diff --git a/scripts/init.sh b/scripts/init.sh index 3f3a9ae7..558a9660 100644 --- a/scripts/init.sh +++ b/scripts/init.sh @@ -163,7 +163,7 @@ fi setconfig firewall_area '1' setconfig firewall_mod 'nftables' setconfig release_type 'master' - setconfig start_old '未开启' + setconfig start_old 'OFF' echo "$CRASHDIR/menu.sh" >> /etc/profile cat > /usr/bin/crash <<'EOF' #!/bin/sh @@ -226,6 +226,8 @@ sed -i "s/redir_mod=Nft基础/redir_mod=Redir模式/g" "$CFG_PATH" sed -i "s/redir_mod=Nft混合/redir_mod=Tproxy模式/g" "$CFG_PATH" sed -i "s/redir_mod=Tproxy混合/redir_mod=Tproxy模式/g" "$CFG_PATH" sed -i "s/redir_mod=纯净模式/firewall_area=4/g" "$CFG_PATH" -sed -i "s/hosts_opt=未启用/hosts_opt=OFF/g" "$CFG_PATH" +#变量统一使用ON/OFF +sed -i 's/=\(已启用\|已开启\)$/=ON/' "$CFG_PATH" +sed -i 's/=\(未启用\|未开启\)$/=OFF/' "$CFG_PATH" echo -e "\033[32m脚本初始化完成,请输入\033[30;47m $my_alias \033[0;33m命令开始使用!\033[0m" diff --git a/scripts/libs/check_autostart.sh b/scripts/libs/check_autostart.sh index e8eaf0a4..12942bd5 100644 --- a/scripts/libs/check_autostart.sh +++ b/scripts/libs/check_autostart.sh @@ -1,5 +1,5 @@ check_autostart(){ - if [ "$start_old" = "已开启" ];then + if [ "$start_old" = ON ];then [ ! -f "$CRASHDIR"/.dis_startup ] && return 0 elif [ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ]; then [ -n "$(find /etc/rc.d -name '*shellcrash')" ] && return 0 diff --git a/scripts/menus/2_settings.sh b/scripts/menus/2_settings.sh index 41e47081..3c0f230f 100644 --- a/scripts/menus/2_settings.sh +++ b/scripts/menus/2_settings.sh @@ -6,8 +6,8 @@ __IS_MODULE_2_SETTINGS_LOADED=1 settings() { #功能设置 #获取设置默认显示 - [ -z "$skip_cert" ] && skip_cert=已开启 - [ -z "$sniffer" ] && sniffer=未启用 + [ -z "$skip_cert" ] && skip_cert=ON + [ -z "$sniffer" ] && sniffer=OFF [ -z "$dns_mod" ] && dns_mod='redir_host' # echo "-----------------------------------------------" @@ -53,19 +53,19 @@ settings() { #功能设置 ;; 4) echo "-----------------------------------------------" - if [ "$skip_cert" = "未开启" ] >/dev/null 2>&1; then + if [ "$skip_cert" = "OFF" ] >/dev/null 2>&1; then echo -e "\033[33m已设为开启跳过本地证书验证!!\033[0m" - skip_cert=已开启 + skip_cert=ON else echo -e "\033[33m已设为禁止跳过本地证书验证!!\033[0m" - skip_cert=未开启 + skip_cert=OFF fi setconfig skip_cert $skip_cert settings ;; 5) echo "-----------------------------------------------" - if [ "$sniffer" = "未启用" ]; then + if [ "$sniffer" = "OFF" ]; then if [ "$crashcore" = "clash" ]; then rm -rf ${TMPDIR}/CrashCore rm -rf "$CRASHDIR"/CrashCore @@ -74,11 +74,11 @@ settings() { #功能设置 setconfig crashcore $crashcore echo "已将ShellCrash内核切换为Meta内核!域名嗅探依赖Meta或者高版本clashpre内核!" fi - sniffer=已启用 + sniffer=ON elif [ "$crashcore" = "clashpre" -a "$dns_mod" = "redir_host" ]; then echo -e "\033[31m使用clashpre内核且开启redir-host模式时无法关闭!\033[0m" else - sniffer=未启用 + sniffer=OFF fi setconfig sniffer $sniffer settings @@ -283,11 +283,11 @@ set_redir_mod() { #路由模式设置 esac } set_fw_filter(){ #流量过滤 - [ -z "$common_ports" ] && common_ports=已开启 - [ -z "$quic_rj" ] && quic_rj=未开启 - [ -z "$cn_ip_route" ] && cn_ip_route=未开启 + [ -z "$common_ports" ] && common_ports=ON + [ -z "$quic_rj" ] && quic_rj=OFF + [ -z "$cn_ip_route" ] && cn_ip_route=OFF touch "$CRASHDIR"/configs/mac "$CRASHDIR"/configs/ip_filter - [ -z "$(cat "$CRASHDIR"/configs/mac "$CRASHDIR"/configs/ip_filter 2>/dev/null)" ] && mac_return=未开启 || mac_return=已启用 + [ -z "$(cat "$CRASHDIR"/configs/mac "$CRASHDIR"/configs/ip_filter 2>/dev/null)" ] && mac_return=OFF || mac_return=ON echo "-----------------------------------------------" echo -e " 1 过滤非常用端口: \033[36m$common_ports\033[0m ————用于过滤P2P流量" echo -e " 2 过滤局域网设备: \033[36m$mac_return\033[0m ————使用黑/白名单进行过滤" @@ -304,7 +304,7 @@ set_fw_filter(){ #流量过滤 ;; 1) set_common_ports() { - if [ "$common_ports" = "未开启" ]; then + if [ "$common_ports" = "OFF" ]; then echo -e "\033[33m当前代理端口为:【$multiport】\033[0m" echo -e "\033[31m注意,MIX模式下,非常用端口的域名连接将不受影响!!\033[0m" read -p "是否修改默认端口?(1/0) > " res @@ -312,11 +312,11 @@ set_fw_filter(){ #流量过滤 read -p "请输入自定义端口,注意用小写逗号分隔 > " text [ -n "$text" ] && setconfig multiport $text && echo -e "\033[33m已设为代理【$multiport】端口!!\033[0m" } - common_ports=已开启 + common_ports=ON sleep 1 else echo -e "\033[33m已设为代理全部端口!!\033[0m" - common_ports=未开启 + common_ports=OFF fi setconfig common_ports $common_ports } @@ -341,12 +341,12 @@ set_fw_filter(){ #流量过滤 3) echo "-----------------------------------------------" if [ -n "$(echo "$redir_mod" | grep -oE '混合|Tproxy|Tun')" ]; then - if [ "$quic_rj" = "未开启" ]; then + if [ "$quic_rj" = "OFF" ]; then echo -e "\033[33m已禁止QUIC流量通过ShellCrash内核!!\033[0m" - quic_rj=已启用 + quic_rj=ON else echo -e "\033[33m已取消禁止QUIC协议流量!!