diff --git a/bin/clashfm.tar.gz b/bin/clashfm.tar.gz index 811deca..695bd48 100644 Binary files a/bin/clashfm.tar.gz and b/bin/clashfm.tar.gz differ diff --git a/scripts/clash.sh b/scripts/clash.sh index e456719..c86876c 100644 --- a/scripts/clash.sh +++ b/scripts/clash.sh @@ -23,6 +23,8 @@ if [ ! -f "$ccfg" ]; then EOF fi source $ccfg +#检查mac地址记录 +[ ! -f "$clashdir/mac" ] && touch $clashdir/mac #获取自启状态 if [ -f /etc/rc.d/*clash ]; then auto="\033[32m已设置开机启动!\033[0m" @@ -275,6 +277,11 @@ fi if [ -z "$ipv6_support" ]; then ipv6_support=未开启 fi +if [ -z "$(cat $clashdir/mac)" ]; then + mac_return=未开启 +else + mac_return=已启用 +fi # echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ echo -e "\033[30;47m欢迎使用高级模式菜单:\033[0m" @@ -286,6 +293,7 @@ echo -e " 3 跳过本地证书验证: \033[36m$skip_cert\033[0m ———— echo -e " 4 只代理常用端口: \033[36m$common_ports\033[0m ————用于屏蔽P2P流量" echo -e " 5 不修饰config.yaml: \033[36m$modify_yaml\033[0m ————用于使用自定义配置" echo -e " 6 启用ipv6支持: \033[36m$ipv6_support\033[0m ————实验性且不兼容Fake_ip" +echo -e " 7 过滤局域网mac地址: \033[36m$mac_return\033[0m ————列表内设备不走代理" echo -e " 9 \033[32m重启\033[0mclash服务" echo -e " 0 返回上级菜单 \033[0m" read -p "请输入对应数字 > " num @@ -442,7 +450,74 @@ if [[ $num -le 9 ]] > /dev/null 2>&1; then ipv6_support=未开启 fi clashadv + + elif [[ $num == 7 ]]; then + add_mac(){ + echo ----------------------------------------------- + echo -e "\033[33m序号 设备IP 设备mac地址 设备名称\033[32m" + cat /tmp/dhcp.leases | awk '{print " "NR" "$3,$2,$4}' + echo -e "\033[0m 0 或回车 结束添加" + read -p "请输入对应序号 > " num + if [ -z "$num" ]; then + clashadv + elif [ $num -le 0 ]; then + clashadv + elif [ $num -le $(cat /tmp/dhcp.leases | awk 'END{print NR}') ]; then + macadd=$(cat /tmp/dhcp.leases | awk '{print $2}' | sed -n "$num"p) + if [ -z $(cat $clashdir/mac | grep -E "$macadd") ];then + echo $macadd >> $clashdir/mac + echo ----------------------------------------------- + echo 已添加的mac地址: + cat $clashdir/mac + else + echo ----------------------------------------------- + echo -e "\033[31m已添加的设备,请勿重复添加!\033[0m" + fi + else + echo ----------------------------------------------- + echo -e "\033[31m输入有误,请重新输入!\033[0m" + fi + add_mac + } + echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + echo -e "\033[33m请在此添加或移除设备\033[0m" + if [ -n "$(cat $clashdir/mac)" ]; then + echo -e "当前已过滤设备为:\033[36m" + for mac in $(cat $clashdir/mac); do + cat /tmp/dhcp.leases | awk '{print $3,$2,$4}' | grep $mac + done + echo -e "\033[0m-----------------------------------------------" + fi + echo -e " 1 \033[31m清空列表\033[0m" + echo -e " 2 \033[32m添加设备\033[0m" + echo -e " 0 返回上级菜单" + read -p "请输入对应数字 > " num + if [ -z "$num" ]; then + echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + echo -e "\033[31m请输入正确的数字!\033[0m" + clashadv + elif [[ $num == 0 ]]; then + clashadv + elif [[ $num == 1 ]]; then + :>$clashdir/mac + echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + echo -e "\033[31m设备列表已清空!\033[0m" + sleep 1 + clashadv + elif [[ $num == 2 ]]; then + add_mac + + else + echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + echo -e "\033[31m请输入正确的数字!