xm/ShellCrash
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v1.6.0pre7

Browse Source 
~修复屏蔽QUIC功能在混合模式不生效的bug
~修复混合端口在达成条件后依然无法访问的bug
This commit is contained in:
juewuy
2022-05-18 20:55:14 +08:00
parent 27914bb5eb
commit 71c3687cf7
4 changed files with 18 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
bin/clashfm.tar.gz
View File

Binary file not shown.

2
bin/version
View File

@@ -2,5 +2,5 @@ clashnet_v=v1.7.6
clashpre_v=2021.09.15 clashpre_v=2021.09.15
clash_v=v1.7.1 clash_v=v1.7.1
meta_v=1.11.0 meta_v=1.11.0
versionsh=1.6.0pre6
GeoIP_v=20220517 GeoIP_v=20220517
versionsh=1.6.0pre7

2
scripts/getdate.sh
View File

@@ -609,8 +609,6 @@ getdb(){
sed -i "s/127.0.0.1:9090/${host}:${db_port}/g" $dbdir/*.html sed -i "s/127.0.0.1:9090/${host}:${db_port}/g" $dbdir/*.html
#sed -i "s/7892/${db_port}/g" $dbdir/app*.js #sed -i "s/7892/${db_port}/g" $dbdir/app*.js
fi fi
#如果clash在运行则重启clash服务
[ "$dbdir" != "/www/clash" ] && [ -n "$PID" ] && $clashdir/start.sh restart
#写入配置文件 #写入配置文件
setconfig hostdir \'$hostdir\' setconfig hostdir \'$hostdir\'
echo ----------------------------------------------- echo -----------------------------------------------

