v1.5.6
~增加fake-ip地址过滤编辑功能 ~增加GeoSite数据库手动更新 ~SSH固化功能支持密码设置 ~优化Padavan设备开机自启不正常的bug ~修复不能自动导入本机hosts的bug ~其他优化及修复
This commit is contained in:
juewuy
@@ -691,7 +691,34 @@ clashcfg(){
|
||||
errornum
|
||||
fi
|
||||
}
|
||||
|
||||
fake_ip_filter(){
|
||||
echo -e "\033[32m用于解决Fake-ip模式下部分地址或应用无法连接的问题\033[0m"
|
||||
echo -e "\033[31m脚本已经内置了大量地址,你只需要添加出现问题的地址!\033[0m"
|
||||
echo -e "\033[36m示例:a.b.com"
|
||||
echo -e "示例:*.b.com"
|
||||
echo -e "示例:*.*.b.com\033[0m"
|
||||
echo -----------------------------------------------
|
||||
if [ -f $clashdir/fake_ip_filter ];then
|
||||
echo -e "\033[33m已添加Fake-ip过滤地址:\033[0m"
|
||||
cat $clashdir/fake_ip_filter | awk '{print NR" "$1}'
|
||||
else
|
||||
echo -e "\033[33m你还未添加Fake-ip过滤地址\033[0m"
|
||||
fi
|
||||
echo -----------------------------------------------
|
||||
echo -e "\033[32m输入数字直接移除对应地址,输入地址直接添加!\033[0m"
|
||||
read -p "请输入数字或地址 > " input
|
||||
if [ -z "$input" -o "input" = 0 ];then
|
||||
i=
|
||||
elif [ "$input" -le "$(cat $clashdir/fake_ip_filter | wc -l)" ];then
|
||||
sed -i "${input}d" $clashdir/fake_ip_filter 2>/dev/null
|
||||
echo -e "\033[32m移除成功!\033[0m"
|
||||
fake_ip_filter
|
||||
else
|
||||
echo -e "你输入的地址是:\033[32m$input\033[0m"
|
||||
read -p "确认添加?(1/0) > " res
|
||||
[ "$res" = 1 ] && echo $input >> $clashdir/fake_ip_filter || fake_ip_filter
|
||||
fi
|
||||
}
|
||||
#获取设置默认显示
|
||||
[ -z "$skip_cert" ] && skip_cert=已开启
|
||||
[ -z "$common_ports" ] && common_ports=已开启
|
||||
@@ -709,6 +736,8 @@ clashcfg(){
|
||||
echo -e " 4 只代理常用端口: \033[36m$common_ports\033[0m ————用于过滤P2P流量"
|
||||
echo -e " 5 过滤局域网设备: \033[36m$mac_return\033[0m ————使用黑/白名单进行过滤"
|
||||
echo -e " 6 设置本机代理服务: \033[36m$local_proxy\033[0m ————使本机流量经过clash内核"
|
||||
[ "$dns_mod" = "fake-ip" ] && \
|
||||
echo -e " 7 管理Fake-ip过滤列表" || \
|
||||
echo -e " 7 CN_IP绕过内核: \033[36m$cn_ip_route\033[0m ————优化性能,不兼容Fake-ip"
|
||||
echo -----------------------------------------------
|
||||
echo -e " 0 返回上级菜单 \033[0m"
|
||||
@@ -767,25 +796,26 @@ clashcfg(){
|
||||
|
||||
elif [ "$num" = 7 ]; then
|
||||
echo -----------------------------------------------
|
||||
if ! ipset -v >/dev/null 2>&1;then
|
||||
echo -e "\033[31m当前设备缺少ipset模块,无法启用绕过功能!!\033[0m"
|
||||
sleep 1
|
||||
elif [ "$dns_mod" = "fake-ip" ];then
|
||||
echo -e "\033[31m不支持fake-ip模式,请将DNS模式更换为Redir-host!!\033[0m"
|
||||
sleep 1
|
||||
if [ "$dns_mod" = "fake-ip" ];then
|
||||
fake_ip_filter
|
||||
clashcfg
|
||||
else
|
||||
if [ "$cn_ip_route" = "未开启" ]; then
|
||||
echo -e "\033[32m已开启CN_IP绕过内核功能!!\033[0m"
|
||||
cn_ip_route=已开启
|
||||
if ! ipset -v >/dev/null 2>&1;then
|
||||
echo -e "\033[31m当前设备缺少ipset模块,无法启用绕过功能!!\033[0m"
|
||||
sleep 1
|
||||
else
|
||||
echo -e "\033[33m已禁用CN_IP绕过内核功能!!\033[0m"
|
||||
cn_ip_route=未开启
|
||||
if [ "$cn_ip_route" = "未开启" ]; then
|
||||
echo -e "\033[32m已开启CN_IP绕过内核功能!!\033[0m"
|
||||
cn_ip_route=已开启
|
||||
sleep 1
|
||||
else
|
||||
echo -e "\033[33m已禁用CN_IP绕过内核功能!!\033[0m"
|
||||
cn_ip_route=未开启
|
||||
fi
|
||||
setconfig cn_ip_route $cn_ip_route
|
||||
fi
|
||||
setconfig cn_ip_route $cn_ip_route
|
||||
fi
|
||||
clashcfg
|
||||
clashcfg
|
||||
|
||||
elif [ "$num" = 9 ]; then
|
||||
clashstart
|
||||
@@ -1228,16 +1258,16 @@ tools(){
|
||||
if [ "$mi_autoSSH" = "已启用" ];then
|
||||
mi_autoSSH=禁用
|
||||
else
|
||||
echo -----------------------------------------------
|
||||
echo -e "\033[33m本功能使用软件命令进行固化不保证100%成功!\033[0m"
|
||||
echo -e "本功能需依赖clash服务,请确保clash为开机启动状态!"
