xm/ShellCrash
1
0
Fork 0
mirror of https://github.com/juewuy/ShellCrash.git synced 2026-03-11 07:51:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'dev' into patch-2

Browse Source
This commit is contained in:
Sofia
2026-01-15 03:00:25 +08:00
committed by GitHub
parent 739ee5d22c 281595f79f
commit e66bd832e1
24 changed files with 1248 additions and 893 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
scripts/init.sh
View File

@@ -102,7 +102,7 @@ grep -q 'firewall_mod' "$CRASHDIR/configs/ShellClash.cfg" 2>/dev/null || {
#设置更新地址
[ -n "$url" ] && setconfig update_url $url
#设置环境变量
[ -w /opt/etc/profile ] && profile=/opt/etc/profile
[ -w /opt/etc/profile ] && [ "$systype" = "Padavan" ] && profile=/opt/etc/profile
[ -w /jffs/configs/profile.add ] && profile=/jffs/configs/profile.add
[ -z "$profile" ] && profile=/etc/profile
if [ -n "$profile" ]; then

11
scripts/lang/chs/1_start.lang Normal file
View File

@@ -0,0 +1,11 @@
# ===== 启动完成 =====
START_SERVICE_OK="服务已启动!"
START_WEB_HINT="请使用"
START_WEB_HINT2="管理内置规则"
START_PAC_HINT="其他设备可使用 PAC 配置:"
START_PROXY_HINT="或使用 HTTP / SOCKS5 方式连接:"
# ===== 启动流程 =====
START_NO_CORE_CFG_TRY_GEN="没有找到核心配置文件,尝试生成 providers 配置文件!"
START_NO_CORE_CFG_IMPORT_FIRST="没有找到核心配置文件,请先导入配置文件!"
START_FIREWALL_DONE="已完成防火墙设置!"

11
scripts/lang/en/1_start.lang Normal file
View File

@@ -0,0 +1,11 @@
# ===== Startup =====
START_SERVICE_OK="Service started successfully!"
START_WEB_HINT="Please use"
START_WEB_HINT2="manage built-in rules"
START_PAC_HINT="Other devices can connect using PAC configuration:"
START_PROXY_HINT="Or connect using HTTP / SOCKS5:"
# ===== Startup Flow =====
START_NO_CORE_CFG_TRY_GEN="Core configuration not found. Attempting to generate providers configuration!"
START_NO_CORE_CFG_IMPORT_FIRST="Core configuration not found. Please import a configuration first!"
START_FIREWALL_DONE="Firewall configuration completed!"

3
scripts/libs/set_proxy.sh
View File

@@ -3,6 +3,7 @@ setproxy(){
[ -n "$(pidof CrashCore)" ] && {
[ -n "$authentication" ] && auth="$authentication@" || auth=""
[ -z "$mix_port" ] && mix_port=7890
export all_proxy="http://${auth}127.0.0.1:$mix_port"
export https_proxy="http://${auth}127.0.0.1:$mix_port"
export http_proxy="http://${auth}127.0.0.1:$mix_port"
}
}

3
scripts/libs/web_get.sh
View File

@@ -32,7 +32,8 @@ webget(){
result=$(curl $agent -w '%{http_code}' --connect-timeout 3 $progress $redirect $certificate -o "$1" "$url")
fi
[ "$result" = "200" ] && return 0 #成功则退出否则重试
export all_proxy=""
export https_proxy=""
export http_proxy=""
result=$(curl $agent -w '%{http_code}' --connect-timeout 5 $progress $redirect $certificate -o "$1" "$2")
[ "$result" = "200" ]
return $?

12
scripts/libs/web_save.sh
View File

@@ -20,11 +20,13 @@ web_save() { #最小化保存面板节点选择
}
done <"$TMPDIR"/web_proxies
rm -rf "$TMPDIR"/web_proxies
#对比文件,如果有变动且不为空则写入磁盘,否则清除缓存
for file in web_save web_configs; do
if [ -s "$TMPDIR"/${file} ]; then
. "$CRASHDIR"/libs/compare.sh && compare "$TMPDIR"/${file} "$CRASHDIR"/configs/${file}
[ "$?" = 0 ] && rm -rf "$TMPDIR"/${file} || mv -f "$TMPDIR"/${file} "$CRASHDIR"/configs/${file}
#对比文件,如果有变动则写入磁盘,否则清除缓存
for file in web_save; do
if [ -s "$TMPDIR/$file" ]; then
. "$CRASHDIR"/libs/compare.sh && compare "$TMPDIR/$file" "$CRASHDIR/configs/$file"
[ "$?" = 0 ] && rm -f "$TMPDIR/$file" || mv -f "$TMPDIR/$file" "$CRASHDIR/configs/$file"
else
rm -f "$CRASHDIR/configs/$file" #空文件时移除旧文件
fi
done
}

