Merge branch 'test' into develop

openmptcprouter/files/bin/blocklanfw

@@ -1,18 +1,31 @@
 #!/bin/sh
+
+if [ -f /usr/sbin/iptables-legacy ]; then
+	IPTABLES="/usr/sbin/iptables-legacy"
+	IP6TABLES="/usr/sbin/ip6tables-legacy"
+	IPTABLESSAVE="/usr/sbin/iptables-legacy-save"
+	IP6TABLESSAVE="/usr/sbin/ip6tables-legacy-save"
+else
+	IPTABLES="/usr/sbin/iptables"
+	IP6TABLES="/usr/sbin/ip6tables"
+	IPTABLESSAVE="/usr/sbin/iptables-save"
+	IP6TABLESSAVE="/usr/sbin/ip6tables-save"
+fi
+
 ss_rules_fw_drop() {
 	timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
-		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
-			eval "iptables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
+		if [ -n "$fwrule" ] && [ -z "$($IPTABLESSAVE 2>/dev/null | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
+			eval "$IPTABLES-w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
 			fw=$((fw+1))
 		fi
 	done
 	timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
-		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
-			eval "iptables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
+		if [ -n "$fwrule" ] && [ -z "$($IPTABLESSAVE 2>/dev/null | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
+			eval "$IPTABLES-w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
 			fw=$((fw+1))
 		fi
 	done
@@ -22,16 +35,16 @@ ss_rules6_fw_drop() {
 	timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
-		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
-			eval "ip6tables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
+		if [ -n "$fwrule" ] && [ -z "$($IPTABLESSAVE 2>/dev/null | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
+			eval "$IP6TABLES-w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
 			fw=$((fw+1))
 		fi
 	done
 	timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
-		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
-			eval "ip6tables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
+		if [ -n "$fwrule" ] && [ -z "$($IPTABLESSAVE 2>/dev/null | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
+			eval "$IP6TABLES-w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
 			fw=$((fw+1))
 		fi
 	done
@@ -41,16 +54,16 @@ v2r_rules_fw_drop() {
 	timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
-		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
-			eval "iptables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
+		if [ -n "$fwrule" ] && [ -z "$($IPTABLESSAVE 2>/dev/null | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
+			eval "$IPTABLES-w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
 			fw=$((fw+1))
 		fi
 	done
 	timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
-		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
-			eval "iptables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
+		if [ -n "$fwrule" ] && [ -z "$($IPTABLESSAVE 2>/dev/null | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
+			eval "$IPTABLES-w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
 			fw=$((fw+1))
 		fi
 	done
@@ -60,21 +73,21 @@ v2ray_rules6_fw_drop() {
 	timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
-		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
-			eval "ip6tables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
+		if [ -n "$fwrule" ] && [ -z "$($IPTABLESSAVE 2>/dev/null | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
+			eval "$IP6TABLES-w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
 		fi
 	done
 	timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
-		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
-			eval "ip6tables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
+		if [ -n "$fwrule" ] && [ -z "$($IPTABLESSAVE 2>/dev/null | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
+			eval "$IP6TABLES-w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
 		fi
 	done
 }
 
 [ -n "$(pgrep blocklanfw)" ] && exit 0
-[ -z "$(iptables-save | grep zone_lan)" ] && exit 0
+[ -z "$($IPTABLESSAVE 2>/dev/null | grep zone_lan)" ] && exit 0
 fw=0
 if [ "$(uci -q get openmptcprouter.settings.proxy)" = "shadowsocks" ]; then
 	ss_rules6_fw_drop

openmptcprouter/files/etc/firewall.gre-tunnel

@@ -1,6 +1,14 @@
 #!/bin/sh
 . /lib/functions.sh
 
+if [ -f /usr/sbin/iptables-legacy ]; then
+	IPTABLESSAVE="/usr/sbin/iptables-legacy-save"
+	IPTABLESRESTORE="/usr/sbin/iptables-legacy-restore"
+else
+	IPTABLESSAVE="/usr/sbin/iptables-save"
+	IPTABLESRESTORE="/usr/sbin/iptables-restore"
+fi
+
 _setup_rules() {
 	config_get lookup $1 lookup
 	[ -n "$lookup" ] && [ -z "$(ip rule list fwmark 0x${lookup})" ] && {
@@ -30,8 +38,8 @@ _setup_fw() {
 	[ -n "$src_ips_forward" ] && rule="$rule -s $(echo "${src_ips_forward}" | sed 's/ /,/g')"
 	[ -n "$ifnames" ] && rule="$rule -i $(echo "${ifnames}" | sed 's/ /-i /g')"
 	if [ -n "$rule" ] && [ -n "$lookup" ]; then
-		iptables-save --counters | grep -v "0x${lookup}" | iptables-restore -w --counters
-		iptables-restore -w --wait=60 --noflush <<-EOF
+		$IPTABLESAVE --counters | grep -v "0x${lookup}" | $IPTABLERESTORE -w --counters
+		$IPTABLERESTORE -w --wait=60 --noflush <<-EOF
 			*mangle
 			-A omr-gre-tunnel ${rule} -j MARK --set-mark 0x${lookup}
 			COMMIT
@@ -39,8 +47,8 @@ _setup_fw() {
 	fi
 }
 
