~适配singbox1.10版本tun相关配置写法

~添加对ipv6fakeip网段的额外劫持处理
2024-12-01 12:39:27 +08:00
parent 4819ad3d70
commit 33c6e4f9eb
1 changed files with 8 additions and 4 deletions
--- a/scripts/start.sh
+++ b/scripts/start.sh
@@ -751,7 +751,10 @@ EOF
      "type": "tun",
      "tag": "tun-in",
      "interface_name": "utun",
-      "inet4_address": "172.19.0.1/30",
+      "address": [
        "172.72.0.1/30",
        "fdfe:dcba:9876::1/126"
      ],
      "auto_route": false,
      "stack": "system",
      "sniff": true,
@@ -960,6 +963,7 @@ start_ipt_route() { #iptables-route通用工具
 		#将所在链指定流量指向shellcrash表
 		$1 $w -t $2 -I $3 -p $5 $ports -j $4
 		[ "$dns_mod" != "redir_host" ] && [ "$common_ports" = "已开启" ] && [ "$1" = iptables ] && $1 $w -t $2 -I $3 -p $5 -d 198.18.0.0/16 -j $4
 		[ "$dns_mod" != "redir_host" ] && [ "$common_ports" = "已开启" ] && [ "$1" = ip6tables ] && $1 $w -t $2 -I $3 -p $5 -d fc00::/16 -j $4
 	}
 	[ "$5" = "tcp" -o "$5" = "all" ] && proxy_set $1 $2 $3 $4 tcp
 	[ "$5" = "udp" -o "$5" = "all" ] && proxy_set $1 $2 $3 $4 udp
@@ -1186,7 +1190,7 @@ start_nft_route() { #nftables-route通用工具
 	nft add rule inet shellcrash $1 tcp dport 53 return
 	nft add rule inet shellcrash $1 udp dport 53 return
 	#过滤常用端口
-	[ -n "$PORTS" ] && nft add rule inet shellcrash $1 tcp dport != {$PORTS} ip daddr != {198.18.0.0/16} return
+	[ -n "$PORTS" ] && nft add rule inet shellcrash $1 tcp dport != {$PORTS} ip daddr != {198.18.0.0/16} ip6 daddr != {fc00::/16} return
 	#防回环
 	nft add rule inet shellcrash $1 meta mark $routing_mark return
 	nft add rule inet shellcrash $1 meta skgid 7890 return