diff --git a/bin/Country.mmdb b/bin/Country.mmdb index a759e96..484fe68 100644 Binary files a/bin/Country.mmdb and b/bin/Country.mmdb differ diff --git a/bin/clash/clash-linux-386 b/bin/clash/clash-linux-386 index e100b56..e123fe1 100644 Binary files a/bin/clash/clash-linux-386 and b/bin/clash/clash-linux-386 differ diff --git a/bin/clash/clash-linux-amd64 b/bin/clash/clash-linux-amd64 index 609e857..6fee69c 100644 Binary files a/bin/clash/clash-linux-amd64 and b/bin/clash/clash-linux-amd64 differ diff --git a/bin/clash/clash-linux-armv5 b/bin/clash/clash-linux-armv5 index 937a03d..603e01a 100644 Binary files a/bin/clash/clash-linux-armv5 and b/bin/clash/clash-linux-armv5 differ diff --git a/bin/clash/clash-linux-armv7 b/bin/clash/clash-linux-armv7 index cb35136..e09fe38 100644 Binary files a/bin/clash/clash-linux-armv7 and b/bin/clash/clash-linux-armv7 differ diff --git a/bin/clash/clash-linux-armv8 b/bin/clash/clash-linux-armv8 index 081c3ea..cee8618 100644 Binary files a/bin/clash/clash-linux-armv8 and b/bin/clash/clash-linux-armv8 differ diff --git a/bin/clash/clash-linux-mips-softfloat b/bin/clash/clash-linux-mips-softfloat index fa9fb23..6f0b38e 100644 Binary files a/bin/clash/clash-linux-mips-softfloat and b/bin/clash/clash-linux-mips-softfloat differ diff --git a/bin/clash/clash-linux-mipsle-hardfloat b/bin/clash/clash-linux-mipsle-hardfloat index 68aafdf..e269945 100644 Binary files a/bin/clash/clash-linux-mipsle-hardfloat and b/bin/clash/clash-linux-mipsle-hardfloat differ diff --git a/bin/clash/clash-linux-mipsle-softfloat b/bin/clash/clash-linux-mipsle-softfloat index 0e68c2c..882a08a 100644 Binary files a/bin/clash/clash-linux-mipsle-softfloat and b/bin/clash/clash-linux-mipsle-softfloat differ diff --git a/bin/clashfm.tar.gz b/bin/clashfm.tar.gz index 105ee36..c1964c9 100644 Binary files a/bin/clashfm.tar.gz and b/bin/clashfm.tar.gz differ diff --git a/bin/clashpre/clash-linux-386 b/bin/clashpre/clash-linux-386 index 8e043df..894b20b 100644 Binary files a/bin/clashpre/clash-linux-386 and b/bin/clashpre/clash-linux-386 differ diff --git a/bin/clashpre/clash-linux-amd64 b/bin/clashpre/clash-linux-amd64 index 89f2e11..ad8b022 100644 Binary files a/bin/clashpre/clash-linux-amd64 and b/bin/clashpre/clash-linux-amd64 differ diff --git a/bin/clashpre/clash-linux-armv5 b/bin/clashpre/clash-linux-armv5 index 6b3e3b7..7ba8faf 100644 Binary files a/bin/clashpre/clash-linux-armv5 and b/bin/clashpre/clash-linux-armv5 differ diff --git a/bin/clashpre/clash-linux-armv7 b/bin/clashpre/clash-linux-armv7 index 60c0f18..56e9611 100644 Binary files a/bin/clashpre/clash-linux-armv7 and b/bin/clashpre/clash-linux-armv7 differ diff --git a/bin/clashpre/clash-linux-armv8 b/bin/clashpre/clash-linux-armv8 index 70f8364..15b7082 100644 Binary files a/bin/clashpre/clash-linux-armv8 and b/bin/clashpre/clash-linux-armv8 differ diff --git a/bin/clashpre/clash-linux-mips-softfloat b/bin/clashpre/clash-linux-mips-softfloat index ca91fce..a942038 100644 Binary files a/bin/clashpre/clash-linux-mips-softfloat and