mirror of
https://github.com/juewuy/ShellCrash.git
synced 2026-03-10 23:41:22 +00:00
~改为统一使用ON/OFF来表示功能开启关闭状态
This commit is contained in:
juewuy
@@ -18,7 +18,7 @@
|
||||
#设置循环检测面板端口以判定服务启动是否成功
|
||||
. "$CRASHDIR"/libs/start_wait.sh
|
||||
if [ -n "$test" -o -n "$(pidof CrashCore)" ]; then
|
||||
[ "$start_old" = "已开启" ] && [ ! -L "$TMPDIR"/CrashCore ] && rm -f "$TMPDIR"/CrashCore #删除缓存目录内核文件
|
||||
[ "$start_old" = "ON" ] && [ ! -L "$TMPDIR"/CrashCore ] && rm -f "$TMPDIR"/CrashCore #删除缓存目录内核文件
|
||||
. "$CRASHDIR"/starts/fw_start.sh #配置防火墙流量劫持
|
||||
date +%s >"$TMPDIR"/crash_start_time #标记启动时间
|
||||
#TG机器人守护进程
|
||||
@@ -42,7 +42,7 @@ if [ -n "$test" -o -n "$(pidof CrashCore)" ]; then
|
||||
cronset '2fjdi124dd12s' "$line"
|
||||
done <"$CRASHDIR"/task/running
|
||||
}
|
||||
[ "$start_old" = "已开启" ] && cronset '保守模式守护进程' "* * * * * /bin/sh $CRASHDIR/starts/start_legacy_wd.sh shellcrash #ShellCrash保守模式守护进程"
|
||||
[ "$start_old" = "ON" ] && cronset '保守模式守护进程' "* * * * * /bin/sh $CRASHDIR/starts/start_legacy_wd.sh shellcrash #ShellCrash保守模式守护进程"
|
||||
#加载条件任务
|
||||
[ -s "$CRASHDIR"/task/afstart ] && { . "$CRASHDIR"/task/afstart; } &
|
||||
[ -s "$CRASHDIR"/task/affirewall -a -s /etc/init.d/firewall -a ! -f /etc/init.d/firewall.bak ] && {
|
||||
|
||||
@@ -71,7 +71,7 @@ EOF
|
||||
|
||||
routing_mark=$((fwmark + 2))
|
||||
#检测网络连接
|
||||
[ "$network_check" != "已禁用" ] && [ ! -f "$TMPDIR"/crash_start_time ] && ckcmd ping && . "$CRASHDIR"/starts/check_network.sh && check_network
|
||||
[ "$network_check" != "OFF" ] && [ ! -f "$TMPDIR"/crash_start_time ] && ckcmd ping && . "$CRASHDIR"/starts/check_network.sh && check_network
|
||||
[ ! -d "$BINDIR"/ui ] && mkdir -p "$BINDIR"/ui
|
||||
[ -z "$crashcore" ] && crashcore=meta
|
||||
#执行条件任务
|
||||
@@ -110,11 +110,11 @@ else
|
||||
fi
|
||||
fi
|
||||
#检查下载cnip绕过相关文件
|
||||
[ "$cn_ip_route" = "已开启" ] && [ "$dns_mod" != "fake-ip" ] && {
|
||||
[ "$cn_ip_route" = "ON" ] && [ "$dns_mod" != "fake-ip" ] && {
|
||||
[ "$firewall_mod" = nftables ] || ckcmd ipset && {
|
||||
. "$CRASHDIR"/starts/check_cnip.sh
|
||||
ck_cn_ipv4
|
||||
[ "$ipv6_redir" = "已开启" ] && ck_cn_ipv6
|
||||
[ "$ipv6_redir" = "ON" ] && ck_cn_ipv6
|
||||
}
|
||||
}
|
||||
#添加shellcrash用户
|
||||
|
||||
@@ -13,6 +13,6 @@ check_core() { #检查及下载内核文件
|
||||
core_webget || logger "核心下载失败,请重新运行或更换安装源!" 31
|
||||
}
|
||||
[ ! -x "$TMPDIR"/CrashCore ] && chmod +x "$TMPDIR"/CrashCore 2>/dev/null #自动授权
|
||||
[ "$start_old" != "已开启" -a "$(cat /proc/1/comm)" = "systemd" ] && restorecon -RF "$CRASHDIR" 2>/dev/null #修复SELinux权限问题
|
||||
[ "$start_old" != "ON" -a "$(cat /proc/1/comm)" = "systemd" ] && restorecon -RF "$CRASHDIR" 2>/dev/null #修复SELinux权限问题
|
||||
return 0
|
||||
}