|
||||
echo -e "\033[33m如有问题请加群反馈:\033[36;4mhttps://t.me/clashfm\033[0m"
|
||||
read -p "请输入需要还原的SSH密码(不影响当前密码,回车可跳过) > " mi_autoSSH_pwd
|
||||
mi_autoSSH=已启用
|
||||
if [ "$systype" = "mi_snapshot" ];then
|
||||
echo -----------------------------------------------
|
||||
echo -e "\033[33m本功能使用软件命令进行固化不保证100%成功!\033[0m"
|
||||
echo -e "本功能需依赖clash服务,请确保clash为开机启动状态!"
|
||||
echo -e "\033[33m如有问题请加群反馈:\033[36;4mhttps://t.me/clashfm\033[0m"
|
||||
read -p "请输入需要还原的SSH密码(不影响当前密码,回车可跳过) > " mi_autoSSH_pwd
|
||||
mi_autoSSH=已启用
|
||||
cp -f /etc/dropbear/dropbear_rsa_host_key $clashdir/dropbear_rsa_host_key 2>/dev/null
|
||||
echo -e "\033[32m检测当前为小米镜像化系统,已将SSH秘钥备份到脚本安装目录!\033[0m"
|
||||
echo -e "\033[32mClash会在启动时自动还原已备份的秘钥文件!\033[0m"
|
||||
else
|
||||
echo 不支持的设备!
|
||||
fi
|
||||
echo -e "\033[32m设置成功!\033[0m"
|
||||
fi
|
||||
|
||||
@@ -34,6 +34,8 @@ getconfig(){
|
||||
[ -z "$host" ] && host=127.0.0.1
|
||||
#是否代理常用端口
|
||||
[ "$common_ports" = "已开启" ] && ports="-m multiport --dports $multiport"
|
||||
#默认fake-ip过滤列表
|
||||
fake_ft_df='"*.lan", "time.windows.com", "time.nist.gov", "time.apple.com", "time.asia.apple.com", "*.ntp.org.cn", "*.openwrt.pool.ntp.org", "time1.cloud.tencent.com", "time.ustc.edu.cn", "pool.ntp.org", "ntp.ubuntu.com", "ntp.aliyun.com", "ntp1.aliyun.com", "ntp2.aliyun.com", "ntp3.aliyun.com", "ntp4.aliyun.com", "ntp5.aliyun.com", "ntp6.aliyun.com", "ntp7.aliyun.com", "time1.aliyun.com", "time2.aliyun.com", "time3.aliyun.com", "time4.aliyun.com", "time5.aliyun.com", "time6.aliyun.com", "time7.aliyun.com", "*.time.edu.cn", "time1.apple.com", "time2.apple.com", "time3.apple.com", "time4.apple.com", "time5.apple.com", "time6.apple.com", "time7.apple.com", "time1.google.com", "time2.google.com", "time3.google.com", "time4.google.com", "music.163.com", "*.music.163.com", "*.126.net", "musicapi.taihe.com", "music.taihe.com", "songsearch.kugou.com", "trackercdn.kugou.com", "*.kuwo.cn", "api-jooxtt.sanook.com", "api.joox.com", "joox.com", "y.qq.com", "*.y.qq.com", "streamoc.music.tc.qq.com", "mobileoc.music.tc.qq.com", "isure.stream.qqmusic.qq.com", "dl.stream.qqmusic.qq.com", "aqqmusic.tc.qq.com", "amobile.music.tc.qq.com", "*.xiami.com", "*.music.migu.cn", "music.migu.cn", "*.msftconnecttest.com", "*.msftncsi.com", "localhost.ptlogin2.qq.com", "*.*.*.srv.nintendo.net", "*.*.stun.playstation.net", "xbox.*.*.microsoft.com", "*.*.xboxlive.com", "proxy.golang.org","*.sgcc.com.cn","*.alicdn.com","*.aliyuncs.com"'
|
||||
}
|
||||
setconfig(){
|
||||
#参数1代表变量名,参数2代表变量值,参数3即文件路径
|
||||
@@ -292,8 +294,13 @@ modify_yaml(){
|
||||
exper='experimental: {ignore-resolve-fail: true, interface-name: en0}'
|
||||
#dns配置
|
||||
dns_default='114.114.114.114, 223.5.5.5'
|
||||
if [ -f $clashdir/fake_ip_filter ];then
|
||||
while read line;do
|
||||
fake_ft_ad=$fake_ft_ad,\"$line\"
|
||||
done < $clashdir/fake_ip_filter
|
||||
