From de554bb2839b6239d6c29a8291bcb0cf09cbac59 Mon Sep 17 00:00:00 2001
From: juewuy <juewuy@gmail.com>
Date: Sun, 13 Oct 2024 14:42:14 +0800
Subject: [PATCH] =?UTF-8?q?~=E4=BF=AE=E5=A4=8D=E5=9C=A8=E6=89=BE=E4=B8=8D?=
 =?UTF-8?q?=E5=88=B0=E5=AE=B9=E5=99=A8=E8=99=9A=E6=8B=9F=E6=9C=BAip?=
 =?UTF-8?q?=E5=9C=B0=E5=9D=80=E4=BE=9D=E7=84=B6=E4=BC=9A=E5=90=AF=E5=8A=A8?=
 =?UTF-8?q?=E6=9C=AC=E6=9C=BA=E5=AE=B9=E5=99=A8=E4=BB=A3=E7=90=86=E7=9A=84?=
 =?UTF-8?q?bug=20~=E4=BF=AE=E5=A4=8D=E9=83=A8=E5=88=86=E6=83=85=E5=86=B5?=
 =?UTF-8?q?=E4=B8=8B=E6=97=A0=E6=B3=95=E6=AD=A3=E7=A1=AE=E5=88=87=E6=8D=A2?=
 =?UTF-8?q?=E9=98=B2=E7=81=AB=E5=A2=99=E6=A8=A1=E5=BC=8F=E7=9A=84bug=20~?=
 =?UTF-8?q?=E4=BF=AE=E5=A4=8Dgrep=E5=91=BD=E4=BB=A4=E7=9B=B8=E5=85=B3?=
 =?UTF-8?q?=E8=AD=A6=E5=91=8A=20~=E4=BF=AE=E5=A4=8D=E5=9C=A8=E9=83=A8?=
 =?UTF-8?q?=E5=88=86=E6=B2=A1=E6=9C=89ip6tables=E5=91=BD=E4=BB=A4=E8=AE=BE?=
 =?UTF-8?q?=E5=A4=87=E4=B8=8A=E4=BC=9A=E5=87=BA=E7=8E=B0=E6=8A=A5=E9=94=99?=
 =?UTF-8?q?=E7=9A=84bug=20~=E4=BF=AE=E5=A4=8D=E6=9D=A1=E4=BB=B6=E4=BB=BB?=
 =?UTF-8?q?=E5=8A=A1=E2=80=9C=E9=98=B2=E7=81=AB=E5=A2=99=E5=90=AF=E5=8A=A8?=
 =?UTF-8?q?=E5=90=8E=E6=89=A7=E8=A1=8C=E2=80=9D=E5=9C=A8=E6=8F=92=E5=85=A5?=
 =?UTF-8?q?fw4=E7=89=88=E6=9C=AC=E9=98=B2=E7=81=AB=E5=A2=99=E6=97=B6?=
 =?UTF-8?q?=E4=BC=9A=E5=AF=BC=E8=87=B4=E9=98=B2=E7=81=AB=E5=A2=99=E5=90=AF?=
 =?UTF-8?q?=E5=8A=A8=E6=96=87=E4=BB=B6=E9=94=99=E4=B9=B1=E7=9A=84bug?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 scripts/menu.sh  | 12 +++++++++++-
 scripts/start.sh | 14 +++++++-------
 2 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/scripts/menu.sh b/scripts/menu.sh
index e76755e..393e17b 100644
--- a/scripts/menu.sh
+++ b/scripts/menu.sh
@@ -1378,7 +1378,7 @@ set_redir_mod(){ #代理模式设置
 			else
 				echo -e "\033[31m当前设备未安装nftables或者nftables版本过低(<1.0.2),无法切换！\033[0m" 
 			fi
-		else
+		elif [ "$firewall_mod" = 'nftables' ];then
 			if ckcmd iptables;then
 				firewall_mod=iptables
 				redir_mod=Redir模式
@@ -1386,6 +1386,16 @@ set_redir_mod(){ #代理模式设置
 			else
 				echo -e "\033[31m当前设备未安装iptables,无法切换！\033[0m" 
 			fi
+		else
+			iptables -j REDIRECT -h >/dev/null 2>&1 && firewall_mod=iptables
+			nft add table inet shellcrash 2>/dev/null && firewall_mod=nftables
+			if [ -n "$firewall_mod" ];then
+				redir_mod=Redir模式
+				setconfig redir_mod $redir_mod
+				setconfig firewall_mod $firewall_mod
+			else
+				echo -e "\033[31m检测不到可用的防火墙应用(iptables/nftables),无法切换！\033[0m" 
+			fi
 		fi
 		sleep 1
 		setconfig firewall_mod $firewall_mod
diff --git a/scripts/start.sh b/scripts/start.sh
index 3d28d3e..b07b825 100644