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
#修饰clash配置文件
|
||||
modify_yaml() {
|
||||
##########需要变更的配置###########
|
||||
[ "$ipv6_dns" != "未开启" ] && dns_v6='true' || dns_v6='false'
|
||||
[ "$ipv6_dns" != "OFF" ] && dns_v6='true' || dns_v6='false'
|
||||
external="external-controller: 0.0.0.0:$db_port"
|
||||
if [ "$redir_mod" = "混合模式" -o "$redir_mod" = "Tun模式" ]; then
|
||||
[ "$crashcore" = 'meta' ] && tun_meta=', device: utun, auto-route: false, auto-detect-interface: false'
|
||||
@@ -55,8 +55,8 @@ EOF
|
||||
fi
|
||||
}
|
||||
#域名嗅探配置
|
||||
[ "$sniffer" = "已启用" ] && [ "$crashcore" = "meta" ] && sniffer_set="sniffer: {enable: true, parse-pure-ip: true, skip-domain: [Mijia Cloud], sniff: {http: {ports: [80, 8080-8880], override-destination: true}, tls: {ports: [443, 8443]}, quic: {ports: [443, 8443]}}}"
|
||||
[ "$crashcore" = "clashpre" ] && [ "$dns_mod" = "redir_host" -o "$sniffer" = "已启用" ] && exper="experimental: {ignore-resolve-fail: true, interface-name: en0,sniff-tls-sni: true}"
|
||||
[ "$sniffer" = "ON" ] && [ "$crashcore" = "meta" ] && sniffer_set="sniffer: {enable: true, parse-pure-ip: true, skip-domain: [Mijia Cloud], sniff: {http: {ports: [80, 8080-8880], override-destination: true}, tls: {ports: [443, 8443]}, quic: {ports: [443, 8443]}}}"
|
||||
[ "$crashcore" = "clashpre" ] && [ "$dns_mod" = "redir_host" -o "$sniffer" = "ON" ] && exper="experimental: {ignore-resolve-fail: true, interface-name: en0,sniff-tls-sni: true}"
|
||||
#生成set.yaml
|
||||
cat >"$TMPDIR"/set.yaml <<EOF
|
||||
mixed-port: $mix_port
|
||||
@@ -108,7 +108,7 @@ EOF
|
||||
sed -n "/^$char:/,/^[a-z]/ { /^[a-z]/d; p; }" $core_config >"$TMPDIR"/${char}.yaml
|
||||
done
|
||||
#跳过本地tls证书验证
|
||||
[ "$skip_cert" != "未开启" ] && sed -i 's/skip-cert-verify: false/skip-cert-verify: true/' "$TMPDIR"/proxies.yaml ||
|
||||
[ "$skip_cert" != "OFF" ] && sed -i 's/skip-cert-verify: false/skip-cert-verify: true/' "$TMPDIR"/proxies.yaml ||
|
||||
sed -i 's/skip-cert-verify: true/skip-cert-verify: false/' "$TMPDIR"/proxies.yaml
|
||||
#插入自定义策略组
|
||||
sed -i "/#自定义策略组开始/,/#自定义策略组结束/d" "$TMPDIR"/proxy-groups.yaml
|
||||
@@ -168,7 +168,7 @@ EOF
|
||||
}
|
||||
#节点绕过功能支持
|
||||
sed -i "/#节点绕过/d" "$TMPDIR"/rules.yaml
|
||||
[ "$proxies_bypass" = "已启用" ] && {
|
||||
[ "$proxies_bypass" = "ON" ] && {
|
||||
cat "$TMPDIR"/proxies.yaml | sed '/^proxy-/,$d' | sed '/^rule-/,$d' | grep -v '^\s*#' | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | awk '!a[$0]++' | sed 's/^/\ -\ IP-CIDR,/g' | sed 's|$|/32,DIRECT,no-resolve #节点绕过|g' >>"$TMPDIR"/proxies_bypass
|
||||
cat "$TMPDIR"/proxies.yaml | sed '/^proxy-/,$d' | sed '/^rule-/,$d' | grep -v '^\s*#' | grep -vE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -oE '[a-zA-Z0-9][-a-zA-Z0-9]{0,62}(\.[a-zA-Z0-9][-a-zA-Z0-9]{0,62})+\.?' | awk '!a[$0]++' | sed 's/^/\ -\ DOMAIN,/g' | sed 's/$/,DIRECT #节点绕过/g' >>"$TMPDIR"/proxies_bypass
