xm/ShellCrash
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

~适配meta内核mix模式DNS

Browse Source 
~恢复对singbox内核的redir_host模式DNS支持
~修复iptables及nftables启动相关报错
This commit is contained in:
juewuy
2024-12-03 11:18:44 +08:00
parent 7ca1a8e8ab
commit 2e9662430e
2 changed files with 18 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
scripts/menu.sh
View File

@@ -558,7 +558,7 @@ setport() { #端口设置
setport setport
fi fi
} }
setdns() { #DNS设置 setdns() { #DNS详细设置
[ -z "$dns_nameserver" ] && dns_nameserver='114.114.114.114, 223.5.5.5' [ -z "$dns_nameserver" ] && dns_nameserver='114.114.114.114, 223.5.5.5'
[ -z "$dns_fallback" ] && dns_fallback='1.0.0.1, 8.8.4.4' [ -z "$dns_fallback" ] && dns_fallback='1.0.0.1, 8.8.4.4'
[ -z "$hosts_opt" ] && hosts_opt=已启用 [ -z "$hosts_opt" ] && hosts_opt=已启用
@@ -1412,19 +1412,18 @@ set_redir_mod() { #代理模式设置
;; ;;
esac esac
} }
set_dns_mod() { #DNS设置 set_dns_mod() { #DNS模式设置
echo ----------------------------------------------- echo -----------------------------------------------
echo -e "当前DNS运行模式为\033[47;30m $dns_mod \033[0m" echo -e "当前DNS运行模式为\033[47;30m $dns_mod \033[0m"
echo -e "\033[33m切换模式后需要手动重启服务以生效\033[0m" echo -e "\033[33m切换模式后需要手动重启服务以生效\033[0m"
echo ----------------------------------------------- echo -----------------------------------------------
echo -e " 1 fake-ip模式 \033[32m响应速度更快\033[0m" echo -e " 1 fake-ip模式 \033[32m响应速度更快\033[0m"
echo -e " 不支持绕过CN-IP功能" echo -e " 不支持绕过CN-IP功能"
if [ "$crashcore" = singbox -o "$crashcore" = singboxp ]; then if [ "$crashcore" = singbox ] || [ "$crashcore" = singboxp ] || [ "$crashcore" = meta ]; then
echo -e " 3 mix混合模式 \033[32m内部realip外部fakeip\033[0m"
echo -e " 依赖geosite-cn.(db/srs)数据库"
elif [ "$crashcore" = meta ]; then
echo -e " 2 redir_host模式\033[32m兼容性更好\033[0m" echo -e " 2 redir_host模式\033[32m兼容性更好\033[0m"
echo -e " 需搭配加密DNS使用" echo -e " 需搭配加密DNS使用"
echo -e " 3 mix混合模式 \033[32m内部realip外部fakeip\033[0m"
echo -e " 依赖geosite.dat/geosite-cn.srs数据库"
fi fi
echo -e " 4 \033[36mDNS进阶设置\033[0m" echo -e " 4 \033[36mDNS进阶设置\033[0m"
echo " 0 返回上级菜单" echo " 0 返回上级菜单"

