diff --git a/scripts/menus/2_settings.sh b/scripts/menus/2_settings.sh index f1be2a70..3c880c2a 100644 --- a/scripts/menus/2_settings.sh +++ b/scripts/menus/2_settings.sh @@ -304,7 +304,7 @@ set_fw_filter(){ #流量过滤 ;; 1) echo "-----------------------------------------------" - if [ -n "$(pidof CrashCore)" ]; then + if [ -n "$(pidof CrashCore)" ] && [ "$firewall_mod" = 'iptables' ]; then read -p "切换时将停止服务,是否继续?(1/0) > " res [ "$res" = 1 ] && "$CRASHDIR"/start.sh stop && set_common_ports else diff --git a/scripts/menus/6_core_config.sh b/scripts/menus/6_core_config.sh index bed2aab7..c23317c3 100644 --- a/scripts/menus/6_core_config.sh +++ b/scripts/menus/6_core_config.sh @@ -372,16 +372,16 @@ EOF } } if [ -z "$(grep "provider_temp_${coretype}" "$CRASHDIR"/configs/ShellCrash.cfg)" ];then - provider_temp_file=$(sed -n "1 p" "$CRASHDIR"/configs/${coretype}_providers.list | awk '{print $2}') + provider_temp_file="$TMPDIR/$(sed -n "1 p" "$CRASHDIR"/configs/${coretype}_providers.list | awk '{print $2}')" else provider_temp_file=$(grep "provider_temp_${coretype}" "$CRASHDIR"/configs/ShellCrash.cfg | awk -F '=' '{print $2}') fi echo "-----------------------------------------------" - if [ -s ${provider_temp_file} ];then - ln -sf ${provider_temp_file} "$TMPDIR"/provider_temp_file + if [ -s "$provider_temp_file" ];then + ln -sf "$provider_temp_file" "$TMPDIR"/provider_temp_file else echo -e "\033[33m正在获取在线模版!\033[0m" - get_bin "$TMPDIR"/provider_temp_file rules/${coretype}_providers/${provider_temp_file} + get_bin "$TMPDIR"/provider_temp_file "rules/${coretype}_providers/$provider_temp_file" [ -z "$(grep -o 'rules' "$TMPDIR"/provider_temp_file)" ] && { echo -e "\033[31m下载失败,请尝试更换安装源!\033[0m" . "$CRASHDIR"/menus/9_upgrade.sh && setserver @@ -469,16 +469,16 @@ EOF EOF } if [ -z "$(grep "provider_temp_${coretype}" "$CRASHDIR"/configs/ShellCrash.cfg)" ];then - provider_temp_file=$(sed -n "1 p" "$CRASHDIR"/configs/${coretype}_providers.list | awk '{print $2}') + provider_temp_file="$TMPDIR/$(sed -n "1 p" "$CRASHDIR"/configs/${coretype}_providers.list | awk '{print $2}')" else provider_temp_file=$(grep "provider_temp_${coretype}" "$CRASHDIR"/configs/ShellCrash.cfg | awk -F '=' '{print $2}') fi echo "-----------------------------------------------" - if [ -s ${provider_temp_file} ];then - ln -sf ${provider_temp_file} "$TMPDIR"/provider_temp_file + if [ -s "$provider_temp_file" ];then + ln -sf "$provider_temp_file" "$TMPDIR"/provider_temp_file else echo -e "\033[33m正在获取在线模版!\033[0m" - get_bin "$TMPDIR"/provider_temp_file rules/${coretype}_providers/${provider_temp_file} + get_bin "$TMPDIR"/provider_temp_file "rules/${coretype}_providers/$provider_temp_file" [ -z "$(grep -o 'route' "$TMPDIR"/provider_temp_file)" ] && { echo -e "\033[31m下载失败,请尝试更换安装源!\033[0m" . "$CRASHDIR"/menus/9_upgrade.sh && setserver diff --git a/scripts/menus/7_gateway.sh b/scripts/menus/7_gateway.sh index 9313484e..de3d7c5c 100644 --- a/scripts/menus/7_gateway.sh +++ b/scripts/menus/7_gateway.sh @@ -28,7 +28,13 @@ gateway(){ case "$num" in 0) ;; 1) - set_fw_wan + echo "-----------------------------------------------" + if [ -n "$(pidof CrashCore)" ] && [ "$firewall_mod" = 'iptables' ]; then + read -p "需要先停止服务,是否继续?(1/0) > " res + [ "$res" = 1 ] && "$CRASHDIR"/start.sh stop && set_fw_wan + else + set_fw_wan + fi gateway ;; 2) diff --git a/scripts/menus/dns.sh b/scripts/menus/dns.sh index 1407f068..ac955054 100644 --- a/scripts/menus/dns.sh +++ b/scripts/menus/dns.sh @@ -7,7 +7,7 @@ __IS_MODULE_DNS_LOADED=1 set_dns_mod() { #DNS模式设置 [ -z "$hosts_opt" ] && hosts_opt=ON [ -z "$dns_protect" ] && dns_protect=ON - [ -z "$ecs_subnet" ] && ecs_subnet=OFF || ecs_subnet=ON + [ -z "$ecs_subnet" ] && ecs_subnet=OFF echo "-----------------------------------------------" echo -e "当前DNS运行模式为:\033[47;30m $dns_mod \033[0m" echo -e "\033[33m切换模式后需要手动重启服务以生效!