\033[0m" - quic_rj=未开启 + quic_rj=OFF fi setconfig quic_rj $quic_rj else @@ -357,14 +357,14 @@ set_fw_filter(){ #流量过滤 ;; 4) if [ -n "$(ipset -v 2>/dev/null)" ] || [ "$firewall_mod" = 'nftables' ]; then - if [ "$cn_ip_route" = "未开启" ]; then + if [ "$cn_ip_route" = "OFF" ]; then echo -e "\033[32m已开启CN_IP绕过内核功能!!\033[0m" echo -e "\033[31m注意!!!此功能会导致全局模式及一切CN相关规则失效!!!\033[0m" - cn_ip_route=已开启 + cn_ip_route=ON sleep 2 else echo -e "\033[33m已禁用CN_IP绕过内核功能!!\033[0m" - cn_ip_route=未开启 + cn_ip_route=OFF fi setconfig cn_ip_route $cn_ip_route else @@ -401,7 +401,7 @@ set_fw_filter(){ #流量过滤 } set_cust_host_ipv4() { #自定义ipv4透明路由网段 - [ -z "$replace_default_host_ipv4" ] && replace_default_host_ipv4="未启用" + [ -z "$replace_default_host_ipv4" ] && replace_default_host_ipv4="OFF" echo "-----------------------------------------------" echo -e "当前默认透明路由的网段为: \033[32m$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep 'br' | grep -v 'iot' | grep -E ' 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/br.*$//g' | sed 's/metric.*$//g' | tr '\n' ' ' && echo) \033[0m" echo -e "当前已添加的自定义网段为:\033[36m$cust_host_ipv4\033[0m" @@ -412,10 +412,10 @@ set_cust_host_ipv4() { #自定义ipv4透明路由网段 read -p "请输入对应的序号或需要额外添加的网段 > " text case "$text" in 2) - if [ "$replace_default_host_ipv4" == "未启用" ]; then - replace_default_host_ipv4="已启用" + if [ "$replace_default_host_ipv4" == "OFF" ]; then + replace_default_host_ipv4="ON" else - replace_default_host_ipv4="未启用" + replace_default_host_ipv4="OFF" fi setconfig replace_default_host_ipv4 "$replace_default_host_ipv4" set_cust_host_ipv4 @@ -678,7 +678,7 @@ set_adv_config() { #端口设置 setconfig authentication echo 密码已移除! else - if [ "$local_proxy" = "已开启" -a "$local_type" = "环境变量" ]; then + if [ "$local_proxy" = "ON" -a "$local_type" = "环境变量" ]; then echo "-----------------------------------------------" echo -e "\033[33m请先禁用本机劫持功能或使用增强模式!\033[0m" sleep 1 @@ -724,7 +724,7 @@ set_adv_config() { #端口设置 read -p "请输入需要指定劫持的端口 > " multiport if [ -n "$multiport" ]; then [ "$multiport" = "0" ] && multiport="22,80,143,194,443,465,587,853,993,995,5222,8080,8443" - common_ports=已开启 + common_ports=ON setconfig multiport "$multiport" setconfig common_ports "$common_ports" echo -e "\033[32m设置成功!!!\033[0m" @@ -769,7 +769,7 @@ set_adv_config() { #端口设置 esac } set_firewall_area() { #路由范围设置 - [ -z "$vm_redir" ] && vm_redir='未开启' + [ -z "$vm_redir" ] && vm_redir='OFF' echo "-----------------------------------------------" echo -e "\033[31m注意:\033[0m基于桥接网卡的Docker/虚拟机流量,请单独启用!" echo -e "\033[33m如你使用了第三方DNS如smartdns等,请勿启用本机劫持或使用shellcrash用户执行!\033[0m" @@ -837,7 +837,7 @@ set_firewall_vm(){ case "$num" in 1) if [ -n "$vm_ipv4" ]; then - vm_redir=已开启 + vm_redir=ON else echo -e "\033[33m请先运行容器再运行脚本或者手动设置网段\033[0m" fi @@ -846,10 +846,10 @@ set_firewall_vm(){ echo -e "多个网段请用空格连接,可运行容器后使用【ip route】命令查看网段地址" echo -e "示例:\033[32m10.88.0.0/16 172.17.0.0/16\033[0m" read -p "请输入自定义网段 > " text - [ -n "$text" ] && vm_ipv4=$text && vm_redir=已开启 + [ -n "$text" ] && vm_ipv4=$text && vm_redir=ON ;; 3) - vm_redir=未开启 + vm_redir=OFF unset vm_ipv4 ;; *) ;; @@ -858,8 +858,8 @@ set_firewall_vm(){ setconfig vm_ipv4 "'$vm_ipv4'" } set_ipv6() { #ipv6设置 - [ -z "$ipv6_redir" ] && ipv6_redir=未开启 - [ -z "$ipv6_dns" ] && ipv6_dns=已开启 + [ -z "$ipv6_redir" ] && ipv6_redir=OFF + [ -z "$ipv6_dns" ] && ipv6_dns=ON echo "-----------------------------------------------" echo -e " 1 ipv6透明路由: \033[36m$ipv6_redir\033[0m ——劫持ipv6流量" [ "$disoverride" != "1" ] && echo -e " 2 ipv6-DNS解析: \033[36m$ipv6_dns\033[0m ——决定内置DNS是否返回ipv6地址" @@ -869,19 +869,19 @@ set_ipv6() { #ipv6设置 case "$num" in 0) ;; 1) - if [ "$ipv6_redir" = "未开启" ]; then - ipv6_support=已开启 - ipv6_redir=已开启 + if [ "$ipv6_redir" = "OFF" ]; then + ipv6_support=ON + ipv6_redir=ON sleep 2 else - ipv6_redir=未开启 + ipv6_redir=OFF fi setconfig ipv6_redir $ipv6_redir setconfig ipv6_support $ipv6_support set_ipv6 ;; 2) - [ "$ipv6_dns" = "未开启" ] && ipv6_dns=已开启 || ipv6_dns=未开启 + [ "$ipv6_dns" = "OFF" ] && ipv6_dns=ON || ipv6_dns=OFF setconfig ipv6_dns $ipv6_dns set_ipv6 ;; diff --git a/scripts/menus/4_setboot.sh b/scripts/menus/4_setboot.sh index 1af2c44f..0f0f61b5 100644 --- a/scripts/menus/4_setboot.sh +++ b/scripts/menus/4_setboot.sh @@ -20,11 +20,11 @@ disable_autostart(){ } setboot() { #启动设置菜单 - [ -z "$start_old" ] && start_old=未开启 + [ -z "$start_old" ] && start_old=OFF [ -z "$start_delay" -o "$start_delay" = 0 ] && delay=未设置 || delay="${start_delay}秒" check_autostart && auto_set="\033[33m禁止" || auto_set="\033[32m允许" - [ "${BINDIR}" = "$CRASHDIR" ] && mini_clash=未开启 || mini_clash=已开启 - [ -z "$network_check" ] && network_check=已开启 + [ "${BINDIR}" = "$CRASHDIR" ] && mini_clash=OFF || mini_clash=ON + [ -z "$network_check" ] && network_check=ON echo "-----------------------------------------------" echo -e "\033[30;47m欢迎使用启动设置菜单:\033[0m" echo "-----------------------------------------------" @@ -53,17 +53,17 @@ setboot() { #启动设置菜单 setboot ;; 2) - if [ "$start_old" = "未开启" ] >/dev/null 2>&1; then + if [ "$start_old" = "OFF" ] >/dev/null 2>&1; then echo -e "\033[33m改为使用保守模式启动服务!!