xm/ShellCrash
1
0
Fork 0
mirror of https://github.com/juewuy/ShellCrash.git synced 2026-03-11 07:51:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

~优化vmess入站功能,增加对自定义混淆host的配置存档

Browse Source 
~优化Tailscale启用exitnode功能时的文字提示
~增加对无法自动获取lan网段设备的提示信息
~尝试修复部分设备定时任务报错
~尝试调整tun模式下屏蔽quic的防火墙工作机制
~修复重新进入新手引导会覆盖singbox内核为meta内核的bug
~修复公网防火墙放行端口在较新版本openwrt上未生效的bug
This commit is contained in:
juewuy
2025-12-31 20:44:21 +08:00
parent 6fe1938809
commit 08fc32d63e
5 changed files with 44 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
scripts/libs/set_cron.sh
View File

@@ -1,24 +1,21 @@
crondir="$(crond -h 2>&1 | grep -oE 'Default:.*' | awk -F ":" '{print $2}')"
[ ! -w "$crondir" ] && crondir="/etc/storage/cron/crontabs"
[ ! -w "$crondir" ] && crondir="/var/spool/cron/crontabs"
[ ! -w "$crondir" ] && crondir="/var/spool/cron"
tmpcron="$TMPDIR"/cron_tmp
croncmd() { #定时任务工具 croncmd() { #定时任务工具
if [ -n "$(crontab -h 2>&1 | grep '\-l')" ]; then if [ -w "$crondir" ]; then
crontab "$1" [ "$1" = "-l" ] && cat "$crondir"/"$USER"
else [ -f "$1" ] && cat "$1" >"$crondir"/"$USER"
crondir="$(crond -h 2>&1 | grep -oE 'Default:.*' | awk -F ":" '{print $2}')" else
[ ! -w "$crondir" ] && crondir="/etc/storage/cron/crontabs" echo "找不到可用的crond或者crontab应用No available crond or crontab application can be found!"
[ ! -w "$crondir" ] && crondir="/var/spool/cron/crontabs" fi
[ ! -w "$crondir" ] && crondir="/var/spool/cron"
if [ -w "$crondir" ]; then
[ "$1" = "-l" ] && cat "$crondir"/"$USER" 2>/dev/null
[ -f "$1" ] && cat "$1" >"$crondir"/"$USER"
else
echo "找不到可用的crond或者crontab应用No available crond or crontab application can be found!"
fi
fi
} }
cronset() { #定时任务设置 cronset() { #定时任务设置
# 参数1代表要移除的关键字,参数2代表要添加的任务语句 # 参数1代表要移除的关键字,参数2代表要添加的任务语句
tmpcron="$TMPDIR"/cron_tmp croncmd -l >"$tmpcron"
croncmd -l >"$tmpcron" 2>/dev/null
sed -i "/$1/d" "$tmpcron" sed -i "/$1/d" "$tmpcron"
sed -i '/^$/d' "$tmpcron" sed -i '/^$/d' "$tmpcron"
echo "$2" >>"$tmpcron" echo "$2" >>"$tmpcron"