|
||||
cat "$TMPDIR"/rules.yaml >>"$TMPDIR"/proxies_bypass
|
||||
|
||||
@@ -3,14 +3,14 @@ getlanip() { #获取局域网host地址
|
||||
i=1
|
||||
while [ "$i" -le "20" ]; do
|
||||
host_ipv4=$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep 'brd' | grep -Ev 'utun|iot|peer|docker|podman|virbr|vnet|ovs|vmbr|veth|vmnic|vboxnet|lxcbr|xenbr|vEthernet' | grep -E ' 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/br.*$//g' | sed 's/metric.*$//g') #ipv4局域网网段
|
||||
[ "$ipv6_redir" = "已开启" ] && host_ipv6=$(ip a 2>&1 | grep -w 'inet6' | grep -E 'global' | sed 's/.*inet6.//g' | sed 's/scope.*$//g') #ipv6公网地址段
|
||||
[ "$ipv6_redir" = "ON" ] && host_ipv6=$(ip a 2>&1 | grep -w 'inet6' | grep -E 'global' | sed 's/.*inet6.//g' | sed 's/scope.*$//g') #ipv6公网地址段
|
||||
[ -f "$TMPDIR"/ShellCrash.log ] && break
|
||||
[ -n "$host_ipv4" -a "$ipv6_redir" != "已开启" ] && break
|
||||
[ -n "$host_ipv4" -a "$ipv6_redir" != "ON" ] && break
|
||||
[ -n "$host_ipv4" -a -n "$host_ipv6" ] && break
|
||||
sleep 1 && i=$((i + 1))
|
||||
done
|
||||
#添加自定义ipv4局域网网段
|
||||
if [ "$replace_default_host_ipv4" == "已启用" ]; then
|
||||
if [ "$replace_default_host_ipv4" == "ON" ]; then
|
||||
host_ipv4="$cust_host_ipv4"
|
||||
else
|
||||
host_ipv4="$host_ipv4$cust_host_ipv4"
|
||||
|
||||
@@ -34,8 +34,8 @@ start_ipt_route() { #iptables-route通用工具
|
||||
"$1" $w -t "$2" -A "$4" -d $ip -j RETURN
|
||||
done
|
||||
#绕过CN_IP
|
||||
[ "$1" = iptables ] && [ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" = "已开启" ] && [ -f "$BINDIR"/cn_ip.txt ] && "$1" $w -t "$2" -A "$4" -m set --match-set cn_ip dst -j RETURN 2>/dev/null
|
||||
[ "$1" = ip6tables ] && [ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" = "已开启" ] && [ -f "$BINDIR"/cn_ipv6.txt ] && "$1" $w -t "$2" -A "$4" -m set --match-set cn_ip6 dst -j RETURN 2>/dev/null
|
||||
[ "$1" = iptables ] && [ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" = "ON" ] && [ -f "$BINDIR"/cn_ip.txt ] && "$1" $w -t "$2" -A "$4" -m set --match-set cn_ip dst -j RETURN 2>/dev/null
|
||||
[ "$1" = ip6tables ] && [ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" = "ON" ] && [ -f "$BINDIR"/cn_ipv6.txt ] && "$1" $w -t "$2" -A "$4" -m set --match-set cn_ip6 dst -j RETURN 2>/dev/null
|
||||
#局域网mac地址黑名单过滤
|
||||
[ "$3" = 'PREROUTING' ] && [ "$macfilter_type" != "白名单" ] && {
|
||||
[ -s "$CRASHDIR"/configs/mac ] &&
|
||||
@@ -65,8 +65,8 @@ start_ipt_route() { #iptables-route通用工具
|
||||
fi
|
||||
#将所在链指定流量指向shellcrash表
|
||||
"$1" $w -t "$2" -I "$3" -p "$5" $ports -j "$4"
|
||||
