diff --git a/bin/clashfm.tar.gz b/bin/clashfm.tar.gz index 150f9a7..1613eb6 100644 Binary files a/bin/clashfm.tar.gz and b/bin/clashfm.tar.gz differ diff --git a/bin/version b/bin/version index 3f025bf..e1b30c4 100644 --- a/bin/version +++ b/bin/version @@ -1,4 +1,4 @@ clash_v=1.6.0 clashpre_v=2021.05.08 GeoIP_v=20210514 -versionsh=1.3.0 +versionsh=1.3.1-test diff --git a/install.sh b/install.sh index 8890cf5..5428ed1 100644 --- a/install.sh +++ b/install.sh @@ -37,7 +37,7 @@ webget(){ url="https://cdn.jsdelivr.net/gh/juewuy/ShellClash" if [ "$test" -gt 0 ];then url="https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master" - [ "$test" -eq 2 ] && url="http://192.168.31.31:8080/ShellClash" + [ "$test" -eq 2 ] && url="http://192.168.0.4:8080/ShellClash" [ "$test" -eq 3 ] && url="http://192.168.123.90:8080/clash-for-Miwifi" else webget /tmp/clashrelease $url@master/bin/release_version echoon rediroff 2>/tmp/clashrelease @@ -78,6 +78,7 @@ gettar(){ mv $clashdir/clash.service $sysdir/clash.service sed -i "s%/etc/clash%$clashdir%g" $sysdir/clash.service systemctl daemon-reload + useradd shellclash else #设为保守模式启动 sed -i '/start_old=*/'d $clashdir/mark diff --git a/scripts/clash.service b/scripts/clash.service index ab7aad2..7663212 100644 --- a/scripts/clash.service +++ b/scripts/clash.service @@ -5,7 +5,7 @@ After=network.target [Service] Type=simple User=root -ExecStart=/etc/clash/clash -d /etc/clash +ExecStart=su shellclash -c "/etc/clash/clash -d /etc/clash" ExecStartPost=/etc/clash/start.sh afstart Restart=on-failure RestartSec=3s diff --git a/scripts/clash.sh b/scripts/clash.sh index d6906bd..2446413 100644 --- a/scripts/clash.sh +++ b/scripts/clash.sh @@ -471,8 +471,7 @@ localproxy(){ echo ----------------------------------------------- echo -e " 1 \033[36m$proxy_set本机代理\033[0m" echo -e " 2 使用\033[32m环境变量\033[0m方式配置" - echo -e " 3 使用\033[32mGNOME桌面API\033[0m配置" - echo -e " 4 使用\033[32mKDE桌面API\033[0m配置" + echo -e " 3 使用\033[32miptables增强模式\033[0m配置(仅支持Linux系统)" echo -e " 0 返回上级菜单" echo ----------------------------------------------- read -p "请输入对应数字 > " num @@ -506,20 +505,11 @@ localproxy(){ setconfig local_proxy_type $local_proxy_type localproxy elif [ "$num" = 3 ]; then - if gsettings --version >/dev/null 2>&1 ;then - local_proxy_type="GNOME" + if id shellclash >/dev/null 2>&1 ;then + local_proxy_type="iptables增强模式" setconfig local_proxy_type $local_proxy_type else - echo -e "\033[31m没有找到GNOME桌面,无法设置!\033[0m" - sleep 1 - fi - localproxy - elif [ "$num" = 4 ]; then - if kwriteconfig5 -h >/dev/null 2>&1 ;then - local_proxy_type="KDE" - setconfig local_proxy_type $local_proxy_type - else - echo -e "\033[31m没有找到KDE桌面,无法设置!\033[0m" + echo -e "\033[31m当前设备无法使用增强模式!\033[0m" sleep 1 fi localproxy @@ -660,7 +650,7 @@ clashcfg(){ echo -e " 3 跳过本地证书验证: \033[36m$skip_cert\033[0m ————解决节点证书验证错误" echo -e " 4 只代理常用端口: \033[36m$common_ports\033[0m ————用于过滤P2P流量" echo -e " 5 过滤局域网设备: \033[36m$mac_return\033[0m ————使用黑名单/白名单进行过滤" - echo -e " 6 设置本机代理服务: \033[36m$local_proxy\033[0m ————使用环境变量或GUI/api配置本机代理" + echo -e " 6 设置本机代理服务: \033[36m$local_proxy\033[0m ————使用环境变量或iptables配置本机代理" echo ----------------------------------------------- echo -e " 0 返回上级菜单 \033[0m" echo ----------------------------------------------- diff --git a/scripts/getdate.sh b/scripts/getdate.sh index eff8377..f62ae4e 100644 --- a/scripts/getdate.sh +++ b/scripts/getdate.sh @@ -359,6 +359,7 @@ gettar(){ mv $clashdir/clash.service $sysdir/clash.service sed -i "s%/etc/clash%$clashdir%g" $sysdir/clash.service systemctl daemon-reload + useradd shellclash else #设为保守模式启动 sed -i '/start_old=*/'d $clashdir/mark @@ -853,6 +854,7 @@ update(){ rm -rf /etc/systemd/system/clash.service rm -rf /usr/lib/systemd/system/clash.service rm -rf /www/clash + userdel -r shellclash echo ----------------------------------------------- echo -e "\033[36m已卸载ShellClash相关文件!有缘再会!\033[0m" echo -e "\033[33m请手动关闭当前窗口以重置环境变量!