--- a/scripts/start.sh
+++ b/scripts/start.sh
@@ -620,7 +620,7 @@ EOF
 		if [ -z "$(echo "$core_v" | grep -E '^1\.7.*')" ]; then
 			direct_dns="{ \"rule_set\": [\"geosite-cn\"], \"server\": \"dns_direct\" },"
 			#生成add_rule_set.json
-			[ -z "$(cat "$CRASHDIR"/jsons/*.json | grep -Ei '\"tag\" *: *\"geosite-cn\"')" ] && cat >"$TMPDIR"/jsons/add_rule_set.json <<EOF
+			[ -z "$(cat "$CRASHDIR"/jsons/*.json | grep -Ei '"tag" *: *"geosite-cn"')" ] && cat >"$TMPDIR"/jsons/add_rule_set.json <<EOF
 {
   "route": {
 	"rule_set": [
@@ -1135,7 +1135,7 @@ start_iptables() { #iptables配置总入口
 			fi
 		}
 	}
-	[ "$vm_redir" = "已开启" ] && {
+	[ "$vm_redir" = "已开启" ] && [ -n "$$vm_ipv4" ] && {
 		JUMP="REDIRECT --to-ports $redir_port" #跳转劫持的具体命令
 		start_ipt_dns iptables PREROUTING shellcrash_vm_dns #ipv4-局域网dns转发
 		start_ipt_route iptables nat PREROUTING shellcrash_vm tcp #ipv4-局域网tcp转发
@@ -1147,8 +1147,8 @@ start_iptables() { #iptables配置总入口
 			if $ip6table -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports'; then
 				start_ipt_dns ip6tables PREROUTING shellcrashv6_dns #ipv6-局域网dns转发
 			else
-				$ip6table -I INPUT -p tcp --dport 53 -j REJECT
-				$ip6table -I INPUT -p udp --dport 53 -j REJECT
+				$ip6table -I INPUT -p tcp --dport 53 -j REJECT >/dev/null 2>&1
+				$ip6table -I INPUT -p udp --dport 53 -j REJECT >/dev/null 2>&1
 			fi
 		}
 		[ "$local_proxy" = true ] && start_ipt_dns iptables OUTPUT shellcrash_dns_out #ipv4-本机dns转发
@@ -1351,7 +1351,7 @@ start_nftables() { #nftables配置总入口
 		[ "$lan_proxy" = true ] && start_nft_route prerouting prerouting filter -150
 		[ "$local_proxy" = true ] && start_nft_route output output route -150
 	}
-	[ "$vm_redir" = "已开启" ] && {
+	[ "$vm_redir" = "已开启" ] && [ -n "$$vm_ipv4" ] && {
 		start_nft_dns prerouting_vm prerouting
 		JUMP="meta l4proto tcp redirect to $redir_port" #跳转劫持的具体命令
 		start_nft_route prerouting_vm prerouting nat -100
@@ -1839,9 +1839,9 @@ afstart() { #启动后
 		[ -s "$CRASHDIR"/task/afstart ] && { . "$CRASHDIR"/task/afstart; } &
 		[ -s "$CRASHDIR"/task/affirewall -a -s /etc/init.d/firewall -a ! -f /etc/init.d/firewall.bak ] && {
 			#注入防火墙
-			line=$(grep -En "fw3 restart" /etc/init.d/firewall | cut -d ":" -f 1)
+			line=$(grep -En "fw.* restart" /etc/init.d/firewall | cut -d ":" -f 1)
 			sed -i.bak "${line}a\\. "$CRASHDIR"/task/affirewall" /etc/init.d/firewall
-			line=$(grep -En "fw3 .* start" /etc/init.d/firewall | cut -d ":" -f 1)
+			line=$(grep -En "fw.* start" /etc/init.d/firewall | cut -d ":" -f 1)
 			sed -i "${line}a\\. "$CRASHDIR"/task/affirewall" /etc/init.d/firewall
 		} &
 	else