xm/ShellCrash
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v1.5.2

Browse Source 
~增加DDNS脚本
~优化安装脚本
~SSH公网访问功能增加ipv6支持
~优化Geosite自动下载检测机制
~尝试屏蔽OpenWrt自带53端口劫持
~代码优化及bug修复
This commit is contained in:
juewuy
2022-02-06 19:14:05 +08:00
parent 9d6938fd34
commit a1c95c2d82
4 changed files with 27 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
install.sh
View File

@@ -28,7 +28,7 @@ webget(){
[ "$3" = "echooff" ] && progress='-s' || progress='-#' [ "$3" = "echooff" ] && progress='-s' || progress='-#'
[ -z "$4" ] && redirect='-L' || redirect='' [ -z "$4" ] && redirect='-L' || redirect=''
result=$(curl -w %{http_code} --connect-timeout 5 $progress $redirect -ko $1 $2) result=$(curl -w %{http_code} --connect-timeout 5 $progress $redirect -ko $1 $2)
[ -z $(echo $result | grep -e ^2) && result="200" [ -n "$(echo $result | grep -e ^2)" ] && result="200"
else else
if wget --version > /dev/null 2>&1;then if wget --version > /dev/null 2>&1;then
[ "$3" = "echooff" ] && progress='-q' || progress='-q --show-progress' [ "$3" = "echooff" ] && progress='-q' || progress='-q --show-progress'
@@ -44,7 +44,6 @@ webget(){
} }
#检查更新 #检查更新
[ -z "$url" ] && url="https://cdn.jsdelivr.net/gh/juewuy/ShellClash" [ -z "$url" ] && url="https://cdn.jsdelivr.net/gh/juewuy/ShellClash"
#选择版本
echo ----------------------------------------------- echo -----------------------------------------------
$echo "\033[33m请选择想要安装的版本\033[0m" $echo "\033[33m请选择想要安装的版本\033[0m"
$echo " 1 \033[32mShellclash正式版\033[0m" $echo " 1 \033[32mShellclash正式版\033[0m"
@@ -52,8 +51,7 @@ $echo " 2 \033[31mShellclash测试版\033[0m"
echo ----------------------------------------------- echo -----------------------------------------------
read -p "请输入相应数字 > " num read -p "请输入相应数字 > " num
if [ -z $num ];then if [ -z $num ];then
echo 安装已取消 echo 安装已取消 && exit 1;
exit 1;
elif [ "$num" = "1" ];then elif [ "$num" = "1" ];then
webget /tmp/clashrelease $url/bin/release_version echoon rediroff 2>/tmp/clashrelease webget /tmp/clashrelease $url/bin/release_version echoon rediroff 2>/tmp/clashrelease
if [ "$result" = "200" ];then if [ "$result" = "200" ];then