\033[0m" + clashadv + fi + + + + clashadv + elif [[ $num == 9 ]]; then if [ $status -gt 0 ];then echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -755,6 +830,7 @@ if [[ $num -le 9 ]] > /dev/null 2>&1; then echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ iptables -t nat -L PREROUTING --line-numbers echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + iptables -t nat -L clash --line-numbers exit; elif [[ $num == 5 ]]; then echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/scripts/clashservice b/scripts/clashservice index 4b610b8..05ee0e4 100644 --- a/scripts/clashservice +++ b/scripts/clashservice @@ -94,31 +94,55 @@ start_redir(){ iptables -t nat -A clash -d 192.168.0.0/16 -j RETURN iptables -t nat -A clash -d 224.0.0.0/4 -j RETURN iptables -t nat -A clash -d 240.0.0.0/4 -j RETURN + for mac in $(cat $clashdir/mac); do + iptables -t nat -A clash -m mac --mac-source $mac -j RETURN + done + iptables -t nat -A clash -p tcp $ports-j REDIRECT --to-ports 7892 iptables -t nat -A PREROUTING -p tcp -j clash if [ "$ipv6_support" = "已开启" ];then - ip6tables -t nat -N clashv6 - ip6tables -t nat -A clashv6 -p tcp $ports-j REDIRECT --to-ports 7892 - ip6tables -t nat -A PREROUTING -p tcp -j clashv6 + ip6tables -t nat -N clash + for mac in $(cat $clashdir/mac); do + ip6tables -t nat -A clash -m mac --mac-source $mac -j RETURN + done + ip6tables -t nat -A clash -p tcp $ports-j REDIRECT --to-ports 7892 + ip6tables -t nat -A PREROUTING -p tcp -j clash fi } stop_iptables(){ #重置iptables规则 iptables -t nat -D PREROUTING -p tcp -j clash > /dev/null 2>&1 + iptables -t nat -D PREROUTING -p tcp -j clash_dns > /dev/null 2>&1 iptables -t nat -F clash > /dev/null 2>&1 iptables -t nat -X clash > /dev/null 2>&1 - iptables -t nat -D PREROUTING -p udp --dport 53 -j REDIRECT --to 1053 > /dev/null 2>&1 - ip6tables -t nat -D PREROUTING -p udp --dport 53 -j REDIRECT --to 1053 > /dev/null 2>&1 - ip6tables -t nat -D PREROUTING -p tcp -j clashv6 > /dev/null 2>&1 - ip6tables -t nat -F clashv6 > /dev/null 2>&1 - ip6tables -t nat -X clashv6 > /dev/null 2>&1 + iptables -t nat -F clash_dns > /dev/null 2>&1 + iptables -t nat -X clash_dns > /dev/null 2>&1 + #重置ipv6规则 + ip6tables -t nat -D PREROUTING -p tcp -j clash > /dev/null 2>&1 + ip6tables -t nat -D PREROUTING -p tcp -j clash_dns > /dev/null 2>&1 + ip6tables -t nat -F clash > /dev/null 2>&1 + ip6tables -t nat -X clash > /dev/null 2>&1 + ip6tables -t nat -F clash_dns > /dev/null 2>&1 + ip6tables -t nat -X clash_dns > /dev/null 2>&1 } start_dns(){ #允许tun网卡接受流量 iptables -I FORWARD -o utun -j ACCEPT + ip6tables -I FORWARD -o utun -j ACCEPT #设置dns转发 - iptables -t nat -A PREROUTING -p udp --dport 53 -j REDIRECT --to 1053 - ip6tables -t nat -A PREROUTING -p udp --dport 53 -j REDIRECT --to 1053 + iptables -t nat -N clash_dns + for mac in $(cat $clashdir/mac); do + iptables -t nat -A clash_dns -m mac --mac-source $mac -j RETURN + done + iptables -t nat -A clash_dns -p udp --dport 53 -j REDIRECT --to 1053 + iptables -t nat -A PREROUTING -p udp -j clash_dns + #ipv6DNS + ip6tables -t nat -N clash_dns + for mac in $(cat $clashdir/mac); do + ip6tables -t nat -A clash_dns -m mac --mac-source $mac -j RETURN + done + ip6tables -t nat -A clash_dns -p udp --dport 53 -j REDIRECT --to 1053 + ip6tables -t nat -A PREROUTING -p udp -j clash_dns } start_service() { getconfig