Merge branch 'master' of https://github.com/juewuy/ShellClash

2021-05-29 17:01:31 +08:00
parent 0e9ef74727 1bc6b7726b
commit 9d067a673f
26 changed files with 85 additions and 41 deletions
--- a/bin/Country.mmdb
+++ b/bin/Country.mmdb
--- a/bin/clash/clash-linux-386
+++ b/bin/clash/clash-linux-386
--- a/bin/clash/clash-linux-amd64
+++ b/bin/clash/clash-linux-amd64
--- a/bin/clash/clash-linux-armv5
+++ b/bin/clash/clash-linux-armv5
--- a/bin/clash/clash-linux-armv7
+++ b/bin/clash/clash-linux-armv7
--- a/bin/clash/clash-linux-armv8
+++ b/bin/clash/clash-linux-armv8
--- a/bin/clash/clash-linux-mips-softfloat
+++ b/bin/clash/clash-linux-mips-softfloat
--- a/bin/clash/clash-linux-mipsle-hardfloat
+++ b/bin/clash/clash-linux-mipsle-hardfloat
--- a/bin/clash/clash-linux-mipsle-softfloat
+++ b/bin/clash/clash-linux-mipsle-softfloat
--- a/bin/clashfm.tar.gz
+++ b/bin/clashfm.tar.gz
--- a/bin/clashpre/clash-linux-386
+++ b/bin/clashpre/clash-linux-386
--- a/bin/clashpre/clash-linux-amd64
+++ b/bin/clashpre/clash-linux-amd64
--- a/bin/clashpre/clash-linux-armv5
+++ b/bin/clashpre/clash-linux-armv5
--- a/bin/clashpre/clash-linux-armv7
+++ b/bin/clashpre/clash-linux-armv7
--- a/bin/clashpre/clash-linux-armv8
+++ b/bin/clashpre/clash-linux-armv8
--- a/bin/clashpre/clash-linux-mips-softfloat
+++ b/bin/clashpre/clash-linux-mips-softfloat
--- a/bin/clashpre/clash-linux-mipsle-hardfloat
+++ b/bin/clashpre/clash-linux-mipsle-hardfloat
--- a/bin/clashpre/clash-linux-mipsle-softfloat
+++ b/bin/clashpre/clash-linux-mipsle-softfloat
--- a/bin/cn_mini.mmdb
+++ b/bin/cn_mini.mmdb
--- a/bin/release_version
+++ b/bin/release_version
@@ -1,8 +1,7 @@
+1.3.0
 1.2.0
 1.1.0
-1.0.0beta18.2
 1.0.0beta17
-1.0.0beta15
 1.0.0beta11
 1.0.0beta5
 0.9.7
--- a/bin/version
+++ b/bin/version
@@ -1,4 +1,4 @@
-clash_v=1.5.0
-clashpre_v=2021.04.08
-GeoIP_v=20210409
-versionsh=1.2.4
+clash_v=1.6.0
+clashpre_v=2021.05.08
+GeoIP_v=20210514
+versionsh=1.3.2
--- a/install.sh
+++ b/install.sh
@@ -37,7 +37,7 @@ webget(){
 url="https://cdn.jsdelivr.net/gh/juewuy/ShellClash"
 if [ "$test" -gt 0 ];then 
 	url="https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master"
-	[ "$test" -eq 2 ] && url="http://192.168.31.31:8080/ShellClash"
+	[ "$test" -eq 2 ] && url="http://192.168.0.4:8080/ShellClash"
 	[ "$test" -eq 3 ] && url="http://192.168.123.90:8080/clash-for-Miwifi"
 else
 	webget /tmp/clashrelease $url@master/bin/release_version echoon rediroff 2>/tmp/clashrelease
--- a/scripts/clash.sh
+++ b/scripts/clash.sh
@@ -471,8 +471,7 @@ localproxy(){
 	echo -----------------------------------------------
 	echo -e " 1 \033[36m$proxy_set本机代理\033[0m"
 	echo -e " 2 使用\033[32m环境变量\033[0m方式配置"
-	echo -e " 3 使用\033[32mGNOME桌面API\033[0m配置"
-	echo -e " 4 使用\033[32mKDE桌面API\033[0m配置"
+	echo -e " 3 使用\033[32miptables增强模式\033[0m配置（仅支持Linux系统）"
 	echo -e " 0 返回上级菜单"
 	echo -----------------------------------------------
 	read -p "请输入对应数字 > " num
@@ -493,6 +492,7 @@ localproxy(){
 				$clashdir/start.sh set_proxy $mix_port $db_port
 				echo -e "\033[32m已经成功使用$local_proxy_type方式配置本机代理~\033[0m"
 				[ "$local_proxy_type" = "环境变量" ] && echo -e "\033[36m如未生效，请重新启动终端或重新连接SSH！\033[0m" && sleep 1
+				[ "$local_proxy_type" = "iptables增强模式" ] && $clashdir/start.sh start
 			fi		
 		else
 			local_proxy=未开启