154
scripts/menu.sh
View File

@@ -159,88 +159,82 @@ ckstatus() { #脚本启动前检查
}
main_menu() {
ckstatus
while true; do
ckstatus
echo -e " 1 \033[32m$MENU_MAIN_1\033[0m"
echo -e " 2 \033[36m$MENU_MAIN_2\033[0m"
echo -e " 3 \033[31m$MENU_MAIN_3\033[0m"
echo -e " 4 \033[33m$MENU_MAIN_4\033[0m"
echo -e " 5 \033[32m$MENU_MAIN_5\033[0m"
echo -e " 6 \033[36m$MENU_MAIN_6\033[0m"
echo -e " 7 \033[33m$MENU_MAIN_7\033[0m"
echo -e " 8 $MENU_MAIN_8"
echo -e " 9 \033[32m$MENU_MAIN_9\033[0m"
echo "-----------------------------------------------"
echo -e " 0 $MENU_MAIN_0"
read -p "$MENU_MAIN_PROMPT" num
case "$num" in
0)
exit
;;
1)
start_service
exit
;;
2)
checkcfg=$(cat "$CFG_PATH")
. "$CRASHDIR"/menus/2_settings.sh && settings
if [ -n "$PID" ]; then
checkcfg_new=$(cat "$CFG_PATH")
[ "$checkcfg" != "$checkcfg_new" ] && checkrestart
fi
main_menu
;;
3)
[ "$bot_tg_service" = ON ] && . "$CRASHDIR"/menus/bot_tg_service.sh && bot_tg_stop
"$CRASHDIR"/start.sh stop
sleep 1
echo -e " 1 \033[32m$MENU_MAIN_1\033[0m"
echo -e " 2 \033[36m$MENU_MAIN_2\033[0m"
echo -e " 3 \033[31m$MENU_MAIN_3\033[0m"
echo -e " 4 \033[33m$MENU_MAIN_4\033[0m"
echo -e " 5 \033[32m$MENU_MAIN_5\033[0m"
echo -e " 6 \033[36m$MENU_MAIN_6\033[0m"
echo -e " 7 \033[33m$MENU_MAIN_7\033[0m"
echo -e " 8 $MENU_MAIN_8"
echo -e " 9 \033[32m$MENU_MAIN_9\033[0m"
echo "-----------------------------------------------"
echo -e "\033[31m$corename$MENU_SERVICE_STOPPED\033[0m"
main_menu
;;
4)
. "$CRASHDIR"/menus/4_setboot.sh && setboot
main_menu
;;
5)
. "$CRASHDIR"/menus/5_task.sh && task_menu
main_menu
;;
6)
. "$CRASHDIR"/menus/6_core_config.sh && set_core_config
main_menu
;;
7)
GT_CFG_PATH="$CRASHDIR"/configs/gateway.cfg
touch "$GT_CFG_PATH"
checkcfg=$(cat "$CFG_PATH" "$GT_CFG_PATH")
. "$CRASHDIR"/menus/7_gateway.sh && gateway
if [ -n "$PID" ]; then
checkcfg_new=$(cat "$CFG_PATH" "$GT_CFG_PATH")
[ "$checkcfg" != "$checkcfg_new" ] && checkrestart
fi
main_menu
;;
8)
. "$CRASHDIR"/menus/8_tools.sh && tools
main_menu
;;
9)
checkcfg=$(cat "$CFG_PATH")
. "$CRASHDIR"/menus/9_upgrade.sh && upgrade
if [ -n "$PID" ]; then
checkcfg_new=$(cat "$CFG_PATH")
[ "$checkcfg" != "$checkcfg_new" ] && checkrestart
fi
main_menu
;;
*)
errornum
exit
;;
esac
echo -e " 0 $MENU_MAIN_0"
read -p "$MENU_MAIN_PROMPT" num
case "$num" in
"" | 0)
exit
;;
1)
start_service
exit
;;
2)
checkcfg=$(cat "$CFG_PATH")
. "$CRASHDIR"/menus/2_settings.sh && settings
if [ -n "$PID" ]; then
checkcfg_new=$(cat "$CFG_PATH")
[ "$checkcfg" != "$checkcfg_new" ] && checkrestart
fi
;;
3)
[ "$bot_tg_service" = ON ] && . "$CRASHDIR"/menus/bot_tg_service.sh && bot_tg_stop
"$CRASHDIR"/start.sh stop
sleep 1
echo "-----------------------------------------------"
echo -e "\033[31m$corename$MENU_SERVICE_STOPPED\033[0m"
;;
4)
. "$CRASHDIR"/menus/4_setboot.sh && setboot
;;
5)
. "$CRASHDIR"/menus/5_task.sh && task_menu
;;
6)
. "$CRASHDIR"/menus/6_core_config.sh && set_core_config
;;
7)
GT_CFG_PATH="$CRASHDIR"/configs/gateway.cfg
touch "$GT_CFG_PATH"
checkcfg=$(cat "$CFG_PATH" "$GT_CFG_PATH")
. "$CRASHDIR"/menus/7_gateway.sh && gateway
if [ -n "$PID" ]; then
checkcfg_new=$(cat "$CFG_PATH" "$GT_CFG_PATH")
[ "$checkcfg" != "$checkcfg_new" ] && checkrestart
fi
;;
8)
. "$CRASHDIR"/menus/8_tools.sh && tools
;;
9)
checkcfg=$(cat "$CFG_PATH")
. "$CRASHDIR"/menus/9_upgrade.sh && upgrade
if [ -n "$PID" ]; then
checkcfg_new=$(cat "$CFG_PATH")
[ "$checkcfg" != "$checkcfg_new" ] && checkrestart
fi
;;
*)
errornum
sleep 1
;;
esac
done
}
case "$1" in

