mirror of
https://github.com/Ysurac/openmptcprouter-feeds.git
synced 2025-03-09 15:40:03 +00:00
Set a different ipset to bypass all and one to bypass only shadowsocks
This commit is contained in:
Ycarus
parent
97ff6a8bd5
commit
eedd893c9c
10 changed files with 38 additions and 26 deletions
|
|
@ -47,6 +47,7 @@ populated by other programs like dnsmasq with ipset support
|
|||
ss_rules_src_forward
|
||||
ss_rules_src_checkdst
|
||||
ss_rules_dst_bypass
|
||||
ss_rules_dst_bypass_all
|
||||
ss_rules_dst_forward
|
||||
EOF
|
||||
}
|
||||
|
|
@ -97,6 +98,7 @@ ss_rules_parse_args() {
|
|||
--src-forward) o_src_forward="$2"; shift 2;;
|
||||
--src-checkdst) o_src_checkdst="$2"; shift 2;;
|
||||
--dst-bypass) o_dst_bypass="$2"; shift 2;;
|
||||
--dst-bypass_all) o_dst_bypass_all="$2"; shift 2;;
|
||||
--dst-forward) o_dst_forward="$2"; shift 2;;
|
||||
--dst-forward-recentrst) o_dst_forward_recentrst=1; shift 1;;
|
||||
--dst-bypass-file) o_dst_bypass_file="$2"; shift 2;;
|
||||
|
|
@ -132,11 +134,13 @@ ss_rules_ipset_init() {
|
|||
create ss_rules_src_bypass hash:net hashsize 64
|
||||
create ss_rules_src_forward hash:net hashsize 64
|
||||
create ss_rules_src_checkdst hash:net hashsize 64
|
||||
create ss_rules_dst_bypass_all hash:net hashsize 64
|
||||
create ss_rules_dst_bypass hash:net hashsize 64
|
||||
create ss_rules_dst_bypass_ hash:net hashsize 64
|
||||
create ss_rules_dst_forward hash:net hashsize 64
|
||||
create ss_rules_dst_forward_recentrst_ hash:ip hashsize 64 timeout 3600
|
||||
$(ss_rules_ipset_mkadd ss_rules_dst_bypass_ "$o_dst_bypass_ $o_remote_servers")
|
||||
$(ss_rules_ipset_mkadd ss_rules_dst_bypass_all "$o_dst_bypass_all")
|
||||
$(ss_rules_ipset_mkadd ss_rules_dst_bypass "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')")
|
||||
$(ss_rules_ipset_mkadd ss_rules_src_bypass "$o_src_bypass")
|
||||
$(ss_rules_ipset_mkadd ss_rules_src_forward "$o_src_forward")
|
||||
|
|
@ -163,7 +167,7 @@ ss_rules_iptchains_init() {
|
|||
ss_rules_iptchains_init_mark() {
|
||||
iptables-restore --noflush <<-EOF
|
||||
*mangle
|
||||
-A PREROUTING -m set --match-set ss_rules_dst_bypass dst -j MARK --set-mark 0x539
|
||||
-A PREROUTING -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-mark 0x539
|
||||
COMMIT
|
||||
EOF
|
||||
}
|
||||
|
|
@ -186,8 +190,9 @@ ss_rules_iptchains_init_tcp() {
|
|||
:ss_rules_local_out -
|
||||
-I OUTPUT 1 -p tcp -j ss_rules_local_out
|
||||
-A ss_rules_local_out -m set --match-set ss_rules_dst_bypass dst -j RETURN
|
||||
-A ss_rules_local_out -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
|
||||
-A ss_rules_local_out -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
|
||||
-A ss_rules_local_out -m mark --mark 0x539 -j RETURN
|
||||
-A ss_rules_local_out -m mark ! --mark 0 -j RETURN
|
||||
-A ss_rules_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
|
||||
COMMIT
|
||||
EOF
|
||||
|
|
@ -243,9 +248,11 @@ ss_rules_iptchains_init_() {
|
|||
:ss_rules_forward -
|
||||
$(ss_rules_iptchains_mkprerules "$proto")
|
||||
-A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
|
||||
-A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass dst -j MARK --set-mark 0x539
|
||||
-A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-mark 0x539
|
||||
-A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
|
||||
-A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass dst -j RETURN
