xm/ShellCrash
1
0
Fork 0
mirror of https://github.com/juewuy/ShellCrash.git synced 2026-03-12 08:21:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

~改为统一使用ON/OFF来表示功能开启关闭状态

Browse Source
This commit is contained in:
juewuy
2026-01-07 10:16:39 +08:00
parent 098a70c067
commit f46cdade4d
18 changed files with 127 additions and 132 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
scripts/init.sh
View File

@@ -163,7 +163,7 @@ fi
setconfig firewall_area '1' setconfig firewall_area '1'
setconfig firewall_mod 'nftables' setconfig firewall_mod 'nftables'
setconfig release_type 'master' setconfig release_type 'master'
setconfig start_old '未开启' setconfig start_old 'OFF'
echo "$CRASHDIR/menu.sh" >> /etc/profile echo "$CRASHDIR/menu.sh" >> /etc/profile
cat > /usr/bin/crash <<'EOF' cat > /usr/bin/crash <<'EOF'
#!/bin/sh #!/bin/sh
@@ -226,6 +226,8 @@ sed -i "s/redir_mod=Nft基础/redir_mod=Redir模式/g" "$CFG_PATH"
sed -i "s/redir_mod=Nft混合/redir_mod=Tproxy模式/g" "$CFG_PATH" sed -i "s/redir_mod=Nft混合/redir_mod=Tproxy模式/g" "$CFG_PATH"
sed -i "s/redir_mod=Tproxy混合/redir_mod=Tproxy模式/g" "$CFG_PATH" sed -i "s/redir_mod=Tproxy混合/redir_mod=Tproxy模式/g" "$CFG_PATH"
sed -i "s/redir_mod=纯净模式/firewall_area=4/g" "$CFG_PATH" sed -i "s/redir_mod=纯净模式/firewall_area=4/g" "$CFG_PATH"
sed -i "s/hosts_opt=未启用/hosts_opt=OFF/g" "$CFG_PATH" #变量统一使用ON/OFF
sed -i 's/=\(已启用\|已开启\)$/=ON/' "$CFG_PATH"
sed -i 's/=\(未启用\|未开启\)$/=OFF/' "$CFG_PATH"
echo -e "\033[32m脚本初始化完成,请输入\033[30;47m $my_alias \033[0;33m命令开始使用\033[0m" echo -e "\033[32m脚本初始化完成,请输入\033[30;47m $my_alias \033[0;33m命令开始使用\033[0m"

2
scripts/libs/check_autostart.sh
View File

@@ -1,5 +1,5 @@
check_autostart(){ check_autostart(){
if [ "$start_old" = "已开启" ];then if [ "$start_old" = ON ];then
[ ! -f "$CRASHDIR"/.dis_startup ] && return 0 [ ! -f "$CRASHDIR"/.dis_startup ] && return 0
elif [ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ]; then elif [ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ]; then
[ -n "$(find /etc/rc.d -name '*shellcrash')" ] && return 0 [ -n "$(find /etc/rc.d -name '*shellcrash')" ] && return 0