62
scripts/menus/1_start.sh
View File

@@ -3,49 +3,65 @@
[ -n "$__IS_MODULE_1_START_LOADED" ] && return
__IS_MODULE_1_START_LOADED=1
load_lang 1_start
#启动相关
# ===== 启动完成提示 =====
startover() {
echo -ne " \r"
echo -e "\033[32m服务已启动!\033[0m"
echo -e "请使用 \033[4;36mhttp://$host$hostdir\033[0m 管理内置规则"
echo -e "\033[32m$START_SERVICE_OK\033[0m"
echo -e "$START_WEB_HINT \033[4;36mhttp://$host$hostdir\033[0m $START_WEB_HINT2"
if [ "$redir_mod" = "纯净模式" ]; then
echo "-----------------------------------------------"
echo -e "其他设备可以使用PAC配置连接\033[4;32mhttp://$host:$db_port/ui/pac\033[0m"
echo -e "或者使用HTTP/SOCK5方式连接IP{\033[36m$host\033[0m}Port{\033[36m$mix_port\033[0m}"
echo -e "$START_PAC_HINT \033[4;32mhttp://$host:$db_port/ui/pac\033[0m"
echo -e "$START_PROXY_HINT IP{\033[36m$host\033[0m} Port{\033[36m$mix_port\033[0m}"
fi
return 0
}
# ===== 启动核心 =====
start_core() {
if echo "$crashcore" | grep -q 'singbox'; then
core_config="$CRASHDIR"/jsons/config.json
core_config="$CRASHDIR/jsons/config.json"
else
core_config="$CRASHDIR"/yamls/config.yaml
core_config="$CRASHDIR/yamls/config.yaml"
fi
echo "-----------------------------------------------"
if [ ! -s $core_config -a -s "$CRASHDIR"/configs/providers.cfg ]; then
echo -e "\033[33m没有找到${crashcore}配置文件尝试生成providers配置文件\033[0m"
if [ ! -s "$core_config" ] && [ -s "$CRASHDIR/configs/providers.cfg" ]; then
echo -e "\033[33m$START_NO_CORE_CFG_TRY_GEN\033[0m"
[ "$crashcore" = singboxr ] && coretype=singbox
[ "$crashcore" = meta -o "$crashcore" = clashpre ] && coretype=clash
. "$CRASHDIR"/menus/6_core_config.sh && gen_${coretype}_providers
elif [ -s $core_config -o -n "$Url" -o -n "$Https" ]; then
"$CRASHDIR"/start.sh start
#设置循环检测以判定服务启动是否成功
. "$CRASHDIR"/libs/start_wait.sh
[ -n "$test" -o -n "$(pidof CrashCore)" ] && {
#启动TG机器人
[ "$bot_tg_service" = ON ] && . "$CRASHDIR"/menus/bot_tg_service.sh && bot_tg_start
startover
}
. "$CRASHDIR/menus/6_core_config.sh" && gen_${coretype}_providers
elif [ -s "$core_config" ] || [ -n "$Url" ] || [ -n "$Https" ]; then
"$CRASHDIR/start.sh" start
# 循环检测服务启动状态
. "$CRASHDIR/libs/start_wait.sh"
[ -n "$test" ] || pidof CrashCore >/dev/null && {
# 启动 TG 机器人
if [ "$bot_tg_service" = ON ]; then
. "$CRASHDIR/menus/bot_tg_service.sh" && bot_tg_start
fi
startover
}
else
echo -e "\033[31m没有找到${crashcore}配置文件,请先导入配置文件!\033[0m"
. "$CRASHDIR"/menus/6_core_config.sh && set_core_config
echo -e "\033[31m$START_NO_CORE_CFG_IMPORT_FIRST\033[0m"
. "$CRASHDIR/menus/6_core_config.sh" && set_core_config
fi
}
# ===== 启动服务入口 =====
start_service() {
if [ "$firewall_area" = 5 ]; then
"$CRASHDIR"/start.sh start
echo -e "\033[32m已完成防火墙设置!\033[0m"
"$CRASHDIR/start.sh" start
echo -e "\033[32m$START_FIREWALL_DONE\033[0m"
else
start_core
fi

10
scripts/menus/6_core_config.sh
View File

@@ -372,13 +372,13 @@ EOF
}
}
if [ -z "$(grep "provider_temp_${coretype}" "$CRASHDIR"/configs/ShellCrash.cfg)" ];then
provider_temp_file="$TMPDIR/$(sed -n "1 p" "$CRASHDIR"/configs/${coretype}_providers.list | awk '{print $2}')"
provider_temp_file="$(sed -n "1 p" "$CRASHDIR"/configs/${coretype}_providers.list | awk '{print $2}')"
else
provider_temp_file=$(grep "provider_temp_${coretype}" "$CRASHDIR"/configs/ShellCrash.cfg | awk -F '=' '{print $2}')
fi
echo "-----------------------------------------------"
if [ -s "$provider_temp_file" ];then
ln -sf "$provider_temp_file" "$TMPDIR"/provider_temp_file
if [ -s "$TMPDIR/$provider_temp_file" ];then
ln -sf "$TMPDIR/$provider_temp_file" "$TMPDIR"/provider_temp_file
else
echo -e "\033[33m正在获取在线模版\033[0m"
get_bin "$TMPDIR"/provider_temp_file "rules/${coretype}_providers/$provider_temp_file"
@@ -416,7 +416,7 @@ EOF
cut -c 1- "$TMPDIR"/providers/providers.yaml "$TMPDIR"/providers/proxy-groups.yaml "$TMPDIR"/providers/rules.yaml > "$TMPDIR"/config.yaml
rm -rf "$TMPDIR"/providers
#调用内核测试
. "$CRASHDIR"/libs/core_tools.sh && core_find && "$TMPDIR"/CrashCore -t -d "$BINDIR" -f "$TMPDIR"/config.yaml
. "$CRASHDIR"/starts/check_core.sh && check_core && "$TMPDIR"/CrashCore -t -d "$BINDIR" -f "$TMPDIR"/config.yaml
if [ "$?" = 0 ];then
echo -e "\033[32m配置文件生成成功\033[0m"
mkdir -p "$CRASHDIR"/yamls
@@ -518,7 +518,7 @@ EOF
cat "$TMPDIR"/provider_temp_file | sed "s/{providers_tags}/$providers_tags/g" > "$TMPDIR"/providers/outbounds.json
rm -rf "$TMPDIR"/provider_temp_file
#调用内核测试
. "$CRASHDIR"/libs/core_tools.sh && core_find && "$TMPDIR"/CrashCore merge "$TMPDIR"/config.json -C "$TMPDIR"/providers
. "$CRASHDIR"/starts/check_core.sh && check_core && "$TMPDIR"/CrashCore merge "$TMPDIR"/config.json -C "$TMPDIR"/providers
if [ "$?" = 0 ];then
echo -e "\033[32m配置文件生成成功如果启动超时建议更新里手动安装Singbox-srs数据库常用包\033[0m"
mkdir -p "$CRASHDIR"/jsons