\033[0m" diff --git a/scripts/start.sh b/scripts/start.sh index 3e7142fb..e024559c 100644 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -16,13 +16,13 @@ . "$CRASHDIR"/libs/web_save.sh #特殊脚本 bfstart(){ - "$CRASHDIR"/starts/bfstart.sh + . "$CRASHDIR"/starts/bfstart.sh } afstart(){ - "$CRASHDIR"/starts/afstart.sh + . "$CRASHDIR"/starts/afstart.sh } stop_firewall(){ - "$CRASHDIR"/starts/fw_stop.sh + . "$CRASHDIR"/starts/fw_stop.sh } #保守模式启动 start_l(){ diff --git a/scripts/starts/fw_stop.sh b/scripts/starts/fw_stop.sh index 21fc3ee9..154e40fa 100644 --- a/scripts/starts/fw_stop.sh +++ b/scripts/starts/fw_stop.sh @@ -8,8 +8,10 @@ . "$CRASHDIR"/starts/fw_getlanip.sh && getlanip #获取局域网host地址 #缺省值 [ -z "$common_ports" ] && common_ports='ON' -[ -z "$multiport" ] && multiport='22,80,143,194,443,465,587,853,993,995,5222,8080,8443' +[ -z "$multiport" ] && multiport='22,80,443,8080,8443' [ "$common_ports" = "ON" ] && ports="-m multiport --dports $multiport" +[ -f "$CRASHDIR"/configs/gateway.cfg ] && . "$CRASHDIR"/configs/gateway.cfg +accept_ports=$(echo "$fw_wan_ports,$vms_port,$sss_port" | sed "s/,,/,/g ;s/^,// ;s/,$//") #重置iptables相关规则 ckcmd iptables && { ckcmd iptables && iptables -h | grep -q '\-w' && iptable='iptables -w' || iptable=iptables @@ -51,8 +53,8 @@ ckcmd iptables && { for ip in $host_ipv4; do $iptable -D INPUT -s $ip -j ACCEPT 2>/dev/null done - $iptable -D INPUT -p tcp -m multiport --dports "$fw_wan_ports" -j ACCEPT 2>/dev/null - $iptable -D INPUT -p udp -m multiport --dports "$fw_wan_ports" -j ACCEPT 2>/dev/null + $iptable -D INPUT -p tcp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null + $iptable -D INPUT -p udp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null $iptable -D INPUT -p tcp -m multiport --dports "$mix_port,$db_port,$dns_port" -j REJECT 2>/dev/null $iptable -D INPUT -p udp -m multiport --dports "$mix_port,$db_port,$dns_port" -j REJECT 2>/dev/null #清理shellcrash自建表 @@ -101,8 +103,8 @@ ckcmd ip6tables && { for ip in $host_ipv6; do $ip6table -D INPUT -s $ip -j ACCEPT 2>/dev/null done - $ip6table -D INPUT -p tcp -m multiport --dports "$fw_wan_ports" -j ACCEPT 2>/dev/null - $ip6table -D INPUT -p udp -m multiport --dports "$fw_wan_ports" -j ACCEPT 2>/dev/null + $ip6table -D INPUT -p tcp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null + $ip6table -D INPUT -p udp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null $ip6table -D INPUT -p tcp -m multiport --dports "$mix_port,$db_port,$dns_port" -j REJECT 2>/dev/null $ip6table -D INPUT -p udp -m multiport --dports "$mix_port,$db_port,$dns_port" -j REJECT 2>/dev/null #清理shellcrash自建表 diff --git a/scripts/starts/singbox_modify.sh b/scripts/starts/singbox_modify.sh index 3d6fd345..e1c02052 100644 --- a/scripts/starts/singbox_modify.sh +++ b/scripts/starts/singbox_modify.sh @@ -53,7 +53,7 @@ modify_json() { } cat "$TMPDIR"/format.json | sed -n '/"route":/,/^\( "[a-z]\|}\)/p' | sed '$d' >>"$TMPDIR"/jsons/route.json #生成endpoints.json - [ "$ts_service" = ON ] || [ "$wg_service" = ON ] && { + [ "$ts_service" = ON ] || [ "$wg_service" = ON ] && [ "$zip_type" != upx ] && { . "$CRASHDIR"/configs/gateway.cfg . "$CRASHDIR"/libs/sb_endpoints.sh } @@ -104,7 +104,10 @@ EOF [ -z "$auto_detour" ] && auto_detour=$(grep -E '"type": "selector"' -A 1 "$TMPDIR"/jsons/outbounds.json | grep '"tag":' | head -n 1 | sed 's/^[[:space:]]*"tag": //;s/,$//') [ -z "$auto_detour" ] && auto_detour='"DIRECT"' #ecs优化 - [ "$ecs_subnet" = ON ] && . "$CRASHDIR"/libs/get_ecsip.sh + [ "$ecs_subnet" = ON ] && { + . "$CRASHDIR"/libs/get_ecsip.sh + client_subnet='"client_subnet": "'"$ecs_address"'",' + } #根据dns模式生成 [ "$dns_mod" = "redir_host" ] && { global_dns=dns_proxy @@ -157,7 +160,6 @@ EOF $(parse_singbox_dns "$dns_fallback") "routing_mark": $routing_mark, "detour": $auto_detour, - "client_subnet": "$ecs_address", "domain_resolver": "dns_resolver" }, { @@ -191,6 +193,7 @@ EOF "final": "dns_proxy", "strategy": "$strategy", "independent_cache": true, + $client_subnet "reverse_mapping": true } }