xm/ShellCrash
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v1.0.0beta16.6

Browse Source 
~优化自定义规则及配置的导入方式,增加示例文件
~优化mac白名单导致部分设备ip6tables报错的问题,待测试
This commit is contained in:
juewuy
2020-11-05 14:54:52 +08:00
parent 7bb60f7aab
commit 2fcbeb7655
4 changed files with 43 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
scripts/getdate.sh
View File

@@ -936,6 +936,12 @@ testcommand(){
iptables -t nat -L clash --line-numbers iptables -t nat -L clash --line-numbers
echo ----------------------------------------------- echo -----------------------------------------------
iptables -t nat -L clash_dns --line-numbers iptables -t nat -L clash_dns --line-numbers
echo -----------------------------------------------
ip6tables -t nat -L PREROUTING --line-numbers
echo -----------------------------------------------
ip6tables -t nat -L clashv6 --line-numbers
echo -----------------------------------------------
ip6tables -t nat -L clashv6_dns --line-numbers
exit; exit;
elif [ "$num" = 5 ]; then elif [ "$num" = 5 ]; then
echo ----------------------------------------------- echo -----------------------------------------------

11
scripts/rules.yaml Normal file
View File

@@ -0,0 +1,11 @@
#用于编写自定义规则(此处规则将优先生效)(可参考https://lancellc.gitbook.io/clash/clash-config-file/rules)
#例如“🚀 节点选择”、“🎯 全球直连”这样的自定义规则组必须与config.yaml中的代理规则组相匹配否则将无法运行
# - DOMAIN-SUFFIX,google.com,🚀 节点选择
# - DOMAIN-KEYWORD,baidu,🎯 全球直连
# - DOMAIN,ad.com,REJECT
# - SRC-IP-CIDR,192.168.1.201/32,DIRECT
# - IP-CIDR,127.0.0.0/8,DIRECT
# - IP-CIDR6,2620:0:2d0:200::7/32,🚀 节点选择
# - DST-PORT,80,DIRECT
# - SRC-PORT,7777,DIRECT

31
scripts/start.sh
View File

@@ -237,9 +237,17 @@ $exper
$dns $dns
EOF EOF
[ -f $clashdir/user.yaml ] && yaml_user=$clashdir/user.yaml [ -f $clashdir/user.yaml ] && yaml_user=$clashdir/user.yaml
[ -f $clashdir/rules.yaml ] && yaml_rules=$clashdir/rules.yaml #合并文件
cat $tmpdir/set.yaml $yaml_user $tmpdir/proxy.yaml $yaml_rules > $tmpdir/config.yaml sed -i "/^prox/i" $tmpdir/proxy.yaml #防止缺少换行符导致的报错
if [ "$tmpdir" != "$bindir" ];then #如果没有使用小闪存模式 cat $tmpdir/set.yaml $yaml_user $tmpdir/proxy.yaml > $tmpdir/config.yaml
#插入自定义规则
if [ -f $clashdir/rules.yaml ];then
while read line;do
sed -i "/^rules:/a\ $line" $tmpdir/config.yaml
done < $clashdir/rules.yaml
fi
#如果没有使用小闪存模式
if [ "$tmpdir" != "$bindir" ];then
cmp -s $tmpdir/config.yaml $yaml cmp -s $tmpdir/config.yaml $yaml
[ "$?" != 0 ] && mv -f $tmpdir/config.yaml $yaml || rm -f $tmpdir/config.yaml [ "$?" != 0 ] && mv -f $tmpdir/config.yaml $yaml || rm -f $tmpdir/config.yaml
fi fi
@@ -261,33 +269,35 @@ start_redir(){
if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
#mac白名单 #mac白名单
for mac in $(cat $clashdir/mac); do for mac in $(cat $clashdir/mac); do
iptables -t nat -A clash -p tcp -m mac --mac-source $mac -j REDIRECT --to-ports $redir_port iptables -t nat -A clash -p tcp $ports -m mac --mac-source $mac -j REDIRECT --to-ports $redir_port
done done
else else
#mac黑名单 #mac黑名单
for mac in $(cat $clashdir/mac); do for mac in $(cat $clashdir/mac); do
iptables -t nat -A clash -m mac --mac-source $mac -j RETURN iptables -t nat -A clash -m mac --mac-source $mac -j RETURN
done done
iptables -t nat -A clash -p tcp -j REDIRECT --to-ports $redir_port iptables -t nat -A clash -p tcp $ports -j REDIRECT --to-ports $redir_port
fi fi
#转发设置 #转发设置
iptables -t nat -A PREROUTING -p tcp $ports -j clash iptables -t nat -A PREROUTING -p tcp -j clash
#设置ipv6转发 #设置ipv6转发
ip6_nat=$(ip6tables -t nat -L 2>&1|grep -o 'Chain')
if [ -n "ip6_nat" -a "$ipv6_support" = "已开启" ];then if [ -n "ip6_nat" -a "$ipv6_support" = "已开启" ];then
ip6tables -t nat -N clashv6 ip6tables -t nat -N clashv6
if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
#mac白名单 #mac白名单
for mac in $(cat $clashdir/mac); do for mac in $(cat $clashdir/mac); do
ip6tables -t nat -A clashv6 -p tcp -m mac --mac-source $mac -j REDIRECT --to-ports $redir_port ip6tables -t nat -A clashv6 -p tcp $ports -m mac --mac-source $mac -j REDIRECT --to-ports $redir_port
done done
else else
#mac黑名单 #mac黑名单
for mac in $(cat $clashdir/mac); do for mac in $(cat $clashdir/mac); do
ip6tables -t nat -A clashv6 -m mac --mac-source $mac -j RETURN ip6tables -t nat -A clashv6 -m mac --mac-source $mac -j RETURN
done done
ip6tables -t nat -A clashv6 -p tcp -j REDIRECT --to-ports $redir_port ip6tables -t nat -A clashv6 -p tcp $ports -j REDIRECT --to-ports $redir_port
fi fi
fi fi
ip6tables -t nat -A PREROUTING -p tcp -j clashv6
} }
start_dns(){ start_dns(){
#允许tun网卡接受流量 #允许tun网卡接受流量
@@ -333,9 +343,10 @@ start_dns(){
ip6tables -t nat -A clashv6_dns -p udp --dport 53 -j REDIRECT --to $dns_port ip6tables -t nat -A clashv6_dns -p udp --dport 53 -j REDIRECT --to $dns_port
ip6tables -t nat -A clashv6_dns -p tcp --dport 53 -j REDIRECT --to $dns_port ip6tables -t nat -A clashv6_dns -p tcp --dport 53 -j REDIRECT --to $dns_port
fi fi
ip6tables -t nat -A PREROUTING -p udp -j clashv6_dns
else else
ip6tables -I INPUT -p tcp --dport 53 -j REJECT ip6tables -I INPUT -p tcp --dport 53 -j REJECT > /dev/null 2>&1
ip6tables -I INPUT -p udp --dport 53 -j REJECT ip6tables -I INPUT -p udp --dport 53 -j REJECT > /dev/null 2>&1
fi fi
} }
start_udp(){ start_udp(){

5
scripts/user.yaml Normal file
View File

@@ -0,0 +1,5 @@
#用于编写自定义设定(可参考https://lancellc.gitbook.io/clash),例如
#port: 7890
#hosts:
# '*.clash.dev': 127.0.0.1
# 'alpha.clash.dev': ::1