From 8ef84d7f838e2751b79059eeee47d0fedb2cc464 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 17 Jun 2021 17:02:34 +0200 Subject: [PATCH 1/2] Add blocklanfw file --- openmptcprouter/files/bin/blocklanfw | 76 ++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100755 openmptcprouter/files/bin/blocklanfw diff --git a/openmptcprouter/files/bin/blocklanfw b/openmptcprouter/files/bin/blocklanfw new file mode 100755 index 000000000..0f4a85367 --- /dev/null +++ b/openmptcprouter/files/bin/blocklanfw @@ -0,0 +1,76 @@ +#!/bin/sh +ss_rules_fw_drop() { + fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | + while IFS=$"\n" read -r c; do + fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/') + if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then + eval "iptables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null" + fi + done + fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | + while IFS=$"\n" read -r c; do + fwrule=$(echo "$c" | sed 's/drop/REDIRECT --to-ports 65535/') + if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then + eval "iptables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null" + fi + done +} + +ss_rules6_fw_drop() { + fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | + while IFS=$"\n" read -r c; do + fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/') + if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then + eval "ip6tables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null" + fi + done + fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | + while IFS=$"\n" read -r c; do + fwrule=$(echo "$c" | sed 's/drop/REDIRECT --to-ports 65535/') + if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then + eval "ip6tables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null" + fi + done +} + +v2r_rules_fw_drop() { + fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | + while IFS=$"\n" read -r c; do + fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/') + if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then + eval "iptables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null" + fi + done + fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | + while IFS=$"\n" read -r c; do + fwrule=$(echo "$c" | sed 's/drop/REDIRECT --to-ports 65535/') + if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then + eval "iptables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null" + fi + done +} + +v2ray_rules6_fw_drop() { + fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | + while IFS=$"\n" read -r c; do + fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/') + if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then + eval "ip6tables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null" + fi + done + fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | + while IFS=$"\n" read -r c; do + fwrule=$(echo "$c" | sed 's/drop/REDIRECT --to-ports 65535/') + if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then + eval "ip6tables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null" + fi + done +} + +if [ "$(uci -q get openmptcprouter.settings.proxy)" = "shadowsocks" ]; then + ss_rules6_fw_drop + ss_rules_fw_drop +elif [ "$(uci -q get openmptcprouter.settings.proxy)" = "v2ray" ]; then + v2r_rules_fw_drop + v2ray_rules6_fw_drop +fi From 11f868ed12289ed95752e3a176e99deddaf6200c Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 17 Jun 2021 21:18:01 +0200 Subject: [PATCH 2/2] Download the right image based on FS and EFI --- .../root/usr/libexec/rpcd/openmptcprouter | 11 +++++++++++ .../root/www/luci-static/resources/sysupgrade.js | 4 +++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter b/luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter index 2a4f96c7f..effce068c 100755 --- a/luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter +++ b/luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter @@ -552,6 +552,12 @@ function get_rootfs() return rootfs end +function get_efi() + local efi = {} + efi['efi_enabled'] = nixio.fs.access("/sys/firmware/efi") + return efi +end + function get_ip(interface) local ut = require "luci.util" local dump = require("luci.util").ubus("network.interface.%s" % interface, "status", {}) @@ -1627,6 +1633,11 @@ local methods = { return get_rootfs() end }, + getefi = { + call = function() + return get_efi() + end + }, status = { call = function() return interfaces_status() diff --git a/luci-app-sysupgrade/root/www/luci-static/resources/sysupgrade.js b/luci-app-sysupgrade/root/www/luci-static/resources/sysupgrade.js index da2147ff2..8cbbced97 100644 --- a/luci-app-sysupgrade/root/www/luci-static/resources/sysupgrade.js +++ b/luci-app-sysupgrade/root/www/luci-static/resources/sysupgrade.js @@ -65,7 +65,8 @@ function setup() { ubus_call("system", "board", {}, "release"); ubus_call("system", "board", {}, "board_name"); ubus_call("system", "info", {}, "memory"); - ubus_call("openmptcprouter", "rootfs", {}, "format"); + ubus_call("openmptcprouter", "getrootfs", {}, "format"); + ubus_call("openmptcprouter", "getefi", {}, "efi_enabled"); uci_get({ "config": "sysupgrade", "section": "server", @@ -231,6 +232,7 @@ function upgrade_request() { request_dict.target = data.release.target request_dict.profile = data.board_name request_dict.rootfs = data.format + request_dict.efi = data.efi_enabled if (data.edit_packages == true) { request_dict.packages = $("#edit_packages").value.split("\n")