From 60fa1ac259eba141c8956b2c026d5d2b204ab828 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 4 Jun 2021 19:58:55 +0200
Subject: [PATCH 1/2] Add domains needed for amazonvideo bypass

---
 luci-app-omr-bypass/root/etc/uci-defaults/41_omr-bypass | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/luci-app-omr-bypass/root/etc/uci-defaults/41_omr-bypass b/luci-app-omr-bypass/root/etc/uci-defaults/41_omr-bypass
index 37bbf4ce3..9ced39f93 100755
--- a/luci-app-omr-bypass/root/etc/uci-defaults/41_omr-bypass
+++ b/luci-app-omr-bypass/root/etc/uci-defaults/41_omr-bypass
@@ -110,6 +110,14 @@ if [ "$(uci -q get omr-bypass.disneyplus)" = "" ]; then
 		commit omr-bypass
 	EOF
 fi
+if [ "$(uci -q get omr-bypass.amazonvideo)" = "" ]; then
+	uci -q batch <<-EOF >/dev/null
+		set omr-bypass.amazonvideo=proto
+		add_list omr-bypass.amazonvideo.url='cloudfront.net'
+		add_list omr-bypass.amazonvideo.url='llnw.net'
+		commit omr-bypass
+	EOF
+fi
 if [ ! -f /etc/crontabs/root ] || [ "$(cat /etc/crontabs/root | grep bypass)" = "" ]; then
 	echo "0 2 * * * /etc/init.d/omr-bypass bypass_asn" >> /etc/crontabs/root
 fi

From ba300f719642c045591ae9ba9ad46c90a8d57049 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 7 Jun 2021 19:22:11 +0200
Subject: [PATCH 2/2] Add dirty workaround for reject/block lan forward when
 proxy enabled

---
 shadowsocks-libev/files/ss-rules      | 14 +++++++++++++-
 shadowsocks-libev/files/ss-rules6     | 27 +++++++++++++++++++++------
 v2ray-core/files/usr/bin/v2ray-rules  | 13 +++++++++++++
 v2ray-core/files/usr/bin/v2ray-rules6 | 13 +++++++++++++
 4 files changed, 60 insertions(+), 7 deletions(-)

diff --git a/shadowsocks-libev/files/ss-rules b/shadowsocks-libev/files/ss-rules
index 87973133f..e5e9892c7 100755
--- a/shadowsocks-libev/files/ss-rules
+++ b/shadowsocks-libev/files/ss-rules
@@ -276,7 +276,7 @@ ss_rules_iptchains_mkprerules() {
 	local proto="$1"
 
 	if [ -z "$o_ifnames" ]; then
-		echo "-I PREROUTING 1 -p $proto -j ssr_${rule}_pre_src"
+		echo "-A PREROUTING -p $proto -j ssr_${rule}_pre_src"
 	else
 		echo $o_ifnames \
 			| tr ' ' '\n' \
@@ -284,7 +284,19 @@ ss_rules_iptchains_mkprerules() {
 	fi
 }
 
+ss_rules_fw_drop() {
+	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
+	while IFS=$"\n" read -r c; do
+		iptables -t nat -A zone_lan_prerouting $(echo $c | sed 's/reject/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
+	done
+	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
+	while IFS=$"\n" read -r c; do
+		iptables -t nat -A zone_lan_prerouting $(echo $c | sed 's/drop/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
+	done
+}
+
 ss_rules_parse_args "$@"
 #ss_rules_flush
 ss_rules_ipset_init
 ss_rules_iptchains_init
+ss_rules_fw_drop
\ No newline at end of file
diff --git a/shadowsocks-libev/files/ss-rules6 b/shadowsocks-libev/files/ss-rules6
index 21e257b10..d8394cc64 100755
--- a/shadowsocks-libev/files/ss-rules6
+++ b/shadowsocks-libev/files/ss-rules6
@@ -149,11 +149,13 @@ ss_rules6_iptchains_init() {
 }
 
 ss_rules6_iptchains_init_mark() {
-	ip6tables-restore -w --noflush <<-EOF
-		*mangle
-		-A PREROUTING -m set --match-set ss_rules6_dst_bypass_all dst -j MARK --set-mark 0x6539
-		COMMIT
-	EOF
+	if [ "$(ip6tables -w -t mangle -L PREROUTING | grep ss_rules6_dst_bypass_all)" = "" ]; then
+		ip6tables-restore -w --noflush <<-EOF
+			*mangle
+			-A PREROUTING -m set --match-set ss_rules6_dst_bypass_all dst -j MARK --set-mark 0x6539
+			COMMIT
+		EOF
+	fi
 }
 
