From 9624b5456c9d134120b0c5e303c6343a8b25291e Mon Sep 17 00:00:00 2001 From: juewuy Date: Tue, 3 Nov 2020 23:10:57 +0800 Subject: [PATCH] =?UTF-8?q?v1.0.0beta16.5=20~=E4=BF=AE=E5=A4=8D=E7=99=BD?= =?UTF-8?q?=E5=90=8D=E5=8D=95=E6=A8=A1=E5=BC=8F=E9=83=A8=E5=88=86=E6=83=85?= =?UTF-8?q?=E5=86=B5=E4=B8=8B=E4=B8=8D=E5=8F=AF=E7=94=A8=E7=9A=84bug=20~?= =?UTF-8?q?=E5=B1=8F=E8=94=BD=E4=B8=8D=E4=BD=BF=E7=94=A8=E6=9C=AC=E5=9C=B0?= =?UTF-8?q?dns=E5=8A=9F=E8=83=BD=EF=BC=8C=E5=A6=82=E6=9C=89=E9=9C=80?= =?UTF-8?q?=E6=B1=82=E5=8F=AF=E5=9C=A8dns=E9=85=8D=E7=BD=AE=E4=B8=AD?= =?UTF-8?q?=E8=87=AA=E8=A1=8C=E7=BC=96=E8=BE=91=20~=E5=B1=8F=E8=94=BD?= =?UTF-8?q?=E4=BD=BF=E7=94=A8=E8=87=AA=E5=AE=9A=E4=B9=89=E9=85=8D=E7=BD=AE?= =?UTF-8?q?=E5=8A=9F=E8=83=BD=EF=BC=8C=E7=8E=B0=E5=9C=A8=E5=8F=AF=E4=BB=A5?= =?UTF-8?q?=E6=89=8B=E5=8A=A8=E5=B0=86=E8=87=AA=E5=AE=9A=E4=B9=89=E8=AE=BE?= =?UTF-8?q?=E7=BD=AE=E5=86=99=E5=85=A5user.yaml=E3=80=81=E8=87=AA=E5=AE=9A?= =?UTF-8?q?=E4=B9=89=E8=A7=84=E5=88=99=E5=86=99=E5=85=A5rules.yaml,?= =?UTF-8?q?=E8=BF=90=E8=A1=8C=E6=97=B6=E4=BC=9A=E8=87=AA=E5=8A=A8=E5=90=88?= =?UTF-8?q?=E5=B9=B6=E9=85=8D=E7=BD=AE=E6=96=87=E4=BB=B6=20~=E4=BF=AE?= =?UTF-8?q?=E5=A4=8D=E8=AE=BE=E7=BD=AEhttp=E4=BB=A3=E7=90=86=E5=8A=A0?= =?UTF-8?q?=E5=AF=86=E5=90=8E=E5=AF=BC=E8=87=B4=E6=9B=B4=E6=96=B0=E6=A3=80?= =?UTF-8?q?=E6=B5=8B=E5=A4=B1=E8=B4=A5=E7=9A=84bug=20~=E4=BF=AE=E5=A4=8D?= =?UTF-8?q?=E6=B7=BB=E5=8A=A03=E4=B8=AA=E4=BB=A5=E4=B8=8Adns=E6=97=B6?= =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E5=A4=B1=E8=B4=A5=E7=9A=84bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- scripts/clash.sh | 2 +- scripts/start.sh | 78 ++++++++++++++++++++++++++++++++++-------------- 2 files changed, 56 insertions(+), 24 deletions(-) diff --git a/scripts/clash.sh b/scripts/clash.sh index 3723317..61c6c11 100644 --- a/scripts/clash.sh +++ b/scripts/clash.sh @@ -585,7 +585,7 @@ clashcfg(){ echo -e " 2 切换DNS运行模式: \033[36m$dns_mod\033[0m" echo -e " 3 跳过本地证书验证: \033[36m$skip_cert\033[0m ————解决节点证书验证错误" echo -e " 4 只代理常用端口: \033[36m$common_ports\033[0m ————用于屏蔽P2P流量" - echo -e " 5 过滤局域网mac地址: \033[36m$mac_return\033[0m ————列表内设备不走代理" + echo -e " 5 过滤局域网mac地址: \033[36m$mac_return\033[0m ————当前为$macfilter_type模式" echo -e " 6 设置本机代理服务: \033[36m$local_proxy\033[0m ————使用环境变量或GUI/api配置本机代理" echo ----------------------------------------------- echo -e " 9 \033[32m重启\033[0mclash服务" diff --git a/scripts/start.sh b/scripts/start.sh index d143eda..07b07c9 100644 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -27,8 +27,7 @@ getconfig(){ [ -z "$dns_nameserver" ] && dns_nameserver='114.114.114.114, 223.5.5.5' [ -z "$dns_fallback" ] && dns_fallback='1.0.0.1, 8.8.4.4' #是否代理常用端口 - [ "$common_ports" = "已开启" ] && ports='-m multiport --dports 53,587,465,995,993,143,80,443 ' - [ "$macfilter_type" = "白名单" ] && mac_white='!' + [ "$common_ports" = "已开启" ] && ports='-m multiport --dports 53,587,465,995,993,143,80,443' } setconfig(){ #参数1代表变量名,参数2代表变量值,参数3即文件路径 @@ -259,20 +258,35 @@ start_redir(){ iptables -t nat -A clash -d 192.168.0.0/16 -j RETURN iptables -t nat -A clash -d 224.0.0.0/4 -j RETURN iptables -t nat -A clash -d 240.0.0.0/4 -j RETURN - for mac in $(cat $clashdir/mac); do - iptables -t nat -A clash -m mac $mac_white --mac-source $mac -j RETURN - done - #设置防火墙流量转发 - iptables -t nat -A clash -p tcp $ports-j REDIRECT --to-ports $redir_port - iptables -t nat -A PREROUTING -p tcp -j clash + if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then + #mac白名单 + for mac in $(cat $clashdir/mac); do + iptables -t nat -A clash -p tcp -m mac --mac-source $mac -j REDIRECT --to-ports $redir_port + done + else + #mac黑名单 + for mac in $(cat $clashdir/mac); do + iptables -t nat -A clash -m mac --mac-source $mac -j RETURN + done + iptables -t nat -A clash -p tcp -j REDIRECT --to-ports $redir_port + fi + #转发设置 + iptables -t nat -A PREROUTING -p tcp $ports -j clash #设置ipv6转发 if [ -n "ip6_nat" -a "$ipv6_support" = "已开启" ];then ip6tables -t nat -N clashv6 - for mac in $(cat $clashdir/mac); do - ip6tables -t nat -A clashv6 -m mac --mac-source $mac -j RETURN - done - ip6tables -t nat -A clashv6 -p tcp $ports-j REDIRECT --to-ports $redir_port - ip6tables -t nat -A PREROUTING -p tcp -j clashv6 + if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then + #mac白名单 + for mac in $(cat $clashdir/mac); do + ip6tables -t nat -A clashv6 -p tcp -m mac --mac-source $mac -j REDIRECT --to-ports $redir_port + done + else + #mac黑名单 + for mac in $(cat $clashdir/mac); do + ip6tables -t nat -A clashv6 -m mac --mac-source $mac -j RETURN + done + ip6tables -t nat -A clashv6 -p tcp -j REDIRECT --to-ports $redir_port + fi fi } start_dns(){ @@ -283,11 +297,20 @@ start_dns(){ fi #设置dns转发 iptables -t nat -N clash_dns - for mac in $(cat $clashdir/mac); do - iptables -t nat -A clash_dns -m mac $mac_white --mac-source $mac -j RETURN - done - iptables -t nat -A clash_dns -p udp --dport 53 -j REDIRECT --to $dns_port - iptables -t nat -A clash_dns -p tcp --dport 53 -j REDIRECT --to $dns_port + if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then + #mac白名单 + for mac in $(cat $clashdir/mac); do + iptables -t nat -A clash_dns -p udp --dport 53 -m mac --mac-source $mac -j REDIRECT --to $dns_port + iptables -t nat -A clash_dns -p tcp --dport 53 -m mac --mac-source $mac -j REDIRECT --to $dns_port + done + else + #mac黑名单 + for mac in $(cat $clashdir/mac); do + iptables -t nat -A clash_dns -m mac --mac-source $mac -j RETURN + done + iptables -t nat -A clash_dns -p udp --dport 53 -j REDIRECT --to $dns_port + iptables -t nat -A clash_dns -p tcp --dport 53 -j REDIRECT --to $dns_port + fi iptables -t nat -A PREROUTING -p udp -j clash_dns #Google home DNS特殊处理 iptables -t nat -I PREROUTING -p tcp -d 8.8.8.8 -j clash_dns @@ -296,11 +319,20 @@ start_dns(){ ip6_nat=$(ip6tables -t nat -L 2>&1|grep -o 'Chain') if [ -n "ip6_nat" ];then ip6tables -t nat -N clashv6_dns > /dev/null 2>&1 - for mac in $(cat $clashdir/mac); do - ip6tables -t nat -A clashv6_dns -m mac $mac_white --mac-source $mac -j RETURN > /dev/null 2>&1 - done - ip6tables -t nat -A clashv6_dns -p udp --dport 53 -j REDIRECT --to $dns_port > /dev/null 2>&1 - ip6tables -t nat -A PREROUTING -p udp -j clashv6_dns > /dev/null 2>&1 + if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then + #mac白名单 + for mac in $(cat $clashdir/mac); do + ip6tables -t nat -A clashv6_dns -p udp --dport 53 -m mac --mac-source $mac -j REDIRECT --to $dns_port + ip6tables -t nat -A clashv6_dns -p tcp --dport 53 -m mac --mac-source $mac -j REDIRECT --to $dns_port + done + else + #mac黑名单 + for mac in $(cat $clashdir/mac); do + ip6tables -t nat -A clashv6_dns -m mac --mac-source $mac -j RETURN + done + ip6tables -t nat -A clashv6_dns -p udp --dport 53 -j REDIRECT --to $dns_port + ip6tables -t nat -A clashv6_dns -p tcp --dport 53 -j REDIRECT --to $dns_port + fi else ip6tables -I INPUT -p tcp --dport 53 -j REJECT ip6tables -I INPUT -p udp --dport 53 -j REJECT