76
scripts/menus/2_settings.sh
View File

@@ -6,8 +6,8 @@ __IS_MODULE_2_SETTINGS_LOADED=1
settings() { #功能设置 settings() { #功能设置
#获取设置默认显示 #获取设置默认显示
[ -z "$skip_cert" ] && skip_cert=已开启 [ -z "$skip_cert" ] && skip_cert=ON
[ -z "$sniffer" ] && sniffer=未启用 [ -z "$sniffer" ] && sniffer=OFF
[ -z "$dns_mod" ] && dns_mod='redir_host' [ -z "$dns_mod" ] && dns_mod='redir_host'
# #
echo "-----------------------------------------------" echo "-----------------------------------------------"
@@ -53,19 +53,19 @@ settings() { #功能设置
;; ;;
4) 4)
echo "-----------------------------------------------" echo "-----------------------------------------------"
if [ "$skip_cert" = "未开启" ] >/dev/null 2>&1; then if [ "$skip_cert" = "OFF" ] >/dev/null 2>&1; then
echo -e "\033[33m已设为开启跳过本地证书验证\033[0m" echo -e "\033[33m已设为开启跳过本地证书验证\033[0m"
skip_cert=已开启 skip_cert=ON
else else
echo -e "\033[33m已设为禁止跳过本地证书验证\033[0m" echo -e "\033[33m已设为禁止跳过本地证书验证\033[0m"
skip_cert=未开启 skip_cert=OFF
fi fi
setconfig skip_cert $skip_cert setconfig skip_cert $skip_cert
settings settings
;; ;;
5) 5)
echo "-----------------------------------------------" echo "-----------------------------------------------"
if [ "$sniffer" = "未启用" ]; then if [ "$sniffer" = "OFF" ]; then
if [ "$crashcore" = "clash" ]; then if [ "$crashcore" = "clash" ]; then
rm -rf ${TMPDIR}/CrashCore rm -rf ${TMPDIR}/CrashCore
rm -rf "$CRASHDIR"/CrashCore rm -rf "$CRASHDIR"/CrashCore
@@ -74,11 +74,11 @@ settings() { #功能设置
setconfig crashcore $crashcore setconfig crashcore $crashcore
echo "已将ShellCrash内核切换为Meta内核域名嗅探依赖Meta或者高版本clashpre内核" echo "已将ShellCrash内核切换为Meta内核域名嗅探依赖Meta或者高版本clashpre内核"
fi fi
sniffer=已启用 sniffer=ON
elif [ "$crashcore" = "clashpre" -a "$dns_mod" = "redir_host" ]; then elif [ "$crashcore" = "clashpre" -a "$dns_mod" = "redir_host" ]; then
echo -e "\033[31m使用clashpre内核且开启redir-host模式时无法关闭\033[0m" echo -e "\033[31m使用clashpre内核且开启redir-host模式时无法关闭\033[0m"
else else
sniffer=未启用 sniffer=OFF
fi fi
setconfig sniffer $sniffer setconfig sniffer $sniffer
settings settings
@@ -283,11 +283,11 @@ set_redir_mod() { #路由模式设置
esac esac
} }
set_fw_filter(){ #流量过滤 set_fw_filter(){ #流量过滤
[ -z "$common_ports" ] && common_ports=已开启 [ -z "$common_ports" ] && common_ports=ON
[ -z "$quic_rj" ] && quic_rj=未开启 [ -z "$quic_rj" ] && quic_rj=OFF
[ -z "$cn_ip_route" ] && cn_ip_route=未开启 [ -z "$cn_ip_route" ] && cn_ip_route=OFF
touch "$CRASHDIR"/configs/mac "$CRASHDIR"/configs/ip_filter touch "$CRASHDIR"/configs/mac "$CRASHDIR"/configs/ip_filter
[ -z "$(cat "$CRASHDIR"/configs/mac "$CRASHDIR"/configs/ip_filter 2>/dev/null)" ] && mac_return=未开启 || mac_return=已启用 [ -z "$(cat "$CRASHDIR"/configs/mac "$CRASHDIR"/configs/ip_filter 2>/dev/null)" ] && mac_return=OFF || mac_return=ON
echo "-----------------------------------------------" echo "-----------------------------------------------"
echo -e " 1 过滤非常用端口: \033[36m$common_ports\033[0m ————用于过滤P2P流量" echo -e " 1 过滤非常用端口: \033[36m$common_ports\033[0m ————用于过滤P2P流量"
echo -e " 2 过滤局域网设备: \033[36m$mac_return\033[0m ————使用黑/白名单进行过滤" echo -e " 2 过滤局域网设备: \033[36m$mac_return\033[0m ————使用黑/白名单进行过滤"
@@ -304,7 +304,7 @@ set_fw_filter(){ #流量过滤
;; ;;
1) 1)
set_common_ports() { set_common_ports() {
if [ "$common_ports" = "未开启" ]; then if [ "$common_ports" = "OFF" ]; then
echo -e "\033[33m当前代理端口为$multiport】\033[0m" echo -e "\033[33m当前代理端口为$multiport】\033[0m"
echo -e "\033[31m注意MIX模式下非常用端口的域名连接将不受影响\033[0m" echo -e "\033[31m注意MIX模式下非常用端口的域名连接将不受影响\033[0m"
read -p "是否修改默认端口?(1/0) > " res read -p "是否修改默认端口?(1/0) > " res
@@ -312,11 +312,11 @@ set_fw_filter(){ #流量过滤
read -p "请输入自定义端口,注意用小写逗号分隔 > " text read -p "请输入自定义端口,注意用小写逗号分隔 > " text
[ -n "$text" ] && setconfig multiport $text && echo -e "\033[33m已设为代理【$multiport】端口!!\033[0m" [ -n "$text" ] && setconfig multiport $text && echo -e "\033[33m已设为代理【$multiport】端口!!\033[0m"
} }
common_ports=已开启 common_ports=ON
sleep 1 sleep 1
else else
echo -e "\033[33m已设为代理全部端口\033[0m" echo -e "\033[33m已设为代理全部端口\033[0m"
common_ports=未开启 common_ports=OFF
fi fi
setconfig common_ports $common_ports setconfig common_ports $common_ports
} }
@@ -341,12 +341,12 @@ set_fw_filter(){ #流量过滤
3) 3)
echo "-----------------------------------------------" echo "-----------------------------------------------"
if [ -n "$(echo "$redir_mod" | grep -oE '混合|Tproxy|Tun')" ]; then if [ -n "$(echo "$redir_mod" | grep -oE '混合|Tproxy|Tun')" ]; then
if [ "$quic_rj" = "未开启" ]; then if [ "$quic_rj" = "OFF" ]; then
echo -e "\033[33m已禁止QUIC流量通过ShellCrash内核\033[0m" echo -e "\033[33m已禁止QUIC流量通过ShellCrash内核\033[0m"
quic_rj=已启用 quic_rj=ON
else else
echo -e "\033[33m已取消禁止QUIC协议流量\033[0m" echo -e "\033[33m已取消禁止QUIC协议流量\033[0m"
quic_rj=未开启 quic_rj=OFF
fi fi
setconfig quic_rj $quic_rj setconfig quic_rj $quic_rj
else else
@@ -357,14 +357,14 @@ set_fw_filter(){ #流量过滤
;; ;;
4) 4)
if [ -n "$(ipset -v 2>/dev/null)" ] || [ "$firewall_mod" = 'nftables' ]; then if [ -n "$(ipset -v 2>/dev/null)" ] || [ "$firewall_mod" = 'nftables' ]; then
if [ "$cn_ip_route" = "未开启" ]; then if [ "$cn_ip_route" = "OFF" ]; then
echo -e "\033[32m已开启CN_IP绕过内核功能\033[0m" echo -e "\033[32m已开启CN_IP绕过内核功能\033[0m"
echo -e "\033[31m注意此功能会导致全局模式及一切CN相关规则失效\033[0m" echo -e "\033[31m注意此功能会导致全局模式及一切CN相关规则失效\033[0m"
cn_ip_route=已开启 cn_ip_route=ON
sleep 2 sleep 2
else else
echo -e "\033[33m已禁用CN_IP绕过内核功能\033[0m" echo -e "\033[33m已禁用CN_IP绕过内核功能\033[0m"
cn_ip_route=未开启 cn_ip_route=OFF