fi
|
||||
if [ "$dns_mod" = "fake-ip" ];then
|
||||
dns='dns: {enable: true, listen: 0.0.0.0:'$dns_port', use-hosts: true, fake-ip-range: 198.18.0.1/16, enhanced-mode: fake-ip, fake-ip-filter: ["*.lan", "time.windows.com", "time.nist.gov", "time.apple.com", "time.asia.apple.com", "*.ntp.org.cn", "*.openwrt.pool.ntp.org", "time1.cloud.tencent.com", "time.ustc.edu.cn", "pool.ntp.org", "ntp.ubuntu.com", "ntp.aliyun.com", "ntp1.aliyun.com", "ntp2.aliyun.com", "ntp3.aliyun.com", "ntp4.aliyun.com", "ntp5.aliyun.com", "ntp6.aliyun.com", "ntp7.aliyun.com", "time1.aliyun.com", "time2.aliyun.com", "time3.aliyun.com", "time4.aliyun.com", "time5.aliyun.com", "time6.aliyun.com", "time7.aliyun.com", "*.time.edu.cn", "time1.apple.com", "time2.apple.com", "time3.apple.com", "time4.apple.com", "time5.apple.com", "time6.apple.com", "time7.apple.com", "time1.google.com", "time2.google.com", "time3.google.com", "time4.google.com", "music.163.com", "*.music.163.com", "*.126.net", "musicapi.taihe.com", "music.taihe.com", "songsearch.kugou.com", "trackercdn.kugou.com", "*.kuwo.cn", "api-jooxtt.sanook.com", "api.joox.com", "joox.com", "y.qq.com", "*.y.qq.com", "streamoc.music.tc.qq.com", "mobileoc.music.tc.qq.com", "isure.stream.qqmusic.qq.com", "dl.stream.qqmusic.qq.com", "aqqmusic.tc.qq.com", "amobile.music.tc.qq.com", "*.xiami.com", "*.music.migu.cn", "music.migu.cn", "*.msftconnecttest.com", "*.msftncsi.com", "localhost.ptlogin2.qq.com", "*.*.*.srv.nintendo.net", "*.*.stun.playstation.net", "xbox.*.*.microsoft.com", "*.*.xboxlive.com", "proxy.golang.org","*.sgcc.com.cn","*.alicdn.com","*.aliyuncs.com"], default-nameserver: ['$dns_default', 127.0.0.1:53], nameserver: ['$dns_nameserver', 127.0.0.1:53], fallback: ['$dns_fallback'], fallback-filter: {geoip: true}}'
|
||||
dns='dns: {enable: true, listen: 0.0.0.0:'$dns_port', use-hosts: true, fake-ip-range: 198.18.0.1/16, enhanced-mode: fake-ip, fake-ip-filter: ['${fake_ft_df}${fake_ft_ad}'], default-nameserver: ['$dns_default', 127.0.0.1:53], nameserver: ['$dns_nameserver', 127.0.0.1:53], fallback: ['$dns_fallback'], fallback-filter: {geoip: true}}'
|
||||
else
|
||||
dns='dns: {enable: true, '$dns_v6', listen: 0.0.0.0:'$dns_port', use-hosts: true, enhanced-mode: redir-host, default-nameserver: ['$dns_default', 127.0.0.1:53], nameserver: ['$dns_nameserver$dns_local'], fallback: ['$dns_fallback'], fallback-filter: {geoip: true}}'
|
||||
fi
|
||||
@@ -345,7 +352,7 @@ EOF
|
||||
fi
|
||||
#合并文件
|
||||
[ -f $clashdir/user.yaml ] && yaml_user=$clashdir/user.yaml
|
||||
[ -f $clashdir/hosts.yaml ] && yaml_hosts=$clashdir/hosts.yaml
|
||||
[ -f $tmpdir/hosts.yaml ] && yaml_hosts=$tmpdir/hosts.yaml
|
||||
cut -c 1- $tmpdir/set.yaml $yaml_hosts $yaml_user $tmpdir/proxy.yaml > $tmpdir/config.yaml
|
||||
#插入自定义规则
|
||||
sed -i "/#自定义规则/d" $tmpdir/config.yaml
|
||||
@@ -402,6 +409,7 @@ start_redir(){
|
||||