8
scripts/clash.sh
View File

@@ -1096,6 +1096,10 @@ streaming(){
} }
tools(){ tools(){
ssh_tools(){ ssh_tools(){
stop_iptables(){
iptables -t nat -D PREROUTING -p tcp -m multiport --dports $ssh_port -j REDIRECT --to-ports 22 >/dev/null 2>&1
ip6tables -t nat -A PREROUTING -p tcp -m multiport --dports $ssh_port -j REDIRECT --to-ports 22 >/dev/null 2>&1
}
[ -n "$(cat /etc/firewall.user 2>1 | grep '启用外网访问SSH服务')" ] && ssh_ol=禁止 || ssh_ol=开启 [ -n "$(cat /etc/firewall.user 2>1 | grep '启用外网访问SSH服务')" ] && ssh_ol=禁止 || ssh_ol=开启
[ -z "$ssh_port" ] && ssh_port=10022 [ -z "$ssh_port" ] && ssh_port=10022
echo ----------------------------------------------- echo -----------------------------------------------
@@ -1125,6 +1129,7 @@ tools(){
ssh_port=$num ssh_port=$num
setconfig ssh_port $ssh_port setconfig ssh_port $ssh_port
sed -i "/启用外网访问SSH服务/d" /etc/firewall.user sed -i "/启用外网访问SSH服务/d" /etc/firewall.user
stop_iptables
echo -e "\033[32m设置成功请重新开启外网访问SSH功能\033[0m" echo -e "\033[32m设置成功请重新开启外网访问SSH功能\033[0m"
fi fi
sleep 1 sleep 1
@@ -1138,11 +1143,14 @@ tools(){
elif [ "$num" = 3 ]; then elif [ "$num" = 3 ]; then
if [ "$ssh_ol" = "开启" ];then if [ "$ssh_ol" = "开启" ];then
iptables -t nat -A PREROUTING -p tcp -m multiport --dports $ssh_port -j REDIRECT --to-ports 22 iptables -t nat -A PREROUTING -p tcp -m multiport --dports $ssh_port -j REDIRECT --to-ports 22
[ -n "$(command -v ip6tables)" ] && ip6tables -t nat -A PREROUTING -p tcp -m multiport --dports $ssh_port -j REDIRECT --to-ports 22
echo "iptables -t nat -A PREROUTING -p tcp -m multiport --dports $ssh_port -j REDIRECT --to-ports 22 #启用外网访问SSH服务" >> /etc/firewall.user echo "iptables -t nat -A PREROUTING -p tcp -m multiport --dports $ssh_port -j REDIRECT --to-ports 22 #启用外网访问SSH服务" >> /etc/firewall.user
[ -n "$(command -v ip6tables)" ] && echo "ip6tables -t nat -A PREROUTING -p tcp -m multiport --dports $ssh_port -j REDIRECT --to-ports 22 #启用外网访问SSH服务" >> /etc/firewall.user
echo ----------------------------------------------- echo -----------------------------------------------
echo -e "已开启外网访问SSH功能" echo -e "已开启外网访问SSH功能"
else else
sed -i "/启用外网访问SSH服务/d" /etc/firewall.user sed -i "/启用外网访问SSH服务/d" /etc/firewall.user
stop_iptables
echo ----------------------------------------------- echo -----------------------------------------------
echo -e "已禁止外网访问SSH" echo -e "已禁止外网访问SSH"
fi fi

2
scripts/getdate.sh
View File

@@ -975,7 +975,7 @@ userguide(){
[ "$res" = 1 ] && checkupdate && getcrt [ "$res" = 1 ] && checkupdate && getcrt
fi fi
#设置加密DNS #设置加密DNS
$clashdir/start.sh webget /tmp/ssl_test https://www.baidu.com echooff rediron skipceroff $clashdir/start.sh webget /tmp/ssl_test https://doh.pub echooff rediron skipceroff
if [ "$?" = "0" ];then if [ "$?" = "0" ];then
dns_nameserver='https://223.5.5.5/dns-query, https://doh.pub/dns-query, tls://dns.rubyfish.cn:853' dns_nameserver='https://223.5.5.5/dns-query, https://doh.pub/dns-query, tls://dns.rubyfish.cn:853'
dns_fallback='https://1.0.0.1/dns-query, https://8.8.4.4/dns-query, https://doh.opendns.com/dns-query' dns_fallback='https://1.0.0.1/dns-query, https://8.8.4.4/dns-query, https://doh.opendns.com/dns-query'