fi fi
setconfig cn_ip_route $cn_ip_route setconfig cn_ip_route $cn_ip_route
else else
@@ -401,7 +401,7 @@ set_fw_filter(){ #流量过滤
} }
set_cust_host_ipv4() { #自定义ipv4透明路由网段 set_cust_host_ipv4() { #自定义ipv4透明路由网段
[ -z "$replace_default_host_ipv4" ] && replace_default_host_ipv4="未启用" [ -z "$replace_default_host_ipv4" ] && replace_default_host_ipv4="OFF"
echo "-----------------------------------------------" echo "-----------------------------------------------"
echo -e "当前默认透明路由的网段为: \033[32m$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep 'br' | grep -v 'iot' | grep -E ' 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/br.*$//g' | sed 's/metric.*$//g' | tr '\n' ' ' && echo) \033[0m" echo -e "当前默认透明路由的网段为: \033[32m$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep 'br' | grep -v 'iot' | grep -E ' 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/br.*$//g' | sed 's/metric.*$//g' | tr '\n' ' ' && echo) \033[0m"
echo -e "当前已添加的自定义网段为:\033[36m$cust_host_ipv4\033[0m" echo -e "当前已添加的自定义网段为:\033[36m$cust_host_ipv4\033[0m"
@@ -412,10 +412,10 @@ set_cust_host_ipv4() { #自定义ipv4透明路由网段
read -p "请输入对应的序号或需要额外添加的网段 > " text read -p "请输入对应的序号或需要额外添加的网段 > " text
case "$text" in case "$text" in
2) 2)
if [ "$replace_default_host_ipv4" == "未启用" ]; then if [ "$replace_default_host_ipv4" == "OFF" ]; then
replace_default_host_ipv4="已启用" replace_default_host_ipv4="ON"
else else
replace_default_host_ipv4="未启用" replace_default_host_ipv4="OFF"
fi fi
setconfig replace_default_host_ipv4 "$replace_default_host_ipv4" setconfig replace_default_host_ipv4 "$replace_default_host_ipv4"
set_cust_host_ipv4 set_cust_host_ipv4
@@ -678,7 +678,7 @@ set_adv_config() { #端口设置
setconfig authentication setconfig authentication
echo 密码已移除! echo 密码已移除!
else else
if [ "$local_proxy" = "已开启" -a "$local_type" = "环境变量" ]; then if [ "$local_proxy" = "ON" -a "$local_type" = "环境变量" ]; then
echo "-----------------------------------------------" echo "-----------------------------------------------"
echo -e "\033[33m请先禁用本机劫持功能或使用增强模式\033[0m" echo -e "\033[33m请先禁用本机劫持功能或使用增强模式\033[0m"
sleep 1 sleep 1
@@ -724,7 +724,7 @@ set_adv_config() { #端口设置
read -p "请输入需要指定劫持的端口 > " multiport read -p "请输入需要指定劫持的端口 > " multiport
if [ -n "$multiport" ]; then if [ -n "$multiport" ]; then
[ "$multiport" = "0" ] && multiport="22,80,143,194,443,465,587,853,993,995,5222,8080,8443" [ "$multiport" = "0" ] && multiport="22,80,143,194,443,465,587,853,993,995,5222,8080,8443"
common_ports=已开启 common_ports=ON
setconfig multiport "$multiport" setconfig multiport "$multiport"
setconfig common_ports "$common_ports" setconfig common_ports "$common_ports"
echo -e "\033[32m设置成功\033[0m" echo -e "\033[32m设置成功\033[0m"
@@ -769,7 +769,7 @@ set_adv_config() { #端口设置
esac esac
} }
set_firewall_area() { #路由范围设置 set_firewall_area() { #路由范围设置
[ -z "$vm_redir" ] && vm_redir='未开启' [ -z "$vm_redir" ] && vm_redir='OFF'
echo "-----------------------------------------------" echo "-----------------------------------------------"
echo -e "\033[31m注意\033[0m基于桥接网卡的Docker/虚拟机流量,请单独启用!" echo -e "\033[31m注意\033[0m基于桥接网卡的Docker/虚拟机流量,请单独启用!"
echo -e "\033[33m如你使用了第三方DNS如smartdns等请勿启用本机劫持或使用shellcrash用户执行\033[0m" echo -e "\033[33m如你使用了第三方DNS如smartdns等请勿启用本机劫持或使用shellcrash用户执行\033[0m"
@@ -837,7 +837,7 @@ set_firewall_vm(){
case "$num" in case "$num" in
1) 1)
if [ -n "$vm_ipv4" ]; then if [ -n "$vm_ipv4" ]; then
vm_redir=已开启 vm_redir=ON
else else
echo -e "\033[33m请先运行容器再运行脚本或者手动设置网段\033[0m" echo -e "\033[33m请先运行容器再运行脚本或者手动设置网段\033[0m"
fi fi
@@ -846,10 +846,10 @@ set_firewall_vm(){
echo -e "多个网段请用空格连接可运行容器后使用【ip route】命令查看网段地址" echo -e "多个网段请用空格连接可运行容器后使用【ip route】命令查看网段地址"
echo -e "示例:\033[32m10.88.0.0/16 172.17.0.0/16\033[0m" echo -e "示例:\033[32m10.88.0.0/16 172.17.0.0/16\033[0m"
read -p "请输入自定义网段 > " text read -p "请输入自定义网段 > " text
[ -n "$text" ] && vm_ipv4=$text && vm_redir=已开启 [ -n "$text" ] && vm_ipv4=$text && vm_redir=ON
;; ;;
3) 3)
vm_redir=未开启 vm_redir=OFF
unset vm_ipv4 unset vm_ipv4
;; ;;
*) ;; *) ;;
@@ -858,8 +858,8 @@ set_firewall_vm(){
setconfig vm_ipv4 "'$vm_ipv4'" setconfig vm_ipv4 "'$vm_ipv4'"
} }
set_ipv6() { #ipv6设置 set_ipv6() { #ipv6设置
[ -z "$ipv6_redir" ] && ipv6_redir=未开启 [ -z "$ipv6_redir" ] && ipv6_redir=OFF
[ -z "$ipv6_dns" ] && ipv6_dns=已开启 [ -z "$ipv6_dns" ] && ipv6_dns=ON
echo "-----------------------------------------------" echo "-----------------------------------------------"
echo -e " 1 ipv6透明路由: \033[36m$ipv6_redir\033[0m ——劫持ipv6流量" echo -e " 1 ipv6透明路由: \033[36m$ipv6_redir\033[0m ——劫持ipv6流量"
[ "$disoverride" != "1" ] && echo -e " 2 ipv6-DNS解析: \033[36m$ipv6_dns\033[0m ——决定内置DNS是否返回ipv6地址" [ "$disoverride" != "1" ] && echo -e " 2 ipv6-DNS解析: \033[36m$ipv6_dns\033[0m ——决定内置DNS是否返回ipv6地址"
@@ -869,19 +869,19 @@ set_ipv6() { #ipv6设置
case "$num" in case "$num" in
0) ;; 0) ;;
1) 1)
if [ "$ipv6_redir" = "未开启" ]; then if [ "$ipv6_redir" = "OFF" ]; then
ipv6_support=已开启 ipv6_support=ON
ipv6_redir=已开启 ipv6_redir=ON
sleep 2 sleep 2
else else
ipv6_redir=未开启 ipv6_redir=OFF
fi fi
setconfig ipv6_redir $ipv6_redir setconfig ipv6_redir $ipv6_redir
setconfig ipv6_support $ipv6_support setconfig ipv6_support $ipv6_support
set_ipv6 set_ipv6
;; ;;
2) 2)
[ "$ipv6_dns" = "未开启" ] && ipv6_dns=已开启 || ipv6_dns=未开启 [ "$ipv6_dns" = "OFF" ] && ipv6_dns=ON || ipv6_dns=OFF
setconfig ipv6_dns $ipv6_dns setconfig ipv6_dns $ipv6_dns
set_ipv6 set_ipv6
;; ;;

