xm/ShellCrash
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v1.7.4b

Browse Source 
~新手引导部分优化
~修复在线生成配置文件相关bug
~修复节点绕过功能相关bug
~修复公网访问功能相关bug
This commit is contained in:
juewuy
2023-04-03 21:46:24 +08:00
parent 3379e8ed8a
commit e4546476aa
7 changed files with 23 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
bin/ShellClash.tar.gz
View File

Binary file not shown.

BIN
bin/clashfm.tar.gz
View File

Binary file not shown.

2
bin/version
View File

@@ -3,4 +3,4 @@ clashpre_v=2022.11.25
clash_v=v1.7.1 clash_v=v1.7.1
meta_v=v1.14.2 meta_v=v1.14.2
GeoIP_v=20230401 GeoIP_v=20230401
versionsh=1.7.4 versionsh=1.7.4b

2
rules/ai.list
View File

@@ -3,4 +3,6 @@ DOMAIN-SUFFIX,openai.nooc.ink
DOMAIN-SUFFIX,AI.com DOMAIN-SUFFIX,AI.com
DOMAIN-SUFFIX,cdn.auth0.com DOMAIN-SUFFIX,cdn.auth0.com
DOMAIN-SUFFIX,openaiapi-site.azureedge.net DOMAIN-SUFFIX,openaiapi-site.azureedge.net
DOMAIN-SUFFIX,opendns.com
DOMAIN-SUFFIX,bing.com DOMAIN-SUFFIX,bing.com

4
scripts/getdate.sh
View File

@@ -940,7 +940,9 @@ userguide(){
errornum errornum
forwhat forwhat
elif [ "$num" = 1 ];then elif [ "$num" = 1 ];then
redir_mod="Redir模式" redir_mod="redir模式"
ckcmd nft && redir_mod="Nft基础"
modprobe nft_tproxy &> /dev/null && redir_mod="Nft混合"
setconfig redir_mod "$redir_mod" setconfig redir_mod "$redir_mod"
#设置开机启动 #设置开机启动
[ -f /etc/rc.common ] && /etc/init.d/clash enable [ -f /etc/rc.common ] && /etc/init.d/clash enable

2
scripts/init.sh
View File

@@ -1,7 +1,7 @@
#!/bin/sh #!/bin/sh
# Copyright (C) Juewuy # Copyright (C) Juewuy
version=1.7.4 version=1.7.4b
setdir(){ setdir(){
dir_avail(){ dir_avail(){