[ "$dns_mod" = "mix" -o "$dns_mod" = "fake-ip" ] && [ "$common_ports" = "已开启" ] && [ "$1" = iptables ] && "$1" $w -t "$2" -I "$3" -p "$5" -d 28.0.0.0/8 -j "$4"
|
||||
[ "$dns_mod" = "mix" -o "$dns_mod" = "fake-ip" ] && [ "$common_ports" = "已开启" ] && [ "$1" = ip6tables ] && "$1" $w -t "$2" -I "$3" -p "$5" -d fc00::/16 -j "$4"
|
||||
[ "$dns_mod" = "mix" -o "$dns_mod" = "fake-ip" ] && [ "$common_ports" = "ON" ] && [ "$1" = iptables ] && "$1" $w -t "$2" -I "$3" -p "$5" -d 28.0.0.0/8 -j "$4"
|
||||
[ "$dns_mod" = "mix" -o "$dns_mod" = "fake-ip" ] && [ "$common_ports" = "ON" ] && [ "$1" = ip6tables ] && "$1" $w -t "$2" -I "$3" -p "$5" -d fc00::/16 -j "$4"
|
||||
}
|
||||
[ "$5" = "tcp" -o "$5" = "all" ] && proxy_set "$1" "$2" "$3" "$4" tcp
|
||||
[ "$5" = "udp" -o "$5" = "all" ] && proxy_set "$1" "$2" "$3" "$4" udp
|
||||
@@ -170,7 +170,7 @@ start_iptables() { #iptables配置总入口
|
||||
JUMP="REDIRECT --to-ports $redir_port" #跳转劫持的具体命令
|
||||
[ "$lan_proxy" = true ] && {
|
||||
start_ipt_route iptables nat PREROUTING shellcrash tcp #ipv4-局域网tcp转发
|
||||
[ "$ipv6_redir" = "已开启" ] && {
|
||||
[ "$ipv6_redir" = "ON" ] && {
|
||||
if $ip6table -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports'; then
|
||||
start_ipt_route ip6tables nat PREROUTING shellcrashv6 tcp #ipv6-局域网tcp转发
|
||||
else
|
||||
@@ -180,7 +180,7 @@ start_iptables() { #iptables配置总入口
|
||||
}
|
||||
[ "$local_proxy" = true ] && {
|
||||
start_ipt_route iptables nat OUTPUT shellcrash_out tcp #ipv4-本机tcp转发
|
||||
[ "$ipv6_redir" = "已开启" ] && {
|
||||
[ "$ipv6_redir" = "ON" ] && {
|
||||
if $ip6table -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports'; then
|
||||
start_ipt_route ip6tables nat OUTPUT shellcrashv6_out tcp #ipv6-本机tcp转发
|
||||
else
|
||||
@@ -207,7 +207,7 @@ start_iptables() { #iptables配置总入口
|
||||
else
|
||||
logger "当前设备内核可能缺少kmod_ipt_tproxy模块支持,已放弃启动相关规则!" 31
|
||||
fi
|
||||
[ "$ipv6_redir" = "已开启" ] && {
|
||||
[ "$ipv6_redir" = "ON" ] && {
|
||||
if $ip6table -j TPROXY -h 2>/dev/null | grep -q '\--on-port'; then
|
||||
JUMP="TPROXY --on-port $tproxy_port --tproxy-mark $fwmark" #跳转劫持的具体命令
|
||||
[ "$lan_proxy" = true ] && start_ipt_route ip6tables mangle PREROUTING shellcrashv6_mark all
|
||||
@@ -240,7 +240,7 @@ start_iptables() { #iptables配置总入口
|
||||
else
|
||||
logger "当前设备内核可能缺少x_mark模块支持,已放弃启动相关规则!" 31
|
||||
fi
|
||||
[ "$ipv6_redir" = "已开启" ] && [ "$crashcore" != clashpre ] && {
|
||||
[ "$ipv6_redir" = "ON" ] && [ "$crashcore" != clashpre ] && {
|
||||
if $ip6table -j MARK -h 2>/dev/null | grep -q '\--set-mark'; then
|
||||
[ "$lan_proxy" = true ] && {
|
||||
[ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ] && $ip6table -I FORWARD -o utun -j ACCEPT
|
||||
@@ -252,13 +252,13 @@ start_iptables() { #iptables配置总入口
|
||||
fi
|
||||
}
|
||||
}
|
||||