22
scripts/menus/4_setboot.sh
View File

@@ -20,11 +20,11 @@ disable_autostart(){
} }
setboot() { #启动设置菜单 setboot() { #启动设置菜单
[ -z "$start_old" ] && start_old=未开启 [ -z "$start_old" ] && start_old=OFF
[ -z "$start_delay" -o "$start_delay" = 0 ] && delay=未设置 || delay="${start_delay}" [ -z "$start_delay" -o "$start_delay" = 0 ] && delay=未设置 || delay="${start_delay}"
check_autostart && auto_set="\033[33m禁止" || auto_set="\033[32m允许" check_autostart && auto_set="\033[33m禁止" || auto_set="\033[32m允许"
[ "${BINDIR}" = "$CRASHDIR" ] && mini_clash=未开启 || mini_clash=已开启 [ "${BINDIR}" = "$CRASHDIR" ] && mini_clash=OFF || mini_clash=ON
[ -z "$network_check" ] && network_check=已开启 [ -z "$network_check" ] && network_check=ON
echo "-----------------------------------------------" echo "-----------------------------------------------"
echo -e "\033[30;47m欢迎使用启动设置菜单\033[0m" echo -e "\033[30;47m欢迎使用启动设置菜单\033[0m"
echo "-----------------------------------------------" echo "-----------------------------------------------"
@@ -53,17 +53,17 @@ setboot() { #启动设置菜单
setboot setboot
;; ;;
2) 2)
if [ "$start_old" = "未开启" ] >/dev/null 2>&1; then if [ "$start_old" = "OFF" ] >/dev/null 2>&1; then
echo -e "\033[33m改为使用保守模式启动服务\033[0m" echo -e "\033[33m改为使用保守模式启动服务\033[0m"
disable_autostart disable_autostart
start_old=已开启 start_old=ON
setconfig start_old "$start_old" setconfig start_old "$start_old"
"$CRASHDIR"/start.sh stop "$CRASHDIR"/start.sh stop
else else
if grep -qE 'procd|systemd|s6' /proc/1/comm || rc-status -r >/dev/null 2>&1; then if grep -qE 'procd|systemd|s6' /proc/1/comm || rc-status -r >/dev/null 2>&1; then
echo -e "\033[32m改为使用系统守护进程启动服务\033[0m" echo -e "\033[32m改为使用系统守护进程启动服务\033[0m"
"$CRASHDIR"/start.sh cronset "ShellCrash初始化" "$CRASHDIR"/start.sh cronset "ShellCrash初始化"
start_old=未开启 start_old=OFF
setconfig start_old "$start_old" setconfig start_old "$start_old"
"$CRASHDIR"/start.sh stop "$CRASHDIR"/start.sh stop
@@ -93,10 +93,10 @@ setboot() { #启动设置菜单
;; ;;
4) 4)
dir_size=$(df "$CRASHDIR" | awk '{ for(i=1;i<=NF;i++){ if(NR==1){ arr[i]=$i; }else{ arr[i]=arr[i]" "$i; } } } END{ for(i=1;i<=NF;i++){ print arr[i]; } }' | grep Ava | awk '{print $2}') dir_size=$(df "$CRASHDIR" | awk '{ for(i=1;i<=NF;i++){ if(NR==1){ arr[i]=$i; }else{ arr[i]=arr[i]" "$i; } } } END{ for(i=1;i<=NF;i++){ print arr[i]; } }' | grep Ava | awk '{print $2}')
if [ "$mini_clash" = "未开启" ]; then if [ "$mini_clash" = "OFF" ]; then
if [ "$dir_size" -gt 20480 ]; then if [ "$dir_size" -gt 20480 ]; then
echo -e "\033[33m您的设备空间充足(>20M),无需开启!\033[0m" echo -e "\033[33m您的设备空间充足(>20M),无需开启!\033[0m"
elif [ "$start_old" != '已开启' -a "$(cat /proc/1/comm)" = "systemd" ]; then elif [ "$start_old" != 'ON' -a "$(cat /proc/1/comm)" = "systemd" ]; then
echo -e "\033[33m不支持systemd启动模式请先启用保守模式\033[0m" echo -e "\033[33m不支持systemd启动模式请先启用保守模式\033[0m"
else else
[ "$BINDIR" = "$CRASHDIR" ] && BINDIR="$TMPDIR" [ "$BINDIR" = "$CRASHDIR" ] && BINDIR="$TMPDIR"
@@ -165,10 +165,10 @@ setboot() { #启动设置菜单
echo -e "\033[32m启用时会导致部分性能较差或者拨号较慢的设备可能会因查询超时导致启动失败\033[0m" echo -e "\033[32m启用时会导致部分性能较差或者拨号较慢的设备可能会因查询超时导致启动失败\033[0m"
read -p "是否切换?(1/0) > " res read -p "是否切换?(1/0) > " res
[ "$res" = '1' ] && { [ "$res" = '1' ] && {
if [ "$network_check" = "已禁用" ]; then if [ "$network_check" = "OFF" ]; then
network_check=已启用 network_check=ON
else else
network_check=已禁用 network_check=OFF
fi fi
setconfig network_check "$network_check" setconfig network_check "$network_check"
} }