|
||||
-A ss_rules_pre_src -m mark --mark 0x539 -j RETURN
|
||||
-A ss_rules_pre_src -m mark ! --mark 0 -j RETURN
|
||||
-A ss_rules_dst -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
|
||||
-A ss_rules_dst -m set --match-set ss_rules_dst_bypass dst -j RETURN
|
||||
-A ss_rules_pre_src -p $proto $o_ipt_extra -j ss_rules_src
|
||||
-A ss_rules_src -m set --match-set ss_rules_src_bypass src -j RETURN
|
||||
|
|
|
|||
|
|
@ -116,10 +116,12 @@ ss_rules6_ipset_init() {
|
|||
create ss_rules6_src_forward hash:net family inet6 hashsize 64
|
||||
create ss_rules6_src_checkdst hash:net family inet6 hashsize 64
|
||||
create ss_rules6_dst_bypass hash:net family inet6 hashsize 64
|
||||
create ss_rules6_dst_bypass_all hash:net family inet6 hashsize 64
|
||||
create ss_rules6_dst_bypass_ hash:net family inet6 hashsize 64
|
||||
create ss_rules6_dst_forward hash:net family inet6 hashsize 64
|
||||
create ss_rules6_dst_forward_recrst_ hash:ip family inet6 hashsize 64 timeout 3600
|
||||
$(ss_rules6_ipset_mkadd ss_rules6_dst_bypass_ "$o_dst_bypass_ $o_remote_servers")
|
||||
$(ss_rules6_ipset_mkadd ss_rules6_dst_bypass_all "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')")
|
||||
$(ss_rules6_ipset_mkadd ss_rules6_dst_bypass "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')")
|
||||
$(ss_rules6_ipset_mkadd ss_rules6_src_bypass "$o_src_bypass")
|
||||
$(ss_rules6_ipset_mkadd ss_rules6_src_forward "$o_src_forward")
|
||||
|
|
@ -146,7 +148,7 @@ ss_rules6_iptchains_init() {
|
|||
ss_rules6_iptchains_init_mark() {
|
||||
ip6tables-restore --noflush <<-EOF
|
||||
*mangle
|
||||
-A PREROUTING -m set --match-set ss_rules6_dst_bypass dst -j MARK --set-mark 0x539
|
||||
-A PREROUTING -m set --match-set ss_rules6_dst_bypass_all dst -j MARK --set-mark 0x539
|
||||
COMMIT
|
||||
EOF
|
||||
}
|
||||
|
|
@ -170,6 +172,7 @@ ss_rules6_iptchains_init_tcp() {
|
|||
:ss_rules6_local_out -
|
||||
-I OUTPUT 1 -p tcp -j ss_rules6_local_out
|
||||
-A ss_rules6_local_out -m set --match-set ss_rules6_dst_bypass dst -j RETURN
|
||||
-A ss_rules6_local_out -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN
|
||||
-A ss_rules6_local_out -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN
|
||||
-A ss_rules6_local_out -m mark --mark 0x539 -j RETURN
|
||||
-A ss_rules6_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
|
||||
|
|
@ -228,9 +231,11 @@ ss_rules6_iptchains_init_() {
|
|||
:ss_rules6_forward -
|
||||
$(ss_rules6_iptchains_mkprerules "$proto")
|
||||
-A ss_rules6_pre_src -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN
|
||||
-A ss_rules6_pre_src -m set --match-set ss_rules6_dst_bypass dst -j MARK --set-mark 0x539
|
||||
-A ss_rules6_pre_src -m set --match-set ss_rules6_dst_bypass_all dst -j MARK --set-mark 0x539
|
||||
-A ss_rules6_pre_src -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN
|
||||
-A ss_rules6_pre_src -m set --match-set ss_rules6_dst_bypass dst -j RETURN
|
||||
-A ss_rules6_pre_src -m mark --mark 0x539 -j RETURN
|
||||
-A ss_rules6_dst -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN
|
||||
-A ss_rules6_dst -m set --match-set ss_rules6_dst_bypass dst -j RETURN
|
||||
-A ss_rules6_pre_src -p $proto $o_ipt_extra -j ss_rules6_src
|
||||
-A ss_rules6_src -m set --match-set ss_rules6_src_bypass src -j RETURN
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue