mirror of
https://github.com/Ysurac/openmptcprouter-feeds.git
synced 2025-03-09 15:40:03 +00:00
Merge branch 'develop' of https://github.com/Ysurac/openmptcprouter-feeds into test
This commit is contained in:
suyuan
commit
c488f2f630
98 changed files with 16335 additions and 385 deletions
|
|
@ -59,7 +59,7 @@ return L.view.extend({
|
|||
o = s.option(form.ListValue, 'family', _('Restrict to address family'));
|
||||
o.value('ipv4ipv6', _('IPv4 and IPv6'));
|
||||
o.value('ipv4', _('IPv4 only'));
|
||||
o.value('ipv4', _('IPv6 only'));
|
||||
o.value('ipv6', _('IPv6 only'));
|
||||
o.default = 'ipv4ipv6';
|
||||
o.modalonly = true
|
||||
|
||||
|
|
|
|||
|
|
@ -1,2 +1,2 @@
|
|||
#!/bin/sh
|
||||
[ -z "$(pgrep -f omr-bypass)" ] && logger -t "firewall.omr-bypass" "reloal omr-bypass rules" && /etc/init.d/omr-bypass reload_rules
|
||||
[ -z "$(pgrep -f omr-bypass)" ] && logger -t "firewall.omr-bypass" "reload omr-bypass rules" && /etc/init.d/omr-bypass reload_rules
|
||||
|
|
|
|||
|
|
@ -685,6 +685,59 @@ _intf_rule_v2ray_rules() {
|
|||
fi
|
||||
}
|
||||
|
||||
_intf_rule_xray_rules() {
|
||||
#rule_name=$1
|
||||
#[ "$rule_name" = "ss_rules" ] && rule_name="def"
|
||||
rule_name="def"
|
||||
if [ "$($IPTABLES --wait=40 -t nat -L -n | grep xr_${rule_name}_dst)" != "" ] && [ "$($IPTABLESSAVE 2>/dev/null | grep xr_${rule_name}_dst | grep omr_dst_bypass_$intf)" = "" ]; then
|
||||
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
|
||||
*nat
|
||||
-I xr_${rule_name}_dst 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
|
||||
-I xr_${rule_name}_dst 2 -m mark --mark 0x539$count -j RETURN
|
||||
COMMIT
|
||||
EOF
|
||||
fi
|
||||
if [ "$($IPTABLES --wait=40 -t nat -L -n | grep xr_${rule_name}_local_out)" != "" ] && [ "$($IPTABLESSAVE 2>/dev/null | grep xr_${rule_name}_local_out | grep omr_dst_bypass_$intf)" = "" ]; then
|
||||
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
|
||||
*nat
|
||||
-I xr_${rule_name}_local_out 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
|
||||
-I xr_${rule_name}_local_out 2 -m mark --mark 0x539$count -j RETURN
|
||||
COMMIT
|
||||
EOF
|
||||
fi
|
||||
if [ "$($IPTABLES --wait=40 -t nat -L -n | grep xr_${rule_name}_pre_src)" != "" ] && [ "$($IPTABLESSAVE 2</dev/null | grep xr_${rule_name}_pre_src | grep omr_dst_bypass_$intf)" = "" ]; then
|
||||
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
|
||||
*nat
|
||||
-I xr_${rule_name}_pre_src 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
|
||||
-I xr_${rule_name}_pre_src 2 -m mark --mark 0x539$count -j RETURN
|
||||
COMMIT
|
||||
EOF
|
||||
fi
|
||||
|
||||
|
||||
if [ "$disableipv6" = "0" ]; then
|
||||
if [ "$($IP6TABLESSAVE | grep omr-bypass6 | grep omr6_dst_bypass_$intf)" = "" ]; then
|
||||
$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
|
||||
*mangle
|
||||
-I omr-bypass6 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
|
||||
COMMIT
|
||||
EOF
|
||||
fi
|
||||
if [ "$($IP6TABLES --wait=40 -t nat -L -n | grep xr6_${rule_name}_pre_src)" != "" ] && [ "$($IP6TABLESSAVE 2>/dev/null | grep xr6 | grep omr6_dst_bypass_$intf)" = "" ]; then
|
||||
$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
|
||||
*nat
|
||||
-I xr6_${rule_name}_dst 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
|
||||
-I xr6_${rule_name}_dst 2 -m mark --mark 0x6539$count -j RETURN
|
||||
-I xr6_${rule_name}_local_out 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
|
||||
-I xr6_${rule_name}_local_out 2 -m mark --mark 0x6539$count -j RETURN
|
||||
-I xr6_${rule_name}_pre_src 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