[ "$vm_redir" = "已开启" ] && [ -n "$$vm_ipv4" ] && {
|
||||
[ "$vm_redir" = "ON" ] && [ -n "$$vm_ipv4" ] && {
|
||||
JUMP="REDIRECT --to-ports $redir_port" #跳转劫持的具体命令
|
||||
start_ipt_dns iptables PREROUTING shellcrash_vm_dns #ipv4-局域网dns转发
|
||||
start_ipt_route iptables nat PREROUTING shellcrash_vm tcp #ipv4-局域网tcp转发
|
||||
}
|
||||
#启动DNS劫持
|
||||
[ "$dns_no" != "已禁用" -a "$dns_redir" != "已开启" -a "$firewall_area" -le 3 ] && {
|
||||
[ "$dns_no" != "已禁用" -a "$dns_redir" != "ON" -a "$firewall_area" -le 3 ] && {
|
||||
[ "$lan_proxy" = true ] && {
|
||||
start_ipt_dns iptables PREROUTING shellcrash_dns #ipv4-局域网dns转发
|
||||
if $ip6table -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports'; then
|
||||
@@ -271,8 +271,8 @@ start_iptables() { #iptables配置总入口
|
||||
[ "$local_proxy" = true ] && start_ipt_dns iptables OUTPUT shellcrash_dns_out #ipv4-本机dns转发
|
||||
}
|
||||
#屏蔽QUIC
|
||||
[ "$quic_rj" = '已启用' -a "$lan_proxy" = true -a "$redir_mod" != "Redir模式" ] && {
|
||||
[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" ] && {
|
||||
[ "$quic_rj" = 'ON' -a "$lan_proxy" = true -a "$redir_mod" != "Redir模式" ] && {
|
||||
[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "ON" ] && {
|
||||
set_cn_ip='-m set ! --match-set cn_ip dst'
|
||||
set_cn_ip6='-m set ! --match-set cn_ip6 dst'
|
||||
}
|
||||
|
||||
@@ -10,7 +10,7 @@ add_ip6_route(){
|
||||
#仅代理本机局域网网段流量
|
||||
nft add rule inet shellcrash $1 ip6 saddr != {$HOST_IP6} return
|
||||
#绕过CN_IPV6
|
||||
[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" -a -f "$BINDIR"/cn_ipv6.txt ] && {
|
||||
[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "ON" -a -f "$BINDIR"/cn_ipv6.txt ] && {
|
||||
CN_IP6=$(awk '{printf "%s, ",$1}' "$BINDIR"/cn_ipv6.txt)
|
||||
[ -n "$CN_IP6" ] && {
|
||||
nft add set inet shellcrash cn_ip6 { type ipv6_addr \; flags interval \; }
|
||||
@@ -21,7 +21,7 @@ add_ip6_route(){
|
||||
}
|
||||
start_nft_route() { #nftables-route通用工具
|
||||
#$1:name $2:hook(prerouting/output) $3:type(nat/mangle/filter) $4:priority(-100/-150)
|
||||
[ "$common_ports" = "已开启" ] && PORTS=$(echo $multiport | sed 's/,/, /g')
|
||||
[ "$common_ports" = "ON" ] && PORTS=$(echo $multiport | sed 's/,/, /g')
|
||||
[ "$1" = 'prerouting' ] && HOST_IP=$(echo $host_ipv4 | sed 's/ /, /g')
|
||||
[ "$1" = 'output' ] && HOST_IP="127.0.0.0/8, $(echo $local_ipv4 | sed 's/ /, /g')"
|
||||
[ "$1" = 'prerouting_vm' ] && HOST_IP="$(echo $vm_ipv4 | sed 's/ /, /g')"
|
||||
@@ -73,7 +73,7 @@ start_nft_route() { #nftables-route通用工具
|
||||
}
|
||||
}
|
||||
#绕过CN-IP
|
||||
[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" -a -f "$BINDIR"/cn_ip.txt ] && {
|
||||
[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "ON" -a -f "$BINDIR"/cn_ip.txt ] && {
|
||||
