mirror of
https://github.com/Ysurac/openmptcprouter-feeds.git
synced 2025-03-09 15:40:03 +00:00
Add dirty workaround for reject/block lan forward when proxy enabled
This commit is contained in:
Ycarus (Yannick Chabanois)
parent
60fa1ac259
commit
ba300f7196
4 changed files with 60 additions and 7 deletions
|
|
@ -276,7 +276,7 @@ ss_rules_iptchains_mkprerules() {
|
|||
local proto="$1"
|
||||
|
||||
if [ -z "$o_ifnames" ]; then
|
||||
echo "-I PREROUTING 1 -p $proto -j ssr_${rule}_pre_src"
|
||||
echo "-A PREROUTING -p $proto -j ssr_${rule}_pre_src"
|
||||
else
|
||||
echo $o_ifnames \
|
||||
| tr ' ' '\n' \
|
||||
|
|
@ -284,7 +284,19 @@ ss_rules_iptchains_mkprerules() {
|
|||
fi
|
||||
}
|
||||
|
||||
ss_rules_fw_drop() {
|
||||
fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
|
||||
while IFS=$"\n" read -r c; do
|
||||
iptables -t nat -A zone_lan_prerouting $(echo $c | sed 's/reject/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
|
||||
done
|
||||
fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
|
||||
while IFS=$"\n" read -r c; do
|
||||
iptables -t nat -A zone_lan_prerouting $(echo $c | sed 's/drop/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
|
||||
done
|
||||
}
|
||||
|
||||
ss_rules_parse_args "$@"
|
||||
#ss_rules_flush
|
||||
ss_rules_ipset_init
|
||||
ss_rules_iptchains_init
|
||||
ss_rules_fw_drop
|
||||
|
|
@ -149,11 +149,13 @@ ss_rules6_iptchains_init() {
|
|||
}
|
||||
|
||||
ss_rules6_iptchains_init_mark() {
|
||||
ip6tables-restore -w --noflush <<-EOF
|
||||
*mangle
|
||||
-A PREROUTING -m set --match-set ss_rules6_dst_bypass_all dst -j MARK --set-mark 0x6539
|
||||
COMMIT
|
||||
EOF
|
||||
if [ "$(ip6tables -w -t mangle -L PREROUTING | grep ss_rules6_dst_bypass_all)" = "" ]; then
|
||||
ip6tables-restore -w --noflush <<-EOF
|
||||
*mangle
|
||||
-A PREROUTING -m set --match-set ss_rules6_dst_bypass_all dst -j MARK --set-mark 0x6539
|
||||
COMMIT
|
||||
EOF
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -257,7 +259,7 @@ ss_rules6_iptchains_mkprerules() {
|
|||
local proto="$1"
|
||||
|
||||
if [ -z "$o_ifnames" ]; then
|
||||
echo "-I PREROUTING 1 -p $proto -j ssr6_${rule}_pre_src"
|
||||
echo "-A PREROUTING -p $proto -j ssr6_${rule}_pre_src"
|
||||
else
|
||||
echo $o_ifnames \
|
||||
| tr ' ' '\n' \
|
||||
|
|
@ -265,7 +267,20 @@ ss_rules6_iptchains_mkprerules() {
|
|||
fi
|
||||
}
|
||||
|
||||
|
||||
ss_rules6_fw_drop() {
|
||||
fw3 -6 print 2>/dev/null | awk '/ip6tables/&&/zone_lan_forward/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
|
||||
while IFS=$"\n" read -r c; do
|
||||
ip6tables -t nat -A zone_lan_prerouting $(echo $c | sed 's/reject/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
|
||||
done
|
||||
fw3 -6 print 2>/dev/null | awk '/ip6tables/&&/zone_lan_forward/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
|
||||
while IFS=$"\n" read -r c; do
|
||||
ip6tables -t nat -A zone_lan_prerouting $(echo $c | sed 's/drop/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
|
||||
done
|
||||
}
|
||||
|
||||
ss_rules6_parse_args "$@"
|
||||
ss_rules6_flush
|
||||
ss_rules6_ipset_init
|
||||
ss_rules6_iptchains_init
|
||||
ss_rules6_fw_drop
|
||||
|
|
@ -283,7 +283,20 @@ v2r_rules_iptchains_mkprerules() {
|
|||
fi
|
||||
}
|
||||
|
||||
v2r_rules_fw_drop() {
|
||||
fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
|
||||
while IFS=$"\n" read -r c; do
|
||||
iptables -t nat -A zone_lan_prerouting $(echo $c | sed 's/reject/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
|
||||
done
|
||||
fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
|
||||
while IFS=$"\n" read -r c; do
|
||||
iptables -t nat -A zone_lan_prerouting $(echo $c | sed 's/drop/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
|
||||
done
|
||||
}
|
||||
|
||||
|
||||
v2r_rules_parse_args "$@"
|
||||
#v2r_rules_flush
|
||||
v2r_rules_ipset_init
|
||||
v2r_rules_iptchains_init
|
||||
v2r_rules_fw_drop
|
||||
|
|
@ -274,7 +274,20 @@ v2ray_rules6_iptchains_mkprerules() {
|
|||
fi
|
||||
}
|
||||
|
||||
v2ray_rules6_fw_drop() {
|
||||
fw3 -6 print 2>/dev/null | awk '/ip6tables/&&/zone_lan_forward/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
|
||||
while IFS=$"\n" read -r c; do
|
||||
ip6tables -t nat -A zone_lan_prerouting $(echo $c | sed 's/reject/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
|
||||
done
|
||||
fw3 -6 print 2>/dev/null | awk '/ip6tables/&&/zone_lan_forward/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) printf "%s ",$i }' |
|
||||
while IFS=$"\n" read -r c; do
|
||||
ip6tables -t nat -A zone_lan_prerouting $(echo $c | sed 's/drop/REDIRECT --to-ports 65535/') 2>&1 >/dev/null
|
||||
done
|
||||
}
|
||||
|
||||
|
||||
v2ray_rules6_parse_args "$@"
|
||||
v2ray_rules6_flush
|
||||
v2ray_rules6_ipset_init
|
||||
v2ray_rules6_iptchains_init
|
||||
v2ray_rules6_fw_drop
|
||||
Loading…
Add table
Add a link
Reference in a new issue