21
scripts/menus/7_gateway.sh
View File

@@ -233,8 +233,9 @@ set_vmess(){
echo -e " 3 设置\033[33mWS-path(可选)\033[0m \033[33m$vms_ws_path\033[0m" echo -e " 3 设置\033[33mWS-path(可选)\033[0m \033[33m$vms_ws_path\033[0m"
echo -e " 4 设置\033[36m秘钥-uuid\033[0m \033[36m$vms_uuid\033[0m" echo -e " 4 设置\033[36m秘钥-uuid\033[0m \033[36m$vms_uuid\033[0m"
echo -e " 5 一键生成\033[32m随机秘钥\033[0m" echo -e " 5 一键生成\033[32m随机秘钥\033[0m"
echo -e " 6 设置\033[36m混淆host(可选)\033[0m \033[33m$vms_host\033[0m"
gen_base64 1 >/dev/null 2>&1 && gen_base64 1 >/dev/null 2>&1 &&
echo -e " 6 一键生成\033[36m分享链接\033[0m" echo -e " 7 一键生成\033[32m分享链接\033[0m"
echo -e " 0 返回上级菜单 \033[0m" echo -e " 0 返回上级菜单 \033[0m"
echo "-----------------------------------------------" echo "-----------------------------------------------"
read -p "请输入对应数字 > " num read -p "请输入对应数字 > " num
@@ -303,8 +304,18 @@ set_vmess(){
set_vmess set_vmess
;; ;;
6) 6)
read -p "请输入免流混淆host(输入0删除) > " text
if [ "$text" = 0 ];then
vms_host=''
setconfig vms_host "" "$GT_CFG_PATH"
else
vms_host="$text"
setconfig vms_host "$text" "$GT_CFG_PATH"
fi
set_vmess
;;
7)
read -p "请输入本机公网IP(4/6)或域名 > " host_wan read -p "请输入本机公网IP(4/6)或域名 > " host_wan
read -p "请输入免流混淆host(可选) > " vms_host
if [ -n "$host_wan" ] && [ -n "$vms_port" ] && [ -n "$vms_uuid" ];then if [ -n "$host_wan" ] && [ -n "$vms_port" ] && [ -n "$vms_uuid" ];then
[ -n "$vms_ws_path" ] && vms_net=ws [ -n "$vms_ws_path" ] && vms_net=ws
vms_json=$(cat <<EOF vms_json=$(cat <<EOF
@@ -496,7 +507,11 @@ set_tailscale(){
set_tailscale set_tailscale
;; ;;
4) 4)
[ "$ts_exit_node" = true ] && ts_exit_node=false || ts_exit_node=true [ "$ts_exit_node" = true ] && ts_exit_node=false || {
ts_exit_node=true
echo -e "\033[31m注意\033[0m目前exitnode的官方DNS有bug要么启用域名嗅探并禁用TailscaleDNS\n要么必须在网页设置Globalname servers为分配的本设备子网IP且启用override"
sleep 3
}
setconfig ts_exit_node "$ts_exit_node" "$GT_CFG_PATH" setconfig ts_exit_node "$ts_exit_node" "$GT_CFG_PATH"
set_tailscale set_tailscale
;; ;;

3
scripts/menus/8_tools.sh
View File

@@ -696,7 +696,8 @@ userguide(){
redir_mod="Redir模式" redir_mod="Redir模式"
fi fi
} }
setconfig crashcore "meta" [ -z "$crashcore" ] && crashcore=meta
setconfig crashcore "$crashcore"
setconfig redir_mod "$redir_mod" setconfig redir_mod "$redir_mod"
setconfig dns_mod mix setconfig dns_mod mix
setconfig firewall_area '1' setconfig firewall_area '1'

5
scripts/starts/fw_getlanip.sh
View File

@@ -16,7 +16,10 @@ getlanip() { #获取局域网host地址
host_ipv4="$host_ipv4$cust_host_ipv4" host_ipv4="$host_ipv4$cust_host_ipv4"
fi fi
#缺省配置 #缺省配置
[ -z "$host_ipv4" ] && host_ipv4='192.168.0.0/16 10.0.0.0/12 172.16.0.0/12' [ -z "$host_ipv4" ] && {
host_ipv4='192.168.0.0/16 10.0.0.0/12 172.16.0.0/12'
logger "无法获取本地LAN-IPV4网段请前往流量过滤设置界面设置自定义网段" 31
}
host_ipv6="fe80::/10 fd00::/8 $host_ipv6" host_ipv6="fe80::/10 fd00::/8 $host_ipv6"
#获取本机出口IP地址 #获取本机出口IP地址
local_ipv4=$(ip route 2>&1 | grep -Ev 'utun|iot|docker|linkdown' | grep -Eo 'src.*' | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | sort -u) local_ipv4=$(ip route 2>&1 | grep -Ev 'utun|iot|docker|linkdown' | grep -Eo 'src.*' | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | sort -u)