20
scripts/start.sh
View File

@@ -445,7 +445,7 @@ start_redir(){
#Docker特殊处理 #Docker特殊处理
[ "$local_proxy" = "已开启" ] && iptables -t nat -I PREROUTING -s 172.16.0.0/12 -j clash [ "$local_proxy" = "已开启" ] && iptables -t nat -I PREROUTING -s 172.16.0.0/12 -j clash
#禁用QUIC #禁用QUIC
if [ "$quic_rj" = 已启用 ] && [ "$redir_mod" = "混合模式" -o "$redir_mod" = "Tun模式" -o "$tproxy_mod" = "已开启" ];then if [ "$quic_rj" = 已启用 ] && [ "$tproxy_mod" = "已开启" ];then
[ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && set_cn_ip='-m set ! --match-set cn_ip dst' [ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && set_cn_ip='-m set ! --match-set cn_ip dst'
iptables -I INPUT -p udp --dport 443 -m comment --comment "ShellClash QUIC REJECT" $set_cn_ip -j REJECT >/dev/null 2>&1 iptables -I INPUT -p udp --dport 443 -m comment --comment "ShellClash QUIC REJECT" $set_cn_ip -j REJECT >/dev/null 2>&1
fi fi
@@ -564,8 +564,12 @@ start_output(){
iptables -t nat -A OUTPUT -p udp --dport 53 -s 172.16.0.0/12 -j clash_dns_out iptables -t nat -A OUTPUT -p udp --dport 53 -s 172.16.0.0/12 -j clash_dns_out
} }
start_tun(){ start_tun(){
iptables -I FORWARD -o utun -j ACCEPT if [ "$quic_rj" = 已启用 ];then
ip6tables -I FORWARD -o utun -j ACCEPT > /dev/null 2>&1 [ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && set_cn_ip='-m set ! --match-set cn_ip dst'
iptables -I FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellClash QUIC REJECT" $set_cn_ip -j REJECT >/dev/null 2>&1
fi
iptables -A FORWARD -o utun -j ACCEPT
#ip6tables -A FORWARD -o utun -j ACCEPT > /dev/null 2>&1
} }
start_wan(){ start_wan(){
[ "$mix_port" = "7890" -o -z "$authentication" ] && { [ "$mix_port" = "7890" -o -z "$authentication" ] && {
@@ -577,6 +581,10 @@ start_wan(){
type ip6tables >/dev/null 2>&1 && ip6tables -A INPUT -p tcp --dport $mix_port -j REJECT 2> /dev/null type ip6tables >/dev/null 2>&1 && ip6tables -A INPUT -p tcp --dport $mix_port -j REJECT 2> /dev/null
} }
if [ "$public_support" = "已开启" ];then if [ "$public_support" = "已开启" ];then
[ "$mix_port" != "7890" -a -n "$authentication" ] && {
iptables -I INPUT -p tcp --dport $mix_port -j ACCEPT
type ip6tables >/dev/null 2>&1 && ip6tables -I INPUT -p tcp --dport $mix_port -j ACCEPT 2> /dev/null
}
iptables -I INPUT -p tcp --dport $db_port -j ACCEPT iptables -I INPUT -p tcp --dport $db_port -j ACCEPT
type ip6tables >/dev/null 2>&1 && ip6tables -I INPUT -p tcp --dport $db_port -j ACCEPT 2> /dev/null type ip6tables >/dev/null 2>&1 && ip6tables -I INPUT -p tcp --dport $db_port -j ACCEPT 2> /dev/null
fi fi
@@ -595,6 +603,10 @@ stop_iptables(){
iptables -t nat -F clash_dns 2> /dev/null iptables -t nat -F clash_dns 2> /dev/null
iptables -t nat -X clash_dns 2> /dev/null iptables -t nat -X clash_dns 2> /dev/null
iptables -D FORWARD -o utun -j ACCEPT 2> /dev/null iptables -D FORWARD -o utun -j ACCEPT 2> /dev/null
#重置屏蔽QUIC规则
[ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && set_cn_ip='-m set ! --match-set cn_ip dst'
iptables -D INPUT -p udp --dport 443 -m comment --comment "ShellClash QUIC REJECT" $set_cn_ip -j REJECT >/dev/null 2>&1
iptables -D FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellClash QUIC REJECT" $set_cn_ip -j REJECT >/dev/null 2>&1
#重置output规则 #重置output规则
iptables -t nat -D OUTPUT -p tcp -s 127.0.0.0/8 -j clash_out 2> /dev/null iptables -t nat -D OUTPUT -p tcp -s 127.0.0.0/8 -j clash_out 2> /dev/null
iptables -t nat -D OUTPUT -p tcp -s 172.16.0.0/12 -j clash_out 2> /dev/null iptables -t nat -D OUTPUT -p tcp -s 172.16.0.0/12 -j clash_out 2> /dev/null
@@ -618,6 +630,8 @@ stop_iptables(){
iptables -D INPUT -p tcp -s 192.168.0.0/16 --dport $mix_port -j ACCEPT 2> /dev/null iptables -D INPUT -p tcp -s 192.168.0.0/16 --dport $mix_port -j ACCEPT 2> /dev/null
iptables -D INPUT -p tcp --dport $mix_port -j REJECT 2> /dev/null iptables -D INPUT -p tcp --dport $mix_port -j REJECT 2> /dev/null
ip6tables -D INPUT -p tcp --dport $mix_port -j REJECT 2> /dev/null ip6tables -D INPUT -p tcp --dport $mix_port -j REJECT 2> /dev/null
iptables -D INPUT -p tcp --dport $mix_port -j ACCEPT 2> /dev/null
ip6tables -D INPUT -p tcp --dport $mix_port -j ACCEPT 2> /dev/null
iptables -D INPUT -p tcp --dport $db_port -j ACCEPT 2> /dev/null iptables -D INPUT -p tcp --dport $db_port -j ACCEPT 2> /dev/null
ip6tables -D INPUT -p tcp --dport $db_port -j ACCEPT 2> /dev/null ip6tables -D INPUT -p tcp --dport $db_port -j ACCEPT 2> /dev/null
#重置ipv6规则 #重置ipv6规则