1101
scripts/menus/9_upgrade.sh
View File

File diff suppressed because it is too large Load Diff

3
scripts/menus/fw_filter.sh
View File

@@ -181,8 +181,9 @@ set_common_ports() {
}
set_cust_host_ipv4() { #自定义ipv4透明路由网段
[ -z "$replace_default_host_ipv4" ] && replace_default_host_ipv4="OFF"
. "$CRASHDIR"/starts/fw_getlanip.sh && getlanip
echo "-----------------------------------------------"
echo -e "当前默认透明路由的网段为: \033[32m$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep 'br' | grep -v 'iot' | grep -E ' 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/br.*$//g' | sed 's/metric.*$//g' | tr '\n' ' ' && echo) \033[0m"
echo -e "当前默认透明路由的网段为: \033[32m$host_ipv4 \033[0m"
echo -e "当前已添加的自定义网段为:\033[36m$cust_host_ipv4\033[0m"
echo "-----------------------------------------------"
echo -e " 1 移除所有自定义网段"

1
scripts/start.sh
View File

@@ -37,6 +37,7 @@ case "$1" in
start)
[ -n "$(pidof CrashCore)" ] && $0 stop #禁止多实例
stop_firewall #清理路由策略
rm -f "CRASHDIR"/.start_error #移除自启失败标记
#使用不同方式启动服务
if [ "$firewall_area" = "5" ]; then #主旁转发
. "$CRASHDIR"/starts/fw_start.sh

8
scripts/starts/bfstart.sh
View File

@@ -6,6 +6,9 @@
. "$CRASHDIR"/libs/get_config.sh
[ -z "$BINDIR" -o -z "$TMPDIR" -o -z "$COMMAND" ] && . "$CRASHDIR"/init.sh >/dev/null 2>&1
[ ! -f "$TMPDIR" ] && mkdir -p "$TMPDIR"
#当上次启动失败时终止自启动
[ -f "CRASHDIR"/.start_error ] && exit 1
#加载工具
. "$CRASHDIR"/libs/check_cmd.sh
. "$CRASHDIR"/libs/check_target.sh
@@ -18,6 +21,7 @@
[ -z "$redir_mod" ] && [ "$USER" = "root" -o "$USER" = "admin" ] && redir_mod='Redir模式'
[ -z "$dns_mod" ] && dns_mod='redir_host'
[ -z "$redir_mod" ] && firewall_area='4'
routing_mark=$((fwmark + 2))
makehtml() { #生成面板跳转文件
cat >"$BINDIR"/ui/index.html <<EOF
@@ -69,7 +73,7 @@ EOF
[ "$?" = 0 ] && rm -rf "$TMPDIR"/shellcrash_pac || mv -f "$TMPDIR"/shellcrash_pac "$BINDIR"/ui/pac
}
routing_mark=$((fwmark + 2))
#检测网络连接
[ "$network_check" != "OFF" ] && [ ! -f "$TMPDIR"/crash_start_time ] && ckcmd ping && . "$CRASHDIR"/starts/check_network.sh && check_network
[ ! -d "$BINDIR"/ui ] && mkdir -p "$BINDIR"/ui
@@ -99,7 +103,7 @@ if echo "$crashcore" | grep -q 'singbox'; then
if [ "$disoverride" != "1" ];then
. "$CRASHDIR"/starts/singbox_modify.sh && modify_json
else
ln -sf "$core_config" "$TMPDIR"/config.json
ln -sf "$core_config" "$TMPDIR"/configs/config.json
fi
else
. "$CRASHDIR"/starts/clash_check.sh && clash_check