iptables -t nat -A clash -d 0.0.0.0/8 -j RETURN
|
||||
iptables -t nat -A clash -d 10.0.0.0/8 -j RETURN
|
||||
iptables -t nat -A clash -d 127.0.0.0/8 -j RETURN
|
||||
iptables -t nat -A clash -d 100.64.0.0/10 -j RETURN
|
||||
iptables -t nat -A clash -d 169.254.0.0/16 -j RETURN
|
||||
iptables -t nat -A clash -d 172.16.0.0/12 -j RETURN
|
||||
iptables -t nat -A clash -d 192.168.0.0/16 -j RETURN
|
||||
@@ -505,6 +513,7 @@ start_udp(){
|
||||
iptables -t mangle -A clash -d 0.0.0.0/8 -j RETURN
|
||||
iptables -t mangle -A clash -d 10.0.0.0/8 -j RETURN
|
||||
iptables -t mangle -A clash -d 127.0.0.0/8 -j RETURN
|
||||
iptables -t mangle -A clash -d 100.64.0.0/10 -j RETURN
|
||||
iptables -t mangle -A clash -d 169.254.0.0/16 -j RETURN
|
||||
iptables -t mangle -A clash -d 172.16.0.0/12 -j RETURN
|
||||
iptables -t mangle -A clash -d 192.168.0.0/16 -j RETURN
|
||||
@@ -532,6 +541,7 @@ start_output(){
|
||||
iptables -t nat -A clash_out -d 0.0.0.0/8 -j RETURN
|
||||
iptables -t nat -A clash_out -d 10.0.0.0/8 -j RETURN
|
||||
iptables -t nat -A clash_out -d 127.0.0.0/8 -j RETURN
|
||||
iptables -t nat -A clash_out -d 100.64.0.0/10 -j RETURN
|
||||
iptables -t nat -A clash_out -d 169.254.0.0/16 -j RETURN
|
||||
iptables -t nat -A clash_out -d 172.16.0.0/12 -j RETURN
|
||||
iptables -t nat -A clash_out -d 192.168.0.0/16 -j RETURN
|
||||
@@ -627,8 +637,8 @@ web_save(){
|
||||
get_save http://localhost:${db_port}/proxies | awk -F "{" '{for(i=1;i<=NF;i++) print $i}' | grep -E '^"all".*"Selector"' > /tmp/clash_web_check_$USER
|
||||
while read line ;do
|
||||
def=$(echo $line | awk -F "[[,]" '{print $2}')
|
||||
now=$(echo $line | grep -oE '"now".*",' | sed 's/"now"://g'| sed 's/,//g')
|
||||
[ "$def" != "$now" ] && echo $line | grep -oE '"name".*"now".*",' | sed 's/"name"://g' | sed 's/"now"://g'| sed 's/"//g' >> /tmp/clash_web_save_$USER
|
||||
now=$(echo $line | grep -oE '"now".*",' | sed 's/"now"://g' | sed 's/"type":.*//g' | sed 's/,//g')
|
||||
[ "$def" != "$now" ] && echo $line | grep -oE '"name".*"now".*",' | sed 's/"name"://g' | sed 's/"now"://g' | sed 's/"type":.*//g' | sed 's/"//g' >> /tmp/clash_web_save_$USER
|
||||
done < /tmp/clash_web_check_$USER
|
||||
rm -rf /tmp/clash_web_check_$USER
|
||||
#对比文件,如果有变动且不为空则写入磁盘,否则清除缓存
|
||||
@@ -881,12 +891,11 @@ restart)
|
||||
init)
|
||||
if [ -d "/etc/storage/clash" ];then
|
||||
clashdir=/etc/storage/clash
|
||||
if [ -w "/opt/etc/profile" ];then
|
||||
profile=/opt/etc/profile
|
||||
else
|
||||
profile=/etc/profile
|
||||
sed -i '' $profile #将软链接转化为一般文件
|
||||
fi
|
||||
while [ ! -w "/etc/profile" -a "$i" -lt 60 ];do
|
||||
sleep 1 && i=$((i+1))
|
||||
done
|
||||
profile=/etc/profile
|
||||
sed -i '' $profile #将软链接转化为一般文件
|
||||
elif [ -d "/jffs/clash" ];then
|
||||
clashdir=/jffs/clash
|
||||
profile=/jffs/configs/profile.add
|
||||
|
||||
Reference in New Issue
Block a user