32
scripts/start.sh
View File

@@ -147,6 +147,8 @@ getlanip(){
#缺省配置 #缺省配置
[ -z "$host_ipv4" ] && host_ipv4='192.168.0.0/16 10.0.0.0/12 172.16.0.0/12' [ -z "$host_ipv4" ] && host_ipv4='192.168.0.0/16 10.0.0.0/12 172.16.0.0/12'
[ -z "$host_ipv6" ] && host_ipv6='fe80::/10 fd00::/8' [ -z "$host_ipv6" ] && host_ipv6='fe80::/10 fd00::/8'
#获取本机出口IP地址
local_ipv4=$(ip route 2>&1 | grep 'src' | grep -Ev 'utun|iot'| grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} $' | sed 's/.*src //g' )
#保留地址 #保留地址
reserve_ipv4="0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 100.64.0.0/10 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16 224.0.0.0/4 240.0.0.0/4" reserve_ipv4="0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 100.64.0.0/10 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16 224.0.0.0/4 240.0.0.0/4"
reserve_ipv6="::/128 ::1/128 ::ffff:0:0/96 64:ff9b::/96 100::/64 2001::/32 2001:20::/28 2001:db8::/32 2002::/16 fc00::/7 fe80::/10 ff00::/8" reserve_ipv6="::/128 ::1/128 ::ffff:0:0/96 64:ff9b::/96 100::/64 2001::/32 2001:20::/28 2001:db8::/32 2002::/16 fc00::/7 fe80::/10 ff00::/8"
@@ -184,9 +186,9 @@ https://github.com/juewuy/ShellClash/raw/master/rules/ACL4SSR_Online_Mini_Games.
https://github.com/juewuy/ShellClash/raw/master/rules/ACL4SSR_Online_Full_Games.ini https://github.com/juewuy/ShellClash/raw/master/rules/ACL4SSR_Online_Full_Games.ini
EOF` EOF`
#如果传来的是Url链接则合成Https链接否则直接使用Https链接 #如果传来的是Url链接则合成Https链接否则直接使用Https链接
if [ -z "$Https" -a -z "$retry" ];then if [ -z "$Https" ];then
[ -n "$(echo $Url | grep -oE 'vless:')" ] && Server='https://api.v1.mk' [ -n "$(echo $Url | grep -oE 'vless:')" -a -z "$retry" ] && Server='https://api.v1.mk'
[ -n "$(echo $Url | grep -oE 'hysteria:')" ] && Server='https://sub.jwsc.eu.org' [ -n "$(echo $Url | grep -oE 'hysteria:')" -a -z "$retry" ] && Server='https://sub.jwsc.eu.org'
Https="$Server/sub?target=clash&insert=true&new_name=true&scv=true&udp=true&exclude=$exclude&include=$include&url=$Url&config=$Config" Https="$Server/sub?target=clash&insert=true&new_name=true&scv=true&udp=true&exclude=$exclude&include=$include&url=$Url&config=$Config"
url_type=true url_type=true
fi fi
@@ -208,7 +210,7 @@ EOF`
echo ----------------------------------------------- echo -----------------------------------------------
exit 1 exit 1
else else
if [ "$retry" -ge 4 ];then if [ "$retry" = 4 ];then
logger "无法获取配置文件,请检查链接格式以及网络连接状态!" 31 logger "无法获取配置文件,请检查链接格式以及网络连接状态!" 31
echo -e "\033[32m你也可以尝试使用浏览器下载配置文件后使用WinSCP手动上传到/tmp目录\033[0m" echo -e "\033[32m你也可以尝试使用浏览器下载配置文件后使用WinSCP手动上传到/tmp目录\033[0m"
exit 1 exit 1
@@ -265,7 +267,7 @@ EOF`
fi fi
#检测并去除无效节点组 #检测并去除无效节点组
[ -n "$url_type" ] && ckcmd xargs && { [ -n "$url_type" ] && ckcmd xargs && {
cat $yamlnew | grep -A 8 "\- name:" | xargs | sed 's/- name: /\n/g' | sed 's/ type: .*proxies: /#/g' | sed 's/ rules:.*//g' | sed 's/- //g' | grep -E '#DIRECT $' | awk -F '#' '{print $1}' > /tmp/clash_proxies_$USER cat $yamlnew | sed '/^rules:/,$d' | grep -A 15 "\- name:" | xargs | sed 's/- name: /\n/g' | sed 's/ type: .*proxies: /#/g' | sed 's/- //g' | grep -E '#DIRECT $|#DIRECT$' | awk -F '#' '{print $1}' > /tmp/clash_proxies_$USER
while read line ;do while read line ;do
sed -i "/- $line/d" $yamlnew sed -i "/- $line/d" $yamlnew
sed -i "/- name: $line/,/- DIRECT/d" $yamlnew sed -i "/- name: $line/,/- DIRECT/d" $yamlnew
@@ -359,8 +361,8 @@ modify_yaml(){
#节点绕过功能支持 #节点绕过功能支持
sed -i "/#节点绕过/d" $tmpdir/rule.yaml sed -i "/#节点绕过/d" $tmpdir/rule.yaml
[ "$proxies_bypass" = "已启用" ] && { [ "$proxies_bypass" = "已启用" ] && {
cat /tmp/clash_$USER/proxy.yaml | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | awk '!a[$0]++' | sed 's/^/\ -\ IP-CIDR,/g' | sed 's|$|/32,DIRECT #节点绕过|g' >> $tmpdir/proxies_bypass cat /tmp/clash_$USER/proxy.yaml | sed '/^proxy-/,$d' | sed '/^rule-/,$d' | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | awk '!a[$0]++' | sed 's/^/\ -\ IP-CIDR,/g' | sed 's|$|/32,DIRECT #节点绕过|g' >> $tmpdir/proxies_bypass
