v1.0.0beta16.5

~修复白名单模式部分情况下不可用的bug ~屏蔽不使用本地dns功能，如有需求可在dns配置中自行编辑 ~屏蔽使用自定义配置功能，现在可以手动将自定义设置写入user.yaml、自定义规则写入rules.yaml,运行时会自动合并配置文件 ~修复设置http代理加密后导致更新检测失败的bug ~修复添加3个以上dns时添加失败的bug
2020-11-03 23:10:57 +08:00
parent fcc211a6a7
commit 9624b5456c
2 changed files with 56 additions and 24 deletions
--- a/scripts/clash.sh
+++ b/scripts/clash.sh
@@ -585,7 +585,7 @@ clashcfg(){
 	echo -e " 2 切换DNS运行模式：	\033[36m$dns_mod\033[0m"
 	echo -e " 3 跳过本地证书验证：	\033[36m$skip_cert\033[0m   ————解决节点证书验证错误"
 	echo -e " 4 只代理常用端口： 	\033[36m$common_ports\033[0m   ————用于屏蔽P2P流量"
-	echo -e " 5 过滤局域网mac地址：	\033[36m$mac_return\033[0m   ————列表内设备不走代理"
+	echo -e " 5 过滤局域网mac地址：	\033[36m$mac_return\033[0m   ————当前为$macfilter_type模式"
 	echo -e " 6 设置本机代理服务:	\033[36m$local_proxy\033[0m	————使用环境变量或GUI/api配置本机代理"
 	echo -----------------------------------------------
 	echo -e " 9 \033[32m重启\033[0mclash服务"
--- a/scripts/start.sh
+++ b/scripts/start.sh
@@ -28,7 +28,6 @@ getconfig(){
 	[ -z "$dns_fallback" ] && dns_fallback='1.0.0.1, 8.8.4.4'
 	#是否代理常用端口
 	[ "$common_ports" = "已开启" ] && ports='-m multiport --dports 53,587,465,995,993,143,80,443'
-	[ "$macfilter_type" = "白名单" ] && mac_white='!'
 	}
 setconfig(){
 	#参数1代表变量名，参数2代表变量值,参数3即文件路径
@@ -259,20 +258,35 @@ start_redir(){
 	iptables -t nat -A clash -d 192.168.0.0/16 -j RETURN
 	iptables -t nat -A clash -d 224.0.0.0/4 -j RETURN
 	iptables -t nat -A clash -d 240.0.0.0/4 -j RETURN
+	if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
+		#mac白名单
 		for mac in $(cat $clashdir/mac); do
-		iptables -t nat -A clash -m mac $mac_white --mac-source $mac -j RETURN
+			iptables -t nat -A clash -p tcp -m mac --mac-source $mac -j REDIRECT --to-ports $redir_port
 		done
-	#设置防火墙流量转发
-	iptables -t nat -A clash -p tcp $ports-j REDIRECT --to-ports $redir_port
-	iptables -t nat -A PREROUTING -p tcp -j clash
+	else
+		#mac黑名单
+		for mac in $(cat $clashdir/mac); do
+			iptables -t nat -A clash -m mac --mac-source $mac -j RETURN
+		done
+		iptables -t nat -A clash -p tcp -j REDIRECT --to-ports $redir_port
+	fi
+	#转发设置
+	iptables -t nat -A PREROUTING -p tcp $ports -j clash
 	#设置ipv6转发
 	if [ -n "ip6_nat" -a "$ipv6_support" = "已开启" ];then
 		ip6tables -t nat -N clashv6
+		if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
+			#mac白名单
+			for mac in $(cat $clashdir/mac); do
+				ip6tables -t nat -A clashv6 -p tcp -m mac --mac-source $mac -j REDIRECT --to-ports $redir_port
+			done
+		else
+			#mac黑名单
 			for mac in $(cat $clashdir/mac); do
 				ip6tables -t nat -A clashv6 -m mac --mac-source $mac -j RETURN
 			done
-		ip6tables -t nat -A clashv6 -p tcp $ports-j REDIRECT --to-ports $redir_port
-		ip6tables -t nat -A PREROUTING -p tcp -j clashv6
+			ip6tables -t nat -A clashv6 -p tcp -j REDIRECT --to-ports $redir_port
+		fi
 	fi
 }
 start_dns(){
@@ -283,11 +297,20 @@ start_dns(){
 	fi
 	#设置dns转发
 	iptables -t nat -N clash_dns
+	if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
+		#mac白名单
 		for mac in $(cat $clashdir/mac); do
-		iptables -t nat -A clash_dns -m mac $mac_white --mac-source $mac -j RETURN
+			iptables -t nat -A clash_dns -p udp --dport 53 -m mac --mac-source $mac -j REDIRECT --to $dns_port
+			iptables -t nat -A clash_dns -p tcp --dport 53 -m mac --mac-source $mac -j REDIRECT --to $dns_port
+		done
+	else
+		#mac黑名单
+		for mac in $(cat $clashdir/mac); do
+			iptables -t nat -A clash_dns -m mac --mac-source $mac -j RETURN
 		done	
 		iptables -t nat -A clash_dns -p udp --dport 53 -j REDIRECT --to $dns_port
 		iptables -t nat -A clash_dns -p tcp --dport 53 -j REDIRECT --to $dns_port
+	fi
 	iptables -t nat -A PREROUTING -p udp -j clash_dns
 	#Google home DNS特殊处理
 	iptables -t nat -I PREROUTING -p tcp -d 8.8.8.8 -j clash_dns
@@ -296,11 +319,20 @@ start_dns(){
 	ip6_nat=$(ip6tables -t nat -L 2>&1|grep -o 'Chain')
 	if [ -n "ip6_nat" ];then
 		ip6tables -t nat -N clashv6_dns > /dev/null 2>&1
+		if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
+			#mac白名单
 			for mac in $(cat $clashdir/mac); do
-			ip6tables -t nat -A clashv6_dns -m mac $mac_white --mac-source $mac -j RETURN > /dev/null 2>&1
+				ip6tables -t nat -A clashv6_dns -p udp --dport 53 -m mac --mac-source $mac -j REDIRECT --to $dns_port
+				ip6tables -t nat -A clashv6_dns -p tcp --dport 53 -m mac --mac-source $mac -j REDIRECT --to $dns_port
 			done
-		ip6tables -t nat -A clashv6_dns -p udp --dport 53 -j REDIRECT --to $dns_port > /dev/null 2>&1
-		ip6tables -t nat -A PREROUTING -p udp -j clashv6_dns > /dev/null 2>&1
+		else
+			#mac黑名单
+			for mac in $(cat $clashdir/mac); do
+				ip6tables -t nat -A clashv6_dns -m mac --mac-source $mac -j RETURN
+			done	
+			ip6tables -t nat -A clashv6_dns -p udp --dport 53 -j REDIRECT --to $dns_port
+			ip6tables -t nat -A clashv6_dns -p tcp --dport 53 -j REDIRECT --to $dns_port
+		fi
 	else
 		ip6tables -I INPUT -p tcp --dport 53 -j REJECT
 		ip6tables -I INPUT -p udp --dport 53 -j REJECT