From 4fdc3fffecc37e3082a527aed0eadd2b66c9ecc1 Mon Sep 17 00:00:00 2001 From: juewuy Date: Sat, 18 May 2024 17:22:01 +0800 Subject: [PATCH] =?UTF-8?q?~=E4=BF=AE=E5=A4=8Dnftables=E2=80=94tun?= =?UTF-8?q?=E6=A8=A1=E5=BC=8F=E6=97=A0=E6=B3=95=E5=8A=AB=E6=8C=81=E6=B5=81?= =?UTF-8?q?=E9=87=8F=E7=9A=84bug=20~=E5=9B=9E=E9=80=80singbox=E5=86=85?= =?UTF-8?q?=E6=A0=B8dns=E4=B8=AD=E5=AF=B9independent=5Fcache=E5=92=8Crever?= =?UTF-8?q?se=5Fmapping=E7=9A=84=E6=94=B9=E5=8A=A8=20~=E4=BF=AE=E5=A4=8D?= =?UTF-8?q?=E9=83=A8=E5=88=86=E6=83=85=E5=86=B5=E4=B8=8B=E5=90=AF=E5=8A=A8?= =?UTF-8?q?=E6=8F=90=E7=A4=BA=E7=BC=BA=E5=B0=91dns-out=E7=9A=84=E9=97=AE?= =?UTF-8?q?=E9=A2=98=20~=E4=BF=AE=E5=A4=8D=E5=B1=8F=E8=94=BDQUIC=E5=8A=9F?= =?UTF-8?q?=E8=83=BDip6tables=E8=AF=AF=E5=86=99=E4=B8=BAiptables=E7=9A=84b?= =?UTF-8?q?ug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- scripts/start.sh | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/scripts/start.sh b/scripts/start.sh index 77b06f5..9a47438 100644 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -660,8 +660,8 @@ EOF { "query_type": [ "A", "AAAA" ], "server": "dns_fakeip", "rewrite_ttl": 1 } ], "final": "dns_direct", - "independent_cache": false, - "reverse_mapping": false, + "independent_cache": true, + "reverse_mapping": true, "fakeip": { "enabled": true, "inet4_range": "198.18.0.0/16", "inet6_range": "fc00::/16" } } } @@ -751,14 +751,17 @@ EOF EOF fi #生成add_outbounds.json - [ -z "$(cat "$CRASHDIR"/jsons/*.json | grep -oE '"tag" *: *"DIRECT"')" ] && add_direct='{ "type": "direct", "tag": "DIRECT" }' - [ -z "$(cat "$CRASHDIR"/jsons/*.json | grep -oE '"tag" *: *"REJECT"')" ] && add_reject='{ "type": "block", "tag": "REJECT" }' + [ -z "$(cat "$CRASHDIR"/jsons/*.json | grep -oE '"tag" *: *"DIRECT"')" ] && add_direct='{ "tag": "DIRECT", "type": "direct" }' + [ -z "$(cat "$CRASHDIR"/jsons/*.json | grep -oE '"tag" *: *"REJECT"')" ] && add_reject='{ "tag": "REJECT", "type": "block" }' + [ -z "$(cat "$CRASHDIR"/jsons/*.json | grep -oE '"tag" *: *"dns-out"')" ] && add_dnsout='{ "tag": "dns-out", "type": "dns" }' [ -n "$add_direct" -a -n "$add_reject" ] && add_direct="${add_direct}," - [ -n "$add_direct" -o -n "$add_reject" ] && cat >"$TMPDIR"/jsons/add_outbounds.json <"$TMPDIR"/jsons/add_outbounds.json </dev/null 2>&1 || nft add table inet fw4 + nft list chain inet fw4 forward >/dev/null 2>&1 || nft add chain inet fw4 forward { type filter hook forward priority filter \; } 2>/dev/null + nft list chain inet fw4 input >/dev/null 2>&1 || nft add chain inet fw4 input { type filter hook input priority filter \; } 2>/dev/null + nft list chain inet fw4 forward | grep -q 'oifname "utun" accept' || nft insert rule inet fw4 forward oifname "utun" accept + nft list chain inet fw4 input | grep -q 'oifname "utun" accept' || nft insert rule inet fw4 input iifname "utun" accept } [ "$local_proxy" = true ] && start_nft_route output output route -150 } @@ -1368,8 +1374,8 @@ stop_firewall() { #还原防火墙配置 ip6tables -D FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellCrash-QUIC-REJECT" -j REJECT >/dev/null 2>&1 #屏蔽QUIC [ "$dns_mod" != "fake-ip" -a "$cn_ipv6_route" = "已开启" ] && set_cn_ip6='-m set ! --match-set cn_ip6 dst' - iptables -D INPUT -p udp --dport 443 -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip6 -j REJECT 2>/dev/null - iptables -D FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip6 -j REJECT 2>/dev/null + ip6tables -D INPUT -p udp --dport 443 -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip6 -j REJECT 2>/dev/null + ip6tables -D FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip6 -j REJECT 2>/dev/null #公网访问 ip6tables -D INPUT -p tcp --dport $mix_port -j REJECT 2>/dev/null ip6tables -D INPUT -p tcp --dport $mix_port -j ACCEPT 2>/dev/null