 
@@ -257,7 +259,7 @@ ss_rules6_iptchains_mkprerules() {
 	local proto="$1"
 
 	if [ -z "$o_ifnames" ]; then
-		echo "-I PREROUTING 1 -p $proto -j ssr6_${rule}_pre_src"
+		echo "-A PREROUTING -p $proto -j ssr6_${rule}_pre_src"
 	else
 		echo $o_ifnames \
 			| tr ' ' '\n' \
@@ -265,7 +267,20 @@ ss_rules6_iptchains_mkprerules() {
 	fi
 }
 
+
+ss_rules6_fw_drop() {
+	fw3 -6 print 2>/dev/null | awk '/ip6tables/&&/zone_lan_forward/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
+	while IFS=$"\n" read -r c; do
+		ip6tables -t nat -A zone_lan_prerouting $(echo $c | sed 's/reject/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
+	done
+	fw3 -6 print 2>/dev/null | awk '/ip6tables/&&/zone_lan_forward/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
+	while IFS=$"\n" read -r c; do
+		ip6tables -t nat -A zone_lan_prerouting $(echo $c | sed 's/drop/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
+	done
+}
+
 ss_rules6_parse_args "$@"
 ss_rules6_flush
 ss_rules6_ipset_init
 ss_rules6_iptchains_init
+ss_rules6_fw_drop
\ No newline at end of file
diff --git a/v2ray-core/files/usr/bin/v2ray-rules b/v2ray-core/files/usr/bin/v2ray-rules
index 25f435cc9..695f2819d 100755
--- a/v2ray-core/files/usr/bin/v2ray-rules
+++ b/v2ray-core/files/usr/bin/v2ray-rules
@@ -283,7 +283,20 @@ v2r_rules_iptchains_mkprerules() {
 	fi
 }
 
+v2r_rules_fw_drop() {
+	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
+	while IFS=$"\n" read -r c; do
+		iptables -t nat -A zone_lan_prerouting $(echo $c | sed 's/reject/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
+	done
+	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
+	while IFS=$"\n" read -r c; do
+		iptables -t nat -A zone_lan_prerouting $(echo $c | sed 's/drop/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
+	done
+}
+
+
 v2r_rules_parse_args "$@"
 #v2r_rules_flush
 v2r_rules_ipset_init
 v2r_rules_iptchains_init
+v2r_rules_fw_drop
\ No newline at end of file
diff --git a/v2ray-core/files/usr/bin/v2ray-rules6 b/v2ray-core/files/usr/bin/v2ray-rules6
index c62b50ba0..952d64b04 100755
--- a/v2ray-core/files/usr/bin/v2ray-rules6
+++ b/v2ray-core/files/usr/bin/v2ray-rules6
@@ -274,7 +274,20 @@ v2ray_rules6_iptchains_mkprerules() {
 	fi
 }
 
+v2ray_rules6_fw_drop() {
+	fw3 -6 print 2>/dev/null | awk '/ip6tables/&&/zone_lan_forward/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
+	while IFS=$"\n" read -r c; do
+		ip6tables -t nat -A zone_lan_prerouting $(echo $c | sed 's/reject/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
+	done
+	fw3 -6 print 2>/dev/null | awk '/ip6tables/&&/zone_lan_forward/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
+	while IFS=$"\n" read -r c; do
+		ip6tables -t nat -A zone_lan_prerouting $(echo $c | sed 's/drop/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
+	done
+}
+
+
 v2ray_rules6_parse_args "$@"
 v2ray_rules6_flush
 v2ray_rules6_ipset_init
 v2ray_rules6_iptchains_init
+v2ray_rules6_fw_drop
\ No newline at end of file