From 2e9662430ed6a7a0be055b9973d8f19060b068a4 Mon Sep 17 00:00:00 2001
From: juewuy <juewuy@gmail.com>
Date: Tue, 3 Dec 2024 11:18:44 +0800
Subject: [PATCH] =?UTF-8?q?~=E9=80=82=E9=85=8Dmeta=E5=86=85=E6=A0=B8mix?=
 =?UTF-8?q?=E6=A8=A1=E5=BC=8FDNS=20~=E6=81=A2=E5=A4=8D=E5=AF=B9singbox?=
 =?UTF-8?q?=E5=86=85=E6=A0=B8=E7=9A=84redir=5Fhost=E6=A8=A1=E5=BC=8FDNS?=
 =?UTF-8?q?=E6=94=AF=E6=8C=81=20~=E4=BF=AE=E5=A4=8Diptables=E5=8F=8Anftabl?=
 =?UTF-8?q?es=E5=90=AF=E5=8A=A8=E7=9B=B8=E5=85=B3=E6=8A=A5=E9=94=99?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 scripts/menu.sh  | 11 +++++------
 scripts/start.sh | 16 +++++++++++++---
 2 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/scripts/menu.sh b/scripts/menu.sh
index db89895..64e1120 100644
--- a/scripts/menu.sh
+++ b/scripts/menu.sh
@@ -558,7 +558,7 @@ setport() { #端口设置
 		setport
 	fi
 }
-setdns() { #DNS设置
+setdns() { #DNS详细设置
 	[ -z "$dns_nameserver" ] && dns_nameserver='114.114.114.114, 223.5.5.5'
 	[ -z "$dns_fallback" ] && dns_fallback='1.0.0.1, 8.8.4.4'
 	[ -z "$hosts_opt" ] && hosts_opt=已启用
@@ -1412,19 +1412,18 @@ set_redir_mod() { #代理模式设置
 		;;
 	esac
 }
-set_dns_mod() { #DNS设置
+set_dns_mod() { #DNS模式设置
 	echo -----------------------------------------------
 	echo -e "当前DNS运行模式为：\033[47;30m $dns_mod \033[0m"
 	echo -e "\033[33m切换模式后需要手动重启服务以生效！\033[0m"
 	echo -----------------------------------------------
 	echo -e " 1 fake-ip模式：   \033[32m响应速度更快\033[0m"
 	echo -e "                   不支持绕过CN-IP功能"
-	if [ "$crashcore" = singbox -o "$crashcore" = singboxp ]; then
-		echo -e " 3 mix混合模式：   \033[32m内部realip外部fakeip\033[0m"
-		echo -e "                   依赖geosite-cn.(db/srs)数据库"
-	elif [ "$crashcore" = meta ]; then
+	if [ "$crashcore" = singbox ] || [ "$crashcore" = singboxp ] || [ "$crashcore" = meta ]; then
 		echo -e " 2 redir_host模式：\033[32m兼容性更好\033[0m"
 		echo -e "                   需搭配加密DNS使用"
+		echo -e " 3 mix混合模式：   \033[32m内部realip外部fakeip\033[0m"
+		echo -e "                   依赖geosite.dat/geosite-cn.srs数据库"
 	fi
 	echo -e " 4 \033[36mDNS进阶设置\033[0m"
 	echo " 0 返回上级菜单"
diff --git a/scripts/start.sh b/scripts/start.sh
index 996cb47..a69da33 100644
--- a/scripts/start.sh
+++ b/scripts/start.sh
@@ -384,8 +384,9 @@ dns:
   fake-ip-range: 198.18.0.1/16
   fake-ip-filter:
 EOF
-		if [ "$dns_mod" = "fake-ip" ]; then
+		if [ "$dns_mod" != "redir_host" ]; then
 			cat "$CRASHDIR"/configs/fake_ip_filter "$CRASHDIR"/configs/fake_ip_filter.list 2>/dev/null | grep '\.' | sed "s/^/    - '/" | sed "s/$/'/" >>"$TMPDIR"/dns.yaml
+			[ "$dns_mod" = "mix" ] && echo '    - "geosite:CN"' >>"$TMPDIR"/dns.yaml