16
scripts/menus/6_core_config.sh
View File

@@ -122,13 +122,13 @@ setrules(){ #自定义规则
;; ;;
4) 4)
echo "-----------------------------------------------" echo "-----------------------------------------------"
if [ "$proxies_bypass" = "未启用" ];then if [ "$proxies_bypass" = "OFF" ];then
echo -e "\033[33m本功能会自动将当前配置文件中的节点域名或IP设置为直连规则以防止出现双重流量\033[0m" echo -e "\033[33m本功能会自动将当前配置文件中的节点域名或IP设置为直连规则以防止出现双重流量\033[0m"
echo -e "\033[33m请确保下游设备使用的节点与ShellCrash中使用的节点相同否则无法生效\033[0m" echo -e "\033[33m请确保下游设备使用的节点与ShellCrash中使用的节点相同否则无法生效\033[0m"
read -p "启用节点绕过?(1/0) > " res read -p "启用节点绕过?(1/0) > " res
[ "$res" = "1" ] && proxies_bypass=已启用 [ "$res" = "1" ] && proxies_bypass=ON
else else
proxies_bypass=未启用 proxies_bypass=OFF
fi fi
setconfig proxies_bypass $proxies_bypass setconfig proxies_bypass $proxies_bypass
sleep 1 sleep 1
@@ -322,13 +322,13 @@ setproxies(){ #自定义clash节点
;; ;;
4) 4)
echo "-----------------------------------------------" echo "-----------------------------------------------"
if [ "$proxies_bypass" = "未启用" ];then if [ "$proxies_bypass" = "OFF" ];then
echo -e "\033[33m本功能会自动将当前配置文件中的节点域名或IP设置为直连规则以防止出现双重流量\033[0m" echo -e "\033[33m本功能会自动将当前配置文件中的节点域名或IP设置为直连规则以防止出现双重流量\033[0m"
echo -e "\033[33m请确保下游设备使用的节点与ShellCrash中使用的节点相同否则无法生效\033[0m" echo -e "\033[33m请确保下游设备使用的节点与ShellCrash中使用的节点相同否则无法生效\033[0m"
read -p "启用节点绕过?(1/0) > " res read -p "启用节点绕过?(1/0) > " res
[ "$res" = "1" ] && proxies_bypass=已启用 [ "$res" = "1" ] && proxies_bypass=ON
else else
proxies_bypass=未启用 proxies_bypass=OFF
fi fi
setconfig proxies_bypass $proxies_bypass setconfig proxies_bypass $proxies_bypass
sleep 1 sleep 1
@@ -363,7 +363,7 @@ gen_clash_providers(){ #生成clash的providers配置文件
interval: 600 interval: 600
EOF EOF
[ "$crashcore" = 'meta' ] && { [ "$crashcore" = 'meta' ] && {
[ "$skip_cert" != "未开启" ] && skip_cert_verify='skip-cert-verify: true' [ "$skip_cert" != "OFF" ] && skip_cert_verify='skip-cert-verify: true'
cat >> $TMPDIR/providers/providers.yaml <<EOF cat >> $TMPDIR/providers/providers.yaml <<EOF
override: override:
udp: true udp: true
@@ -453,7 +453,7 @@ EOF
EOF EOF
fi fi
#通用部分生成 #通用部分生成
[ "$skip_cert" != "未开启" ] && override_tls='true' || override_tls='false' [ "$skip_cert" != "OFF" ] && override_tls='true' || override_tls='false'
cat >> "$TMPDIR"/providers/providers.json <<EOF cat >> "$TMPDIR"/providers/providers.json <<EOF
"health_check": { "health_check": {
"enabled": true, "enabled": true,