CN_IP=$(awk '{printf "%s, ",$1}' "$BINDIR"/cn_ip.txt)
|
||||
[ -n "$CN_IP" ] && {
|
||||
nft add set inet shellcrash cn_ip { type ipv4_addr \; flags interval \; }
|
||||
@@ -82,17 +82,17 @@ start_nft_route() { #nftables-route通用工具
|
||||
}
|
||||
}
|
||||
#局域网ipv6支持
|
||||
if [ "$ipv6_redir" = "已开启" -a "$1" = 'prerouting' -a "$firewall_area" != 5 ]; then
|
||||
if [ "$ipv6_redir" = "ON" -a "$1" = 'prerouting' -a "$firewall_area" != 5 ]; then
|
||||
HOST_IP6=$(echo $host_ipv6 | sed 's/ /, /g')
|
||||
add_ip6_route "$1"
|
||||
elif [ "$ipv6_redir" = "已开启" -a "$1" = 'output' -a \( "$firewall_area" = 2 -o "$firewall_area" = 3 \) ]; then
|
||||
elif [ "$ipv6_redir" = "ON" -a "$1" = 'output' -a \( "$firewall_area" = 2 -o "$firewall_area" = 3 \) ]; then
|
||||
HOST_IP6="::1, $(echo $host_ipv6 | sed 's/ /, /g')"
|
||||
add_ip6_route "$1"
|
||||
else
|
||||
nft add rule inet shellcrash $1 meta nfproto ipv6 return
|
||||
fi
|
||||
#屏蔽quic
|
||||
[ "$quic_rj" = '已启用' -a "$lan_proxy" = true ] && nft add rule inet shellcrash $1 udp dport {443, 8443} return
|
||||
[ "$quic_rj" = 'ON' -a "$lan_proxy" = true ] && nft add rule inet shellcrash $1 udp dport {443, 8443} return
|
||||
#添加通用路由
|
||||
nft add rule inet shellcrash "$1" "$JUMP"
|
||||
#处理特殊路由
|
||||
@@ -163,7 +163,7 @@ start_nftables() { #nftables配置总入口
|
||||
#公网访问防火墙
|
||||
[ "$fw_wan" != OFF ] && [ "$systype" != 'container' ] && start_nft_wan
|
||||
#启动DNS劫持
|
||||
[ "$dns_no" != "已禁用" -a "$dns_redir" != "已开启" -a "$firewall_area" -le 3 ] && {
|
||||
[ "$dns_no" != "已禁用" -a "$dns_redir" != "ON" -a "$firewall_area" -le 3 ] && {
|
||||
[ "$lan_proxy" = true ] && start_nft_dns prerouting prerouting #局域网dns转发
|
||||
[ "$local_proxy" = true ] && start_nft_dns output output #本机dns转发
|
||||
}
|
||||
@@ -203,7 +203,7 @@ start_nftables() { #nftables配置总入口
|
||||
[ "$lan_proxy" = true ] && start_nft_route prerouting prerouting filter -150
|
||||
[ "$local_proxy" = true ] && start_nft_route output output route -150
|
||||
}
|
||||
[ "$vm_redir" = "已开启" ] && [ -n "$$vm_ipv4" ] && {
|
||||
[ "$vm_redir" = "ON" ] && [ -n "$$vm_ipv4" ] && {
|
||||
start_nft_dns prerouting_vm prerouting
|
||||
JUMP="meta l4proto tcp redirect to $redir_port" #跳转劫持的具体命令
|
||||
start_nft_route prerouting_vm prerouting nat -100
|
||||
|
||||
@@ -5,9 +5,9 @@
|
||||
. "$CRASHDIR"/starts/fw_getlanip.sh && getlanip
|
||||
#缺省值
|
||||
[ -z "$macfilter_type" ] && macfilter_type='黑名单'
|
||||
[ -z "$common_ports" ] && common_ports='已开启'
|
||||
[ -z "$common_ports" ] && common_ports='ON'
|
||||
[ -z "$multiport" ] && multiport='22,80,143,194,443,465,587,853,993,995,5222,8080,8443'
|
||||
[ "$common_ports" = "已开启" ] && ports="-m multiport --dports $multiport"
|
||||
[ "$common_ports" = "ON" ] && ports="-m multiport --dports $multiport"
|
||||
[ -z "$redir_mod" ] && [ "$USER" = "root" -o "$USER" = "admin" ] && redir_mod='Redir模式'
|
||||
[ -z "$dns_mod" ] && dns_mod='redir_host'
|
||||
[ -z "$redir_mod" ] && firewall_area='4'
|
||||
@@ -31,7 +31,7 @@
|
||||
[ "$redir_mod" != "Redir模式" ] && ip rule add fwmark $fwmark table $table 2>/dev/null
|
||||
}
|
||||
#添加ipv6路由
|
||||
[ "$ipv6_redir" = "已开启" -a "$firewall_area" -le 3 ] && {
|
||||
[ "$ipv6_redir" = "ON" -a "$firewall_area" -le 3 ] && {
|
||||
[ "$redir_mod" = "Tproxy模式" ] && ip -6 route add local default dev lo table $((table + 1)) 2>/dev/null
|
||||
[ -n "$(ip route list | grep utun)" ] && ip -6 route add default dev utun table $((table + 1)) 2>/dev/null
|
||||
[ "$redir_mod" != "Redir模式" ] && ip -6 rule add fwmark $fwmark table $((table + 1)) 2>/dev/null
|
||||
|
||||
@@ -7,9 +7,9 @@
|
||||
. "$CRASHDIR"/libs/check_cmd.sh
|
||||
. "$CRASHDIR"/starts/fw_getlanip.sh && getlanip #获取局域网host地址
|
||||
#缺省值
|
||||
[ -z "$common_ports" ] && common_ports='已开启'
|
||||
[ -z "$common_ports" ] && common_ports='ON'
|
||||
[ -z "$multiport" ] && multiport='22,80,143,194,443,465,587,853,993,995,5222,8080,8443'
|
||||
[ "$common_ports" = "已开启" ] && ports="-m multiport --dports $multiport"
|
||||
[ "$common_ports" = "ON" ] && ports="-m multiport --dports $multiport"
|
||||
#重置iptables相关规则
|
||||
ckcmd iptables && {
|
||||
ckcmd iptables && iptables -h | grep -q '\-w' && iptable='iptables -w' || iptable=iptables
|
||||
@@ -43,7 +43,7 @@ ckcmd iptables && {
|
||||
#tun
|
||||
$iptable -D FORWARD -o utun -j ACCEPT 2>/dev/null
|
||||
#屏蔽QUIC
|
||||
[ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" != "未开启" ] && set_cn_ip='-m set ! --match-set cn_ip dst'
|
||||
[ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" != "OFF" ] && set_cn_ip='-m set ! --match-set cn_ip dst'
|
||||
$iptable -D INPUT -p udp --dport 443 $set_cn_ip -j REJECT 2>/dev/null
|
||||
$iptable -D FORWARD -p udp --dport 443 -o utun $set_cn_ip -j REJECT 2>/dev/null
|
||||
#公网访问
|
||||
@@ -93,7 +93,7 @@ ckcmd ip6tables && {
|
||||
#tun
|
||||
$ip6table -D FORWARD -o utun -j ACCEPT 2>/dev/null
|
||||
#屏蔽QUIC
|
||||
[ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" != "未开启" ] && set_cn_ip6='-m set ! --match-set cn_ip6 dst'
|
||||
[ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" != "OFF" ] && set_cn_ip6='-m set ! --match-set cn_ip6 dst'
|
||||
$ip6table -D INPUT -p udp --dport 443 $set_cn_ip6 -j REJECT 2>/dev/null
|
||||
$ip6table -D FORWARD -p udp --dport 443 -o utun $set_cn_ip6 -j REJECT 2>/dev/null
|
||||
#公网访问
|
||||
@@ -120,13 +120,6 @@ ckcmd ip6tables && {
|
||||
#清理ipset规则
|
||||
ipset destroy cn_ip >/dev/null 2>&1
|
||||
ipset destroy cn_ip6 >/dev/null 2>&1
|
||||