@@ -506,20 +506,25 @@ localproxy(){
 		setconfig local_proxy_type $local_proxy_type
 		localproxy
 	elif [ "$num" = 3 ]; then
-		if  gsettings --version >/dev/null 2>&1 ;then
-			local_proxy_type="GNOME"
+		[ -w /etc/systemd/system/clash.service ] && servdir=/etc/systemd/system/clash.service
+		[ -w /usr/lib/systemd/system/clash.service ] && servdir=/usr/lib/systemd/system/clash.service
+		if [ -n "$servdir" ];then
+			#检测用户如无则创建并提权
+			if [ -z "$(id shellclash 2>/dev/null | grep 'root')" ];then
+				userdel shellclash 2>/dev/null
+				useradd shellclash -u 7890
+				sed -Ei s/7890:7890/0:7890/g /etc/passwd
+			fi
+			#停止clash服务
+			$clashdir/start.sh stop
+			#修改service文件，使用shellclash用户运行clash服务
+			setconfig ExecStart "su\ shellclash\ -c\ \"$bindir/clash\ -d\ $bindir\"" $servdir
+			systemctl daemon-reload
+			#修改模式变量
+			local_proxy_type="iptables增强模式"
 			setconfig local_proxy_type $local_proxy_type
 		else
-			echo -e "\033[31m没有找到GNOME桌面，无法设置！\033[0m"
-			sleep 1
-		fi
-		localproxy
-	elif [ "$num" = 4 ]; then
-		if  kwriteconfig5 -h >/dev/null 2>&1 ;then
-			local_proxy_type="KDE"
-			setconfig local_proxy_type $local_proxy_type
-		else
-			echo -e "\033[31m没有找到KDE桌面，无法设置！\033[0m"
+			echo -e "\033[31m当前设备无法使用增强模式！\033[0m"
 			sleep 1
 		fi
 		localproxy
@@ -660,7 +665,7 @@ clashcfg(){
 	echo -e " 3 跳过本地证书验证：	\033[36m$skip_cert\033[0m   ————解决节点证书验证错误"
 	echo -e " 4 只代理常用端口： 	\033[36m$common_ports\033[0m   ————用于过滤P2P流量"
 	echo -e " 5 过滤局域网设备：	\033[36m$mac_return\033[0m   ————使用黑名单/白名单进行过滤"
-	echo -e " 6 设置本机代理服务:	\033[36m$local_proxy\033[0m	————使用环境变量或GUI/api配置本机代理"
+	echo -e " 6 设置本机代理服务:	\033[36m$local_proxy\033[0m	————使用环境变量或iptables配置本机代理"
 	echo -----------------------------------------------
 	echo -e " 0 返回上级菜单 \033[0m"
 	echo -----------------------------------------------
--- a/scripts/clashservice
+++ b/scripts/clashservice
@@ -1,6 +1,6 @@
 #!/bin/sh /etc/rc.common

-START=92
+START=101

 SERVICE_DAEMONIZE=1
 SERVICE_WRITE_PID=1
--- a/scripts/getdate.sh
+++ b/scripts/getdate.sh
@@ -355,6 +355,7 @@ gettar(){
 			mv $clashdir/clash.service $sysdir/clash.service
 			sed -i "s%/etc/clash%$clashdir%g" $sysdir/clash.service
 			systemctl daemon-reload
+			#useradd shellclash
 		else
 			#设为保守模式启动
 			sed -i '/start_old=*/'d $clashdir/mark
@@ -849,6 +850,8 @@ update(){
 			rm -rf /etc/systemd/system/clash.service
 			rm -rf /usr/lib/systemd/system/clash.service
 			rm -rf /www/clash
+			sed -Ei s/0:7890/7890:7890/g /etc/passwd
+			userdel -r shellclash 2>/dev/null
 			echo -----------------------------------------------
 			echo -e "\033[36m已卸载ShellClash相关文件！有缘再会！\033[0m"
 			echo -e "\033[33m请手动关闭当前窗口以重置环境变量！\033[0m"
--- a/scripts/start.sh
+++ b/scripts/start.sh
@@ -417,6 +417,50 @@ start_udp(){
 	fi
 	iptables -t mangle -A PREROUTING -p udp $lanhost -j clash
 }
+start_output(){
+	#流量过滤规则
+	iptables -t nat -N clash_out
+	iptables -t nat -A clash_out -m owner --gid-owner 7890 -j RETURN
+	iptables -t nat -A clash_out -d 0.0.0.0/8 -j RETURN
+	iptables -t nat -A clash_out -d 10.0.0.0/8 -j RETURN
+	iptables -t nat -A clash_out -d 127.0.0.0/8 -j RETURN
+	iptables -t nat -A clash_out -d 169.254.0.0/16 -j RETURN
+	iptables -t nat -A clash_out -d 172.16.0.0/12 -j RETURN
+	iptables -t nat -A clash_out -d 192.168.0.0/16 -j RETURN