b/bin/clashpre/clash-linux-mips-softfloat differ diff --git a/bin/clashpre/clash-linux-mipsle-hardfloat b/bin/clashpre/clash-linux-mipsle-hardfloat index a567069..5f2c44f 100644 Binary files a/bin/clashpre/clash-linux-mipsle-hardfloat and b/bin/clashpre/clash-linux-mipsle-hardfloat differ diff --git a/bin/clashpre/clash-linux-mipsle-softfloat b/bin/clashpre/clash-linux-mipsle-softfloat index a8e2941..75a30cd 100644 Binary files a/bin/clashpre/clash-linux-mipsle-softfloat and b/bin/clashpre/clash-linux-mipsle-softfloat differ diff --git a/bin/cn_mini.mmdb b/bin/cn_mini.mmdb index dd07f05..41243d0 100644 Binary files a/bin/cn_mini.mmdb and b/bin/cn_mini.mmdb differ diff --git a/bin/release_version b/bin/release_version index 95232d5..df1029d 100644 --- a/bin/release_version +++ b/bin/release_version @@ -1,8 +1,7 @@ +1.3.0 1.2.0 1.1.0 -1.0.0beta18.2 1.0.0beta17 -1.0.0beta15 1.0.0beta11 1.0.0beta5 0.9.7 diff --git a/bin/version b/bin/version index e7af56c..be0677f 100644 --- a/bin/version +++ b/bin/version @@ -1,4 +1,4 @@ -clash_v=1.5.0 -clashpre_v=2021.04.08 -GeoIP_v=20210409 -versionsh=1.2.4 +clash_v=1.6.0 +clashpre_v=2021.05.08 +GeoIP_v=20210514 +versionsh=1.3.2 diff --git a/install.sh b/install.sh index 8890cf5..b4cec0f 100644 --- a/install.sh +++ b/install.sh @@ -37,7 +37,7 @@ webget(){ url="https://cdn.jsdelivr.net/gh/juewuy/ShellClash" if [ "$test" -gt 0 ];then url="https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master" - [ "$test" -eq 2 ] && url="http://192.168.31.31:8080/ShellClash" + [ "$test" -eq 2 ] && url="http://192.168.0.4:8080/ShellClash" [ "$test" -eq 3 ] && url="http://192.168.123.90:8080/clash-for-Miwifi" else webget /tmp/clashrelease $url@master/bin/release_version echoon rediroff 2>/tmp/clashrelease diff --git a/scripts/clash.sh b/scripts/clash.sh index 925ac5b..1653df4 100644 --- a/scripts/clash.sh +++ b/scripts/clash.sh @@ -471,8 +471,7 @@ localproxy(){ echo ----------------------------------------------- echo -e " 1 \033[36m$proxy_set本机代理\033[0m" echo -e " 2 使用\033[32m环境变量\033[0m方式配置" - echo -e " 3 使用\033[32mGNOME桌面API\033[0m配置" - echo -e " 4 使用\033[32mKDE桌面API\033[0m配置" + echo -e " 3 使用\033[32miptables增强模式\033[0m配置(仅支持Linux系统)" echo -e " 0 返回上级菜单" echo ----------------------------------------------- read -p "请输入对应数字 > " num @@ -493,6 +492,7 @@ localproxy(){ $clashdir/start.sh set_proxy $mix_port $db_port echo -e "\033[32m已经成功使用$local_proxy_type方式配置本机代理~\033[0m" [ "$local_proxy_type" = "环境变量" ] && echo -e "\033[36m如未生效,请重新启动终端或重新连接SSH!\033[0m" && sleep 1 + [ "$local_proxy_type" = "iptables增强模式" ] && $clashdir/start.sh start fi else local_proxy=未开启 @@ -506,20 +506,25 @@ localproxy(){ setconfig local_proxy_type $local_proxy_type localproxy elif [ "$num" = 3 ]; then - if gsettings --version >/dev/null 2>&1 ;then - local_proxy_type="GNOME" + [ -w /etc/systemd/system/clash.service ] && servdir=/etc/systemd/system/clash.service + [ -w /usr/lib/systemd/system/clash.service ] && servdir=/usr/lib/systemd/system/clash.service + if [ -n "$servdir" ];then + #检测用户如无则创建并提权 + if [ -z "$(id shellclash 