36
scripts/menus/8_tools.sh
View File

@@ -83,7 +83,7 @@ tools() {
#获取设置默认显示 #获取设置默认显示
grep -qE "^\s*[^#].*otapredownload" /etc/crontabs/root >/dev/null 2>&1 && mi_update=禁用 || mi_update=启用 grep -qE "^\s*[^#].*otapredownload" /etc/crontabs/root >/dev/null 2>&1 && mi_update=禁用 || mi_update=启用
[ "$mi_mi_autoSSH" = "已配置" ] && mi_mi_autoSSH_type=32m已配置 || mi_mi_autoSSH_type=31m未配置 [ "$mi_mi_autoSSH" = "已配置" ] && mi_mi_autoSSH_type=32m已配置 || mi_mi_autoSSH_type=31m未配置
[ -f "$CRASHDIR"/tools/tun.ko ] && mi_tunfix=32m已启用 || mi_tunfix=31m未启用 [ -f "$CRASHDIR"/tools/tun.ko ] && mi_tunfix=32mON || mi_tunfix=31mOFF
echo "-----------------------------------------------" echo "-----------------------------------------------"
echo -e "\033[30;47m欢迎使用其他工具菜单\033[0m" echo -e "\033[30;47m欢迎使用其他工具菜单\033[0m"
@@ -222,14 +222,14 @@ mi_autoSSH() {
#日志菜单 #日志菜单
log_pusher() { log_pusher() {
while true; do while true; do
[ -n "$push_TG" ] && stat_TG=32m已启用 || stat_TG=33m未启用 [ -n "$push_TG" ] && stat_TG=32mON || stat_TG=33mOFF
[ -n "$push_Deer" ] && stat_Deer=32m已启用 || stat_Deer=33m未启用 [ -n "$push_Deer" ] && stat_Deer=32mON || stat_Deer=33mOFF
[ -n "$push_bark" ] && stat_bark=32m已启用 || stat_bark=33m未启用 [ -n "$push_bark" ] && stat_bark=32mON || stat_bark=33mOFF
[ -n "$push_Po" ] && stat_Po=32m已启用 || stat_Po=33m未启用 [ -n "$push_Po" ] && stat_Po=32mON || stat_Po=33mOFF
[ -n "$push_PP" ] && stat_PP=32m已启用 || stat_PP=33m未启用 [ -n "$push_PP" ] && stat_PP=32mON || stat_PP=33mOFF
[ -n "$push_SynoChat" ] && stat_SynoChat=32m已启用 || stat_SynoChat=33m未启用 [ -n "$push_SynoChat" ] && stat_SynoChat=32mON || stat_SynoChat=33mOFF
[ -n "$push_Gotify" ] && stat_Gotify=32m已启用 || stat_Gotify=33m未启用 [ -n "$push_Gotify" ] && stat_Gotify=32mON || stat_Gotify=33mOFF
[ "$task_push" = 1 ] && stat_task=32m已启用 || stat_task=33m未启用 [ "$task_push" = 1 ] && stat_task=32mON || stat_task=33mOFF
[ -n "$device_name" ] && device_s=32m$device_name || device_s=33m未设置 [ -n "$device_name" ] && device_s=32m$device_name || device_s=33m未设置
echo "-----------------------------------------------" echo "-----------------------------------------------"
echo -e " 1 Telegram推送 ——\033[$stat_TG\033[0m" echo -e " 1 Telegram推送 ——\033[$stat_TG\033[0m"
@@ -537,7 +537,7 @@ testcommand(){
if [ "$firewall_mod" = "nftables" ];then if [ "$firewall_mod" = "nftables" ];then
nft list table inet shellcrash | sed '/set cn_ip {/,/}/d;/set cn_ip6 {/,/}/d;/^[[:space:]]*}/d' nft list table inet shellcrash | sed '/set cn_ip {/,/}/d;/set cn_ip6 {/,/}/d;/^[[:space:]]*}/d'
else else
[ "$firewall_area" = 1 -o "$firewall_area" = 3 -o "$firewall_area" = 5 -o "$vm_redir" = "已开启" ] && { [ "$firewall_area" = 1 -o "$firewall_area" = 3 -o "$firewall_area" = 5 -o "$vm_redir" = "ON" ] && {
echo "----------------Redir+DNS---------------------" echo "----------------Redir+DNS---------------------"
iptables -t nat -L PREROUTING --line-numbers iptables -t nat -L PREROUTING --line-numbers
iptables -t nat -L shellcrash_dns --line-numbers iptables -t nat -L shellcrash_dns --line-numbers
@@ -559,7 +559,7 @@ testcommand(){
iptables -t mangle -L shellcrash_mark_out --line-numbers iptables -t mangle -L shellcrash_mark_out --line-numbers
} }
} }
[ "$ipv6_redir" = "已开启" ] && { [ "$ipv6_redir" = "ON" ] && {
[ "$firewall_area" = 1 -o "$firewall_area" = 3 ] && { [ "$firewall_area" = 1 -o "$firewall_area" = 3 ] && {
ip6tables -t nat -L >/dev/null 2>&1 && { ip6tables -t nat -L >/dev/null 2>&1 && {
echo "-------------IPV6-Redir+DNS-------------------" echo "-------------IPV6-Redir+DNS-------------------"
@@ -574,7 +574,7 @@ testcommand(){
} }
} }
} }
[ "$vm_redir" = "已开启" ] && { [ "$vm_redir" = "ON" ] && {
echo "-------------vm-Redir-------------------" echo "-------------vm-Redir-------------------"
iptables -t nat -L shellcrash_vm --line-numbers iptables -t nat -L shellcrash_vm --line-numbers
iptables -t nat -L shellcrash_vm_dns --line-numbers iptables -t nat -L shellcrash_vm_dns --line-numbers
@@ -717,13 +717,13 @@ userguide(){
setconfig dns_mod mix setconfig dns_mod mix
setconfig firewall_area '1' setconfig firewall_area '1'
#默认启用绕过CN-IP #默认启用绕过CN-IP
setconfig cn_ip_route 已开启 setconfig cn_ip_route ON
#自动识别IPV6 #自动识别IPV6
[ -n "$(ip a 2>&1 | grep -w 'inet6' | grep -E 'global' | sed 's/.*inet6.//g' | sed 's/scope.*$//g')" ] && { [ -n "$(ip a 2>&1 | grep -w 'inet6' | grep -E 'global' | sed 's/.*inet6.//g' | sed 's/scope.*$//g')" ] && {
setconfig ipv6_redir 已开启 setconfig ipv6_redir ON
setconfig ipv6_support 已开启 setconfig ipv6_support ON
setconfig ipv6_dns 已开启 setconfig ipv6_dns ON
setconfig cn_ipv6_route 已开启 setconfig cn_ipv6_route ON
} }
#设置开机启动 #设置开机启动
[ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ] && /etc/init.d/shellcrash enable [ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ] && /etc/init.d/shellcrash enable
@@ -747,7 +747,7 @@ userguide(){
2) 2)
setconfig redir_mod "Redir模式" setconfig redir_mod "Redir模式"
[ -n "$(echo $cputype | grep -E "linux.*mips.*")" ] && setconfig crashcore "clash" [ -n "$(echo $cputype | grep -E "linux.*mips.*")" ] && setconfig crashcore "clash"
setconfig common_ports "未开启" setconfig common_ports "OFF"
setconfig firewall_area '2' setconfig firewall_area '2'
;; ;;
3) 3)