+	iptables -t nat -A clash_out -d 224.0.0.0/4 -j RETURN
+	iptables -t nat -A clash_out -d 240.0.0.0/4 -j RETURN
+	if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
+		#mac白名单
+		for mac in $(cat $clashdir/mac); do
+			iptables -t nat -A clash_out -p tcp $ports -m mac --mac-source $mac -j REDIRECT --to-ports $redir_port
+		done
+	else
+		#mac黑名单
+		for mac in $(cat $clashdir/mac); do
+			iptables -t nat -A clash_out -m mac --mac-source $mac -j RETURN
+		done
+		iptables -t nat -A clash_out -p tcp $ports -j REDIRECT --to-ports $redir_port
+	fi
+	iptables -t nat -A OUTPUT -p tcp -j clash_out
+	#设置dns转发
+	iptables -t nat -N clash_dns_out
+	iptables -t nat -A clash_dns_out -m owner --gid-owner 7890 -j RETURN
+	if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
+		#mac白名单
+		for mac in $(cat $clashdir/mac); do
+			iptables -t nat -A clash_dns_out -p udp --dport 53 -m mac --mac-source $mac -j REDIRECT --to $dns_port
+			iptables -t nat -A clash_dns_out -p tcp --dport 53 -m mac --mac-source $mac -j REDIRECT --to $dns_port
+		done
+	else
+		#mac黑名单
+		for mac in $(cat $clashdir/mac); do
+			iptables -t nat -A clash_dns_out -m mac --mac-source $mac -j RETURN
+		done	
+		iptables -t nat -A clash_dns_out -p udp --dport 53 -j REDIRECT --to $dns_port
+		iptables -t nat -A clash_dns_out -p tcp --dport 53 -j REDIRECT --to $dns_port
+	fi
+	iptables -t nat -A OUTPUT -p udp -j clash_dns_out
+}
 stop_iptables(){
 	gethost #获取本地局域网地址段
    #重置iptables规则
@@ -431,6 +475,13 @@ stop_iptables(){
 	iptables -t nat -F clash_dns 2> /dev/null
 	iptables -t nat -X clash_dns 2> /dev/null
 	iptables -D FORWARD -o utun -j ACCEPT 2> /dev/null
+	#重置output规则
+	iptables -t nat -D OUTPUT -p tcp -j clash_out 2> /dev/null
+	iptables -t nat -F clash_out 2> /dev/null
+	iptables -t nat -X clash_out 2> /dev/null	
+	iptables -t nat -D OUTPUT -p udp -j clash_dns_out 2> /dev/null
+	iptables -t nat -F clash_dns_out 2> /dev/null
+	iptables -t nat -X clash_dns_out 2> /dev/null
 	#重置udp规则
 	iptables -t mangle -D PREROUTING -p udp $lanhost -j clash 2> /dev/null
 	iptables -t mangle -F clash 2> /dev/null
@@ -682,14 +733,9 @@ cronset)
 	;;
 set_proxy)
 		getconfig
-		#GNOME配置
-		if  [ "$local_proxy_type" = "GNOME" ];then
-			gsettings set org.gnome.system.proxy autoconfig-url "http://127.0.0.1:$db_port/ui/pac"
-			gsettings set org.gnome.system.proxy mode "auto"
-		#KDE配置
-		elif  [ "$local_proxy_type" = "KDE" ];then
-			kwriteconfig5 --file kioslaverc --group "Proxy Settings" --key "Proxy Config Script" "http://127.0.0.1:$db_port/ui/pac"
-			kwriteconfig5 --file kioslaverc --group "Proxy Settings" --key "ProxyType" 2
+		#iptables增强模式
+		if  [ "$local_proxy_type" = "iptables增强模式" ];then
+			start_output
 		#环境变量方式
 		else
 			[ -w ~/.bashrc ] && profile=~/.bashrc
@@ -698,16 +744,7 @@ set_proxy)
 			echo 'export ALL_PROXY=$all_proxy' >>  $profile
 		fi
 	;;
-unset_proxy)
-		#GNOME配置
-		if  gsettings --version >/dev/null 2>&1 ;then
-			gsettings set org.gnome.system.proxy mode "none"
-		fi
-		#KDE配置
-		if  kwriteconfig5 -h >/dev/null 2>&1 ;then
-			kwriteconfig5 --file kioslaverc --group "Proxy Settings" --key "ProxyType" 0
-		fi
-		#环境变量方式
+unset_proxy)	
 		[ -w ~/.bashrc ] && profile=~/.bashrc
 		[ -w /etc/profile ] && profile=/etc/profile
 		sed -i '/all_proxy/'d  $profile