#移除dnsmasq转发规则
|
||||
[ "$dns_redir" = "已开启" ] && {
|
||||
uci del dhcp.@dnsmasq[-1].server >/dev/null 2>&1
|
||||
uci set dhcp.@dnsmasq[0].noresolv=0 2>/dev/null
|
||||
uci commit dhcp >/dev/null 2>&1
|
||||
/etc/init.d/dnsmasq restart >/dev/null 2>&1
|
||||
}
|
||||
#清理路由规则
|
||||
ip rule del fwmark $fwmark table $table 2>/dev/null
|
||||
ip route flush table $table 2>/dev/null
|
||||
|
||||
@@ -97,7 +97,7 @@ EOF
|
||||
EOF
|
||||
fi
|
||||
#生成dns.json
|
||||
[ "$ipv6_dns" != "未开启" ] && strategy='prefer_ipv4' || strategy='ipv4_only'
|
||||
[ "$ipv6_dns" != "OFF" ] && strategy='prefer_ipv4' || strategy='ipv4_only'
|
||||
#获取detour出口
|
||||
auto_detour=$(grep -E '"type": "urltest"' -A 1 "$TMPDIR"/jsons/outbounds.json | grep '自动' | head -n 1 | sed 's/^[[:space:]]*"tag": //;s/,$//')
|
||||
[ -z "$auto_detour" ] && auto_detour=$(grep -E '"type": "urltest"' -A 1 "$TMPDIR"/jsons/outbounds.json | grep '"tag":' | head -n 1 | sed 's/^[[:space:]]*"tag": //;s/,$//')
|
||||
@@ -189,7 +189,7 @@ EOF
|
||||
EOF
|
||||
#生成add_route.json
|
||||
#域名嗅探配置
|
||||
[ "$sniffer" = "已启用" ] && sniffer_set='{ "action": "sniff", "timeout": "500ms" },'
|
||||
[ "$sniffer" = ON ] && sniffer_set='{ "action": "sniff", "timeout": "500ms" },'
|
||||
[ "$ts_service" = ON ] && tailscale_set='{ "inbound": [ "ts-ep" ], "port": 53, "action": "hijack-dns" },'
|
||||
cat >"$TMPDIR"/jsons/add_route.json <<EOF
|
||||
{
|
||||
@@ -257,7 +257,7 @@ EOF
|
||||
. "$CRASHDIR"/libs/sb_inbounds.sh
|
||||
}
|
||||
if [ "$redir_mod" = "混合模式" -o "$redir_mod" = "Tun模式" ]; then
|
||||
[ "ipv6_redir" = '已开启' ] && ipv6_address='"fe80::e5c5:2469:d09b:609a/64",'
|
||||
[ "ipv6_redir" = 'ON' ] && ipv6_address='"fe80::e5c5:2469:d09b:609a/64",'
|
||||
cat >>"$TMPDIR"/jsons/tun.json <<EOF
|
||||
{
|
||||
"inbounds": [
|
||||
@@ -336,7 +336,7 @@ EOF
|
||||
sed -i '/"process_name": "[^"]*",/d' "$TMPDIR"/jsons/route.json
|
||||
sed -i 's/"auto_detect_interface": true/"auto_detect_interface": false/g' "$TMPDIR"/jsons/route.json
|
||||
#跳过本地tls证书验证
|
||||
if [ "$skip_cert" != "未开启" ]; then
|
||||
if [ "$skip_cert" != "OFF" ]; then
|
||||
sed -i 's/"insecure": false/"insecure": true/' "$TMPDIR"/jsons/outbounds.json "$TMPDIR"/jsons/providers.json 2>/dev/null
|
||||
else
|
||||
sed -i 's/"insecure": true/"insecure": false/' "$TMPDIR"/jsons/outbounds.json "$TMPDIR"/jsons/providers.json 2>/dev/null
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
|
||||
if [ "$start_old" != "已开启" ] && ckcmd journalctl; then
|
||||
if [ "$start_old" != "ON" ] && ckcmd journalctl; then
|
||||
journalctl -u shellcrash >"$TMPDIR"/core_test.log
|
||||
else
|
||||
PID=$(pidof CrashCore) && [ -n "$PID" ] && kill -9 "$PID" >/dev/null 2>&1
|
||||
|
||||
Reference in New Issue
Block a user