From 2fcbeb76555c80773060ce744c726b2375bebe47 Mon Sep 17 00:00:00 2001 From: juewuy Date: Thu, 5 Nov 2020 14:54:52 +0800 Subject: [PATCH] =?UTF-8?q?v1.0.0beta16.6=20~=E4=BC=98=E5=8C=96=E8=87=AA?= =?UTF-8?q?=E5=AE=9A=E4=B9=89=E8=A7=84=E5=88=99=E5=8F=8A=E9=85=8D=E7=BD=AE?= =?UTF-8?q?=E7=9A=84=E5=AF=BC=E5=85=A5=E6=96=B9=E5=BC=8F=EF=BC=8C=E5=A2=9E?= =?UTF-8?q?=E5=8A=A0=E7=A4=BA=E4=BE=8B=E6=96=87=E4=BB=B6=20~=E4=BC=98?= =?UTF-8?q?=E5=8C=96mac=E7=99=BD=E5=90=8D=E5=8D=95=E5=AF=BC=E8=87=B4?= =?UTF-8?q?=E9=83=A8=E5=88=86=E8=AE=BE=E5=A4=87ip6tables=E6=8A=A5=E9=94=99?= =?UTF-8?q?=E7=9A=84=E9=97=AE=E9=A2=98=EF=BC=8C=E5=BE=85=E6=B5=8B=E8=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- scripts/getdate.sh | 6 ++++++ scripts/rules.yaml | 11 +++++++++++ scripts/start.sh | 31 +++++++++++++++++++++---------- scripts/user.yaml | 5 +++++ 4 files changed, 43 insertions(+), 10 deletions(-) create mode 100644 scripts/rules.yaml create mode 100644 scripts/user.yaml diff --git a/scripts/getdate.sh b/scripts/getdate.sh index 7983071..4d38497 100644 --- a/scripts/getdate.sh +++ b/scripts/getdate.sh @@ -936,6 +936,12 @@ testcommand(){ iptables -t nat -L clash --line-numbers echo ----------------------------------------------- iptables -t nat -L clash_dns --line-numbers + echo ----------------------------------------------- + ip6tables -t nat -L PREROUTING --line-numbers + echo ----------------------------------------------- + ip6tables -t nat -L clashv6 --line-numbers + echo ----------------------------------------------- + ip6tables -t nat -L clashv6_dns --line-numbers exit; elif [ "$num" = 5 ]; then echo ----------------------------------------------- diff --git a/scripts/rules.yaml b/scripts/rules.yaml new file mode 100644 index 0000000..fce3ce4 --- /dev/null +++ b/scripts/rules.yaml @@ -0,0 +1,11 @@ +#用于编写自定义规则(此处规则将优先生效),(可参考https://lancellc.gitbook.io/clash/clash-config-file/rules): +#例如“🚀 节点选择”、“🎯 全球直连”这样的自定义规则组必须与config.yaml中的代理规则组相匹配,否则将无法运行! +# - DOMAIN-SUFFIX,google.com,🚀 节点选择 +# - DOMAIN-KEYWORD,baidu,🎯 全球直连 +# - DOMAIN,ad.com,REJECT +# - SRC-IP-CIDR,192.168.1.201/32,DIRECT +# - IP-CIDR,127.0.0.0/8,DIRECT +# - IP-CIDR6,2620:0:2d0:200::7/32,🚀 节点选择 +# - DST-PORT,80,DIRECT +# - SRC-PORT,7777,DIRECT + \ No newline at end of file diff --git a/scripts/start.sh b/scripts/start.sh index 07b07c9..7fc07a8 100644 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -237,9 +237,17 @@ $exper $dns EOF [ -f $clashdir/user.yaml ] && yaml_user=$clashdir/user.yaml - [ -f $clashdir/rules.yaml ] && yaml_rules=$clashdir/rules.yaml - cat $tmpdir/set.yaml $yaml_user $tmpdir/proxy.yaml $yaml_rules > $tmpdir/config.yaml - if [ "$tmpdir" != "$bindir" ];then #如果没有使用小闪存模式 + #合并文件 + sed -i "/^prox/i" $tmpdir/proxy.yaml #防止缺少换行符导致的报错 + cat $tmpdir/set.yaml $yaml_user $tmpdir/proxy.yaml > $tmpdir/config.yaml + #插入自定义规则 + if [ -f $clashdir/rules.yaml ];then + while read line;do + sed -i "/^rules:/a\ $line" $tmpdir/config.yaml + done < $clashdir/rules.yaml + fi + #如果没有使用小闪存模式 + if [ "$tmpdir" != "$bindir" ];then cmp -s $tmpdir/config.yaml $yaml [ "$?" != 0 ] && mv -f $tmpdir/config.yaml $yaml || rm -f $tmpdir/config.yaml fi @@ -261,33 +269,35 @@ start_redir(){ if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then #mac白名单 for mac in $(cat $clashdir/mac); do - iptables -t nat -A clash -p tcp -m mac --mac-source $mac -j REDIRECT --to-ports $redir_port + iptables -t nat -A clash -p tcp $ports -m mac --mac-source $mac -j REDIRECT --to-ports $redir_port done else #mac黑名单 for mac in $(cat $clashdir/mac); do iptables -t nat -A clash -m mac --mac-source $mac -j RETURN done - iptables -t nat -A clash -p tcp -j REDIRECT --to-ports $redir_port + iptables -t nat -A clash -p tcp $ports -j REDIRECT --to-ports $redir_port fi #转发设置 - iptables -t nat -A PREROUTING -p tcp $ports -j clash + iptables -t nat -A PREROUTING -p tcp -j clash #设置ipv6转发 + ip6_nat=$(ip6tables -t nat -L 2>&1|grep -o 'Chain') if [ -n "ip6_nat" -a "$ipv6_support" = "已开启" ];then ip6tables -t nat -N clashv6 if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then #mac白名单 for mac in $(cat $clashdir/mac); do - ip6tables -t nat -A clashv6 -p tcp -m mac --mac-source $mac -j REDIRECT --to-ports $redir_port + ip6tables -t nat -A clashv6 -p tcp $ports -m mac --mac-source $mac -j REDIRECT --to-ports $redir_port done else #mac黑名单 for mac in $(cat $clashdir/mac); do ip6tables -t nat -A clashv6 -m mac --mac-source $mac -j RETURN done - ip6tables -t nat -A clashv6 -p tcp -j REDIRECT --to-ports $redir_port + ip6tables -t nat -A clashv6 -p tcp $ports -j REDIRECT --to-ports $redir_port fi fi + ip6tables -t nat -A PREROUTING -p tcp -j clashv6 } start_dns(){ #允许tun网卡接受流量 @@ -333,9 +343,10 @@ start_dns(){ ip6tables -t nat -A clashv6_dns -p udp --dport 53 -j REDIRECT --to $dns_port ip6tables -t nat -A clashv6_dns -p tcp --dport 53 -j REDIRECT --to $dns_port fi + ip6tables -t nat -A PREROUTING -p udp -j clashv6_dns else - ip6tables -I INPUT -p tcp --dport 53 -j REJECT - ip6tables -I INPUT -p udp --dport 53 -j REJECT + ip6tables -I INPUT -p tcp --dport 53 -j REJECT > /dev/null 2>&1 + ip6tables -I INPUT -p udp --dport 53 -j REJECT > /dev/null 2>&1 fi } start_udp(){ diff --git a/scripts/user.yaml b/scripts/user.yaml new file mode 100644 index 0000000..ff97dc9 --- /dev/null +++ b/scripts/user.yaml @@ -0,0 +1,5 @@ +#用于编写自定义设定(可参考https://lancellc.gitbook.io/clash),例如 +#port: 7890 +#hosts: +# '*.clash.dev': 127.0.0.1 +# 'alpha.clash.dev': ::1