2
scripts/start.sh
View File

@@ -40,7 +40,7 @@ start)
#使用不同方式启动服务 #使用不同方式启动服务
if [ "$firewall_area" = "5" ]; then #主旁转发 if [ "$firewall_area" = "5" ]; then #主旁转发
. "$CRASHDIR"/starts/fw_start.sh . "$CRASHDIR"/starts/fw_start.sh
elif [ "$start_old" = "已开启" ]; then elif [ "$start_old" = "ON" ]; then
start_l start_l
elif [ -f /etc/rc.common ] && grep -q 'procd' /proc/1/comm; then elif [ -f /etc/rc.common ] && grep -q 'procd' /proc/1/comm; then
/etc/init.d/shellcrash start /etc/init.d/shellcrash start

4
scripts/starts/afstart.sh
View File

@@ -18,7 +18,7 @@
#设置循环检测面板端口以判定服务启动是否成功 #设置循环检测面板端口以判定服务启动是否成功
. "$CRASHDIR"/libs/start_wait.sh . "$CRASHDIR"/libs/start_wait.sh
if [ -n "$test" -o -n "$(pidof CrashCore)" ]; then if [ -n "$test" -o -n "$(pidof CrashCore)" ]; then
[ "$start_old" = "已开启" ] && [ ! -L "$TMPDIR"/CrashCore ] && rm -f "$TMPDIR"/CrashCore #删除缓存目录内核文件 [ "$start_old" = "ON" ] && [ ! -L "$TMPDIR"/CrashCore ] && rm -f "$TMPDIR"/CrashCore #删除缓存目录内核文件
. "$CRASHDIR"/starts/fw_start.sh #配置防火墙流量劫持 . "$CRASHDIR"/starts/fw_start.sh #配置防火墙流量劫持
date +%s >"$TMPDIR"/crash_start_time #标记启动时间 date +%s >"$TMPDIR"/crash_start_time #标记启动时间
#TG机器人守护进程 #TG机器人守护进程
@@ -42,7 +42,7 @@ if [ -n "$test" -o -n "$(pidof CrashCore)" ]; then
cronset '2fjdi124dd12s' "$line" cronset '2fjdi124dd12s' "$line"
done <"$CRASHDIR"/task/running done <"$CRASHDIR"/task/running
} }
[ "$start_old" = "已开启" ] && cronset '保守模式守护进程' "* * * * * /bin/sh $CRASHDIR/starts/start_legacy_wd.sh shellcrash #ShellCrash保守模式守护进程" [ "$start_old" = "ON" ] && cronset '保守模式守护进程' "* * * * * /bin/sh $CRASHDIR/starts/start_legacy_wd.sh shellcrash #ShellCrash保守模式守护进程"
#加载条件任务 #加载条件任务
[ -s "$CRASHDIR"/task/afstart ] && { . "$CRASHDIR"/task/afstart; } & [ -s "$CRASHDIR"/task/afstart ] && { . "$CRASHDIR"/task/afstart; } &
[ -s "$CRASHDIR"/task/affirewall -a -s /etc/init.d/firewall -a ! -f /etc/init.d/firewall.bak ] && { [ -s "$CRASHDIR"/task/affirewall -a -s /etc/init.d/firewall -a ! -f /etc/init.d/firewall.bak ] && {

6
scripts/starts/bfstart.sh
View File

@@ -71,7 +71,7 @@ EOF
routing_mark=$((fwmark + 2)) routing_mark=$((fwmark + 2))
#检测网络连接 #检测网络连接
[ "$network_check" != "已禁用" ] && [ ! -f "$TMPDIR"/crash_start_time ] && ckcmd ping && . "$CRASHDIR"/starts/check_network.sh && check_network [ "$network_check" != "OFF" ] && [ ! -f "$TMPDIR"/crash_start_time ] && ckcmd ping && . "$CRASHDIR"/starts/check_network.sh && check_network
[ ! -d "$BINDIR"/ui ] && mkdir -p "$BINDIR"/ui [ ! -d "$BINDIR"/ui ] && mkdir -p "$BINDIR"/ui
[ -z "$crashcore" ] && crashcore=meta [ -z "$crashcore" ] && crashcore=meta
#执行条件任务 #执行条件任务
@@ -110,11 +110,11 @@ else
fi fi
fi fi
#检查下载cnip绕过相关文件 #检查下载cnip绕过相关文件
[ "$cn_ip_route" = "已开启" ] && [ "$dns_mod" != "fake-ip" ] && { [ "$cn_ip_route" = "ON" ] && [ "$dns_mod" != "fake-ip" ] && {
[ "$firewall_mod" = nftables ] || ckcmd ipset && { [ "$firewall_mod" = nftables ] || ckcmd ipset && {
. "$CRASHDIR"/starts/check_cnip.sh . "$CRASHDIR"/starts/check_cnip.sh
ck_cn_ipv4 ck_cn_ipv4
[ "$ipv6_redir" = "已开启" ] && ck_cn_ipv6 [ "$ipv6_redir" = "ON" ] && ck_cn_ipv6
} }
} }
#添加shellcrash用户 #添加shellcrash用户