\033[0m" disable_autostart - start_old=已开启 + start_old=ON setconfig start_old "$start_old" "$CRASHDIR"/start.sh stop else if grep -qE 'procd|systemd|s6' /proc/1/comm || rc-status -r >/dev/null 2>&1; then echo -e "\033[32m改为使用系统守护进程启动服务!!\033[0m" "$CRASHDIR"/start.sh cronset "ShellCrash初始化" - start_old=未开启 + start_old=OFF setconfig start_old "$start_old" "$CRASHDIR"/start.sh stop @@ -93,10 +93,10 @@ setboot() { #启动设置菜单 ;; 4) dir_size=$(df "$CRASHDIR" | awk '{ for(i=1;i<=NF;i++){ if(NR==1){ arr[i]=$i; }else{ arr[i]=arr[i]" "$i; } } } END{ for(i=1;i<=NF;i++){ print arr[i]; } }' | grep Ava | awk '{print $2}') - if [ "$mini_clash" = "未开启" ]; then + if [ "$mini_clash" = "OFF" ]; then if [ "$dir_size" -gt 20480 ]; then echo -e "\033[33m您的设备空间充足(>20M),无需开启!\033[0m" - elif [ "$start_old" != '已开启' -a "$(cat /proc/1/comm)" = "systemd" ]; then + elif [ "$start_old" != 'ON' -a "$(cat /proc/1/comm)" = "systemd" ]; then echo -e "\033[33m不支持systemd启动模式,请先启用保守模式!\033[0m" else [ "$BINDIR" = "$CRASHDIR" ] && BINDIR="$TMPDIR" @@ -165,10 +165,10 @@ setboot() { #启动设置菜单 echo -e "\033[32m启用时,会导致部分性能较差或者拨号较慢的设备可能会因查询超时导致启动失败!\033[0m" read -p "是否切换?(1/0) > " res [ "$res" = '1' ] && { - if [ "$network_check" = "已禁用" ]; then - network_check=已启用 + if [ "$network_check" = "OFF" ]; then + network_check=ON else - network_check=已禁用 + network_check=OFF fi setconfig network_check "$network_check" } diff --git a/scripts/menus/6_core_config.sh b/scripts/menus/6_core_config.sh index 873c0c1a..bed2aab7 100644 --- a/scripts/menus/6_core_config.sh +++ b/scripts/menus/6_core_config.sh @@ -122,13 +122,13 @@ setrules(){ #自定义规则 ;; 4) echo "-----------------------------------------------" - if [ "$proxies_bypass" = "未启用" ];then + if [ "$proxies_bypass" = "OFF" ];then echo -e "\033[33m本功能会自动将当前配置文件中的节点域名或IP设置为直连规则以防止出现双重流量!\033[0m" echo -e "\033[33m请确保下游设备使用的节点与ShellCrash中使用的节点相同,否则无法生效!\033[0m" read -p "启用节点绕过?(1/0) > " res - [ "$res" = "1" ] && proxies_bypass=已启用 + [ "$res" = "1" ] && proxies_bypass=ON else - proxies_bypass=未启用 + proxies_bypass=OFF fi setconfig proxies_bypass $proxies_bypass sleep 1 @@ -322,13 +322,13 @@ setproxies(){ #自定义clash节点 ;; 4) echo "-----------------------------------------------" - if [ "$proxies_bypass" = "未启用" ];then + if [ "$proxies_bypass" = "OFF" ];then echo -e "\033[33m本功能会自动将当前配置文件中的节点域名或IP设置为直连规则以防止出现双重流量!\033[0m" echo -e "\033[33m请确保下游设备使用的节点与ShellCrash中使用的节点相同,否则无法生效!\033[0m" read -p "启用节点绕过?(1/0) > " res - [ "$res" = "1" ] && proxies_bypass=已启用 + [ "$res" = "1" ] && proxies_bypass=ON else - proxies_bypass=未启用 + proxies_bypass=OFF fi setconfig proxies_bypass $proxies_bypass sleep 1 @@ -363,7 +363,7 @@ gen_clash_providers(){ #生成clash的providers配置文件 interval: 600 EOF [ "$crashcore" = 'meta' ] && { - [ "$skip_cert" != "未开启" ] && skip_cert_verify='skip-cert-verify: true' + [ "$skip_cert" != "OFF" ] && skip_cert_verify='skip-cert-verify: true' cat >> $TMPDIR/providers/providers.yaml <> "$TMPDIR"/providers/providers.json </dev/null 2>&1 && mi_update=禁用 || mi_update=启用 [ "$mi_mi_autoSSH" = "已配置" ] && mi_mi_autoSSH_type=32m已配置 || mi_mi_autoSSH_type=31m未配置 - [ -f "$CRASHDIR"/tools/tun.ko ] && mi_tunfix=32m已启用 || mi_tunfix=31m未启用 + [ -f "$CRASHDIR"/tools/tun.ko ] && mi_tunfix=32mON || mi_tunfix=31mOFF echo "-----------------------------------------------" echo -e "\033[30;47m欢迎使用其他工具菜单:\033[0m" @@ -222,14 +222,14 @@ mi_autoSSH() { #日志菜单 log_pusher() { while true; do - [ -n "$push_TG" ] && stat_TG=32m已启用 || stat_TG=33m未启用 - [ -n "$push_Deer" ] && stat_Deer=32m已启用 || stat_Deer=33m未启用 - [ -n "$push_bark" ] && stat_bark=32m已启用 || stat_bark=33m未启用 - [ -n "$push_Po" ] && stat_Po=32m已启用 || stat_Po=33m未启用 - [ -n "$push_PP" ] && stat_PP=32m已启用 || stat_PP=33m未启用 - [ -n "$push_SynoChat" ] && stat_SynoChat=32m已启用 || stat_SynoChat=33m未启用 - [ -n "$push_Gotify" ] && stat_Gotify=32m已启用 || stat_Gotify=33m未启用 - [ "$task_push" = 1 ] && stat_task=32m已启用 || stat_task=33m未启用 + [ -n "$push_TG" ] && stat_TG=32mON || stat_TG=33mOFF + [ -n "$push_Deer" ] && stat_Deer=32mON || stat_Deer=33mOFF + [ -n "$push_bark" ] && stat_bark=32mON || stat_bark=33mOFF + [ -n "$push_Po" ] && stat_Po=32mON || stat_Po=33mOFF + [ -n "$push_PP" ] && stat_PP=32mON || stat_PP=33mOFF + [ -n "$push_SynoChat" ] && stat_SynoChat=32mON || stat_SynoChat=33mOFF + [ -n "$push_Gotify" ] && stat_Gotify=32mON || stat_Gotify=33mOFF + [ "$task_push" = 1 ] && stat_task=32mON || stat_task=33mOFF [ -n "$device_name" ] && device_s=32m$device_name || device_s=33m未设置 echo "-----------------------------------------------" echo -e " 1 Telegram推送 ——\033[$stat_TG\033[0m" @@ -537,7 +537,7 @@ testcommand(){ if [ "$firewall_mod" = "nftables" ];then nft list table inet shellcrash | sed '/set cn_ip {/,/}/d;/set cn_ip6 {/,/}/d;/^[[:space:]]*}/d' else - [ "$firewall_area" = 1 -o "$firewall_area" = 3 -o "$firewall_area" = 5 -o "$vm_redir" = "已开启" ] && { + [ "$firewall_area" = 1 -o "$firewall_area" = 3 -o "$firewall_area" = 5 -o "$vm_redir" = "ON" ] && { echo "----------------Redir+DNS---------------------" iptables -t nat -L PREROUTING --line-numbers iptables -t nat -L shellcrash_dns --line-numbers @@ -559,7 +559,7 @@ testcommand(){ iptables -t mangle -L shellcrash_mark_out --line-numbers } } - [ "$ipv6_redir" = "已开启" ] && { + [ "$ipv6_redir" = "ON" ] && { [ "$firewall_area" = 1 -o "$firewall_area" = 3 ] && { ip6tables -t nat -L >/dev/null 2>&1 && { echo "-------------IPV6-Redir+DNS-------------------" @@ -574,7 +574,7 @@ testcommand(){ } } } - [ "$vm_redir" = "已开启" ] && { + [ "$vm_redir" = "ON" ] && { echo "-------------vm-Redir-------------------" iptables -t nat -L shellcrash_vm --line-numbers iptables -t nat -L shellcrash_vm_dns --line-numbers @@ -717,13 +717,13 @@ userguide(){ setconfig dns_mod mix setconfig firewall_area '1' #默认启用绕过CN-IP - setconfig cn_ip_route 已开启 + setconfig cn_ip_route ON #自动识别IPV6 [ -n "$(ip a 2>&1 | grep -w 'inet6' | grep -E 'global' | sed 's/.*inet6.//g' | sed 's/scope.*$//g')" ] && { - setconfig ipv6_redir 已开启 - setconfig ipv6_support 已开启 - setconfig ipv6_dns 已开启 - setconfig cn_ipv6_route 已开启 + setconfig ipv6_redir ON + setconfig ipv6_support ON + setconfig ipv6_dns ON + setconfig cn_ipv6_route ON } #设置开机启动 [ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ] && /etc/init.d/shellcrash enable @@ -747,7 +747,7 @@ userguide(){ 2) setconfig redir_mod "Redir模式" [ -n "$(echo $cputype | grep -E "linux.*mips.*")" ] && setconfig crashcore "clash" - setconfig common_ports "未开启" + setconfig common_ports "OFF" setconfig firewall_area '2' ;; 3) diff --git a/scripts/start.sh b/scripts/start.sh index 7fe3e88b..3e7142fb 100644 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -40,7 +40,7 @@ start) #使用不同方式启动服务 if [ "$firewall_area" = "5" ]; then #主旁转发 . "$CRASHDIR"/starts/fw_start.sh - elif [ "$start_old" = "已开启" ]; then + elif [ "$start_old" = "ON" ]; then start_l elif [ -f /etc/rc.common ] && grep -q 'procd' /proc/1/comm; then /etc/init.d/shellcrash start diff --git a/scripts/starts/afstart.sh b/scripts/starts/afstart.sh index e71e79c7..675c0f3b 100644 --- a/scripts/starts/afstart.sh +++ b/scripts/starts/afstart.sh @@ -18,7 +18,7 @@ #设置循环检测面板端口以判定服务启动是否成功 . "$CRASHDIR"/libs/start_wait.sh if [ -n "$test" -o -n "$(pidof CrashCore)" ]; then - [ "$start_old" = "已开启" ] && [ ! -L "$TMPDIR"/CrashCore ] && rm -f "$TMPDIR"/CrashCore #删除缓存目录内核文件 + [ "$start_old" = "ON" ] && [ ! -L "$TMPDIR"/CrashCore ] && rm -f "$TMPDIR"/CrashCore #删除缓存目录内核文件 . "$CRASHDIR"/starts/fw_start.sh #配置防火墙流量劫持 date +%s >"$TMPDIR"/crash_start_time #标记启动时间 #TG机器人守护进程 @@ -42,7 +42,7 @@ if [ -n "$test" -o -n "$(pidof CrashCore)" ]; then cronset '2fjdi124dd12s' "$line" done <"$CRASHDIR"/task/running } - [ "$start_old" = "已开启" ] && cronset '保守模式守护进程' "* * * * * /bin/sh $CRASHDIR/starts/start_legacy_wd.sh shellcrash #ShellCrash保守模式守护进程" + [ "$start_old" = "ON" ] && cronset '保守模式守护进程' "* * * * * /bin/sh $CRASHDIR/starts/start_legacy_wd.sh shellcrash #ShellCrash保守模式守护进程" #加载条件任务 [ -s "$CRASHDIR"/task/afstart ] && { . "$CRASHDIR"/task/afstart; } & [ -s "$CRASHDIR"/task/affirewall -a -s /etc/init.d/firewall -a ! -f /etc/init.d/firewall.bak ] && { diff --git a/scripts/starts/bfstart.sh b/scripts/starts/bfstart.sh index 8d3ad3a4..294e1418 100644 --- a/scripts/starts/bfstart.sh +++ b/scripts/starts/bfstart.sh @@ -71,7 +71,7 @@ EOF routing_mark=$((fwmark + 2)) #检测网络连接 -[ "$network_check" != "已禁用" ] && [ ! -f "$TMPDIR"/crash_start_time ] && ckcmd ping && . "$CRASHDIR"/starts/check_network.sh && check_network +[ "$network_check" != "OFF" ] && [ ! -f "$TMPDIR"/crash_start_time ] && ckcmd ping && . "$CRASHDIR"/starts/check_network.sh && check_network [ ! -d "$BINDIR"/ui ] && mkdir -p "$BINDIR"/ui [ -z "$crashcore" ] && crashcore=meta #执行条件任务 @@ -110,11 +110,11 @@ else fi fi #检查下载cnip绕过相关文件 -[ "$cn_ip_route" = "已开启" ] && [ "$dns_mod" != "fake-ip" ] && { +[ "$cn_ip_route" = "ON" ] && [ "$dns_mod" != "fake-ip" ] && { [ "$firewall_mod" = nftables ] || ckcmd ipset && { . "$CRASHDIR"/starts/check_cnip.sh ck_cn_ipv4 - [ "$ipv6_redir" = "已开启" ] && ck_cn_ipv6 + [ "$ipv6_redir" = "ON" ] && ck_cn_ipv6 } } #添加shellcrash用户 diff --git a/scripts/starts/check_core.sh b/scripts/starts/check_core.sh index 6e4e3849..6bf52c44 100644 --- a/scripts/starts/check_core.sh +++ b/scripts/starts/check_core.sh @@ -13,6 +13,6 @@ check_core() { #检查及下载内核文件 core_webget || logger "核心下载失败,请重新运行或更换安装源!" 31 } [ ! -x "$TMPDIR"/CrashCore ] && chmod +x "$TMPDIR"/CrashCore 2>/dev/null #自动授权 - [ "$start_old" != "已开启" -a "$(cat /proc/1/comm)" = "systemd" ] && restorecon -RF "$CRASHDIR" 2>/dev/null #修复SELinux权限问题 + [ "$start_old" != "ON" -a "$(cat /proc/1/comm)" = "systemd" ] && restorecon -RF "$CRASHDIR" 2>/dev/null #修复SELinux权限问题 return 0 } diff --git a/scripts/starts/clash_modify.sh b/scripts/starts/clash_modify.sh index 277b66ee..bdda33b4 100644 --- a/scripts/starts/clash_modify.sh +++ b/scripts/starts/clash_modify.sh @@ -4,7 +4,7 @@ #修饰clash配置文件 modify_yaml() { ##########需要变更的配置########### - [ "$ipv6_dns" != "未开启" ] && dns_v6='true' || dns_v6='false' + [ "$ipv6_dns" != "OFF" ] && dns_v6='true' || dns_v6='false' external="external-controller: 0.0.0.0:$db_port" if [ "$redir_mod" = "混合模式" -o "$redir_mod" = "Tun模式" ]; then [ "$crashcore" = 'meta' ] && tun_meta=', device: utun, auto-route: false, auto-detect-interface: false' @@ -55,8 +55,8 @@ EOF fi } #域名嗅探配置 - [ "$sniffer" = "已启用" ] && [ "$crashcore" = "meta" ] && sniffer_set="sniffer: {enable: true, parse-pure-ip: true, skip-domain: [Mijia Cloud], sniff: {http: {ports: [80, 8080-8880], override-destination: true}, tls: {ports: [443, 8443]}, quic: {ports: [443, 8443]}}}" - [ "$crashcore" = "clashpre" ] && [ "$dns_mod" = "redir_host" -o "$sniffer" = "已启用" ] && exper="experimental: {ignore-resolve-fail: true, interface-name: en0,sniff-tls-sni: true}" + [ "$sniffer" = "ON" ] && [ "$crashcore" = "meta" ] && sniffer_set="sniffer: {enable: true, parse-pure-ip: true, skip-domain: [Mijia Cloud], sniff: {http: {ports: [80, 8080-8880], override-destination: true}, tls: {ports: [443, 8443]}, quic: {ports: [443, 8443]}}}" + [ "$crashcore" = "clashpre" ] && [ "$dns_mod" = "redir_host" -o "$sniffer" = "ON" ] && exper="experimental: {ignore-resolve-fail: true, interface-name: en0,sniff-tls-sni: true}" #生成set.yaml cat >"$TMPDIR"/set.yaml <"$TMPDIR"/${char}.yaml done #跳过本地tls证书验证 - [ "$skip_cert" != "未开启" ] && sed -i 's/skip-cert-verify: false/skip-cert-verify: true/' "$TMPDIR"/proxies.yaml || + [ "$skip_cert" != "OFF" ] && sed -i 's/skip-cert-verify: false/skip-cert-verify: true/' "$TMPDIR"/proxies.yaml || sed -i 's/skip-cert-verify: true/skip-cert-verify: false/' "$TMPDIR"/proxies.yaml #插入自定义策略组 sed -i "/#自定义策略组开始/,/#自定义策略组结束/d" "$TMPDIR"/proxy-groups.yaml @@ -168,7 +168,7 @@ EOF } #节点绕过功能支持 sed -i "/#节点绕过/d" "$TMPDIR"/rules.yaml - [ "$proxies_bypass" = "已启用" ] && { + [ "$proxies_bypass" = "ON" ] && { cat "$TMPDIR"/proxies.yaml | sed '/^proxy-/,$d' | sed '/^rule-/,$d' | grep -v '^\s*#' | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | awk '!a[$0]++' | sed 's/^/\ -\ IP-CIDR,/g' | sed 's|$|/32,DIRECT,no-resolve #节点绕过|g' >>"$TMPDIR"/proxies_bypass cat "$TMPDIR"/proxies.yaml | sed '/^proxy-/,$d' | sed '/^rule-/,$d' | grep -v '^\s*#' | grep -vE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -oE '[a-zA-Z0-9][-a-zA-Z0-9]{0,62}(\.[a-zA-Z0-9][-a-zA-Z0-9]{0,62})+\.?' | awk '!a[$0]++' | sed 's/^/\ -\ DOMAIN,/g' | sed 's/$/,DIRECT #节点绕过/g' >>"$TMPDIR"/proxies_bypass cat "$TMPDIR"/rules.yaml >>"$TMPDIR"/proxies_bypass diff --git a/scripts/starts/fw_getlanip.sh b/scripts/starts/fw_getlanip.sh index b5b4316e..1e5d6aa4 100644 --- a/scripts/starts/fw_getlanip.sh +++ b/scripts/starts/fw_getlanip.sh @@ -3,14 +3,14 @@ getlanip() { #获取局域网host地址 i=1 while [ "$i" -le "20" ]; do host_ipv4=$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep 'brd' | grep -Ev 'utun|iot|peer|docker|podman|virbr|vnet|ovs|vmbr|veth|vmnic|vboxnet|lxcbr|xenbr|vEthernet' | grep -E ' 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/br.*$//g' | sed 's/metric.*$//g') #ipv4局域网网段 - [ "$ipv6_redir" = "已开启" ] && host_ipv6=$(ip a 2>&1 | grep -w 'inet6' | grep -E 'global' | sed 's/.*inet6.//g' | sed 's/scope.*$//g') #ipv6公网地址段 + [ "$ipv6_redir" = "ON" ] && host_ipv6=$(ip a 2>&1 | grep -w 'inet6' | grep -E 'global' | sed 's/.*inet6.//g' | sed 's/scope.*$//g') #ipv6公网地址段 [ -f "$TMPDIR"/ShellCrash.log ] && break - [ -n "$host_ipv4" -a "$ipv6_redir" != "已开启" ] && break + [ -n "$host_ipv4" -a "$ipv6_redir" != "ON" ] && break [ -n "$host_ipv4" -a -n "$host_ipv6" ] && break sleep 1 && i=$((i + 1)) done #添加自定义ipv4局域网网段 - if [ "$replace_default_host_ipv4" == "已启用" ]; then + if [ "$replace_default_host_ipv4" == "ON" ]; then host_ipv4="$cust_host_ipv4" else host_ipv4="$host_ipv4$cust_host_ipv4" diff --git a/scripts/starts/fw_iptables.sh b/scripts/starts/fw_iptables.sh index a8130372..4c5df9d3 100644 --- a/scripts/starts/fw_iptables.sh +++ b/scripts/starts/fw_iptables.sh @@ -34,8 +34,8 @@ start_ipt_route() { #iptables-route通用工具 "$1" $w -t "$2" -A "$4" -d $ip -j RETURN done #绕过CN_IP - [ "$1" = iptables ] && [ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" = "已开启" ] && [ -f "$BINDIR"/cn_ip.txt ] && "$1" $w -t "$2" -A "$4" -m set --match-set cn_ip dst -j RETURN 2>/dev/null - [ "$1" = ip6tables ] && [ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" = "已开启" ] && [ -f "$BINDIR"/cn_ipv6.txt ] && "$1" $w -t "$2" -A "$4" -m set --match-set cn_ip6 dst -j RETURN 2>/dev/null + [ "$1" = iptables ] && [ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" = "ON" ] && [ -f "$BINDIR"/cn_ip.txt ] && "$1" $w -t "$2" -A "$4" -m set --match-set cn_ip dst -j RETURN 2>/dev/null + [ "$1" = ip6tables ] && [ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" = "ON" ] && [ -f "$BINDIR"/cn_ipv6.txt ] && "$1" $w -t "$2" -A "$4" -m set --match-set cn_ip6 dst -j RETURN 2>/dev/null #局域网mac地址黑名单过滤 [ "$3" = 'PREROUTING' ] && [ "$macfilter_type" != "白名单" ] && { [ -s "$CRASHDIR"/configs/mac ] && @@ -65,8 +65,8 @@ start_ipt_route() { #iptables-route通用工具 fi #将所在链指定流量指向shellcrash表 "$1" $w -t "$2" -I "$3" -p "$5" $ports -j "$4" - [ "$dns_mod" = "mix" -o "$dns_mod" = "fake-ip" ] && [ "$common_ports" = "已开启" ] && [ "$1" = iptables ] && "$1" $w -t "$2" -I "$3" -p "$5" -d 28.0.0.0/8 -j "$4" - [ "$dns_mod" = "mix" -o "$dns_mod" = "fake-ip" ] && [ "$common_ports" = "已开启" ] && [ "$1" = ip6tables ] && "$1" $w -t "$2" -I "$3" -p "$5" -d fc00::/16 -j "$4" + [ "$dns_mod" = "mix" -o "$dns_mod" = "fake-ip" ] && [ "$common_ports" = "ON" ] && [ "$1" = iptables ] && "$1" $w -t "$2" -I "$3" -p "$5" -d 28.0.0.0/8 -j "$4" + [ "$dns_mod" = "mix" -o "$dns_mod" = "fake-ip" ] && [ "$common_ports" = "ON" ] && [ "$1" = ip6tables ] && "$1" $w -t "$2" -I "$3" -p "$5" -d fc00::/16 -j "$4" } [ "$5" = "tcp" -o "$5" = "all" ] && proxy_set "$1" "$2" "$3" "$4" tcp [ "$5" = "udp" -o "$5" = "all" ] && proxy_set "$1" "$2" "$3" "$4" udp @@ -170,7 +170,7 @@ start_iptables() { #iptables配置总入口 JUMP="REDIRECT --to-ports $redir_port" #跳转劫持的具体命令 [ "$lan_proxy" = true ] && { start_ipt_route iptables nat PREROUTING shellcrash tcp #ipv4-局域网tcp转发 - [ "$ipv6_redir" = "已开启" ] && { + [ "$ipv6_redir" = "ON" ] && { if $ip6table -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports'; then start_ipt_route ip6tables nat PREROUTING shellcrashv6 tcp #ipv6-局域网tcp转发 else @@ -180,7 +180,7 @@ start_iptables() { #iptables配置总入口 } [ "$local_proxy" = true ] && { start_ipt_route iptables nat OUTPUT shellcrash_out tcp #ipv4-本机tcp转发 - [ "$ipv6_redir" = "已开启" ] && { + [ "$ipv6_redir" = "ON" ] && { if $ip6table -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports'; then start_ipt_route ip6tables nat OUTPUT shellcrashv6_out tcp #ipv6-本机tcp转发 else @@ -207,7 +207,7 @@ start_iptables() { #iptables配置总入口 else logger "当前设备内核可能缺少kmod_ipt_tproxy模块支持,已放弃启动相关规则!" 31 fi - [ "$ipv6_redir" = "已开启" ] && { + [ "$ipv6_redir" = "ON" ] && { if $ip6table -j TPROXY -h 2>/dev/null | grep -q '\--on-port'; then JUMP="TPROXY --on-port $tproxy_port --tproxy-mark $fwmark" #跳转劫持的具体命令 [ "$lan_proxy" = true ] && start_ipt_route ip6tables mangle PREROUTING shellcrashv6_mark all @@ -240,7 +240,7 @@ start_iptables() { #iptables配置总入口 else logger "当前设备内核可能缺少x_mark模块支持,已放弃启动相关规则!" 31 fi - [ "$ipv6_redir" = "已开启" ] && [ "$crashcore" != clashpre ] && { + [ "$ipv6_redir" = "ON" ] && [ "$crashcore" != clashpre ] && { if $ip6table -j MARK -h 2>/dev/null | grep -q '\--set-mark'; then [ "$lan_proxy" = true ] && { [ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ] && $ip6table -I FORWARD -o utun -j ACCEPT @@ -252,13 +252,13 @@ start_iptables() { #iptables配置总入口 fi } } - [ "$vm_redir" = "已开启" ] && [ -n "$$vm_ipv4" ] && { + [ "$vm_redir" = "ON" ] && [ -n "$$vm_ipv4" ] && { JUMP="REDIRECT --to-ports $redir_port" #跳转劫持的具体命令 start_ipt_dns iptables PREROUTING shellcrash_vm_dns #ipv4-局域网dns转发 start_ipt_route iptables nat PREROUTING shellcrash_vm tcp #ipv4-局域网tcp转发 } #启动DNS劫持 - [ "$dns_no" != "已禁用" -a "$dns_redir" != "已开启" -a "$firewall_area" -le 3 ] && { + [ "$dns_no" != "已禁用" -a "$dns_redir" != "ON" -a "$firewall_area" -le 3 ] && { [ "$lan_proxy" = true ] && { start_ipt_dns iptables PREROUTING shellcrash_dns #ipv4-局域网dns转发 