~增加单独指定dns劫持端口的功能(用于搭配第三方DNS服务)

2026-03-10 23:41:22 +00:00 · 2026-01-07 11:11:17 +08:00
parent 27dfc69f50
commit 22cd7766cd
4 changed files with 14 additions and 14 deletions
--- a/scripts/libs/get_config.sh
+++ b/scripts/libs/get_config.sh
@@ -6,7 +6,8 @@
 [ -z "$tproxy_port" ] && tproxy_port=7893
 [ -z "$db_port" ] && db_port=9999
 [ -z "$dns_port" ] && dns_port=1053
-[ -z "$fwmark" ] && fwmark=$redir_port
+[ -z "$dns_redir_port" ] && dns_redir_port="$dns_port"
+[ -z "$fwmark" ] && fwmark="$redir_port"
 routing_mark=$((fwmark + 2))
 [ -z "$table" ] && table=100

--- a/scripts/menu.sh
+++ b/scripts/menu.sh
@@ -38,16 +38,15 @@ checkport() { #检查端口冲突
            echo -e "\033[0m-----------------------------------------------"
            echo -e "\033[36m请修改默认端口配置！\033[0m"
            . "$CRASHDIR"/menus/2_settings.sh && set_adv_config
-            . "$CFG_PATH" >/dev/null
+            . "$CRASHDIR"/libs/get_config.sh
            checkport
        fi
    done
 }
 ckstatus() { #脚本启动前检查
-    #检查/读取脚本配置文件
+    #检查脚本配置文件
    if [ -f "$CFG_PATH" ]; then
        [ -n "$(awk 'a[$0]++' $CFG_PATH)" ] && awk '!a[$0]++' "$CFG_PATH" >"$CFG_PATH" #检查重复行并去除
-        . "$CFG_PATH" 2>/dev/null
    else
        . "$CRASHDIR"/init.sh >/dev/null 2>&1
    fi
--- a/scripts/starts/fw_iptables.sh
+++ b/scripts/starts/fw_iptables.sh
@@ -108,18 +108,18 @@ start_ipt_dns() { #iptables-dns通用工具
    if [ "$2" = 'PREROUTING' ] && [ "$3" != 'shellcrash_vm_dns' ] && [ "$macfilter_type" = "白名单" ] && [ -n "$(cat $CRASHDIR/configs/mac $CRASHDIR/configs/ip_filter 2>/dev/null)" ]; then
        [ -s "$CRASHDIR"/configs/mac ] &&
            for mac in $(cat "$CRASHDIR"/configs/mac); do
-                "$1" $w -t nat -A "$3" -p tcp -m mac --mac-source $mac -j REDIRECT --to-ports $dns_port
-                "$1" $w -t nat -A "$3" -p udp -m mac --mac-source $mac -j REDIRECT --to-ports $dns_port
+                "$1" $w -t nat -A "$3" -p tcp -m mac --mac-source $mac -j REDIRECT --to-ports "$dns_redir_port"
+                "$1" $w -t nat -A "$3" -p udp -m mac --mac-source $mac -j REDIRECT --to-ports "$dns_redir_port"
            done
        [ -s "$CRASHDIR"/configs/ip_filter ] && [ "$1" = 'iptables' ] &&
            for ip in $(cat "$CRASHDIR"/configs/ip_filter); do
-                "$1" $w -t nat -A "$3" -p tcp -s $ip -j REDIRECT --to-ports $dns_port
-                "$1" $w -t nat -A "$3" -p udp -s $ip -j REDIRECT --to-ports $dns_port
+                "$1" $w -t nat -A "$3" -p tcp -s $ip -j REDIRECT --to-ports "$dns_redir_port"
+                "$1" $w -t nat -A "$3" -p udp -s $ip -j REDIRECT --to-ports "$dns_redir_port"
            done
    else
        for ip in $HOST_IP; do #仅限指定网段流量
-            "$1" $w -t nat -A "$3" -p tcp -s $ip -j REDIRECT --to-ports $dns_port
-            "$1" $w -t nat -A "$3" -p udp -s $ip -j REDIRECT --to-ports $dns_port
+            "$1" $w -t nat -A "$3" -p tcp -s $ip -j REDIRECT --to-ports "$dns_redir_port"
+            "$1" $w -t nat -A "$3" -p udp -s $ip -j REDIRECT --to-ports "$dns_redir_port"
        done
    fi
    [ "$1" = 'ip6tables' ] && { #屏蔽外部请求
@@ -258,7 +258,7 @@ start_iptables() { #iptables配置总入口
        start_ipt_route iptables nat PREROUTING shellcrash_vm tcp #ipv4-局域网tcp转发
    }
    #启动DNS劫持
-    [ "$dns_no" != "已禁用" -a "$dns_redir" != "ON" -a "$firewall_area" -le 3 ] && {
+    [ "$firewall_area" -le 3 ] && {
        [ "$lan_proxy" = true ] && {
            start_ipt_dns iptables PREROUTING shellcrash_dns #ipv4-局域网dns转发
            if $ip6table -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports'; then
--- a/scripts/starts/fw_nftables.sh
+++ b/scripts/starts/fw_nftables.sh
@@ -129,8 +129,8 @@ start_nft_dns() { #nftables-dns
            nft add rule inet shellcrash "$1"_dns ether saddr != {$MAC} return
        fi
    }
-    nft add rule inet shellcrash "$1"_dns udp dport 53 redirect to ${dns_port}
-    nft add rule inet shellcrash "$1"_dns tcp dport 53 redirect to ${dns_port}
+    nft add rule inet shellcrash "$1"_dns udp dport 53 redirect to "$dns_redir_port"
+    nft add rule inet shellcrash "$1"_dns tcp dport 53 redirect to "$dns_redir_port"
 }
 start_nft_wan() { #nftables公网防火墙
 	HOST_IP=$(echo $host_ipv4 | sed 's/ /, /g')
@@ -163,7 +163,7 @@ start_nftables() { #nftables配置总入口
    #公网访问防火墙
    [ "$fw_wan" != OFF ] && [ "$systype" != 'container' ] && start_nft_wan
    #启动DNS劫持
-    [ "$dns_no" != "已禁用" -a "$dns_redir" != "ON" -a "$firewall_area" -le 3 ] && {
+    [ "$firewall_area" -le 3 ] && {
        [ "$lan_proxy" = true ] && start_nft_dns prerouting prerouting #局域网dns转发
        [ "$local_proxy" = true ] && start_nft_dns output output       #本机dns转发
    }