35
scripts/start.sh
View File

@@ -13,23 +13,16 @@ getconfig(){
#默认设置 #默认设置
[ -z "$bindir" ] && bindir=$clashdir [ -z "$bindir" ] && bindir=$clashdir
[ -z "$redir_mod" ] && [ "$USER" = "root" -o "$USER" = "admin" ] && redir_mod=Redir模式 [ -z "$redir_mod" ] && [ "$USER" = "root" -o "$USER" = "admin" ] && redir_mod=Redir模式
[ -z "$redir_mod" ] && redir_mod=Redir模式 [ -z "$redir_mod" ] && redir_mod=纯净模式
[ -z "$skip_cert" ] && skip_cert=已开启 [ -z "$skip_cert" ] && skip_cert=已开启
[ -z "$common_ports" ] && common_ports=已开启 [ -z "$common_ports" ] && common_ports=已开启
[ -z "$dns_mod" ] && dns_mod=redir_host [ -z "$dns_mod" ] && dns_mod=redir_host
[ -z "$dns_over" ] && dns_over=已开启
[ -z "$modify_yaml" ] && modify_yaml=未开启
[ -z "$ipv6_support" ] && ipv6_support=未开启 [ -z "$ipv6_support" ] && ipv6_support=未开启
[ -z "$ipv6_dns" ] && ipv6_dns=$ipv6_support [ -z "$ipv6_dns" ] && ipv6_dns=$ipv6_support
[ -z "$start_old" ] && start_old=未开启
[ -z "$local_proxy" ] && local_proxy=未开启
[ -z "$mix_port" ] && mix_port=7890 [ -z "$mix_port" ] && mix_port=7890
[ -z "$redir_port" ] && redir_port=7892 [ -z "$redir_port" ] && redir_port=7892
[ -z "$db_port" ] && db_port=9999 [ -z "$db_port" ] && db_port=9999
[ -z "$dns_port" ] && dns_port=1053 [ -z "$dns_port" ] && dns_port=1053
[ -z "$dns_redir" ] && dns_redir=未开启
[ -z "$cn_ip_route" ] && cn_ip_route=未开启
[ -z "$public_support" ] && public_support=未开启
[ -z "$stearming_int" ] && stearming_int=24 [ -z "$stearming_int" ] && stearming_int=24
[ -z "$dns_nameserver" ] && dns_nameserver='114.114.114.114, 223.5.5.5' [ -z "$dns_nameserver" ] && dns_nameserver='114.114.114.114, 223.5.5.5'
[ -z "$dns_fallback" ] && dns_fallback='1.0.0.1, 8.8.4.4' [ -z "$dns_fallback" ] && dns_fallback='1.0.0.1, 8.8.4.4'
@@ -429,6 +422,11 @@ start_dns(){
ip6tables -I INPUT -p tcp --dport 53 -j REJECT > /dev/null 2>&1 ip6tables -I INPUT -p tcp --dport 53 -j REJECT > /dev/null 2>&1
ip6tables -I INPUT -p udp --dport 53 -j REJECT > /dev/null 2>&1 ip6tables -I INPUT -p udp --dport 53 -j REJECT > /dev/null 2>&1
fi fi
#屏蔽OpenWrt内置53端口转发
iptables -t nat -D PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53 2> /dev/null
iptables -t nat -D PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53 2> /dev/null
ip6tables -t nat -D PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53 2> /dev/null
ip6tables -t nat -D PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53 2> /dev/null
} }
start_udp(){ start_udp(){
ip rule add fwmark 1 table 100 ip rule add fwmark 1 table 100
@@ -653,15 +651,6 @@ bfstart(){
setconfig Geo_v $Geo_v setconfig Geo_v $Geo_v
fi fi
fi fi
# if [ "$clashcore" = "clash.meta" -a ! -f $bindir/geosite.dat ];then
# if [ -f $clashdir/geosite.dat ];then
# mv $clashdir/geosite.dat $bindir/geosite.dat
# else
# logger "未找到geosite数据库正在下载" 33
# $0 webget $bindir/geosite.dat $update_url/bin/geosite.dat
# [ "$?" = "1" ] && rm -rf $bindir/geosite.dat && logger "数据库下载失败,已退出!" 31 && exit 1
# fi
# fi
#检查dashboard文件 #检查dashboard文件
if [ -f $clashdir/ui/index.html -a ! -f $bindir/ui/index.html ];then if [ -f $clashdir/ui/index.html -a ! -f $bindir/ui/index.html ];then
cp -rf $clashdir/ui $bindir cp -rf $clashdir/ui $bindir
@@ -683,6 +672,16 @@ bfstart(){
exit 1 exit 1
fi fi
fi fi
#预下载Geosite数据库
if [ "$clashcore" = "clash.meta" ] && [ ! -f $bindir/geosite.dat ] && [ -n "$(cat $clashdir/config.yaml|grep -Ei 'geosite')" ];then
if [ -f $clashdir/geosite.dat ];then
mv $clashdir/geosite.dat $bindir/geosite.dat
else
logger "未找到geosite数据库正在下载" 33
$0 webget $bindir/geosite.dat $update_url/bin/geosite.dat
[ "$?" = "1" ] && rm -rf $bindir/geosite.dat && logger "数据库下载失败,已退出!" 31 && exit 1
fi
fi
#本机代理准备 #本机代理准备
if [ "$local_proxy" = "已开启" -a "$local_type" = "iptables增强模式" ];then if [ "$local_proxy" = "已开启" -a "$local_type" = "iptables增强模式" ];then
if [ -z "$(id shellclash 2>/dev/null | grep 'root')" ];then if [ -z "$(id shellclash 2>/dev/null | grep 'root')" ];then
@@ -770,8 +769,6 @@ start)
#检测必须文件并下载 #检测必须文件并下载
bfstart bfstart
stop_iptables #清理iptables stop_iptables #清理iptables
#使用内置规则强行覆盖config配置文件
[ "$modify_yaml" != "已开启" ] && modify_yaml
#使用不同方式启动clash服务 #使用不同方式启动clash服务
if [ "$start_old" = "已开启" ];then if [ "$start_old" = "已开启" ];then
start_old start_old