2>/dev/null | grep 'root')" ];then + userdel shellclash 2>/dev/null + useradd shellclash -u 7890 + sed -Ei s/7890:7890/0:7890/g /etc/passwd + fi + #停止clash服务 + $clashdir/start.sh stop + #修改service文件,使用shellclash用户运行clash服务 + setconfig ExecStart "su\ shellclash\ -c\ \"$bindir/clash\ -d\ $bindir\"" $servdir + systemctl daemon-reload + #修改模式变量 + local_proxy_type="iptables增强模式" setconfig local_proxy_type $local_proxy_type else - echo -e "\033[31m没有找到GNOME桌面,无法设置!\033[0m" - sleep 1 - fi - localproxy - elif [ "$num" = 4 ]; then - if kwriteconfig5 -h >/dev/null 2>&1 ;then - local_proxy_type="KDE" - setconfig local_proxy_type $local_proxy_type - else - echo -e "\033[31m没有找到KDE桌面,无法设置!\033[0m" + echo -e "\033[31m当前设备无法使用增强模式!\033[0m" sleep 1 fi localproxy @@ -660,7 +665,7 @@ clashcfg(){ echo -e " 3 跳过本地证书验证: \033[36m$skip_cert\033[0m ————解决节点证书验证错误" echo -e " 4 只代理常用端口: \033[36m$common_ports\033[0m ————用于过滤P2P流量" echo -e " 5 过滤局域网设备: \033[36m$mac_return\033[0m ————使用黑名单/白名单进行过滤" - echo -e " 6 设置本机代理服务: \033[36m$local_proxy\033[0m ————使用环境变量或GUI/api配置本机代理" + echo -e " 6 设置本机代理服务: \033[36m$local_proxy\033[0m ————使用环境变量或iptables配置本机代理" echo ----------------------------------------------- echo -e " 0 返回上级菜单 \033[0m" echo ----------------------------------------------- diff --git a/scripts/clashservice b/scripts/clashservice index 7d20347..745210d 100644 --- a/scripts/clashservice +++ b/scripts/clashservice @@ -1,6 +1,6 @@ #!/bin/sh /etc/rc.common -START=92 +START=101 SERVICE_DAEMONIZE=1 SERVICE_WRITE_PID=1 diff --git a/scripts/getdate.sh b/scripts/getdate.sh index 3a42e1b..33c19e9 100644 --- a/scripts/getdate.sh +++ b/scripts/getdate.sh @@ -355,6 +355,7 @@ gettar(){ mv $clashdir/clash.service $sysdir/clash.service sed -i "s%/etc/clash%$clashdir%g" $sysdir/clash.service systemctl daemon-reload + #useradd shellclash else #设为保守模式启动 sed -i '/start_old=*/'d $clashdir/mark @@ -849,6 +850,8 @@ update(){ rm -rf /etc/systemd/system/clash.service rm -rf /usr/lib/systemd/system/clash.service rm -rf /www/clash + sed -Ei s/0:7890/7890:7890/g /etc/passwd + userdel -r shellclash 2>/dev/null echo ----------------------------------------------- echo -e "\033[36m已卸载ShellClash相关文件!有缘再会!\033[0m" echo -e "\033[33m请手动关闭当前窗口以重置环境变量!\033[0m" diff --git a/scripts/start.sh b/scripts/start.sh index 0e0f48f..8c9d824 100644 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -417,6 +417,50 @@ start_udp(){ fi iptables -t mangle -A PREROUTING -p udp $lanhost -j clash } +start_output(){ + #流量过滤规则 + iptables -t nat -N clash_out + iptables -t nat -A clash_out -m owner --gid-owner 7890 -j RETURN + iptables -t nat -A clash_out -d 0.0.0.0/8 -j RETURN + iptables -t nat -A clash_out -d 10.0.0.0/8 -j RETURN + iptables -t nat -A clash_out -d 127.0.0.0/8 -j RETURN + iptables -t nat -A clash_out -d 169.254.0.0/16 -j RETURN + iptables -t nat -A clash_out -d 172.16.0.0/12 -j RETURN + iptables -t nat -A clash_out -d 192.168.0.0/16 -j RETURN + iptables -t nat -A clash_out -d 224.0.0.0/4 -j RETURN + iptables -t nat -A clash_out -d 240.0.0.0/4 -j RETURN + if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then + #mac白名单 + for mac in $(cat $clashdir/mac); do + iptables -t nat -A clash_out -p tcp $ports -m mac --mac-source $mac -j REDIRECT --to-ports $redir_port + done + else + #mac黑名单 + for mac in $(cat $clashdir/mac); do + iptables -t nat -A clash_out -m mac --mac-source $mac -j RETURN + done + iptables -t nat -A clash_out -p tcp $ports -j REDIRECT --to-ports $redir_port + fi + iptables -t nat -A OUTPUT -p tcp -j clash_out + #设置dns转发 + iptables -t nat -N clash_dns_out + iptables -t nat -A clash_dns_out -m owner --gid-owner 7890 -j RETURN + if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then + #mac白名单 + for mac in $(cat $clashdir/mac); do + iptables -t nat -A clash_dns_out -p udp --dport 53 -m mac --mac-source $mac -j REDIRECT --to $dns_port + iptables -t nat -A clash_dns_out -p tcp --dport 53 -m mac --mac-source $mac -j REDIRECT --to $dns_port + done + else + #mac黑名单 + for mac in $(cat $clashdir/mac); do + iptables -t nat -A clash_dns_out -m mac --mac-source $mac -j RETURN + done + iptables -t nat -A clash_dns_out -p udp --dport 53 -j REDIRECT --to $dns_port + iptables -t nat -A clash_dns_out -p tcp --dport 53 -j REDIRECT --to $dns_port + fi + iptables -t nat -A OUTPUT -p udp -j clash_dns_out +} stop_iptables(){ gethost #获取本地局域网地址段 #重置iptables规则 @@ -431,6 +475,13 @@ stop_iptables(){ iptables -t nat -F clash_dns 2> /dev/null iptables -t nat -X clash_dns 2> /dev/null iptables -D FORWARD -o utun -j ACCEPT 2> /dev/null + #重置output规则 + iptables -t nat -D OUTPUT -p tcp -j clash_out 2> /dev/null + iptables -t nat -F clash_out 2> /dev/null + iptables -t nat -X clash_out 2> /dev/null + iptables -t nat -D OUTPUT -p udp -j clash_dns_out 2> /dev/null + iptables -t nat -F clash_dns_out 2> /dev/null + iptables -t nat -X clash_dns_out 2> /dev/null #重置udp规则 iptables -t mangle -D PREROUTING -p udp $lanhost -j clash 2> /dev/null iptables -t mangle -F clash 2> /dev/null @@ -682,14 +733,9 @@ cronset) ;; set_proxy) getconfig - #GNOME配置 - if [ "$local_proxy_type" = "GNOME" ];then - gsettings set org.gnome.system.proxy autoconfig-url "http://127.0.0.1:$db_port/ui/pac" - gsettings set org.gnome.system.proxy mode "auto" - #KDE配置 - elif [ "$local_proxy_type" = "KDE" ];then - kwriteconfig5 --file kioslaverc --group "Proxy Settings" --key "Proxy Config Script" "http://127.0.0.1:$db_port/ui/pac" - kwriteconfig5 --file kioslaverc --group "Proxy Settings" --key "ProxyType" 2 + #iptables增强模式 + if [ "$local_proxy_type" = "iptables增强模式" ];then + start_output #环境变量方式 else [ -w ~/.bashrc ] && profile=~/.bashrc @@ -698,16 +744,7 @@ set_proxy) echo 'export ALL_PROXY=$all_proxy' >> $profile fi ;; -unset_proxy) - #GNOME配置 - if gsettings --version >/dev/null 2>&1 ;then - gsettings set org.gnome.system.proxy mode "none" - fi - #KDE配置 - if kwriteconfig5 -h >/dev/null 2>&1 ;then - kwriteconfig5 --file kioslaverc --group "Proxy Settings" --key "ProxyType" 0 - fi - #环境变量方式 +unset_proxy) [ -w ~/.bashrc ] && profile=~/.bashrc [ -w /etc/profile ] && profile=/etc/profile sed -i '/all_proxy/'d $profile