4
scripts/starts/fw_getlanip.sh
View File

@@ -2,8 +2,8 @@
getlanip() { #获取局域网host地址
i=1
while [ "$i" -le "20" ]; do
host_ipv4=$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep 'brd' | grep -Ev 'utun|iot|peer|docker|podman|virbr|vnet|ovs|vmbr|veth|vmnic|vboxnet|lxcbr|xenbr|vEthernet' | grep -E ' 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/[[:space:]]br.*$//g' | sed 's/metric.*$//g') #ipv4局域网网段
[ "$ipv6_redir" = "ON" ] && host_ipv6=$(ip a 2>&1 | grep -w 'inet6' | grep -E 'global' | sed 's/.*inet6.//g' | sed 's/scope.*$//g') #ipv6公网地址段
host_ipv4=$(ip route show scope link | grep -Ev 'wan|utun|iot|peer|docker|podman|virbr|vnet|ovs|vmbr|veth|vmnic|vboxnet|lxcbr|xenbr|vEthernet' | grep -E ' 1(92|0|72)\.' | awk '{print $1}') #ipv4局域网网段
[ "$ipv6_redir" = "ON" ] && host_ipv6=$(ip -6 route show | grep 'default' | awk '{print $3}') #ipv6公网地址段
[ -f "$TMPDIR"/ShellCrash.log ] && break
[ -n "$host_ipv4" -a "$ipv6_redir" != "ON" ] && break
[ -n "$host_ipv4" -a -n "$host_ipv6" ] && break

12
scripts/starts/fw_iptables.sh
View File

@@ -1,6 +1,9 @@
#!/bin/sh
# Copyright (C) Juewuy
ckcmd iptables && iptables -h | grep -q '\-w' && iptable='iptables -w' || iptable=iptables
ckcmd ip6tables && ip6tables -h | grep -q '\-w' && ip6table='ip6tables -w' || ip6table=ip6tables
start_ipt_route() { #iptables-route通用工具
#$1:iptables/ip6tables $2:所在的表(nat/mangle) $3:所在的链(OUTPUT/PREROUTING) $4:新创建的shellcrash链表 $5:tcp/udp/all
#区分ipv4/ipv6
@@ -28,7 +31,10 @@ start_ipt_route() { #iptables-route通用工具
"$1" $w -t "$2" -A "$4" -m owner --gid-owner $gid -j RETURN
done
[ "$firewall_area" = 5 ] && "$1" $w -t "$2" -A "$4" -s $bypass_host -j RETURN
[ -z "$ports" ] && "$1" $w -t "$2" -A "$4" -p tcp -m multiport --dports "$mix_port,$redir_port,$tproxy_port" -j RETURN
[ -z "$ports" ] && {
"$1" $w -t "$2" -A "$4" -p tcp -m multiport --dports "$mix_port,$redir_port,$tproxy_port" -j RETURN
"$1" $w -t "$2" -A "$4" -p udp -m multiport --dports "$mix_port,$redir_port,$tproxy_port" -j RETURN
}
#跳过目标保留地址及目标本机网段
for ip in $HOST_IP $RESERVED_IP; do
"$1" $w -t "$2" -A "$4" -d $ip -j RETURN
@@ -130,8 +136,6 @@ start_ipt_dns() { #iptables-dns通用工具
"$1" $w -t nat -I "$2" -p udp --dport 53 -j "$3"
}
start_ipt_wan() { #iptables公网防火墙
ckcmd iptables && iptables -h | grep -q '\-w' && iptable='iptables -w' || iptable=iptables
ckcmd ip6tables && ip6tables -h | grep -q '\-w' && ip6table='ip6tables -w' || ip6table=ip6tables
ipt_wan_accept(){
$iptable -I INPUT -p "$1" -m multiport --dports "$accept_ports" -j ACCEPT
ckcmd ip6tables && $ip6table -I INPUT -p "$1" -m multiport --dports "$accept_ports" -j ACCEPT
@@ -141,7 +145,7 @@ start_ipt_wan() { #iptables公网防火墙
ckcmd ip6tables && $ip6table -I INPUT -p "$1" -m multiport --dports "$reject_ports" -j REJECT
}
#端口拦截
reject_ports="$mix_port,$db_port,$dns_port"
reject_ports="$mix_port,$db_port"
ipt_wan_reject tcp
ipt_wan_reject udp
#端口放行

