diff --git a/bin/ShellCrash.tar.gz b/bin/ShellCrash.tar.gz index e9656a9..d1ba4c2 100644 Binary files a/bin/ShellCrash.tar.gz and b/bin/ShellCrash.tar.gz differ diff --git a/bin/clashfm.tar.gz b/bin/clashfm.tar.gz index aab1fe0..f60f355 100644 Binary files a/bin/clashfm.tar.gz and b/bin/clashfm.tar.gz differ diff --git a/bin/public.tar.gz b/bin/public.tar.gz index 77afc67..877ba97 100644 Binary files a/bin/public.tar.gz and b/bin/public.tar.gz differ diff --git a/bin/version b/bin/version index 6c6df83..83badee 100644 --- a/bin/version +++ b/bin/version @@ -4,5 +4,5 @@ clash_v=v1.7.1 meta_v=v1.18.1 singboxp_v=1.8.5-73d97226 singbox_v=1.8.8 -versionsh=1.9.0pre14 +versionsh=1.9.1alpha1 GeoIP_v=20240302 diff --git a/scripts/init.sh b/scripts/init.sh index 33fde42..6529d7b 100644 --- a/scripts/init.sh +++ b/scripts/init.sh @@ -1,7 +1,7 @@ #!/bin/sh # Copyright (C) Juewuy -version=1.9.0pre15 +version=1.9.1alpha1 setdir(){ dir_avail(){ @@ -304,7 +304,7 @@ sed -i '/shellclash/d' /etc/passwd sed -i '/shellclash/d' /etc/group rm -rf /etc/init.d/clash [ "$systype" = "mi_snapshot" -a "$CRASHDIR" != '/data/clash' ] && rm -rf /data/clash -for file in CrashCore clash.sh shellcrash.rc core.new clashservice log shellcrash.service mark? mark.bak;do +for file in CrashCore clash.sh getdate.sh shellcrash.rc core.new clashservice log shellcrash.service mark? mark.bak;do rm -rf ${CRASHDIR}/$file done #旧版变量改名 @@ -315,5 +315,6 @@ sed -i "s/ShellClash/ShellCrash/g" $configpath sed -i "s/cpucore=armv8/cpucore=arm64/g" $configpath sed -i "s/redir_mod=Nft基础/redir_mod=Redir模式/g" $configpath sed -i "s/redir_mod=Nft混合/redir_mod=Tproxy模式/g" $configpath +sed -i "s/redir_mod=纯净模式/firewall_area=4/g" $configpath echo -e "\033[32m脚本初始化完成,请输入\033[30;47m crash \033[0;33m命令开始使用!\033[0m" diff --git a/scripts/start.sh b/scripts/start.sh index e31da29..16abd4f 100644 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # Copyright (C) Juewuy #初始化目录 @@ -873,7 +873,7 @@ start_ipt_route(){ #iptables-route通用工具 [ "$1" = 'iptables' ] && { RESERVED_IP=$reserve_ipv4 HOST_IP=$host_ipv4 - [ "$4" = 'OUTPUT' ] && HOST_IP="127.0.0.0/8 $local_ipv4" + [ "$3" = 'OUTPUT' ] && HOST_IP="127.0.0.0/8 $local_ipv4" } [ "$1" = 'ip6tables' ] && { RESERVED_IP=$reserve_ipv6 @@ -895,13 +895,14 @@ start_ipt_route(){ #iptables-route通用工具 [ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" ] && \ $1 -t $2 -A $4 -m set --match-set cn_ip dst -j RETURN 2>/dev/null #局域网mac地址黑名单过滤 - [ -s "$(cat ${CRASHDIR}/configs/mac)" -a "$macfilter_type" != "白名单" ] && \ - for mac in $(cat ${CRASHDIR}/configs/mac); do - $1 -t $2 -A $4 -m mac --mac-source $mac -j RETURN - done + [ "$3" = 'PREROUTING' ] && [ -s "$(cat ${CRASHDIR}/configs/mac)" ] && [ "$macfilter_type" != "白名单" ] && { + for mac in $(cat ${CRASHDIR}/configs/mac); do + $1 -t $2 -A $4 -m mac --mac-source $mac -j RETURN + done + } #tcp&udp分别进代理链 proxy_set(){ - if [ "$macfilter_type" = "白名单" -a -n "$(cat ${CRASHDIR}/configs/mac)" ];then + if [ "$3" = 'PREROUTING' ] && [ "$macfilter_type" = "白名单" ] && [ -n "$(cat ${CRASHDIR}/configs/mac)" ];then for mac in $(cat ${CRASHDIR}/configs/mac); do #mac白名单 $1 -t $2 -A $4 -p $5 -m mac --mac-source $mac -j $JUMP done @@ -929,15 +930,18 @@ start_ipt_dns(){ #iptables-dns通用工具 $1 -t nat -A $3 -p tcp -s $bypass_host -j RETURN $1 -t nat -A $3 -p udp -s $bypass_host -j RETURN } - if [ "$macfilter_type" = "白名单" -a -n "$(cat ${CRASHDIR}/configs/mac)" ];then - for mac in $(cat ${CRASHDIR}/configs/mac); do #mac白名单 + #局域网mac地址黑名单过滤 + [ "$3" = 'PREROUTING' ] && [ -s "$(cat ${CRASHDIR}/configs/mac)" ] && [ "$macfilter_type" != "白名单" ] && { + for mac in $(cat ${CRASHDIR}/configs/mac); do + $1 -t nat -A $3 -m mac --mac-source $mac -j RETURN + done + } + if [ "$3" = 'PREROUTING' ] && [ "$macfilter_type" = "白名单" ] && [ -n "$(cat ${CRASHDIR}/configs/mac)" ];then + for mac in $(cat ${CRASHDIR}/configs/mac); do $1 -t nat -A $3 -p tcp -m mac --mac-source $mac -j REDIRECT --to $dns_port $1 -t nat -A $3 -p udp -m mac --mac-source $mac -j REDIRECT --to $dns_port done - else - for mac in $(cat ${CRASHDIR}/configs/mac); do #mac黑名单 - $1 -t nat -A $3 -m mac --mac-source $mac -j RETURN - done + else $1 -t nat -A $3 -p tcp -j REDIRECT --to $dns_port $1 -t nat -A $3 -p udp -j REDIRECT --to $dns_port fi @@ -1034,7 +1038,10 @@ start_iptables(){ #iptables配置总入口 [ "$redir_mod" = "TCP旁路转发" ] && protocol=tcp if [ -n "$(grep -E '^MARK$' /proc/net/ip_tables_targets)" ];then [ "$lan_proxy" = true ] && { - [ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ] && iptables -I FORWARD -o utun -j ACCEPT + [ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ] && { + iptables -I FORWARD -o utun -j ACCEPT + ip route del 198.18.0.0/16 dev utun proto kernel scope link src 198.18.0.0 #移除内核生成的tun路由 + } start_ipt_route iptables mangle PREROUTING shellcrash_mark $protocol } [ "$local_proxy" = true ] && start_ipt_route iptables mangle OUTPUT shellcrash_mark_out $protocol @@ -1186,6 +1193,7 @@ start_nftables(){ #nftables配置总入口 [ "$redir_mod" = "混合模式" ] && JUMP="meta l4proto udp mark set $fwmark" #跳转劫持的具体命令 [ "$lan_proxy" = true ] && { start_nft_route prerouting prerouting nat -150 + ip route del 198.18.0.0/16 dev utun proto kernel scope link src 198.18.0.0 #移除内核生成的tun路由 #放行流量 nft add chain inet shellcrash forward { type filter hook forward priority -150 \; } nft add rule inet shellcrash forward oifname "utun" accept diff --git a/scripts/update.sh b/scripts/update.sh index 26e4e5f..37c4e1f 100644 --- a/scripts/update.sh +++ b/scripts/update.