-if [ -z "$(iptables-save | grep omr-gre-tunnel)" ]; then
-	iptables-restore -w --wait=60  --noflush <<-EOF
+if [ -z "$($IPTABLESAVE | grep omr-gre-tunnel)" ]; then
+	$IPTABLERESTORE -w --wait=60  --noflush <<-EOF
 		*mangle
 		:omr-gre-tunnel -
 		-I PREROUTING 1 -m addrtype ! --dst-type LOCAL -j omr-gre-tunnel

openmptcprouter/files/etc/firewall.ttl

@@ -5,7 +5,7 @@
 _set_ttl() {
 	device=$(uci -q get network.$1.name)
 	ttl=$(uci -q get network.$1.ttl)
-	if [ -n "$ttl" ] && [ -z "$(iptables-save | grep TTL | grep $device)" ]; then
+	if [ -n "$ttl" ] && [ -z "$(iptables-save 2>/dev/null | grep TTL | grep $device)" ]; then
 		iptables -w -t mangle -I POSTROUTING -o $device -j TTL --ttl-set $ttl 2>&1 >/dev/null
 	fi
 }

openmptcprouter/files/etc/init.d/openmptcprouter-vps

@@ -6,10 +6,27 @@ START=99
 
 USE_PROCD=1
 
-EXTRA_COMMANDS="set_pihole backup_send backup_get backup_list set_vps_firewall get_openvpn_key set_gre_tunnel"
+EXTRA_COMMANDS="set_pihole backup_send backup_get backup_list set_vps_firewall get_openvpn_key set_gre_tunnel token"
 
 . /usr/lib/unbound/iptools.sh
 
+if [ -f /usr/sbin/iptables-legacy ]; then
+	IPTABLES="/usr/sbin/iptables-legacy"
+	IPTABLESRESTORE="/usr/sbin/iptables-legacy-restore"
+	IPTABLESSAVE="/usr/sbin/iptables-legacy-save"
+	IP6TABLES="/usr/sbin/ip6tables-legacy"
+	IP6TABLESRESTORE="/usr/sbin/ip6tables-legacy-restore"
+	IP6TABLESSAVE="/usr/sbin/ip6tables-legacy-save"
+else
+	IPTABLES="/usr/sbin/iptables"
+	IPTABLESRESTORE="/usr/sbin/iptables-restore"
+	IPTABLESSAVE="/usr/sbin/iptables-save"
+	IP6TABLES="/usr/sbin/ip6tables"
+	IP6TABLESRESTORE="/usr/sbin/ip6tables-restore"
+	IP6TABLESSAVE="/usr/sbin/ip6tables-save"
+fi
+
+
 _parse_result() {
 	result=$("echo $1 | jsonfilter -q -e '@.result'")
 	echo $result
@@ -937,7 +954,7 @@ _vps_firewall_redirect_port() {
 						comment=""
 						[ -n "$src_dip" ] && {
 							comment=" to $src_dip"
-							iptables-save --counters | sed "s:-d $src_dip/32::g" | iptables-restore -w
+							$IPTABLESSAVE --counters | sed "s:-d $src_dip/32::g" | $IPTABLESRESTORE -w
 						}
 						[ -n "$src_ip" ] && comment=" from $src_ip"
 						if [ "$target" = "ACCEPT" ]; then
@@ -1019,7 +1036,7 @@ _vps_firewall_redirect_port() {
 						comment=""
 						[ -n "$src_dip" ] && {
 							comment=" to $src_dip"
-							iptables-save --counters | sed "s:-d $src_dip/32::g" | iptables-restore -w
+							$IPTABLESSAVE --counters | sed "s:-d $src_dip/32::g" | $IPTABLESRESTORE -w
 						}
 						[ -n "$src_ip" ] && comment=" from $src_ip"
 						checkfw=$(echo "$vpsfwlist" | grep "# OMR $username open router $src_dport port ${protoi}${comment} --- V2Ray to ${dest_ip}:${dest_port}")
@@ -1791,7 +1808,7 @@ _count_server() {
 	serversnb=$((serversnb+1))
 }
 
-_config_service() {
+_get_token() {
 	servername=$1
 	[ -z "$(uci -q get openmptcprouter.${servername}.username)" ] && return
 	[ -z "$(uci -q get openmptcprouter.${servername}.password)" ] && return
@@ -1799,7 +1816,6 @@ _config_service() {
 	[ -z "$(uci -q get openmptcprouter.${servername}.ip)" ] && return
 	[ "$(uci -q get openmptcprouter.${servername}.disabled)" = "1" ] && return
 	token=""
-	vps_config=""
 	_login
 	[ -z "$token" ] && {
 		reason=""
@@ -1840,8 +1856,15 @@ _config_service() {
 		uci -q batch <<-EOF >/dev/null
 			set openmptcprouter.${servername}.admin_error=1
 		EOF
-		return
 	}
+	echo $token
+}
+
+_config_service() {
+	servername=$1
+	vps_config=""
+	token=$(_get_token $servername)
+	[ -z "$token" ] && return
 	error=0
 	if [ -n "$serial" ]; then
 		[ -z "$vps_config" ] && vps_config=$(_get_json "config?serial=${serial}")
@@ -1958,6 +1981,11 @@ set_pihole() {
 	config_foreach _set_pihole_server server
 }
 
+token() {
+	config_load openmptcprouter
+	config_foreach _get_token server
+}
+
 start_service() {
 	serversnb=0
 	wanips=""