2
scripts/starts/fw_nftables.sh
View File

@@ -146,7 +146,7 @@ start_nft_wan() { #nftables公网防火墙
nft add rule inet shellcrash input udp dport $fw_wan_nfports meta mark set 0x67890 accept
}
#端口拦截
reject_ports="{ $mix_port, $db_port, $dns_port }"
reject_ports="{ $mix_port, $db_port }"
nft add rule inet shellcrash input ip saddr {$HOST_IP} accept
nft add rule inet shellcrash input ip6 saddr {$HOST_IP6} accept
nft add rule inet shellcrash input tcp dport $reject_ports reject

8
scripts/starts/fw_stop.sh
View File

@@ -55,8 +55,8 @@ ckcmd iptables && {
done
$iptable -D INPUT -p tcp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null
$iptable -D INPUT -p udp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null
$iptable -D INPUT -p tcp -m multiport --dports "$mix_port,$db_port,$dns_port" -j REJECT 2>/dev/null
$iptable -D INPUT -p udp -m multiport --dports "$mix_port,$db_port,$dns_port" -j REJECT 2>/dev/null
$iptable -D INPUT -p tcp -m multiport --dports "$mix_port,$db_port" -j REJECT 2>/dev/null
$iptable -D INPUT -p udp -m multiport --dports "$mix_port,$db_port" -j REJECT 2>/dev/null
#清理shellcrash自建表
for text in shellcrash_dns shellcrash shellcrash_out shellcrash_dns_out shellcrash_vm shellcrash_vm_dns; do
$iptable -t nat -F "$text" 2>/dev/null
@@ -105,8 +105,8 @@ ckcmd ip6tables && {
done
$ip6table -D INPUT -p tcp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null
$ip6table -D INPUT -p udp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null
$ip6table -D INPUT -p tcp -m multiport --dports "$mix_port,$db_port,$dns_port" -j REJECT 2>/dev/null
$ip6table -D INPUT -p udp -m multiport --dports "$mix_port,$db_port,$dns_port" -j REJECT 2>/dev/null
$ip6table -D INPUT -p tcp -m multiport --dports "$mix_port,$db_port" -j REJECT 2>/dev/null
$ip6table -D INPUT -p udp -m multiport --dports "$mix_port,$db_port" -j REJECT 2>/dev/null
#清理shellcrash自建表
for text in shellcrashv6_dns shellcrashv6 shellcrashv6_out; do
$ip6table -t nat -F "$text" 2>/dev/null

3
scripts/starts/start_error.sh
View File

@@ -7,6 +7,7 @@ else
sleep 2
kill $! >/dev/null 2>&1
fi
error=$(cat $TMPDIR/core_test.log | grep -iEo 'error.*=.*|.*ERROR.*|.*FATAL.*')
touch "CRASHDIR"/.start_error #标记启动失败,防止自启
error=$(cat "$TMPDIR"/core_test.log | grep -iEo 'error.*=.*|.*ERROR.*|.*FATAL.*')
logger "服务启动失败!请查看报错信息!详细信息请查看$TMPDIR/core_test.log" 33
logger "$error" 31

10
scripts/starts/start_legacy.sh
View File

@@ -2,16 +2,14 @@
. "$CRASHDIR"/libs/check_cmd.sh
start_legacy(){
ckcmd nohup && _nohup=nohup
if ckcmd su && grep -q 'shellcrash:x:0:7890' /etc/passwd;then
su shellcrash -c "$1 >/dev/null 2>&1 & echo \$! > /tmp/ShellCrash/$2.pid"
su shellcrash -c "$_nohup $1 >/dev/null 2>&1 & echo \$! > /tmp/ShellCrash/$2.pid"
elif ckcmd setsid; then
setsid $1 >/dev/null 2>&1 &
$_nohup setsid $1 >/dev/null 2>&1 &
echo $! > "/tmp/ShellCrash/$2.pid"
elif ckcmd nohup; then
nohup $1 >/dev/null 2>&1 &
echo $! > "/tmp/ShellCrash/$2.pid"
else
$1 >/dev/null 2>&1 &
$_nohup $1 >/dev/null 2>&1 &
echo $! > "/tmp/ShellCrash/$2.pid"
fi
}