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # Copyright (C) Juewuy error_down(){ @@ -2414,38 +2414,41 @@ testcommand(){ if [ "$firewall_mod" = "nftables" ];then nft list table inet shellcrash else - echo ----------------Redir+DNS--------------------- - iptables -t nat -L PREROUTING --line-numbers - iptables -t nat -L shellcrash_dns --line-numbers - [ "$redir_mod" = "Redir模式" ] && iptables -t nat -L shellcrash --line-numbers - [ -n "$(echo $redir_mod | grep -E 'Tproxy模式|混合模式|Tun模式')" ] && { - echo ----------------Tun/Tproxy------------------- - iptables -t mangle -L PREROUTING --line-numbers - iptables -t mangle -L shellcrash_mark --line-numbers + [ "$firewall_area" = 1 -o "$firewall_area" = 3 ] && { + echo ----------------Redir+DNS--------------------- + iptables -t nat -L PREROUTING --line-numbers + iptables -t nat -L shellcrash_dns --line-numbers + [ -n "$(echo $redir_mod | grep -E 'Redir模式|混合模式')" ] && iptables -t nat -L shellcrash --line-numbers + [ -n "$(echo $redir_mod | grep -E 'Tproxy模式|混合模式|Tun模式')" ] && { + echo ----------------Tun/Tproxy------------------- + iptables -t mangle -L PREROUTING --line-numbers + iptables -t mangle -L shellcrash_mark --line-numbers + } } [ "$firewall_area" = 2 -o "$firewall_area" = 3 ] && { echo -------------OUTPUT-Redir+DNS---------------- iptables -t nat -L OUTPUT --line-numbers iptables -t nat -L shellcrash_dns_out --line-numbers - if [ "$redir_mod" = "Redir模式" ];then - iptables -t nat -L shellcrash_out --line-numbers - else + [ -n "$(echo $redir_mod | grep -E 'Redir模式|混合模式')" ] && iptables -t nat -L shellcrash_out --line-numbers + [ -n "$(echo $redir_mod | grep -E 'Tproxy模式|混合模式|Tun模式')" ] && { echo ------------OUTPUT-Tun/Tproxy--------------- iptables -t mangle -L OUTPUT --line-numbers iptables -t mangle -L shellcrash_mark_out --line-numbers - fi + } } [ "$ipv6_redir" = "已开启" ] && { - ip6tables -t nat -L >/dev/null 2>&1 && { - echo -------------IPV6-Redir+DNS------------------- - ip6tables -t nat -L PREROUTING --line-numbers - ip6tables -t nat -L shellcrashv6_dns --line-numbers - [ "$redir_mod" = "Redir模式" ] && ip6tables -t nat -L shellcrashv6 --line-numbers - } - [ -n "$(echo $redir_mod | grep -E 'Tproxy模式|混合模式|Tun模式')" ] && { - echo -------------IPV6-Tun/Tproxy------------------ - ip6tables -t mangle -L PREROUTING --line-numbers - ip6tables -t mangle -L shellcrashv6_mark --line-numbers + [ "$firewall_area" = 1 -o "$firewall_area" = 3 ] && { + ip6tables -t nat -L >/dev/null 2>&1 && { + echo -------------IPV6-Redir+DNS------------------- + ip6tables -t nat -L PREROUTING --line-numbers + ip6tables -t nat -L shellcrashv6_dns --line-numbers + [ -n "$(echo $redir_mod | grep -E 'Redir模式|混合模式')" ] && ip6tables -t nat -L shellcrashv6 --line-numbers + } + [ -n "$(echo $redir_mod | grep -E 'Tproxy模式|混合模式|Tun模式')" ] && { + echo -------------IPV6-Tun/Tproxy------------------ + ip6tables -t mangle -L PREROUTING --line-numbers + ip6tables -t mangle -L shellcrashv6_mark --line-numbers + } } } fi