16
scripts/start.sh
View File

@@ -384,8 +384,9 @@ dns:
fake-ip-range: 198.18.0.1/16 fake-ip-range: 198.18.0.1/16
fake-ip-filter: fake-ip-filter:
EOF EOF
if [ "$dns_mod" = "fake-ip" ]; then if [ "$dns_mod" != "redir_host" ]; then
cat "$CRASHDIR"/configs/fake_ip_filter "$CRASHDIR"/configs/fake_ip_filter.list 2>/dev/null | grep '\.' | sed "s/^/ - '/" | sed "s/$/'/" >>"$TMPDIR"/dns.yaml cat "$CRASHDIR"/configs/fake_ip_filter "$CRASHDIR"/configs/fake_ip_filter.list 2>/dev/null | grep '\.' | sed "s/^/ - '/" | sed "s/$/'/" >>"$TMPDIR"/dns.yaml
[ "$dns_mod" = "mix" ] && echo ' - "geosite:CN"' >>"$TMPDIR"/dns.yaml
else else
echo " - '+.*'" >>"$TMPDIR"/dns.yaml #使用fake-ip模拟redir_host echo " - '+.*'" >>"$TMPDIR"/dns.yaml #使用fake-ip模拟redir_host
fi fi
@@ -1190,7 +1191,10 @@ start_nft_route() { #nftables-route通用工具
nft add rule inet shellcrash $1 tcp dport 53 return nft add rule inet shellcrash $1 tcp dport 53 return
nft add rule inet shellcrash $1 udp dport 53 return nft add rule inet shellcrash $1 udp dport 53 return
#过滤常用端口 #过滤常用端口
[ -n "$PORTS" ] && nft add rule inet shellcrash $1 tcp dport != {$PORTS} ip daddr != {198.18.0.0/16} ip6 daddr != {fc00::/16} return [ -n "$PORTS" ] && {
nft add rule inet shellcrash $1 ip daddr != {198.18.0.0/16} tcp dport != {$PORTS} return
nft add rule inet shellcrash $1 ip6 daddr != {fc00::/16} tcp dport != {$PORTS} return
}
#防回环 #防回环
nft add rule inet shellcrash $1 meta mark $routing_mark return nft add rule inet shellcrash $1 meta mark $routing_mark return
nft add rule inet shellcrash $1 meta skgid 7890 return nft add rule inet shellcrash $1 meta skgid 7890 return
@@ -1499,14 +1503,20 @@ stop_firewall() { #还原防火墙配置
$ip6table -t nat -D PREROUTING -p udp --dport 53 -j shellcrashv6_dns 2>/dev/null $ip6table -t nat -D PREROUTING -p udp --dport 53 -j shellcrashv6_dns 2>/dev/null
#redir #redir
$ip6table -t nat -D PREROUTING -p tcp $ports -j shellcrashv6 2>/dev/null $ip6table -t nat -D PREROUTING -p tcp $ports -j shellcrashv6 2>/dev/null
$ip6table -t nat -D PREROUTING -p tcp -d fc00::/16 -j shellcrashv6 2>/dev/null
$ip6table -t nat -D OUTPUT -p tcp $ports -j shellcrashv6_out 2>/dev/null $ip6table -t nat -D OUTPUT -p tcp $ports -j shellcrashv6_out 2>/dev/null
$ip6table -t nat -D OUTPUT -p tcp -d fc00::/16 -j shellcrashv6_out 2>/dev/null
$ip6table -D INPUT -p tcp --dport 53 -j REJECT 2>/dev/null $ip6table -D INPUT -p tcp --dport 53 -j REJECT 2>/dev/null
$ip6table -D INPUT -p udp --dport 53 -j REJECT 2>/dev/null $ip6table -D INPUT -p udp --dport 53 -j REJECT 2>/dev/null
#mark #mark
$ip6table -t mangle -D PREROUTING -p tcp $ports -j shellcrashv6_mark 2>/dev/null $ip6table -t mangle -D PREROUTING -p tcp $ports -j shellcrashv6_mark 2>/dev/null
$ip6table -t mangle -D PREROUTING -p udp $ports -j shellcrashv6_mark 2>/dev/null $ip6table -t mangle -D PREROUTING -p udp $ports -j shellcrashv6_mark 2>/dev/null
$ip6table -t mangle -D PREROUTING -p tcp -d fc00::/16 -j shellcrashv6_mark 2>/dev/null
$ip6table -t mangle -D PREROUTING -p udp -d fc00::/16 -j shellcrashv6_mark 2>/dev/null
$ip6table -t mangle -D OUTPUT -p tcp $ports -j shellcrashv6_mark_out 2>/dev/null $ip6table -t mangle -D OUTPUT -p tcp $ports -j shellcrashv6_mark_out 2>/dev/null
$ip6table -t mangle -D OUTPUT -p udp $ports -j shellcrashv6_mark_out 2>/dev/null $ip6table -t mangle -D OUTPUT -p udp $ports -j shellcrashv6_mark_out 2>/dev/null
$ip6table -t mangle -D OUTPUT -p tcp -d fc00::/16 -j shellcrashv6_mark_out 2>/dev/null
$ip6table -t mangle -D OUTPUT -p udp -d fc00::/16 -j shellcrashv6_mark_out 2>/dev/null
$ip6table -D INPUT -p udp --dport 443 $set_cn_ip -j REJECT 2>/dev/null $ip6table -D INPUT -p udp --dport 443 $set_cn_ip -j REJECT 2>/dev/null
$ip6table -t mangle -D PREROUTING -m mark --mark $fwmark -p tcp -j TPROXY --on-port $tproxy_port 2>/dev/null $ip6table -t mangle -D PREROUTING -m mark --mark $fwmark -p tcp -j TPROXY --on-port $tproxy_port 2>/dev/null
$ip6table -t mangle -D PREROUTING -m mark --mark $fwmark -p udp -j TPROXY --on-port $tproxy_port 2>/dev/null $ip6table -t mangle -D PREROUTING -m mark --mark $fwmark -p udp -j TPROXY --on-port $tproxy_port 2>/dev/null
@@ -1751,7 +1761,7 @@ singbox_check() { #singbox启动前检查
network_check() { #检查是否联网 network_check() { #检查是否联网
for host in 223.5.5.5 114.114.114.114 1.2.4.8 dns.alidns.com doh.pub doh.360.cn; do for host in 223.5.5.5 114.114.114.114 1.2.4.8 dns.alidns.com doh.pub doh.360.cn; do
ping -c 3 $host >/dev/null 2>&1 && return 0 ping -c 3 $host >/dev/null 2>&1 && return 0
sleep 2 sleep 5
done done
logger "当前设备无法连接网络,已停止启动!" 33 logger "当前设备无法连接网络,已停止启动!" 33
exit 1 exit 1