~优化vmess入站功能，增加对自定义混淆host的配置存档

~优化Tailscale启用exitnode功能时的文字提示
~增加对无法自动获取lan网段设备的提示信息
~尝试修复部分设备定时任务报错
~尝试调整tun模式下屏蔽quic的防火墙工作机制
~修复重新进入新手引导会覆盖singbox内核为meta内核的bug
~修复公网防火墙放行端口在较新版本openwrt上未生效的bug

scripts/libs/set_cron.sh

@@ -1,24 +1,21 @@
 
+crondir="$(crond -h 2>&1 | grep -oE 'Default:.*' | awk -F ":" '{print $2}')"
+[ ! -w "$crondir" ] && crondir="/etc/storage/cron/crontabs"
+[ ! -w "$crondir" ] && crondir="/var/spool/cron/crontabs"
+[ ! -w "$crondir" ] && crondir="/var/spool/cron"
+tmpcron="$TMPDIR"/cron_tmp
+
 croncmd() { #定时任务工具
-    if [ -n "$(crontab -h 2>&1 | grep '\-l')" ]; then
-        crontab "$1"
-    else
-        crondir="$(crond -h 2>&1 | grep -oE 'Default:.*' | awk -F ":" '{print $2}')"
-        [ ! -w "$crondir" ] && crondir="/etc/storage/cron/crontabs"
-        [ ! -w "$crondir" ] && crondir="/var/spool/cron/crontabs"
-        [ ! -w "$crondir" ] && crondir="/var/spool/cron"
-        if [ -w "$crondir" ]; then
-            [ "$1" = "-l" ] && cat "$crondir"/"$USER" 2>/dev/null
-            [ -f "$1" ] && cat "$1" >"$crondir"/"$USER"
-        else
-            echo "找不到可用的crond或者crontab应用！No available crond or crontab application can be found!"
-        fi
-    fi
+	if [ -w "$crondir" ]; then
+		[ "$1" = "-l" ] && cat "$crondir"/"$USER"
+		[ -f "$1" ] && cat "$1" >"$crondir"/"$USER"
+	else
+		echo "找不到可用的crond或者crontab应用！No available crond or crontab application can be found!"
+	fi
 }
 cronset() { #定时任务设置
     # 参数1代表要移除的关键字,参数2代表要添加的任务语句
-    tmpcron="$TMPDIR"/cron_tmp
-    croncmd -l >"$tmpcron" 2>/dev/null
+    croncmd -l >"$tmpcron"
     sed -i "/$1/d" "$tmpcron"
     sed -i '/^$/d' "$tmpcron"
     echo "$2" >>"$tmpcron"

scripts/menus/7_gateway.sh

@@ -233,8 +233,9 @@ set_vmess(){
 	echo -e " 3 设置\033[33mWS-path(可选)\033[0m：	\033[33m$vms_ws_path\033[0m"
 	echo -e " 4 设置\033[36m秘钥-uuid\033[0m：	\033[36m$vms_uuid\033[0m"
 	echo -e " 5 一键生成\033[32m随机秘钥\033[0m"
+	echo -e " 6 设置\033[36m混淆host(可选)\033[0m：	\033[33m$vms_host\033[0m"
 	gen_base64 1 >/dev/null 2>&1 &&
-	echo -e " 6 一键生成\033[36m分享链接\033[0m"
+	echo -e " 7 一键生成\033[32m分享链接\033[0m"
 	echo -e " 0 返回上级菜单 \033[0m"
 	echo "-----------------------------------------------"
 	read -p "请输入对应数字 > " num
@@ -303,8 +304,18 @@ set_vmess(){
 		set_vmess
 	;;
 	6)
+		read -p "请输入免流混淆host(输入0删除) > " text
+		if [ "$text" = 0 ];then
+			vms_host=''
+			setconfig vms_host "" "$GT_CFG_PATH"
+		else
+			vms_host="$text"
+			setconfig vms_host "$text" "$GT_CFG_PATH"
+		fi
+		set_vmess
+	;;
+	7)
 		read -p "请输入本机公网IP(4/6)或域名 > " host_wan
-		read -p "请输入免流混淆host(可选) > " vms_host
 		if [ -n "$host_wan" ] && [ -n "$vms_port" ] && [ -n "$vms_uuid" ];then
 			[ -n "$vms_ws_path" ] && vms_net=ws
 			vms_json=$(cat <<EOF
@@ -496,7 +507,11 @@ set_tailscale(){
 		set_tailscale
 	;;
 	4)
-		[ "$ts_exit_node" = true ] && ts_exit_node=false || ts_exit_node=true
+		[ "$ts_exit_node" = true ] && ts_exit_node=false || {
+			ts_exit_node=true
+			echo -e "\033[31m注意：\033[0m目前exitnode的官方DNS有bug，要么启用域名嗅探并禁用TailscaleDNS，\n要么必须在网页设置Globalname servers为分配的本设备子网IP且启用override"
+			sleep 3
+		}
 		setconfig ts_exit_node "$ts_exit_node" "$GT_CFG_PATH"
 		set_tailscale
 	;;

