n "$proto" ] && [ -n "$src_dport" ] && [ "$enabled" != "0" ] && {

40
openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
View file

@ -16,16 +16,16 @@ if [ "$(uci -q get firewall.@zone[2].name)" = "vpn" ]; then
fi
if [ "$(uci -q get firewall.zone_vpn)" = "" ]; then
uci -q batch <<-EOF >/dev/null
set firewall.zone_vpn=zone
set firewall.zone_vpn.name=vpn
set firewall.zone_vpn.network=glorytun
set firewall.zone_vpn.masq=1
set firewall.zone_vpn.input=REJECT
set firewall.zone_vpn.forward=ACCEPT
set firewall.zone_vpn.output=ACCEPT
commit firewall
EOF
uci -q batch <<-EOF >/dev/null
set firewall.zone_vpn=zone
set firewall.zone_vpn.name=vpn
set firewall.zone_vpn.network=glorytun
set firewall.zone_vpn.masq=1
set firewall.zone_vpn.input=REJECT
set firewall.zone_vpn.forward=ACCEPT
set firewall.zone_vpn.output=ACCEPT
commit firewall
EOF
fi
if [ "$(uci -q get firewall.@rule[5].name)" = "Allow-ICMPv6-Input" ]; then
@ -131,6 +131,26 @@ if [ "$(uci -q get firewall.fwlantovpn)" = "" ]; then
commit firewall
EOF
fi
if [ "$(uci -q get firewall.blockquicproxy)" = "" ]; then
uci -q batch <<-EOF >/dev/null
set firewall.blockquicproxy=rule
set firewall.blockquicproxy.name='Block QUIC Proxy'
set firewall.blockquicproxy.proto='udp'
set firewall.blockquicproxy.dest_port='443'
set firewall.blockquicproxy.target='DROP'
set firewall.blockquicproxy.src='lan'
set firewall.blockquicall=rule
set firewall.blockquicall.name='Block QUIC All'
set firewall.blockquicall.proto='udp'
set firewall.blockquicall.src='*'
set firewall.blockquicall.dest='*'
set firewall.blockquicall.dest_port='443'
set firewall.blockquicall.target='DROP'
commit firewall
EOF
fi
uci -q batch <<-EOF >/dev/null
set firewall.@zone[0].mtu_fix='1'
set firewall.zone_vpn.mtu_fix='1'