\033[0m" diff --git a/scripts/start.sh b/scripts/start.sh index d374fac..ad0279c 100644 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -417,6 +417,50 @@ start_udp(){ fi iptables -t mangle -A PREROUTING -p udp $lanhost -j clash } +start_output(){ + #流量过滤规则 + iptables -t nat -N clash_out + iptables -t nat -A clash_out -m owner --uid-owner shellclash -j RETURN + iptables -t nat -A clash_out -d 0.0.0.0/8 -j RETURN + iptables -t nat -A clash_out -d 10.0.0.0/8 -j RETURN + iptables -t nat -A clash_out -d 127.0.0.0/8 -j RETURN + iptables -t nat -A clash_out -d 169.254.0.0/16 -j RETURN + iptables -t nat -A clash_out -d 172.16.0.0/12 -j RETURN + iptables -t nat -A clash_out -d 192.168.0.0/16 -j RETURN + iptables -t nat -A clash_out -d 224.0.0.0/4 -j RETURN + iptables -t nat -A clash_out -d 240.0.0.0/4 -j RETURN + if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then + #mac白名单 + for mac in $(cat $clashdir/mac); do + iptables -t nat -A clash_out -p tcp $ports -m mac --mac-source $mac -j REDIRECT --to-ports $redir_port + done + else + #mac黑名单 + for mac in $(cat $clashdir/mac); do + iptables -t nat -A clash_out -m mac --mac-source $mac -j RETURN + done + iptables -t nat -A clash_out -p tcp $ports -j REDIRECT --to-ports $redir_port + fi + iptables -t nat -A OUTPUT -p tcp -j clash_out + #设置dns转发 + iptables -t nat -N clash_dns_out + iptables -t nat -A clash_dns_out -m owner --uid-owner shellclash -j RETURN + if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then + #mac白名单 + for mac in $(cat $clashdir/mac); do + iptables -t nat -A clash_dns_out -p udp --dport 53 -m mac --mac-source $mac -j REDIRECT --to $dns_port + iptables -t nat -A clash_dns_out -p tcp --dport 53 -m mac --mac-source $mac -j REDIRECT --to $dns_port + done + else + #mac黑名单 + for mac in $(cat $clashdir/mac); do + iptables -t nat -A clash_dns_out -m mac --mac-source $mac -j RETURN + done + iptables -t nat -A clash_dns_out -p udp --dport 53 -j REDIRECT --to $dns_port + iptables -t nat -A clash_dns_out -p tcp --dport 53 -j REDIRECT --to $dns_port + fi + iptables -t nat -A OUTPUT -p udp -j clash_dns_out +} stop_iptables(){ gethost #获取本地局域网地址段 #重置iptables规则 @@ -431,6 +475,13 @@ stop_iptables(){ iptables -t nat -F clash_dns 2> /dev/null iptables -t nat -X clash_dns 2> /dev/null iptables -D FORWARD -o utun -j ACCEPT 2> /dev/null + #重置output规则 + iptables -t nat -D OUTPUT -p tcp -j clash_out 2> /dev/null + iptables -t nat -F clash_out 2> /dev/null + iptables -t nat -X clash_out 2> /dev/null + iptables -t nat -D OUTPUT -p udp -j clash_dns_out 2> /dev/null + iptables -t nat -F clash_dns_out 2> /dev/null + iptables -t nat -X clash_dns_out 2> /dev/null #重置udp规则 iptables -t mangle -D PREROUTING -p udp $lanhost -j clash 2> /dev/null iptables -t mangle -F clash 2> /dev/null @@ -682,14 +733,9 @@ cronset) ;; set_proxy) getconfig - #GNOME配置 - if [ "$local_proxy_type" = "GNOME" ];then - gsettings set org.gnome.system.proxy autoconfig-url "http://127.0.0.1:$db_port/ui/pac" - gsettings set org.gnome.system.proxy mode "auto" - #KDE配置 - elif [ "$local_proxy_type" = "KDE" ];then - kwriteconfig5 --file kioslaverc --group "Proxy Settings" --key "Proxy Config Script" "http://127.0.0.1:$db_port/ui/pac" - kwriteconfig5 --file kioslaverc --group "Proxy Settings" --key "ProxyType" 2 + #iptables增强模式 + if [ "$local_proxy_type" = "iptables增强模式" ];then + start_output #环境变量方式 else [ -w ~/.bashrc ] && profile=~/.bashrc @@ -698,16 +744,7 @@ set_proxy) echo 'export ALL_PROXY=$all_proxy' >> $profile fi ;; -unset_proxy) - #GNOME配置 - if gsettings --version >/dev/null 2>&1 ;then - gsettings set org.gnome.system.proxy mode "none" - fi - #KDE配置 - if kwriteconfig5 -h >/dev/null 2>&1 ;then - kwriteconfig5 --file kioslaverc --group "Proxy Settings" --key "ProxyType" 0 - fi - #环境变量方式 +unset_proxy) [ -w ~/.bashrc ] && profile=~/.bashrc [ -w /etc/profile ] && profile=/etc/profile sed -i '/all_proxy/'d $profile