15
scripts/starts/fw_nftables.sh
View File

@@ -140,8 +140,8 @@ start_nft_wan() { #nftables公网防火墙
accept_ports=$(echo "$fw_wan_ports,$vms_port,$sss_port" | sed "s/,,/,/g ;s/^,// ;s/,$// ;s/,/, /") accept_ports=$(echo "$fw_wan_ports,$vms_port,$sss_port" | sed "s/,,/,/g ;s/^,// ;s/,$// ;s/,/, /")
[ -n "$accept_ports" ] && { [ -n "$accept_ports" ] && {
fw_wan_nfports="{ $(echo "$accept_ports" | sed 's/,/, /g') }" fw_wan_nfports="{ $(echo "$accept_ports" | sed 's/,/, /g') }"
nft add rule inet shellcrash input tcp dport $fw_wan_nfports accept nft add rule inet shellcrash input tcp dport $fw_wan_nfports meta mark set 0x67890 accept
nft add rule inet shellcrash input udp dport $fw_wan_nfports accept nft add rule inet shellcrash input udp dport $fw_wan_nfports meta mark set 0x67890 accept
} }
#端口拦截 #端口拦截
reject_ports="{ $mix_port, $db_port, $dns_port }" reject_ports="{ $mix_port, $db_port, $dns_port }"
@@ -149,6 +149,10 @@ start_nft_wan() { #nftables公网防火墙
nft add rule inet shellcrash input ip6 saddr {$HOST_IP6} accept nft add rule inet shellcrash input ip6 saddr {$HOST_IP6} accept
nft add rule inet shellcrash input tcp dport $reject_ports reject nft add rule inet shellcrash input tcp dport $reject_ports reject
nft add rule inet shellcrash input udp dport $reject_ports reject nft add rule inet shellcrash input udp dport $reject_ports reject
#fw4特殊处理
nft list chain inet fw4 input >/dev/null 2>&1 && \
nft list chain inet fw4 input | grep -q 'meta mark 0x67890 accept' || \
nft insert rule inet fw4 input meta mark 0x67890 accept 2>/dev/null
} }
start_nftables() { #nftables配置总入口 start_nftables() { #nftables配置总入口
#初始化nftables #初始化nftables
@@ -204,16 +208,11 @@ start_nftables() { #nftables配置总入口
} }
#屏蔽QUIC #屏蔽QUIC
[ "$quic_rj" = '已启用' -a "$lan_proxy" = true ] && { [ "$quic_rj" = '已启用' -a "$lan_proxy" = true ] && {
[ "$redir_mod" = "Tproxy模式" ] && { [ "$redir_mod" != "Redir模式" ] && {
nft add chain inet shellcrash quic_rj { type filter hook input priority 0 \; } nft add chain inet shellcrash quic_rj { type filter hook input priority 0 \; }
[ -n "$CN_IP" ] && nft add rule inet shellcrash quic_rj ip daddr @cn_ip return [ -n "$CN_IP" ] && nft add rule inet shellcrash quic_rj ip daddr @cn_ip return
[ -n "$CN_IP6" ] && nft add rule inet shellcrash quic_rj ip6 daddr @cn_ip6 return [ -n "$CN_IP6" ] && nft add rule inet shellcrash quic_rj ip6 daddr @cn_ip6 return
nft add rule inet shellcrash quic_rj udp dport {443, 8443} reject comment 'ShellCrash-QUIC-REJECT' nft add rule inet shellcrash quic_rj udp dport {443, 8443} reject comment 'ShellCrash-QUIC-REJECT'
} }
[ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ] && {
nft insert rule inet fw4 forward oifname "utun" udp dport {443, 8443} reject comment 'ShellCrash-QUIC-REJECT'
[ -n "$CN_IP" ] && nft insert rule inet fw4 forward oifname "utun" ip daddr { $CN_IP } return
[ -n "$CN_IP6" ] && nft insert rule inet fw4 forward oifname "utun" ip6 daddr { $CN_IP6 } return
}
} }
} }