 		else
 			echo "    - '+.*'" >>"$TMPDIR"/dns.yaml #使用fake-ip模拟redir_host
 		fi
@@ -1190,7 +1191,10 @@ start_nft_route() { #nftables-route通用工具
 	nft add rule inet shellcrash $1 tcp dport 53 return
 	nft add rule inet shellcrash $1 udp dport 53 return
 	#过滤常用端口
-	[ -n "$PORTS" ] && nft add rule inet shellcrash $1 tcp dport != {$PORTS} ip daddr != {198.18.0.0/16} ip6 daddr != {fc00::/16} return
+	[ -n "$PORTS" ] && {
+		nft add rule inet shellcrash $1 ip daddr != {198.18.0.0/16} tcp dport != {$PORTS} return
+		nft add rule inet shellcrash $1 ip6 daddr != {fc00::/16} tcp dport != {$PORTS} return
+	}
 	#防回环
 	nft add rule inet shellcrash $1 meta mark $routing_mark return
 	nft add rule inet shellcrash $1 meta skgid 7890 return
@@ -1499,14 +1503,20 @@ stop_firewall() { #还原防火墙配置
 		$ip6table -t nat -D PREROUTING -p udp --dport 53 -j shellcrashv6_dns 2>/dev/null
 		#redir
 		$ip6table -t nat -D PREROUTING -p tcp $ports -j shellcrashv6 2>/dev/null
+		$ip6table -t nat -D PREROUTING -p tcp -d fc00::/16 -j shellcrashv6 2>/dev/null
 		$ip6table -t nat -D OUTPUT -p tcp $ports -j shellcrashv6_out 2>/dev/null
+		$ip6table -t nat -D OUTPUT -p tcp -d fc00::/16 -j shellcrashv6_out 2>/dev/null
 		$ip6table -D INPUT -p tcp --dport 53 -j REJECT 2>/dev/null
 		$ip6table -D INPUT -p udp --dport 53 -j REJECT 2>/dev/null
 		#mark
 		$ip6table -t mangle -D PREROUTING -p tcp $ports -j shellcrashv6_mark 2>/dev/null
 		$ip6table -t mangle -D PREROUTING -p udp $ports -j shellcrashv6_mark 2>/dev/null
+		$ip6table -t mangle -D PREROUTING -p tcp -d fc00::/16 -j shellcrashv6_mark 2>/dev/null
+		$ip6table -t mangle -D PREROUTING -p udp -d fc00::/16 -j shellcrashv6_mark 2>/dev/null
 		$ip6table -t mangle -D OUTPUT -p tcp $ports -j shellcrashv6_mark_out 2>/dev/null
 		$ip6table -t mangle -D OUTPUT -p udp $ports -j shellcrashv6_mark_out 2>/dev/null
+		$ip6table -t mangle -D OUTPUT -p tcp -d fc00::/16 -j shellcrashv6_mark_out 2>/dev/null
+		$ip6table -t mangle -D OUTPUT -p udp -d fc00::/16 -j shellcrashv6_mark_out 2>/dev/null
 		$ip6table -D INPUT -p udp --dport 443 $set_cn_ip -j REJECT 2>/dev/null
 		$ip6table -t mangle -D PREROUTING -m mark --mark $fwmark -p tcp -j TPROXY --on-port $tproxy_port 2>/dev/null
 		$ip6table -t mangle -D PREROUTING -m mark --mark $fwmark -p udp -j TPROXY --on-port $tproxy_port 2>/dev/null
@@ -1751,7 +1761,7 @@ singbox_check() { #singbox启动前检查
 network_check() { #检查是否联网
 	for host in 223.5.5.5 114.114.114.114 1.2.4.8 dns.alidns.com doh.pub doh.360.cn; do
 		ping -c 3 $host >/dev/null 2>&1 && return 0
-		sleep 2
+		sleep 5
 	done
 	logger "当前设备无法连接网络，已停止启动！" 33
 	exit 1