|
||||
-I xr6_${rule_name}_pre_src 2 -m mark --mark 0x6539$count -j RETURN
|
||||
COMMIT
|
||||
EOF
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
_intf_rule() {
|
||||
local intf
|
||||
intf=$(ifstatus "$1" | jsonfilter -q -e '@["l3_device"]')
|
||||
|
|
@ -740,8 +793,13 @@ _intf_rule() {
|
|||
if [ "$(uci -q get openmptcprouter.settings.proxy)" = "shadowsocks" ]; then
|
||||
config_load shadowsocks-libev
|
||||
config_foreach _intf_rule_ss_rules ss_rules
|
||||
elif [ "$(uci -q get openmptcprouter.settings.proxy)" = "shadowsocks-rust" ]; then
|
||||
config_load shadowsocks-rust
|
||||
config_foreach _intf_rule_ss_rules ss_rules
|
||||
elif [ "$(uci -q get openmptcprouter.settings.proxy)" = "v2ray" ]; then
|
||||
_intf_rule_v2ray_rules
|
||||
elif [ "$(uci -q get openmptcprouter.settings.proxy)" = "xray" ]; then
|
||||
_intf_rule_xray_rules
|
||||
fi
|
||||
|
||||
uci -q set omr-bypass.$intf=interface
|
||||
|
|
@ -864,6 +922,45 @@ _v2ray_rules_config() {
|
|||
fi
|
||||
}
|
||||
|
||||
_xray_rules_config() {
|
||||
#rule_name=$1
|
||||
#[ "$rule_name" = "ss_rules" ] && rule_name="def"
|
||||
rule_name="def"
|
||||
if [ "$($IPTABLES --wait=40 -t nat -L -n | grep xr_${rule_name}_pre_src)" != "" ] && [ "$($IPTABLES --wait=40 -t nat -L -n | grep omr_dst_bypass_all)" = "" ]; then
|
||||
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
|
||||
*nat
|
||||
-I xr_${rule_name}_dst 1 -m set --match-set omr_dst_bypass_all dst -j MARK --set-mark 0x539
|
||||
-I xr_${rule_name}_dst 2 -m mark --mark 0x539 -j RETURN
|
||||
-I xr_${rule_name}_local_out 1 -m set --match-set omr_dst_bypass_all dst -j MARK --set-mark 0x539
|
||||
-I xr_${rule_name}_local_out 2 -m mark --mark 0x539 -j RETURN
|
||||
-I xr_${rule_name}_pre_src 1 -m set --match-set omr_dst_bypass_all dst -j MARK --set-mark 0x539
|
||||
-I xr_${rule_name}_pre_src 2 -m mark --mark 0x539 -j RETURN
|
||||
COMMIT
|
||||
EOF
|
||||
fi
|
||||
if [ "$disableipv6" = "0" ]; then
|
||||
if [ "$($IP6TABLES --wait=40 -t mangle -L -n | grep 'match-set omr6_dst_bypass_all dst MARK set')" = "" ]; then
|
||||
$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
|
||||
*mangle
|
||||
-A omr-bypass6 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539
|
||||
COMMIT
|
||||
EOF
|
||||
fi
|
||||
if [ "$($IP6TABLES --wait=40 -t nat -L -n | grep xr6_${rule_name}_pre_src)" != "" ] && [ "$($IP6TABLES --wait=40 -t nat -L -n | grep omr6_dst_bypass_all)" = "" ]; then
|
||||
$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
|
||||
*nat
|
||||
-I xr6_${rule_name}_dst 1 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539
|
||||
-I xr6_${rule_name}_dst 1 -m mark --mark 0x6539 -j RETURN
|
||||
-I xr6_${rule_name}_local_out 1 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539
|
||||
-I xr6_${rule_name}_local_out 2 -m mark --mark 0x6539 -j RETURN
|
||||
-I xr6_${rule_name}_pre_src 1 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539
|
||||
-I xr6_${rule_name}_pre_src 2 -m mark --mark 0x6539 -j RETURN
|
||||
COMMIT
|
||||
EOF
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
boot() {
|
||||
BOOT=1
|
||||
start "$@"
|
||||
|
|
@ -970,7 +1067,10 @@ start_service() {
|
|||
|
||||
config_load shadowsocks-libev
|
||||
config_foreach _ss_rules_config
|
||||
config_load shadowsocks-rust
|
||||
config_foreach _ss_rules_config
|
||||
_v2ray_rules_config
|
||||
_xray_rules_config
|
||||
|
||||
$IPTABLESSAVE --counters 2>/dev/null | grep -v omr-bypass-dpi | $IPTABLESRESTORE -w --counters 2>/dev/null
|
||||
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue