xm/ShellCrash
1
0
Fork 0
mirror of https://github.com/juewuy/ShellCrash.git synced 2026-03-10 23:41:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

~改为统一使用ON/OFF来表示功能开启关闭状态

Browse Source
This commit is contained in:
juewuy
2026-01-07 10:16:39 +08:00
parent 098a70c067
commit f46cdade4d
18 changed files with 127 additions and 132 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
scripts/init.sh
View File

@@ -163,7 +163,7 @@ fi
setconfig firewall_area '1'
setconfig firewall_mod 'nftables'
setconfig release_type 'master'
setconfig start_old '未开启'
setconfig start_old 'OFF'
echo "$CRASHDIR/menu.sh" >> /etc/profile
cat > /usr/bin/crash <<'EOF'
#!/bin/sh
@@ -226,6 +226,8 @@ sed -i "s/redir_mod=Nft基础/redir_mod=Redir模式/g" "$CFG_PATH"
sed -i "s/redir_mod=Nft混合/redir_mod=Tproxy模式/g" "$CFG_PATH"
sed -i "s/redir_mod=Tproxy混合/redir_mod=Tproxy模式/g" "$CFG_PATH"
sed -i "s/redir_mod=纯净模式/firewall_area=4/g" "$CFG_PATH"
sed -i "s/hosts_opt=未启用/hosts_opt=OFF/g" "$CFG_PATH"
#变量统一使用ON/OFF
sed -i 's/=\(已启用\|已开启\)$/=ON/' "$CFG_PATH"
sed -i 's/=\(未启用\|未开启\)$/=OFF/' "$CFG_PATH"
echo -e "\033[32m脚本初始化完成,请输入\033[30;47m $my_alias \033[0;33m命令开始使用\033[0m"

2
scripts/libs/check_autostart.sh
View File

@@ -1,5 +1,5 @@
check_autostart(){
if [ "$start_old" = "已开启" ];then
if [ "$start_old" = ON ];then
[ ! -f "$CRASHDIR"/.dis_startup ] && return 0
elif [ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ]; then
[ -n "$(find /etc/rc.d -name '*shellcrash')" ] && return 0

76
scripts/menus/2_settings.sh
View File

@@ -6,8 +6,8 @@ __IS_MODULE_2_SETTINGS_LOADED=1
settings() { #功能设置
#获取设置默认显示
[ -z "$skip_cert" ] && skip_cert=已开启
[ -z "$sniffer" ] && sniffer=未启用
[ -z "$skip_cert" ] && skip_cert=ON
[ -z "$sniffer" ] && sniffer=OFF
[ -z "$dns_mod" ] && dns_mod='redir_host'
#
echo "-----------------------------------------------"
@@ -53,19 +53,19 @@ settings() { #功能设置
;;
4)
echo "-----------------------------------------------"
if [ "$skip_cert" = "未开启" ] >/dev/null 2>&1; then
if [ "$skip_cert" = "OFF" ] >/dev/null 2>&1; then
echo -e "\033[33m已设为开启跳过本地证书验证\033[0m"
skip_cert=已开启
skip_cert=ON
else
echo -e "\033[33m已设为禁止跳过本地证书验证\033[0m"
skip_cert=未开启
skip_cert=OFF
fi
setconfig skip_cert $skip_cert
settings
;;
5)
echo "-----------------------------------------------"
if [ "$sniffer" = "未启用" ]; then
if [ "$sniffer" = "OFF" ]; then
if [ "$crashcore" = "clash" ]; then
rm -rf ${TMPDIR}/CrashCore
rm -rf "$CRASHDIR"/CrashCore
@@ -74,11 +74,11 @@ settings() { #功能设置
setconfig crashcore $crashcore
echo "已将ShellCrash内核切换为Meta内核域名嗅探依赖Meta或者高版本clashpre内核"
fi
sniffer=已启用
sniffer=ON
elif [ "$crashcore" = "clashpre" -a "$dns_mod" = "redir_host" ]; then
echo -e "\033[31m使用clashpre内核且开启redir-host模式时无法关闭\033[0m"
else
sniffer=未启用
sniffer=OFF
fi
setconfig sniffer $sniffer
settings
@@ -283,11 +283,11 @@ set_redir_mod() { #路由模式设置
esac
}
set_fw_filter(){ #流量过滤
[ -z "$common_ports" ] && common_ports=已开启
[ -z "$quic_rj" ] && quic_rj=未开启
[ -z "$cn_ip_route" ] && cn_ip_route=未开启
[ -z "$common_ports" ] && common_ports=ON
[ -z "$quic_rj" ] && quic_rj=OFF
[ -z "$cn_ip_route" ] && cn_ip_route=OFF
touch "$CRASHDIR"/configs/mac "$CRASHDIR"/configs/ip_filter
[ -z "$(cat "$CRASHDIR"/configs/mac "$CRASHDIR"/configs/ip_filter 2>/dev/null)" ] && mac_return=未开启 || mac_return=已启用
[ -z "$(cat "$CRASHDIR"/configs/mac "$CRASHDIR"/configs/ip_filter 2>/dev/null)" ] && mac_return=OFF || mac_return=ON
echo "-----------------------------------------------"
echo -e " 1 过滤非常用端口: \033[36m$common_ports\033[0m ————用于过滤P2P流量"
echo -e " 2 过滤局域网设备: \033[36m$mac_return\033[0m ————使用黑/白名单进行过滤"
@@ -304,7 +304,7 @@ set_fw_filter(){ #流量过滤
;;
1)
set_common_ports() {
if [ "$common_ports" = "未开启" ]; then
if [ "$common_ports" = "OFF" ]; then
echo -e "\033[33m当前代理端口为$multiport】\033[0m"
echo -e "\033[31m注意MIX模式下非常用端口的域名连接将不受影响\033[0m"
read -p "是否修改默认端口?(1/0) > " res
@@ -312,11 +312,11 @@ set_fw_filter(){ #流量过滤
read -p "请输入自定义端口,注意用小写逗号分隔 > " text
[ -n "$text" ] && setconfig multiport $text && echo -e "\033[33m已设为代理【$multiport】端口!!\033[0m"
}
common_ports=已开启
common_ports=ON
sleep 1
else
echo -e "\033[33m已设为代理全部端口\033[0m"
common_ports=未开启
common_ports=OFF
fi
setconfig common_ports $common_ports
}
@@ -341,12 +341,12 @@ set_fw_filter(){ #流量过滤
3)
echo "-----------------------------------------------"
if [ -n "$(echo "$redir_mod" | grep -oE '混合|Tproxy|Tun')" ]; then
if [ "$quic_rj" = "未开启" ]; then
if [ "$quic_rj" = "OFF" ]; then
echo -e "\033[33m已禁止QUIC流量通过ShellCrash内核\033[0m"
quic_rj=已启用
quic_rj=ON
else
echo -e "\033[33m已取消禁止QUIC协议流量\033[0m"
quic_rj=未开启
quic_rj=OFF
fi
setconfig quic_rj $quic_rj
else
@@ -357,14 +357,14 @@ set_fw_filter(){ #流量过滤
;;
4)
if [ -n "$(ipset -v 2>/dev/null)" ] || [ "$firewall_mod" = 'nftables' ]; then
if [ "$cn_ip_route" = "未开启" ]; then
if [ "$cn_ip_route" = "OFF" ]; then
echo -e "\033[32m已开启CN_IP绕过内核功能\033[0m"
echo -e "\033[31m注意此功能会导致全局模式及一切CN相关规则失效\033[0m"
cn_ip_route=已开启
cn_ip_route=ON
sleep 2
else
echo -e "\033[33m已禁用CN_IP绕过内核功能\033[0m"
cn_ip_route=未开启
cn_ip_route=OFF
fi
setconfig cn_ip_route $cn_ip_route
else
@@ -401,7 +401,7 @@ set_fw_filter(){ #流量过滤
}
set_cust_host_ipv4() { #自定义ipv4透明路由网段
[ -z "$replace_default_host_ipv4" ] && replace_default_host_ipv4="未启用"
[ -z "$replace_default_host_ipv4" ] && replace_default_host_ipv4="OFF"
echo "-----------------------------------------------"
echo -e "当前默认透明路由的网段为: \033[32m$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep 'br' | grep -v 'iot' | grep -E ' 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/br.*$//g' | sed 's/metric.*$//g' | tr '\n' ' ' && echo) \033[0m"
echo -e "当前已添加的自定义网段为:\033[36m$cust_host_ipv4\033[0m"
@@ -412,10 +412,10 @@ set_cust_host_ipv4() { #自定义ipv4透明路由网段
read -p "请输入对应的序号或需要额外添加的网段 > " text
case "$text" in
2)
if [ "$replace_default_host_ipv4" == "未启用" ]; then
replace_default_host_ipv4="已启用"
if [ "$replace_default_host_ipv4" == "OFF" ]; then
replace_default_host_ipv4="ON"
else
replace_default_host_ipv4="未启用"
replace_default_host_ipv4="OFF"
fi
setconfig replace_default_host_ipv4 "$replace_default_host_ipv4"
set_cust_host_ipv4
@@ -678,7 +678,7 @@ set_adv_config() { #端口设置
setconfig authentication
echo 密码已移除!
else
if [ "$local_proxy" = "已开启" -a "$local_type" = "环境变量" ]; then
if [ "$local_proxy" = "ON" -a "$local_type" = "环境变量" ]; then
echo "-----------------------------------------------"
echo -e "\033[33m请先禁用本机劫持功能或使用增强模式\033[0m"
sleep 1
@@ -724,7 +724,7 @@ set_adv_config() { #端口设置
read -p "请输入需要指定劫持的端口 > " multiport
if [ -n "$multiport" ]; then
[ "$multiport" = "0" ] && multiport="22,80,143,194,443,465,587,853,993,995,5222,8080,8443"
common_ports=已开启
common_ports=ON
setconfig multiport "$multiport"
setconfig common_ports "$common_ports"
echo -e "\033[32m设置成功\033[0m"
@@ -769,7 +769,7 @@ set_adv_config() { #端口设置
esac
}
set_firewall_area() { #路由范围设置
[ -z "$vm_redir" ] && vm_redir='未开启'
[ -z "$vm_redir" ] && vm_redir='OFF'
echo "-----------------------------------------------"
echo -e "\033[31m注意\033[0m基于桥接网卡的Docker/虚拟机流量,请单独启用!"
echo -e "\033[33m如你使用了第三方DNS如smartdns等请勿启用本机劫持或使用shellcrash用户执行\033[0m"
@@ -837,7 +837,7 @@ set_firewall_vm(){
case "$num" in
1)
if [ -n "$vm_ipv4" ]; then
vm_redir=已开启
vm_redir=ON
else
echo -e "\033[33m请先运行容器再运行脚本或者手动设置网段\033[0m"
fi
@@ -846,10 +846,10 @@ set_firewall_vm(){
echo -e "多个网段请用空格连接可运行容器后使用【ip route】命令查看网段地址"
echo -e "示例:\033[32m10.88.0.0/16 172.17.0.0/16\033[0m"
read -p "请输入自定义网段 > " text
[ -n "$text" ] && vm_ipv4=$text && vm_redir=已开启
[ -n "$text" ] && vm_ipv4=$text && vm_redir=ON
;;
3)
vm_redir=未开启
vm_redir=OFF
unset vm_ipv4
;;
*) ;;
@@ -858,8 +858,8 @@ set_firewall_vm(){
setconfig vm_ipv4 "'$vm_ipv4'"
}
set_ipv6() { #ipv6设置
[ -z "$ipv6_redir" ] && ipv6_redir=未开启
[ -z "$ipv6_dns" ] && ipv6_dns=已开启
[ -z "$ipv6_redir" ] && ipv6_redir=OFF
[ -z "$ipv6_dns" ] && ipv6_dns=ON
echo "-----------------------------------------------"
echo -e " 1 ipv6透明路由: \033[36m$ipv6_redir\033[0m ——劫持ipv6流量"
[ "$disoverride" != "1" ] && echo -e " 2 ipv6-DNS解析: \033[36m$ipv6_dns\033[0m ——决定内置DNS是否返回ipv6地址"
@@ -869,19 +869,19 @@ set_ipv6() { #ipv6设置
case "$num" in
0) ;;
1)
if [ "$ipv6_redir" = "未开启" ]; then
ipv6_support=已开启
ipv6_redir=已开启
if [ "$ipv6_redir" = "OFF" ]; then
ipv6_support=ON
ipv6_redir=ON
sleep 2
else
ipv6_redir=未开启
ipv6_redir=OFF
fi
setconfig ipv6_redir $ipv6_redir
setconfig ipv6_support $ipv6_support
set_ipv6
;;
2)
[ "$ipv6_dns" = "未开启" ] && ipv6_dns=已开启 || ipv6_dns=未开启
[ "$ipv6_dns" = "OFF" ] && ipv6_dns=ON || ipv6_dns=OFF
setconfig ipv6_dns $ipv6_dns
set_ipv6
;;

22
scripts/menus/4_setboot.sh
View File

@@ -20,11 +20,11 @@ disable_autostart(){
}
setboot() { #启动设置菜单
[ -z "$start_old" ] && start_old=未开启
[ -z "$start_old" ] && start_old=OFF
[ -z "$start_delay" -o "$start_delay" = 0 ] && delay=未设置 || delay="${start_delay}"
check_autostart && auto_set="\033[33m禁止" || auto_set="\033[32m允许"
[ "${BINDIR}" = "$CRASHDIR" ] && mini_clash=未开启 || mini_clash=已开启
[ -z "$network_check" ] && network_check=已开启
[ "${BINDIR}" = "$CRASHDIR" ] && mini_clash=OFF || mini_clash=ON
[ -z "$network_check" ] && network_check=ON
echo "-----------------------------------------------"
echo -e "\033[30;47m欢迎使用启动设置菜单\033[0m"
echo "-----------------------------------------------"
@@ -53,17 +53,17 @@ setboot() { #启动设置菜单
setboot
;;
2)
if [ "$start_old" = "未开启" ] >/dev/null 2>&1; then
if [ "$start_old" = "OFF" ] >/dev/null 2>&1; then
echo -e "\033[33m改为使用保守模式启动服务\033[0m"
disable_autostart
start_old=已开启
start_old=ON
setconfig start_old "$start_old"
"$CRASHDIR"/start.sh stop
else
if grep -qE 'procd|systemd|s6' /proc/1/comm || rc-status -r >/dev/null 2>&1; then
echo -e "\033[32m改为使用系统守护进程启动服务\033[0m"
"$CRASHDIR"/start.sh cronset "ShellCrash初始化"
start_old=未开启
start_old=OFF
setconfig start_old "$start_old"
"$CRASHDIR"/start.sh stop
@@ -93,10 +93,10 @@ setboot() { #启动设置菜单
;;
4)
dir_size=$(df "$CRASHDIR" | awk '{ for(i=1;i<=NF;i++){ if(NR==1){ arr[i]=$i; }else{ arr[i]=arr[i]" "$i; } } } END{ for(i=1;i<=NF;i++){ print arr[i]; } }' | grep Ava | awk '{print $2}')
if [ "$mini_clash" = "未开启" ]; then
if [ "$mini_clash" = "OFF" ]; then
if [ "$dir_size" -gt 20480 ]; then
echo -e "\033[33m您的设备空间充足(>20M),无需开启!\033[0m"
elif [ "$start_old" != '已开启' -a "$(cat /proc/1/comm)" = "systemd" ]; then
elif [ "$start_old" != 'ON' -a "$(cat /proc/1/comm)" = "systemd" ]; then
echo -e "\033[33m不支持systemd启动模式请先启用保守模式\033[0m"
else
[ "$BINDIR" = "$CRASHDIR" ] && BINDIR="$TMPDIR"
@@ -165,10 +165,10 @@ setboot() { #启动设置菜单
echo -e "\033[32m启用时会导致部分性能较差或者拨号较慢的设备可能会因查询超时导致启动失败\033[0m"
read -p "是否切换?(1/0) > " res
[ "$res" = '1' ] && {
if [ "$network_check" = "已禁用" ]; then
network_check=已启用
if [ "$network_check" = "OFF" ]; then
network_check=ON
else
network_check=已禁用
network_check=OFF
fi
setconfig network_check "$network_check"
}

16
scripts/menus/6_core_config.sh
View File

@@ -122,13 +122,13 @@ setrules(){ #自定义规则
;;
4)
echo "-----------------------------------------------"
if [ "$proxies_bypass" = "未启用" ];then
if [ "$proxies_bypass" = "OFF" ];then
echo -e "\033[33m本功能会自动将当前配置文件中的节点域名或IP设置为直连规则以防止出现双重流量\033[0m"
echo -e "\033[33m请确保下游设备使用的节点与ShellCrash中使用的节点相同否则无法生效\033[0m"
read -p "启用节点绕过?(1/0) > " res
[ "$res" = "1" ] && proxies_bypass=已启用
[ "$res" = "1" ] && proxies_bypass=ON
else
proxies_bypass=未启用
proxies_bypass=OFF
fi
setconfig proxies_bypass $proxies_bypass
sleep 1
@@ -322,13 +322,13 @@ setproxies(){ #自定义clash节点
;;
4)
echo "-----------------------------------------------"
if [ "$proxies_bypass" = "未启用" ];then
if [ "$proxies_bypass" = "OFF" ];then
echo -e "\033[33m本功能会自动将当前配置文件中的节点域名或IP设置为直连规则以防止出现双重流量\033[0m"
echo -e "\033[33m请确保下游设备使用的节点与ShellCrash中使用的节点相同否则无法生效\033[0m"
read -p "启用节点绕过?(1/0) > " res
[ "$res" = "1" ] && proxies_bypass=已启用
[ "$res" = "1" ] && proxies_bypass=ON
else
proxies_bypass=未启用
proxies_bypass=OFF
fi
setconfig proxies_bypass $proxies_bypass
sleep 1
@@ -363,7 +363,7 @@ gen_clash_providers(){ #生成clash的providers配置文件
interval: 600
EOF
[ "$crashcore" = 'meta' ] && {
[ "$skip_cert" != "未开启" ] && skip_cert_verify='skip-cert-verify: true'
[ "$skip_cert" != "OFF" ] && skip_cert_verify='skip-cert-verify: true'
cat >> $TMPDIR/providers/providers.yaml <<EOF
override:
udp: true
@@ -453,7 +453,7 @@ EOF
EOF
fi
#通用部分生成
[ "$skip_cert" != "未开启" ] && override_tls='true' || override_tls='false'
[ "$skip_cert" != "OFF" ] && override_tls='true' || override_tls='false'
cat >> "$TMPDIR"/providers/providers.json <<EOF
"health_check": {
"enabled": true,

36
scripts/menus/8_tools.sh
View File

@@ -83,7 +83,7 @@ tools() {
#获取设置默认显示
grep -qE "^\s*[^#].*otapredownload" /etc/crontabs/root >/dev/null 2>&1 && mi_update=禁用 || mi_update=启用
[ "$mi_mi_autoSSH" = "已配置" ] && mi_mi_autoSSH_type=32m已配置 || mi_mi_autoSSH_type=31m未配置
[ -f "$CRASHDIR"/tools/tun.ko ] && mi_tunfix=32m已启用 || mi_tunfix=31m未启用
[ -f "$CRASHDIR"/tools/tun.ko ] && mi_tunfix=32mON || mi_tunfix=31mOFF
echo "-----------------------------------------------"
echo -e "\033[30;47m欢迎使用其他工具菜单\033[0m"
@@ -222,14 +222,14 @@ mi_autoSSH() {
#日志菜单
log_pusher() {
while true; do
[ -n "$push_TG" ] && stat_TG=32m已启用 || stat_TG=33m未启用
[ -n "$push_Deer" ] && stat_Deer=32m已启用 || stat_Deer=33m未启用
[ -n "$push_bark" ] && stat_bark=32m已启用 || stat_bark=33m未启用
[ -n "$push_Po" ] && stat_Po=32m已启用 || stat_Po=33m未启用
[ -n "$push_PP" ] && stat_PP=32m已启用 || stat_PP=33m未启用
[ -n "$push_SynoChat" ] && stat_SynoChat=32m已启用 || stat_SynoChat=33m未启用
[ -n "$push_Gotify" ] && stat_Gotify=32m已启用 || stat_Gotify=33m未启用
[ "$task_push" = 1 ] && stat_task=32m已启用 || stat_task=33m未启用
[ -n "$push_TG" ] && stat_TG=32mON || stat_TG=33mOFF
[ -n "$push_Deer" ] && stat_Deer=32mON || stat_Deer=33mOFF
[ -n "$push_bark" ] && stat_bark=32mON || stat_bark=33mOFF
[ -n "$push_Po" ] && stat_Po=32mON || stat_Po=33mOFF
[ -n "$push_PP" ] && stat_PP=32mON || stat_PP=33mOFF
[ -n "$push_SynoChat" ] && stat_SynoChat=32mON || stat_SynoChat=33mOFF
[ -n "$push_Gotify" ] && stat_Gotify=32mON || stat_Gotify=33mOFF
[ "$task_push" = 1 ] && stat_task=32mON || stat_task=33mOFF
[ -n "$device_name" ] && device_s=32m$device_name || device_s=33m未设置
echo "-----------------------------------------------"
echo -e " 1 Telegram推送 ——\033[$stat_TG\033[0m"
@@ -537,7 +537,7 @@ testcommand(){
if [ "$firewall_mod" = "nftables" ];then
nft list table inet shellcrash | sed '/set cn_ip {/,/}/d;/set cn_ip6 {/,/}/d;/^[[:space:]]*}/d'
else
[ "$firewall_area" = 1 -o "$firewall_area" = 3 -o "$firewall_area" = 5 -o "$vm_redir" = "已开启" ] && {
[ "$firewall_area" = 1 -o "$firewall_area" = 3 -o "$firewall_area" = 5 -o "$vm_redir" = "ON" ] && {
echo "----------------Redir+DNS---------------------"
iptables -t nat -L PREROUTING --line-numbers
iptables -t nat -L shellcrash_dns --line-numbers
@@ -559,7 +559,7 @@ testcommand(){
iptables -t mangle -L shellcrash_mark_out --line-numbers
}
}
[ "$ipv6_redir" = "已开启" ] && {
[ "$ipv6_redir" = "ON" ] && {
[ "$firewall_area" = 1 -o "$firewall_area" = 3 ] && {
ip6tables -t nat -L >/dev/null 2>&1 && {
echo "-------------IPV6-Redir+DNS-------------------"
@@ -574,7 +574,7 @@ testcommand(){
}
}
}
[ "$vm_redir" = "已开启" ] && {
[ "$vm_redir" = "ON" ] && {
echo "-------------vm-Redir-------------------"
iptables -t nat -L shellcrash_vm --line-numbers
iptables -t nat -L shellcrash_vm_dns --line-numbers
@@ -717,13 +717,13 @@ userguide(){
setconfig dns_mod mix
setconfig firewall_area '1'
#默认启用绕过CN-IP
setconfig cn_ip_route 已开启
setconfig cn_ip_route ON
#自动识别IPV6
[ -n "$(ip a 2>&1 | grep -w 'inet6' | grep -E 'global' | sed 's/.*inet6.//g' | sed 's/scope.*$//g')" ] && {
setconfig ipv6_redir 已开启
setconfig ipv6_support 已开启
setconfig ipv6_dns 已开启
setconfig cn_ipv6_route 已开启
setconfig ipv6_redir ON
setconfig ipv6_support ON
setconfig ipv6_dns ON
setconfig cn_ipv6_route ON
}
#设置开机启动
[ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ] && /etc/init.d/shellcrash enable
@@ -747,7 +747,7 @@ userguide(){
2)
setconfig redir_mod "Redir模式"
[ -n "$(echo $cputype | grep -E "linux.*mips.*")" ] && setconfig crashcore "clash"
setconfig common_ports "未开启"
setconfig common_ports "OFF"
setconfig firewall_area '2'
;;
3)

2
scripts/start.sh
View File

@@ -40,7 +40,7 @@ start)
#使用不同方式启动服务
if [ "$firewall_area" = "5" ]; then #主旁转发
. "$CRASHDIR"/starts/fw_start.sh
elif [ "$start_old" = "已开启" ]; then
elif [ "$start_old" = "ON" ]; then
start_l
elif [ -f /etc/rc.common ] && grep -q 'procd' /proc/1/comm; then
/etc/init.d/shellcrash start

4
scripts/starts/afstart.sh
View File

@@ -18,7 +18,7 @@
#设置循环检测面板端口以判定服务启动是否成功
. "$CRASHDIR"/libs/start_wait.sh
if [ -n "$test" -o -n "$(pidof CrashCore)" ]; then
[ "$start_old" = "已开启" ] && [ ! -L "$TMPDIR"/CrashCore ] && rm -f "$TMPDIR"/CrashCore #删除缓存目录内核文件
[ "$start_old" = "ON" ] && [ ! -L "$TMPDIR"/CrashCore ] && rm -f "$TMPDIR"/CrashCore #删除缓存目录内核文件
. "$CRASHDIR"/starts/fw_start.sh #配置防火墙流量劫持
date +%s >"$TMPDIR"/crash_start_time #标记启动时间
#TG机器人守护进程
@@ -42,7 +42,7 @@ if [ -n "$test" -o -n "$(pidof CrashCore)" ]; then
cronset '2fjdi124dd12s' "$line"
done <"$CRASHDIR"/task/running
}
[ "$start_old" = "已开启" ] && cronset '保守模式守护进程' "* * * * * /bin/sh $CRASHDIR/starts/start_legacy_wd.sh shellcrash #ShellCrash保守模式守护进程"
[ "$start_old" = "ON" ] && cronset '保守模式守护进程' "* * * * * /bin/sh $CRASHDIR/starts/start_legacy_wd.sh shellcrash #ShellCrash保守模式守护进程"
#加载条件任务
[ -s "$CRASHDIR"/task/afstart ] && { . "$CRASHDIR"/task/afstart; } &
[ -s "$CRASHDIR"/task/affirewall -a -s /etc/init.d/firewall -a ! -f /etc/init.d/firewall.bak ] && {

6
scripts/starts/bfstart.sh
View File

@@ -71,7 +71,7 @@ EOF
routing_mark=$((fwmark + 2))
#检测网络连接
[ "$network_check" != "已禁用" ] && [ ! -f "$TMPDIR"/crash_start_time ] && ckcmd ping && . "$CRASHDIR"/starts/check_network.sh && check_network
[ "$network_check" != "OFF" ] && [ ! -f "$TMPDIR"/crash_start_time ] && ckcmd ping && . "$CRASHDIR"/starts/check_network.sh && check_network
[ ! -d "$BINDIR"/ui ] && mkdir -p "$BINDIR"/ui
[ -z "$crashcore" ] && crashcore=meta
#执行条件任务
@@ -110,11 +110,11 @@ else
fi
fi
#检查下载cnip绕过相关文件
[ "$cn_ip_route" = "已开启" ] && [ "$dns_mod" != "fake-ip" ] && {
[ "$cn_ip_route" = "ON" ] && [ "$dns_mod" != "fake-ip" ] && {
[ "$firewall_mod" = nftables ] || ckcmd ipset && {
. "$CRASHDIR"/starts/check_cnip.sh
ck_cn_ipv4
[ "$ipv6_redir" = "已开启" ] && ck_cn_ipv6
[ "$ipv6_redir" = "ON" ] && ck_cn_ipv6
}
}
#添加shellcrash用户

2
scripts/starts/check_core.sh
View File

@@ -13,6 +13,6 @@ check_core() { #检查及下载内核文件
core_webget || logger "核心下载失败,请重新运行或更换安装源!" 31
}
[ ! -x "$TMPDIR"/CrashCore ] && chmod +x "$TMPDIR"/CrashCore 2>/dev/null #自动授权
[ "$start_old" != "已开启" -a "$(cat /proc/1/comm)" = "systemd" ] && restorecon -RF "$CRASHDIR" 2>/dev/null #修复SELinux权限问题
[ "$start_old" != "ON" -a "$(cat /proc/1/comm)" = "systemd" ] && restorecon -RF "$CRASHDIR" 2>/dev/null #修复SELinux权限问题
return 0
}

10
scripts/starts/clash_modify.sh
View File

@@ -4,7 +4,7 @@
#修饰clash配置文件
modify_yaml() {
##########需要变更的配置###########
[ "$ipv6_dns" != "未开启" ] && dns_v6='true' || dns_v6='false'
[ "$ipv6_dns" != "OFF" ] && dns_v6='true' || dns_v6='false'
external="external-controller: 0.0.0.0:$db_port"
if [ "$redir_mod" = "混合模式" -o "$redir_mod" = "Tun模式" ]; then
[ "$crashcore" = 'meta' ] && tun_meta=', device: utun, auto-route: false, auto-detect-interface: false'
@@ -55,8 +55,8 @@ EOF
fi
}
#域名嗅探配置
[ "$sniffer" = "已启用" ] && [ "$crashcore" = "meta" ] && sniffer_set="sniffer: {enable: true, parse-pure-ip: true, skip-domain: [Mijia Cloud], sniff: {http: {ports: [80, 8080-8880], override-destination: true}, tls: {ports: [443, 8443]}, quic: {ports: [443, 8443]}}}"
[ "$crashcore" = "clashpre" ] && [ "$dns_mod" = "redir_host" -o "$sniffer" = "已启用" ] && exper="experimental: {ignore-resolve-fail: true, interface-name: en0,sniff-tls-sni: true}"
[ "$sniffer" = "ON" ] && [ "$crashcore" = "meta" ] && sniffer_set="sniffer: {enable: true, parse-pure-ip: true, skip-domain: [Mijia Cloud], sniff: {http: {ports: [80, 8080-8880], override-destination: true}, tls: {ports: [443, 8443]}, quic: {ports: [443, 8443]}}}"
[ "$crashcore" = "clashpre" ] && [ "$dns_mod" = "redir_host" -o "$sniffer" = "ON" ] && exper="experimental: {ignore-resolve-fail: true, interface-name: en0,sniff-tls-sni: true}"
#生成set.yaml
cat >"$TMPDIR"/set.yaml <<EOF
mixed-port: $mix_port
@@ -108,7 +108,7 @@ EOF
sed -n "/^$char:/,/^[a-z]/ { /^[a-z]/d; p; }" $core_config >"$TMPDIR"/${char}.yaml
done
#跳过本地tls证书验证
[ "$skip_cert" != "未开启" ] && sed -i 's/skip-cert-verify: false/skip-cert-verify: true/' "$TMPDIR"/proxies.yaml ||
[ "$skip_cert" != "OFF" ] && sed -i 's/skip-cert-verify: false/skip-cert-verify: true/' "$TMPDIR"/proxies.yaml ||
sed -i 's/skip-cert-verify: true/skip-cert-verify: false/' "$TMPDIR"/proxies.yaml
#插入自定义策略组
sed -i "/#自定义策略组开始/,/#自定义策略组结束/d" "$TMPDIR"/proxy-groups.yaml
@@ -168,7 +168,7 @@ EOF
}
#节点绕过功能支持
sed -i "/#节点绕过/d" "$TMPDIR"/rules.yaml
[ "$proxies_bypass" = "已启用" ] && {
[ "$proxies_bypass" = "ON" ] && {
cat "$TMPDIR"/proxies.yaml | sed '/^proxy-/,$d' | sed '/^rule-/,$d' | grep -v '^\s*#' | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | awk '!a[$0]++' | sed 's/^/\ -\ IP-CIDR,/g' | sed 's|$|/32,DIRECT,no-resolve #节点绕过|g' >>"$TMPDIR"/proxies_bypass
cat "$TMPDIR"/proxies.yaml | sed '/^proxy-/,$d' | sed '/^rule-/,$d' | grep -v '^\s*#' | grep -vE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -oE '[a-zA-Z0-9][-a-zA-Z0-9]{0,62}(\.[a-zA-Z0-9][-a-zA-Z0-9]{0,62})+\.?' | awk '!a[$0]++' | sed 's/^/\ -\ DOMAIN,/g' | sed 's/$/,DIRECT #节点绕过/g' >>"$TMPDIR"/proxies_bypass
cat "$TMPDIR"/rules.yaml >>"$TMPDIR"/proxies_bypass

6
scripts/starts/fw_getlanip.sh
View File

@@ -3,14 +3,14 @@ getlanip() { #获取局域网host地址
i=1
while [ "$i" -le "20" ]; do
host_ipv4=$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep 'brd' | grep -Ev 'utun|iot|peer|docker|podman|virbr|vnet|ovs|vmbr|veth|vmnic|vboxnet|lxcbr|xenbr|vEthernet' | grep -E ' 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/br.*$//g' | sed 's/metric.*$//g') #ipv4局域网网段
[ "$ipv6_redir" = "已开启" ] && host_ipv6=$(ip a 2>&1 | grep -w 'inet6' | grep -E 'global' | sed 's/.*inet6.//g' | sed 's/scope.*$//g') #ipv6公网地址段
[ "$ipv6_redir" = "ON" ] && host_ipv6=$(ip a 2>&1 | grep -w 'inet6' | grep -E 'global' | sed 's/.*inet6.//g' | sed 's/scope.*$//g') #ipv6公网地址段
[ -f "$TMPDIR"/ShellCrash.log ] && break
[ -n "$host_ipv4" -a "$ipv6_redir" != "已开启" ] && break
[ -n "$host_ipv4" -a "$ipv6_redir" != "ON" ] && break
[ -n "$host_ipv4" -a -n "$host_ipv6" ] && break
sleep 1 && i=$((i + 1))
done
#添加自定义ipv4局域网网段
if [ "$replace_default_host_ipv4" == "已启用" ]; then
if [ "$replace_default_host_ipv4" == "ON" ]; then
host_ipv4="$cust_host_ipv4"
else
host_ipv4="$host_ipv4$cust_host_ipv4"

24
scripts/starts/fw_iptables.sh
View File

@@ -34,8 +34,8 @@ start_ipt_route() { #iptables-route通用工具
"$1" $w -t "$2" -A "$4" -d $ip -j RETURN
done
#绕过CN_IP
[ "$1" = iptables ] && [ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" = "已开启" ] && [ -f "$BINDIR"/cn_ip.txt ] && "$1" $w -t "$2" -A "$4" -m set --match-set cn_ip dst -j RETURN 2>/dev/null
[ "$1" = ip6tables ] && [ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" = "已开启" ] && [ -f "$BINDIR"/cn_ipv6.txt ] && "$1" $w -t "$2" -A "$4" -m set --match-set cn_ip6 dst -j RETURN 2>/dev/null
[ "$1" = iptables ] && [ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" = "ON" ] && [ -f "$BINDIR"/cn_ip.txt ] && "$1" $w -t "$2" -A "$4" -m set --match-set cn_ip dst -j RETURN 2>/dev/null
[ "$1" = ip6tables ] && [ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" = "ON" ] && [ -f "$BINDIR"/cn_ipv6.txt ] && "$1" $w -t "$2" -A "$4" -m set --match-set cn_ip6 dst -j RETURN 2>/dev/null
#局域网mac地址黑名单过滤
[ "$3" = 'PREROUTING' ] && [ "$macfilter_type" != "白名单" ] && {
[ -s "$CRASHDIR"/configs/mac ] &&
@@ -65,8 +65,8 @@ start_ipt_route() { #iptables-route通用工具
fi
#将所在链指定流量指向shellcrash表
"$1" $w -t "$2" -I "$3" -p "$5" $ports -j "$4"
[ "$dns_mod" = "mix" -o "$dns_mod" = "fake-ip" ] && [ "$common_ports" = "已开启" ] && [ "$1" = iptables ] && "$1" $w -t "$2" -I "$3" -p "$5" -d 28.0.0.0/8 -j "$4"
[ "$dns_mod" = "mix" -o "$dns_mod" = "fake-ip" ] && [ "$common_ports" = "已开启" ] && [ "$1" = ip6tables ] && "$1" $w -t "$2" -I "$3" -p "$5" -d fc00::/16 -j "$4"
[ "$dns_mod" = "mix" -o "$dns_mod" = "fake-ip" ] && [ "$common_ports" = "ON" ] && [ "$1" = iptables ] && "$1" $w -t "$2" -I "$3" -p "$5" -d 28.0.0.0/8 -j "$4"
[ "$dns_mod" = "mix" -o "$dns_mod" = "fake-ip" ] && [ "$common_ports" = "ON" ] && [ "$1" = ip6tables ] && "$1" $w -t "$2" -I "$3" -p "$5" -d fc00::/16 -j "$4"
}
[ "$5" = "tcp" -o "$5" = "all" ] && proxy_set "$1" "$2" "$3" "$4" tcp
[ "$5" = "udp" -o "$5" = "all" ] && proxy_set "$1" "$2" "$3" "$4" udp
@@ -170,7 +170,7 @@ start_iptables() { #iptables配置总入口
JUMP="REDIRECT --to-ports $redir_port" #跳转劫持的具体命令
[ "$lan_proxy" = true ] && {
start_ipt_route iptables nat PREROUTING shellcrash tcp #ipv4-局域网tcp转发
[ "$ipv6_redir" = "已开启" ] && {
[ "$ipv6_redir" = "ON" ] && {
if $ip6table -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports'; then
start_ipt_route ip6tables nat PREROUTING shellcrashv6 tcp #ipv6-局域网tcp转发
else
@@ -180,7 +180,7 @@ start_iptables() { #iptables配置总入口
}
[ "$local_proxy" = true ] && {
start_ipt_route iptables nat OUTPUT shellcrash_out tcp #ipv4-本机tcp转发
[ "$ipv6_redir" = "已开启" ] && {
[ "$ipv6_redir" = "ON" ] && {
if $ip6table -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports'; then
start_ipt_route ip6tables nat OUTPUT shellcrashv6_out tcp #ipv6-本机tcp转发
else
@@ -207,7 +207,7 @@ start_iptables() { #iptables配置总入口
else
logger "当前设备内核可能缺少kmod_ipt_tproxy模块支持已放弃启动相关规则" 31
fi
[ "$ipv6_redir" = "已开启" ] && {
[ "$ipv6_redir" = "ON" ] && {
if $ip6table -j TPROXY -h 2>/dev/null | grep -q '\--on-port'; then
JUMP="TPROXY --on-port $tproxy_port --tproxy-mark $fwmark" #跳转劫持的具体命令
[ "$lan_proxy" = true ] && start_ipt_route ip6tables mangle PREROUTING shellcrashv6_mark all
@@ -240,7 +240,7 @@ start_iptables() { #iptables配置总入口
else
logger "当前设备内核可能缺少x_mark模块支持已放弃启动相关规则" 31
fi
[ "$ipv6_redir" = "已开启" ] && [ "$crashcore" != clashpre ] && {
[ "$ipv6_redir" = "ON" ] && [ "$crashcore" != clashpre ] && {
if $ip6table -j MARK -h 2>/dev/null | grep -q '\--set-mark'; then
[ "$lan_proxy" = true ] && {
[ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ] && $ip6table -I FORWARD -o utun -j ACCEPT
@@ -252,13 +252,13 @@ start_iptables() { #iptables配置总入口
fi
}
}
[ "$vm_redir" = "已开启" ] && [ -n "$$vm_ipv4" ] && {
[ "$vm_redir" = "ON" ] && [ -n "$$vm_ipv4" ] && {
JUMP="REDIRECT --to-ports $redir_port" #跳转劫持的具体命令
start_ipt_dns iptables PREROUTING shellcrash_vm_dns #ipv4-局域网dns转发
start_ipt_route iptables nat PREROUTING shellcrash_vm tcp #ipv4-局域网tcp转发
}
#启动DNS劫持
[ "$dns_no" != "已禁用" -a "$dns_redir" != "已开启" -a "$firewall_area" -le 3 ] && {
[ "$dns_no" != "已禁用" -a "$dns_redir" != "ON" -a "$firewall_area" -le 3 ] && {
[ "$lan_proxy" = true ] && {
start_ipt_dns iptables PREROUTING shellcrash_dns #ipv4-局域网dns转发
if $ip6table -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports'; then
@@ -271,8 +271,8 @@ start_iptables() { #iptables配置总入口
[ "$local_proxy" = true ] && start_ipt_dns iptables OUTPUT shellcrash_dns_out #ipv4-本机dns转发
}
#屏蔽QUIC
[ "$quic_rj" = '已启用' -a "$lan_proxy" = true -a "$redir_mod" != "Redir模式" ] && {
[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" ] && {
[ "$quic_rj" = 'ON' -a "$lan_proxy" = true -a "$redir_mod" != "Redir模式" ] && {
[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "ON" ] && {
set_cn_ip='-m set ! --match-set cn_ip dst'
set_cn_ip6='-m set ! --match-set cn_ip6 dst'
}

16
scripts/starts/fw_nftables.sh
View File

@@ -10,7 +10,7 @@ add_ip6_route(){
#仅代理本机局域网网段流量
nft add rule inet shellcrash $1 ip6 saddr != {$HOST_IP6} return
#绕过CN_IPV6
[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" -a -f "$BINDIR"/cn_ipv6.txt ] && {
[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "ON" -a -f "$BINDIR"/cn_ipv6.txt ] && {
CN_IP6=$(awk '{printf "%s, ",$1}' "$BINDIR"/cn_ipv6.txt)
[ -n "$CN_IP6" ] && {
nft add set inet shellcrash cn_ip6 { type ipv6_addr \; flags interval \; }
@@ -21,7 +21,7 @@ add_ip6_route(){
}
start_nft_route() { #nftables-route通用工具
#$1:name $2:hook(prerouting/output) $3:type(nat/mangle/filter) $4:priority(-100/-150)
[ "$common_ports" = "已开启" ] && PORTS=$(echo $multiport | sed 's/,/, /g')
[ "$common_ports" = "ON" ] && PORTS=$(echo $multiport | sed 's/,/, /g')
[ "$1" = 'prerouting' ] && HOST_IP=$(echo $host_ipv4 | sed 's/ /, /g')
[ "$1" = 'output' ] && HOST_IP="127.0.0.0/8, $(echo $local_ipv4 | sed 's/ /, /g')"
[ "$1" = 'prerouting_vm' ] && HOST_IP="$(echo $vm_ipv4 | sed 's/ /, /g')"
@@ -73,7 +73,7 @@ start_nft_route() { #nftables-route通用工具
}
}
#绕过CN-IP
[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" -a -f "$BINDIR"/cn_ip.txt ] && {
[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "ON" -a -f "$BINDIR"/cn_ip.txt ] && {
CN_IP=$(awk '{printf "%s, ",$1}' "$BINDIR"/cn_ip.txt)
[ -n "$CN_IP" ] && {
nft add set inet shellcrash cn_ip { type ipv4_addr \; flags interval \; }
@@ -82,17 +82,17 @@ start_nft_route() { #nftables-route通用工具
}
}
#局域网ipv6支持
if [ "$ipv6_redir" = "已开启" -a "$1" = 'prerouting' -a "$firewall_area" != 5 ]; then
if [ "$ipv6_redir" = "ON" -a "$1" = 'prerouting' -a "$firewall_area" != 5 ]; then
HOST_IP6=$(echo $host_ipv6 | sed 's/ /, /g')
add_ip6_route "$1"
elif [ "$ipv6_redir" = "已开启" -a "$1" = 'output' -a \( "$firewall_area" = 2 -o "$firewall_area" = 3 \) ]; then
elif [ "$ipv6_redir" = "ON" -a "$1" = 'output' -a \( "$firewall_area" = 2 -o "$firewall_area" = 3 \) ]; then
HOST_IP6="::1, $(echo $host_ipv6 | sed 's/ /, /g')"
add_ip6_route "$1"
else
nft add rule inet shellcrash $1 meta nfproto ipv6 return
fi
#屏蔽quic
[ "$quic_rj" = '已启用' -a "$lan_proxy" = true ] && nft add rule inet shellcrash $1 udp dport {443, 8443} return
[ "$quic_rj" = 'ON' -a "$lan_proxy" = true ] && nft add rule inet shellcrash $1 udp dport {443, 8443} return
#添加通用路由
nft add rule inet shellcrash "$1" "$JUMP"
#处理特殊路由
@@ -163,7 +163,7 @@ start_nftables() { #nftables配置总入口
#公网访问防火墙
[ "$fw_wan" != OFF ] && [ "$systype" != 'container' ] && start_nft_wan
#启动DNS劫持
[ "$dns_no" != "已禁用" -a "$dns_redir" != "已开启" -a "$firewall_area" -le 3 ] && {
[ "$dns_no" != "已禁用" -a "$dns_redir" != "ON" -a "$firewall_area" -le 3 ] && {
[ "$lan_proxy" = true ] && start_nft_dns prerouting prerouting #局域网dns转发
[ "$local_proxy" = true ] && start_nft_dns output output #本机dns转发
}
@@ -203,7 +203,7 @@ start_nftables() { #nftables配置总入口
[ "$lan_proxy" = true ] && start_nft_route prerouting prerouting filter -150
[ "$local_proxy" = true ] && start_nft_route output output route -150
}
[ "$vm_redir" = "已开启" ] && [ -n "$$vm_ipv4" ] && {
[ "$vm_redir" = "ON" ] && [ -n "$$vm_ipv4" ] && {
start_nft_dns prerouting_vm prerouting
JUMP="meta l4proto tcp redirect to $redir_port" #跳转劫持的具体命令
start_nft_route prerouting_vm prerouting nat -100

6
scripts/starts/fw_start.sh
View File

@@ -5,9 +5,9 @@
. "$CRASHDIR"/starts/fw_getlanip.sh && getlanip
#缺省值
[ -z "$macfilter_type" ] && macfilter_type='黑名单'
[ -z "$common_ports" ] && common_ports='已开启'
[ -z "$common_ports" ] && common_ports='ON'
[ -z "$multiport" ] && multiport='22,80,143,194,443,465,587,853,993,995,5222,8080,8443'
[ "$common_ports" = "已开启" ] && ports="-m multiport --dports $multiport"
[ "$common_ports" = "ON" ] && ports="-m multiport --dports $multiport"
[ -z "$redir_mod" ] && [ "$USER" = "root" -o "$USER" = "admin" ] && redir_mod='Redir模式'
[ -z "$dns_mod" ] && dns_mod='redir_host'
[ -z "$redir_mod" ] && firewall_area='4'
@@ -31,7 +31,7 @@
[ "$redir_mod" != "Redir模式" ] && ip rule add fwmark $fwmark table $table 2>/dev/null
}
#添加ipv6路由
[ "$ipv6_redir" = "已开启" -a "$firewall_area" -le 3 ] && {
[ "$ipv6_redir" = "ON" -a "$firewall_area" -le 3 ] && {
[ "$redir_mod" = "Tproxy模式" ] && ip -6 route add local default dev lo table $((table + 1)) 2>/dev/null
[ -n "$(ip route list | grep utun)" ] && ip -6 route add default dev utun table $((table + 1)) 2>/dev/null
[ "$redir_mod" != "Redir模式" ] && ip -6 rule add fwmark $fwmark table $((table + 1)) 2>/dev/null

15
scripts/starts/fw_stop.sh
View File

@@ -7,9 +7,9 @@
. "$CRASHDIR"/libs/check_cmd.sh
. "$CRASHDIR"/starts/fw_getlanip.sh && getlanip #获取局域网host地址
#缺省值
[ -z "$common_ports" ] && common_ports='已开启'
[ -z "$common_ports" ] && common_ports='ON'
[ -z "$multiport" ] && multiport='22,80,143,194,443,465,587,853,993,995,5222,8080,8443'
[ "$common_ports" = "已开启" ] && ports="-m multiport --dports $multiport"
[ "$common_ports" = "ON" ] && ports="-m multiport --dports $multiport"
#重置iptables相关规则
ckcmd iptables && {
ckcmd iptables && iptables -h | grep -q '\-w' && iptable='iptables -w' || iptable=iptables
@@ -43,7 +43,7 @@ ckcmd iptables && {
#tun
$iptable -D FORWARD -o utun -j ACCEPT 2>/dev/null
#屏蔽QUIC
[ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" != "未开启" ] && set_cn_ip='-m set ! --match-set cn_ip dst'
[ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" != "OFF" ] && set_cn_ip='-m set ! --match-set cn_ip dst'
$iptable -D INPUT -p udp --dport 443 $set_cn_ip -j REJECT 2>/dev/null
$iptable -D FORWARD -p udp --dport 443 -o utun $set_cn_ip -j REJECT 2>/dev/null
#公网访问
@@ -93,7 +93,7 @@ ckcmd ip6tables && {
#tun
$ip6table -D FORWARD -o utun -j ACCEPT 2>/dev/null
#屏蔽QUIC
[ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" != "未开启" ] && set_cn_ip6='-m set ! --match-set cn_ip6 dst'
[ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" != "OFF" ] && set_cn_ip6='-m set ! --match-set cn_ip6 dst'
$ip6table -D INPUT -p udp --dport 443 $set_cn_ip6 -j REJECT 2>/dev/null
$ip6table -D FORWARD -p udp --dport 443 -o utun $set_cn_ip6 -j REJECT 2>/dev/null
#公网访问
@@ -120,13 +120,6 @@ ckcmd ip6tables && {
#清理ipset规则
ipset destroy cn_ip >/dev/null 2>&1
ipset destroy cn_ip6 >/dev/null 2>&1
#移除dnsmasq转发规则
[ "$dns_redir" = "已开启" ] && {
uci del dhcp.@dnsmasq[-1].server >/dev/null 2>&1
uci set dhcp.@dnsmasq[0].noresolv=0 2>/dev/null
uci commit dhcp >/dev/null 2>&1
/etc/init.d/dnsmasq restart >/dev/null 2>&1
}
#清理路由规则
ip rule del fwmark $fwmark table $table 2>/dev/null
ip route flush table $table 2>/dev/null

8
scripts/starts/singbox_modify.sh
View File

@@ -97,7 +97,7 @@ EOF
EOF
fi
#生成dns.json
[ "$ipv6_dns" != "未开启" ] && strategy='prefer_ipv4' || strategy='ipv4_only'
[ "$ipv6_dns" != "OFF" ] && strategy='prefer_ipv4' || strategy='ipv4_only'
#获取detour出口
auto_detour=$(grep -E '"type": "urltest"' -A 1 "$TMPDIR"/jsons/outbounds.json | grep '自动' | head -n 1 | sed 's/^[[:space:]]*"tag": //;s/,$//')
[ -z "$auto_detour" ] && auto_detour=$(grep -E '"type": "urltest"' -A 1 "$TMPDIR"/jsons/outbounds.json | grep '"tag":' | head -n 1 | sed 's/^[[:space:]]*"tag": //;s/,$//')
@@ -189,7 +189,7 @@ EOF
EOF
#生成add_route.json
#域名嗅探配置
[ "$sniffer" = "已启用" ] && sniffer_set='{ "action": "sniff", "timeout": "500ms" },'
[ "$sniffer" = ON ] && sniffer_set='{ "action": "sniff", "timeout": "500ms" },'
[ "$ts_service" = ON ] && tailscale_set='{ "inbound": [ "ts-ep" ], "port": 53, "action": "hijack-dns" },'
cat >"$TMPDIR"/jsons/add_route.json <<EOF
{
@@ -257,7 +257,7 @@ EOF
. "$CRASHDIR"/libs/sb_inbounds.sh
}
if [ "$redir_mod" = "混合模式" -o "$redir_mod" = "Tun模式" ]; then
[ "ipv6_redir" = '已开启' ] && ipv6_address='"fe80::e5c5:2469:d09b:609a/64",'
[ "ipv6_redir" = 'ON' ] && ipv6_address='"fe80::e5c5:2469:d09b:609a/64",'
cat >>"$TMPDIR"/jsons/tun.json <<EOF
{
"inbounds": [
@@ -336,7 +336,7 @@ EOF
sed -i '/"process_name": "[^"]*",/d' "$TMPDIR"/jsons/route.json
sed -i 's/"auto_detect_interface": true/"auto_detect_interface": false/g' "$TMPDIR"/jsons/route.json
#跳过本地tls证书验证
if [ "$skip_cert" != "未开启" ]; then
if [ "$skip_cert" != "OFF" ]; then
sed -i 's/"insecure": false/"insecure": true/' "$TMPDIR"/jsons/outbounds.json "$TMPDIR"/jsons/providers.json 2>/dev/null
else
sed -i 's/"insecure": true/"insecure": false/' "$TMPDIR"/jsons/outbounds.json "$TMPDIR"/jsons/providers.json 2>/dev/null

2
scripts/starts/start_error.sh
View File

@@ -1,5 +1,5 @@
if [ "$start_old" != "已开启" ] && ckcmd journalctl; then
if [ "$start_old" != "ON" ] && ckcmd journalctl; then
journalctl -u shellcrash >"$TMPDIR"/core_test.log
else
PID=$(pidof CrashCore) && [ -n "$PID" ] && kill -9 "$PID" >/dev/null 2>&1