if $ip6table -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports'; then @@ -271,8 +271,8 @@ start_iptables() { #iptables配置总入口 [ "$local_proxy" = true ] && start_ipt_dns iptables OUTPUT shellcrash_dns_out #ipv4-本机dns转发 } #屏蔽QUIC - [ "$quic_rj" = '已启用' -a "$lan_proxy" = true -a "$redir_mod" != "Redir模式" ] && { - [ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" ] && { + [ "$quic_rj" = 'ON' -a "$lan_proxy" = true -a "$redir_mod" != "Redir模式" ] && { + [ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "ON" ] && { set_cn_ip='-m set ! --match-set cn_ip dst' set_cn_ip6='-m set ! --match-set cn_ip6 dst' } diff --git a/scripts/starts/fw_nftables.sh b/scripts/starts/fw_nftables.sh index 509d40c4..8e251c5b 100644 --- a/scripts/starts/fw_nftables.sh +++ b/scripts/starts/fw_nftables.sh @@ -10,7 +10,7 @@ add_ip6_route(){ #仅代理本机局域网网段流量 nft add rule inet shellcrash $1 ip6 saddr != {$HOST_IP6} return #绕过CN_IPV6 - [ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" -a -f "$BINDIR"/cn_ipv6.txt ] && { + [ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "ON" -a -f "$BINDIR"/cn_ipv6.txt ] && { CN_IP6=$(awk '{printf "%s, ",$1}' "$BINDIR"/cn_ipv6.txt) [ -n "$CN_IP6" ] && { nft add set inet shellcrash cn_ip6 { type ipv6_addr \; flags interval \; } @@ -21,7 +21,7 @@ add_ip6_route(){ } start_nft_route() { #nftables-route通用工具 #$1:name $2:hook(prerouting/output) $3:type(nat/mangle/filter) $4:priority(-100/-150) - [ "$common_ports" = "已开启" ] && PORTS=$(echo $multiport | sed 's/,/, /g') + [ "$common_ports" = "ON" ] && PORTS=$(echo $multiport | sed 's/,/, /g') [ "$1" = 'prerouting' ] && HOST_IP=$(echo $host_ipv4 | sed 's/ /, /g') [ "$1" = 'output' ] && HOST_IP="127.0.0.0/8, $(echo $local_ipv4 | sed 's/ /, /g')" [ "$1" = 'prerouting_vm' ] && HOST_IP="$(echo $vm_ipv4 | sed 's/ /, /g')" @@ -73,7 +73,7 @@ start_nft_route() { #nftables-route通用工具 } } #绕过CN-IP - [ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" -a -f "$BINDIR"/cn_ip.txt ] && { + [ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "ON" -a -f "$BINDIR"/cn_ip.txt ] && { CN_IP=$(awk '{printf "%s, ",$1}' "$BINDIR"/cn_ip.txt) [ -n "$CN_IP" ] && { nft add set inet shellcrash cn_ip { type ipv4_addr \; flags interval \; } @@ -82,17 +82,17 @@ start_nft_route() { #nftables-route通用工具 } } #局域网ipv6支持 - if [ "$ipv6_redir" = "已开启" -a "$1" = 'prerouting' -a "$firewall_area" != 5 ]; then + if [ "$ipv6_redir" = "ON" -a "$1" = 'prerouting' -a "$firewall_area" != 5 ]; then HOST_IP6=$(echo $host_ipv6 | sed 's/ /, /g') add_ip6_route "$1" - elif [ "$ipv6_redir" = "已开启" -a "$1" = 'output' -a \( "$firewall_area" = 2 -o "$firewall_area" = 3 \) ]; then + elif [ "$ipv6_redir" = "ON" -a "$1" = 'output' -a \( "$firewall_area" = 2 -o "$firewall_area" = 3 \) ]; then HOST_IP6="::1, $(echo $host_ipv6 | sed 's/ /, /g')" add_ip6_route "$1" else nft add rule inet shellcrash $1 meta nfproto ipv6 return fi #屏蔽quic - [ "$quic_rj" = '已启用' -a "$lan_proxy" = true ] && nft add rule inet shellcrash $1 udp dport {443, 8443} return + [ "$quic_rj" = 'ON' -a "$lan_proxy" = true ] && nft add rule inet shellcrash $1 udp dport {443, 8443} return #添加通用路由 nft add rule inet shellcrash "$1" "$JUMP" #处理特殊路由 @@ -163,7 +163,7 @@ start_nftables() { #nftables配置总入口 #公网访问防火墙 [ "$fw_wan" != OFF ] && [ "$systype" != 'container' ] && start_nft_wan #启动DNS劫持 - [ "$dns_no" != "已禁用" -a "$dns_redir" != "已开启" -a "$firewall_area" -le 3 ] && { + [ "$dns_no" != "已禁用" -a "$dns_redir" != "ON" -a "$firewall_area" -le 3 ] && { [ "$lan_proxy" = true ] && start_nft_dns prerouting prerouting #局域网dns转发 [ "$local_proxy" = true ] && start_nft_dns output output #本机dns转发 } @@ -203,7 +203,7 @@ start_nftables() { #nftables配置总入口 [ "$lan_proxy" = true ] && start_nft_route prerouting prerouting filter -150 [ "$local_proxy" = true ] && start_nft_route output output route -150 } - [ "$vm_redir" = "已开启" ] && [ -n "$$vm_ipv4" ] && { + [ "$vm_redir" = "ON" ] && [ -n "$$vm_ipv4" ] && { start_nft_dns prerouting_vm prerouting JUMP="meta l4proto tcp redirect to $redir_port" #跳转劫持的具体命令 start_nft_route prerouting_vm prerouting nat -100 diff --git a/scripts/starts/fw_start.sh b/scripts/starts/fw_start.sh index 5e2c332e..cdbab7cb 100644 --- a/scripts/starts/fw_start.sh +++ b/scripts/starts/fw_start.sh @@ -5,9 +5,9 @@ . "$CRASHDIR"/starts/fw_getlanip.sh && getlanip #缺省值 [ -z "$macfilter_type" ] && macfilter_type='黑名单' -[ -z "$common_ports" ] && common_ports='已开启' +[ -z "$common_ports" ] && common_ports='ON' [ -z "$multiport" ] && multiport='22,80,143,194,443,465,587,853,993,995,5222,8080,8443' -[ "$common_ports" = "已开启" ] && ports="-m multiport --dports $multiport" +[ "$common_ports" = "ON" ] && ports="-m multiport --dports $multiport" [ -z "$redir_mod" ] && [ "$USER" = "root" -o "$USER" = "admin" ] && redir_mod='Redir模式' [ -z "$dns_mod" ] && dns_mod='redir_host' [ -z "$redir_mod" ] && firewall_area='4' @@ -31,7 +31,7 @@ [ "$redir_mod" != "Redir模式" ] && ip rule add fwmark $fwmark table $table 2>/dev/null } #添加ipv6路由 -[ "$ipv6_redir" = "已开启" -a "$firewall_area" -le 3 ] && { +[ "$ipv6_redir" = "ON" -a "$firewall_area" -le 3 ] && { [ "$redir_mod" = "Tproxy模式" ] && ip -6 route add local default dev lo table $((table + 1)) 2>/dev/null [ -n "$(ip route list | grep utun)" ] && ip -6 route add default dev utun table $((table + 1)) 2>/dev/null [ "$redir_mod" != "Redir模式" ] && ip -6 rule add fwmark $fwmark table $((table + 1)) 2>/dev/null diff --git a/scripts/starts/fw_stop.sh b/scripts/starts/fw_stop.sh index 25c8d0e3..21fc3ee9 100644 --- a/scripts/starts/fw_stop.sh +++ b/scripts/starts/fw_stop.sh @@ -7,9 +7,9 @@ . "$CRASHDIR"/libs/check_cmd.sh . "$CRASHDIR"/starts/fw_getlanip.sh && getlanip #获取局域网host地址 #缺省值 -[ -z "$common_ports" ] && common_ports='已开启' +[ -z "$common_ports" ] && common_ports='ON' [ -z "$multiport" ] && multiport='22,80,143,194,443,465,587,853,993,995,5222,8080,8443' -[ "$common_ports" = "已开启" ] && ports="-m multiport --dports $multiport" +[ "$common_ports" = "ON" ] && ports="-m multiport --dports $multiport" #重置iptables相关规则 ckcmd iptables && { ckcmd iptables && iptables -h | grep -q '\-w' && iptable='iptables -w' || iptable=iptables @@ -43,7 +43,7 @@ ckcmd iptables && { #tun $iptable -D FORWARD -o utun -j ACCEPT 2>/dev/null #屏蔽QUIC - [ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" != "未开启" ] && set_cn_ip='-m set ! --match-set cn_ip dst' + [ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" != "OFF" ] && set_cn_ip='-m set ! --match-set cn_ip dst' $iptable -D INPUT -p udp --dport 443 $set_cn_ip -j REJECT 2>/dev/null $iptable -D FORWARD -p udp --dport 443 -o utun $set_cn_ip -j REJECT 2>/dev/null #公网访问 @@ -93,7 +93,7 @@ ckcmd ip6tables && { #tun $ip6table -D FORWARD -o utun -j ACCEPT 2>/dev/null #屏蔽QUIC - [ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" != "未开启" ] && set_cn_ip6='-m set ! --match-set cn_ip6 dst' + [ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" != "OFF" ] && set_cn_ip6='-m set ! --match-set cn_ip6 dst' $ip6table -D INPUT -p udp --dport 443 $set_cn_ip6 -j REJECT 2>/dev/null $ip6table -D FORWARD -p udp --dport 443 -o utun $set_cn_ip6 -j REJECT 2>/dev/null #公网访问 @@ -120,13 +120,6 @@ ckcmd ip6tables && { #清理ipset规则 ipset destroy cn_ip >/dev/null 2>&1 ipset destroy cn_ip6 >/dev/null 2>&1 -#移除dnsmasq转发规则 -[ "$dns_redir" = "已开启" ] && { - uci del dhcp.@dnsmasq[-1].server >/dev/null 2>&1 - uci set dhcp.@dnsmasq[0].noresolv=0 2>/dev/null - uci commit dhcp >/dev/null 2>&1 - /etc/init.d/dnsmasq restart >/dev/null 2>&1 -} #清理路由规则 ip rule del fwmark $fwmark table $table 2>/dev/null ip route flush table $table 2>/dev/null diff --git a/scripts/starts/singbox_modify.sh b/scripts/starts/singbox_modify.sh index 06655714..8b778205 100644 --- a/scripts/starts/singbox_modify.sh +++ b/scripts/starts/singbox_modify.sh @@ -97,7 +97,7 @@ EOF EOF fi #生成dns.json - [ "$ipv6_dns" != "未开启" ] && strategy='prefer_ipv4' || strategy='ipv4_only' + [ "$ipv6_dns" != "OFF" ] && strategy='prefer_ipv4' || strategy='ipv4_only' #获取detour出口 auto_detour=$(grep -E '"type": "urltest"' -A 1 "$TMPDIR"/jsons/outbounds.json | grep '自动' | head -n 1 | sed 's/^[[:space:]]*"tag": //;s/,$//') [ -z "$auto_detour" ] && auto_detour=$(grep -E '"type": "urltest"' -A 1 "$TMPDIR"/jsons/outbounds.json | grep '"tag":' | head -n 1 | sed 's/^[[:space:]]*"tag": //;s/,$//') @@ -189,7 +189,7 @@ EOF EOF #生成add_route.json #域名嗅探配置 - [ "$sniffer" = "已启用" ] && sniffer_set='{ "action": "sniff", "timeout": "500ms" },' + [ "$sniffer" = ON ] && sniffer_set='{ "action": "sniff", "timeout": "500ms" },' [ "$ts_service" = ON ] && tailscale_set='{ "inbound": [ "ts-ep" ], "port": 53, "action": "hijack-dns" },' cat >"$TMPDIR"/jsons/add_route.json <>"$TMPDIR"/jsons/tun.json </dev/null else sed -i 's/"insecure": true/"insecure": false/' "$TMPDIR"/jsons/outbounds.json "$TMPDIR"/jsons/providers.json 2>/dev/null diff --git a/scripts/starts/start_error.sh b/scripts/starts/start_error.sh index e873661d..39e807c7 100644 --- a/scripts/starts/start_error.sh +++ b/scripts/starts/start_error.sh @@ -1,5 +1,5 @@ -if [ "$start_old" != "已开启" ] && ckcmd journalctl; then +if [ "$start_old" != "ON" ] && ckcmd journalctl; then journalctl -u shellcrash >"$TMPDIR"/core_test.log else PID=$(pidof CrashCore) && [ -n "$PID" ] && kill -9 "$PID" >/dev/null 2>&1