From 21089b46a7eb02d6bf1aae7b2d1cec79cbec2a95 Mon Sep 17 00:00:00 2001 From: juewuy Date: Wed, 10 Dec 2025 14:24:10 +0800 Subject: [PATCH] =?UTF-8?q?~=E4=BF=AE=E5=A4=8D=E8=99=9A=E6=8B=9F=E6=9C=BA?= =?UTF-8?q?=E3=80=81=E5=AE=B9=E5=99=A8=E4=BB=A3=E7=90=86=E4=BC=9A=E6=84=8F?= =?UTF-8?q?=E5=A4=96=E5=AF=BC=E8=87=B4=E7=BD=91=E7=BB=9C=E4=B8=AD=E6=96=AD?= =?UTF-8?q?=E5=8F=8AIP=E8=AE=BF=E9=97=AE=E6=97=A0=E6=B3=95=E8=BF=9E?= =?UTF-8?q?=E6=8E=A5=E7=AD=89=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- scripts/menu.sh | 10 +++++++--- scripts/start.sh | 1 + 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/scripts/menu.sh b/scripts/menu.sh index eeb141f..8c57f1a 100644 --- a/scripts/menu.sh +++ b/scripts/menu.sh @@ -1401,14 +1401,17 @@ set_firewall_area() { #防火墙模式设置 read -p "请输入对应数字 > " num case $num in 1) - vm_redir=已开启 + if [ -n "$vm_ipv4" ];then + vm_redir=已开启 + else + echo -e "\033[33m请先运行容器再运行脚本或者手动设置网段\033[0m" + fi ;; 2) echo -e "多个网段请用空格连接,可运行容器后使用【ip route】命令查看网段地址" echo -e "示例:\033[32m10.88.0.0/16 172.17.0.0/16\033[0m" read -p "请输入自定义网段 > " text - [ -n "$text" ] && vm_ipv4=$text - vm_redir=已开启 + [ -n "$text" ] && vm_ipv4=$text && vm_redir=已开启 ;; 3) vm_redir=未开启 @@ -1418,6 +1421,7 @@ set_firewall_area() { #防火墙模式设置 esac setconfig vm_redir $vm_redir setconfig vm_ipv4 "\'$vm_ipv4\'" + sleep 1 set_firewall_area ;; *) errornum ;; diff --git a/scripts/start.sh b/scripts/start.sh index 72391a0..6c59891 100644 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -1282,6 +1282,7 @@ start_nft_route() { #nftables-route通用工具 [ "$1" = 'prerouting_vm' ] && HOST_IP="$(echo $vm_ipv4 | sed 's/ /, /g')" #添加新链 nft add chain inet shellcrash $1 { type $3 hook $2 priority $4 \; } + [ "$1" = 'prerouting_vm' ] && nft add rule inet shellcrash $1 ip saddr != {$HOST_IP} return #仅代理虚拟机流量 #过滤dns nft add rule inet shellcrash $1 tcp dport 53 return nft add rule inet shellcrash $1 udp dport 53 return