Merge pull request #153 from Ysurac/develop

sync
2025-03-09 15:40:03 +00:00 · 2021-06-18 09:47:22 +08:00 · 2021-06-18 09:47:22 +08:00 · ca862defbb
commit ca862defbb
parent 564dbd065b 11f868ed12
3 changed files with 90 additions and 1 deletions
--- a/luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter
+++ b/luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter
@ -552,6 +552,12 @@ function get_rootfs()
 	return rootfs
 end

+function get_efi()
+	local efi = {}
+	efi['efi_enabled'] = nixio.fs.access("/sys/firmware/efi")
+	return efi
+end
+
 function get_ip(interface)
 	local ut      = require "luci.util"
 	local dump = require("luci.util").ubus("network.interface.%s" % interface, "status", {})
@ -1627,6 +1633,11 @@ local methods = {
 			return get_rootfs()
 		end
 	},
+	getefi = {
+		call = function()
+			return get_efi()
+		end
+	},
 	status = {
 		call = function()
 			return interfaces_status()
--- a/luci-app-sysupgrade/root/www/luci-static/resources/sysupgrade.js
+++ b/luci-app-sysupgrade/root/www/luci-static/resources/sysupgrade.js
@ -65,7 +65,8 @@ function setup() {
    ubus_call("system", "board", {}, "release");
    ubus_call("system", "board", {}, "board_name");
    ubus_call("system", "info", {}, "memory");
-    ubus_call("openmptcprouter", "rootfs", {}, "format");
+    ubus_call("openmptcprouter", "getrootfs", {}, "format");
+    ubus_call("openmptcprouter", "getefi", {}, "efi_enabled");
    uci_get({
        "config": "sysupgrade",
        "section": "server",
@ -231,6 +232,7 @@ function upgrade_request() {
    request_dict.target = data.release.target
    request_dict.profile = data.board_name
    request_dict.rootfs = data.format
+    request_dict.efi = data.efi_enabled

    if (data.edit_packages == true) {
        request_dict.packages = $("#edit_packages").value.split("\n")
--- a/openmptcprouter/files/bin/blocklanfw
+++ b/openmptcprouter/files/bin/blocklanfw
@ -0,0 +1,76 @@
+#!/bin/sh
+ss_rules_fw_drop() {
+	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+	while IFS=$"\n" read -r c; do
+		fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
+		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
+			eval "iptables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
+		fi
+	done
+	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+	while IFS=$"\n" read -r c; do
+		fwrule=$(echo "$c" | sed 's/drop/REDIRECT --to-ports 65535/')
+		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
+			eval "iptables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
+		fi
+	done
+}
+
+ss_rules6_fw_drop() {
+	fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+	while IFS=$"\n" read -r c; do
+		fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
+		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
+			eval "ip6tables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
+		fi
+	done
+	fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+	while IFS=$"\n" read -r c; do
+		fwrule=$(echo "$c" | sed 's/drop/REDIRECT --to-ports 65535/')
+		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
+			eval "ip6tables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
+		fi
+	done
+}
+
+v2r_rules_fw_drop() {
+	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+	while IFS=$"\n" read -r c; do
+		fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
+		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
+			eval "iptables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
+		fi
+	done
+	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+	while IFS=$"\n" read -r c; do
+		fwrule=$(echo "$c" | sed 's/drop/REDIRECT --to-ports 65535/')
+		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
+			eval "iptables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
+		fi
+	done
+}
+
+v2ray_rules6_fw_drop() {
+	fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+	while IFS=$"\n" read -r c; do
+		fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
+		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
+			eval "ip6tables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
+		fi
+	done
+	fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+	while IFS=$"\n" read -r c; do
+		fwrule=$(echo "$c" | sed 's/drop/REDIRECT --to-ports 65535/')
+		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
+			eval "ip6tables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
+		fi
+	done
+}
+
+if [ "$(uci -q get openmptcprouter.settings.proxy)" = "shadowsocks" ]; then
+	ss_rules6_fw_drop
+	ss_rules_fw_drop
+elif [ "$(uci -q get openmptcprouter.settings.proxy)" = "v2ray" ]; then
+	v2r_rules_fw_drop
+	v2ray_rules6_fw_drop
+fi