cat /tmp/clash_$USER/proxy.yaml | grep -vE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -oE '[a-zA-Z0-9][-a-zA-Z0-9]{0,62}(\.[a-zA-Z0-9][-a-zA-Z0-9]{0,62})+\.?'| awk '!a[$0]++' | sed 's/^/\ -\ DOMAIN,/g' | sed 's/$/,DIRECT #节点绕过/g' >> $tmpdir/proxies_bypass cat /tmp/clash_$USER/proxy.yaml | sed '/^proxy-/,$d' | sed '/^rule-/,$d' | grep -vE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -oE '[a-zA-Z0-9][-a-zA-Z0-9]{0,62}(\.[a-zA-Z0-9][-a-zA-Z0-9]{0,62})+\.?'| awk '!a[$0]++' | sed 's/^/\ -\ DOMAIN,/g' | sed 's/$/,DIRECT #节点绕过/g' >> $tmpdir/proxies_bypass
cat $tmpdir/rule.yaml >> $tmpdir/proxies_bypass cat $tmpdir/rule.yaml >> $tmpdir/proxies_bypass
mv -f $tmpdir/proxies_bypass $tmpdir/rule.yaml mv -f $tmpdir/proxies_bypass $tmpdir/rule.yaml
} }
@@ -672,8 +674,6 @@ start_tproxy(){
start_output(){ start_output(){
#获取局域网host地址 #获取局域网host地址
getlanip getlanip
#获取本机所有出口IP地址
local_ipv4=$(ip route 2>&1 | grep 'src' | grep -Ev 'utun|iot'| grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} $' | sed 's/.*src //g' )
#流量过滤 #流量过滤
iptables -t nat -N clash_out iptables -t nat -N clash_out
iptables -t nat -A clash_out -m owner --gid-owner 7890 -j RETURN iptables -t nat -A clash_out -m owner --gid-owner 7890 -j RETURN
@@ -885,26 +885,26 @@ start_wan(){
getlanip getlanip
[ "$mix_port" = "7890" -o -z "$authentication" ] && { [ "$mix_port" = "7890" -o -z "$authentication" ] && {
#仅允许局域网设备访问混合端口 #仅允许局域网设备访问混合端口
for ip in $host_ipv4;do for ip in $host_ipv4 $local_ipv4;do
iptables -A INPUT -p tcp -s $ip --dport $mix_port -j ACCEPT iptables -A INPUT -p tcp -s $ip --dport $mix_port -j ACCEPT
done done
iptables -A INPUT -p tcp --dport $mix_port -j REJECT iptables -A INPUT -p tcp --dport $mix_port -j REJECT
ip6tables -A INPUT -p tcp --dport $mix_port -j REJECT 2> /dev/null ckcmd ip6tables && ip6tables -A INPUT -p tcp --dport $mix_port -j REJECT
} }
if [ "$public_support" = "已开启" ];then if [ "$public_support" = "已开启" ];then
[ "$mix_port" != "7890" -a -n "$authentication" ] && { [ "$mix_port" != "7890" -a -n "$authentication" ] && {
iptables -I INPUT -p tcp --dport $mix_port -j ACCEPT iptables -I INPUT -p tcp --dport $mix_port -j ACCEPT
ip6tables -I INPUT -p tcp --dport $mix_port -j ACCEPT 2> /dev/null ckcmd ip6tables && ip6tables -I INPUT -p tcp --dport $mix_port -j ACCEPT
} }
iptables -I INPUT -p tcp --dport $db_port -j ACCEPT iptables -I INPUT -p tcp --dport $db_port -j ACCEPT
ip6tables -I INPUT -p tcp --dport $db_port -j ACCEPT 2> /dev/null ckcmd ip6tables && ip6tables -I INPUT -p tcp --dport $db_port -j ACCEPT
else else
#仅允许局域网设备访问面板 #仅允许局域网设备访问面板
for ip in $host_ipv4;do for ip in $host_ipv4 $local_ipv4;do
iptables -A INPUT -p tcp -s $ip --dport $db_port -j ACCEPT iptables -A INPUT -p tcp -s $ip --dport $db_port -j ACCEPT
done done
iptables -A INPUT -p tcp --dport $db_port -j REJECT iptables -A INPUT -p tcp --dport $db_port -j REJECT
ip6tables -A INPUT -p tcp --dport $db_port -j REJECT 2> /dev/null ckcmd ip6tables && ip6tables -A INPUT -p tcp --dport $db_port -j REJECT
fi fi
} }
stop_firewall(){ stop_firewall(){
@@ -945,7 +945,7 @@ stop_firewall(){
iptables -t mangle -F clash 2> /dev/null iptables -t mangle -F clash 2> /dev/null
iptables -t mangle -X clash 2> /dev/null iptables -t mangle -X clash 2> /dev/null
#公网访问 #公网访问
for ip in $host_ipv4;do for ip in $host_ipv4 $local_ipv4;do
iptables -D INPUT -p tcp -s $ip --dport $mix_port -j ACCEPT 2> /dev/null iptables -D INPUT -p tcp -s $ip --dport $mix_port -j ACCEPT 2> /dev/null
iptables -D INPUT -p tcp -s $ip --dport $db_port -j ACCEPT 2> /dev/null iptables -D INPUT -p tcp -s $ip --dport $db_port -j ACCEPT 2> /dev/null
done done