scripts/menus/8_tools.sh

@@ -696,7 +696,8 @@ userguide(){
 					redir_mod="Redir模式"
 				fi
 			}
-			setconfig crashcore "meta"
+			[ -z "$crashcore" ] && crashcore=meta
+			setconfig crashcore "$crashcore"
 			setconfig redir_mod "$redir_mod"
 			setconfig dns_mod mix
 			setconfig firewall_area '1'

scripts/starts/fw_getlanip.sh

@@ -16,7 +16,10 @@ getlanip() { #获取局域网host地址
         host_ipv4="$host_ipv4$cust_host_ipv4"
     fi
     #缺省配置
-    [ -z "$host_ipv4" ] && host_ipv4='192.168.0.0/16 10.0.0.0/12 172.16.0.0/12'
+    [ -z "$host_ipv4" ] && {
+		host_ipv4='192.168.0.0/16 10.0.0.0/12 172.16.0.0/12'
+		logger "无法获取本地LAN-IPV4网段，请前往流量过滤设置界面设置自定义网段！" 31
+	}
     host_ipv6="fe80::/10 fd00::/8 $host_ipv6"
     #获取本机出口IP地址
     local_ipv4=$(ip route 2>&1 | grep -Ev 'utun|iot|docker|linkdown' | grep -Eo 'src.*' | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | sort -u)

scripts/starts/fw_nftables.sh

@@ -140,8 +140,8 @@ start_nft_wan() { #nftables公网防火墙
 	accept_ports=$(echo "$fw_wan_ports,$vms_port,$sss_port" | sed "s/,,/,/g ;s/^,// ;s/,$// ;s/,/, /")
     [ -n "$accept_ports" ] && {
 		fw_wan_nfports="{ $(echo "$accept_ports" | sed 's/,/, /g') }"
-		nft add rule inet shellcrash input tcp dport $fw_wan_nfports accept
-		nft add rule inet shellcrash input udp dport $fw_wan_nfports accept
+		nft add rule inet shellcrash input tcp dport $fw_wan_nfports meta mark set 0x67890 accept
+		nft add rule inet shellcrash input udp dport $fw_wan_nfports meta mark set 0x67890 accept
 	}
 	#端口拦截
 	reject_ports="{ $mix_port, $db_port, $dns_port }"
@@ -149,6 +149,10 @@ start_nft_wan() { #nftables公网防火墙
 	nft add rule inet shellcrash input ip6 saddr {$HOST_IP6} accept
 	nft add rule inet shellcrash input tcp dport $reject_ports reject
 	nft add rule inet shellcrash input udp dport $reject_ports reject
+	#fw4特殊处理
+	nft list chain inet fw4 input >/dev/null 2>&1 && \
+    nft list chain inet fw4 input | grep -q 'meta mark 0x67890 accept' || \
+    nft insert rule inet fw4 input meta mark 0x67890 accept 2>/dev/null
 }
 start_nftables() { #nftables配置总入口
     #初始化nftables
@@ -204,16 +208,11 @@ start_nftables() { #nftables配置总入口
     }
     #屏蔽QUIC
     [ "$quic_rj" = '已启用' -a "$lan_proxy" = true ] && {
-        [ "$redir_mod" = "Tproxy模式" ] && {
+        [ "$redir_mod" != "Redir模式" ] && {
             nft add chain inet shellcrash quic_rj { type filter hook input priority 0 \; }
             [ -n "$CN_IP" ] && nft add rule inet shellcrash quic_rj ip daddr @cn_ip return
             [ -n "$CN_IP6" ] && nft add rule inet shellcrash quic_rj ip6 daddr @cn_ip6 return
             nft add rule inet shellcrash quic_rj udp dport {443, 8443} reject comment 'ShellCrash-QUIC-REJECT'
         }
-        [ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ] && {
-            nft insert rule inet fw4 forward oifname "utun" udp dport {443, 8443} reject comment 'ShellCrash-QUIC-REJECT'
-            [ -n "$CN_IP" ] && nft insert rule inet fw4 forward oifname "utun" ip daddr { $CN_IP } return
-            [ -n "$CN_IP6" ] && nft insert rule inet fw4 forward oifname "utun" ip6 daddr { $CN_IP6 } return
-        }
     }
 }