2
scripts/starts/check_core.sh
View File

@@ -13,6 +13,6 @@ check_core() { #检查及下载内核文件
core_webget || logger "核心下载失败,请重新运行或更换安装源!" 31 core_webget || logger "核心下载失败,请重新运行或更换安装源!" 31
} }
[ ! -x "$TMPDIR"/CrashCore ] && chmod +x "$TMPDIR"/CrashCore 2>/dev/null #自动授权 [ ! -x "$TMPDIR"/CrashCore ] && chmod +x "$TMPDIR"/CrashCore 2>/dev/null #自动授权
[ "$start_old" != "已开启" -a "$(cat /proc/1/comm)" = "systemd" ] && restorecon -RF "$CRASHDIR" 2>/dev/null #修复SELinux权限问题 [ "$start_old" != "ON" -a "$(cat /proc/1/comm)" = "systemd" ] && restorecon -RF "$CRASHDIR" 2>/dev/null #修复SELinux权限问题
return 0 return 0
} }

10
scripts/starts/clash_modify.sh
View File

@@ -4,7 +4,7 @@
#修饰clash配置文件 #修饰clash配置文件
modify_yaml() { modify_yaml() {
##########需要变更的配置########### ##########需要变更的配置###########
[ "$ipv6_dns" != "未开启" ] && dns_v6='true' || dns_v6='false' [ "$ipv6_dns" != "OFF" ] && dns_v6='true' || dns_v6='false'
external="external-controller: 0.0.0.0:$db_port" external="external-controller: 0.0.0.0:$db_port"
if [ "$redir_mod" = "混合模式" -o "$redir_mod" = "Tun模式" ]; then if [ "$redir_mod" = "混合模式" -o "$redir_mod" = "Tun模式" ]; then
[ "$crashcore" = 'meta' ] && tun_meta=', device: utun, auto-route: false, auto-detect-interface: false' [ "$crashcore" = 'meta' ] && tun_meta=', device: utun, auto-route: false, auto-detect-interface: false'
@@ -55,8 +55,8 @@ EOF
fi fi
} }
#域名嗅探配置 #域名嗅探配置
[ "$sniffer" = "已启用" ] && [ "$crashcore" = "meta" ] && sniffer_set="sniffer: {enable: true, parse-pure-ip: true, skip-domain: [Mijia Cloud], sniff: {http: {ports: [80, 8080-8880], override-destination: true}, tls: {ports: [443, 8443]}, quic: {ports: [443, 8443]}}}" [ "$sniffer" = "ON" ] && [ "$crashcore" = "meta" ] && sniffer_set="sniffer: {enable: true, parse-pure-ip: true, skip-domain: [Mijia Cloud], sniff: {http: {ports: [80, 8080-8880], override-destination: true}, tls: {ports: [443, 8443]}, quic: {ports: [443, 8443]}}}"
[ "$crashcore" = "clashpre" ] && [ "$dns_mod" = "redir_host" -o "$sniffer" = "已启用" ] && exper="experimental: {ignore-resolve-fail: true, interface-name: en0,sniff-tls-sni: true}" [ "$crashcore" = "clashpre" ] && [ "$dns_mod" = "redir_host" -o "$sniffer" = "ON" ] && exper="experimental: {ignore-resolve-fail: true, interface-name: en0,sniff-tls-sni: true}"
#生成set.yaml #生成set.yaml
cat >"$TMPDIR"/set.yaml <<EOF cat >"$TMPDIR"/set.yaml <<EOF
mixed-port: $mix_port mixed-port: $mix_port
@@ -108,7 +108,7 @@ EOF
sed -n "/^$char:/,/^[a-z]/ { /^[a-z]/d; p; }" $core_config >"$TMPDIR"/${char}.yaml sed -n "/^$char:/,/^[a-z]/ { /^[a-z]/d; p; }" $core_config >"$TMPDIR"/${char}.yaml
done done
#跳过本地tls证书验证 #跳过本地tls证书验证
[ "$skip_cert" != "未开启" ] && sed -i 's/skip-cert-verify: false/skip-cert-verify: true/' "$TMPDIR"/proxies.yaml || [ "$skip_cert" != "OFF" ] && sed -i 's/skip-cert-verify: false/skip-cert-verify: true/' "$TMPDIR"/proxies.yaml ||
sed -i 's/skip-cert-verify: true/skip-cert-verify: false/' "$TMPDIR"/proxies.yaml sed -i 's/skip-cert-verify: true/skip-cert-verify: false/' "$TMPDIR"/proxies.yaml
#插入自定义策略组 #插入自定义策略组
sed -i "/#自定义策略组开始/,/#自定义策略组结束/d" "$TMPDIR"/proxy-groups.yaml sed -i "/#自定义策略组开始/,/#自定义策略组结束/d" "$TMPDIR"/proxy-groups.yaml
@@ -168,7 +168,7 @@ EOF
} }
#节点绕过功能支持 #节点绕过功能支持
sed -i "/#节点绕过/d" "$TMPDIR"/rules.yaml sed -i "/#节点绕过/d" "$TMPDIR"/rules.yaml
[ "$proxies_bypass" = "已启用" ] && { [ "$proxies_bypass" = "ON" ] && {
cat "$TMPDIR"/proxies.yaml | sed '/^proxy-/,$d' | sed '/^rule-/,$d' | grep -v '^\s*#' | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | awk '!a[$0]++' | sed 's/^/\ -\ IP-CIDR,/g' | sed 's|$|/32,DIRECT,no-resolve #节点绕过|g' >>"$TMPDIR"/proxies_bypass cat "$TMPDIR"/proxies.yaml | sed '/^proxy-/,$d' | sed '/^rule-/,$d' | grep -v '^\s*#' | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | awk '!a[$0]++' | sed 's/^/\ -\ IP-CIDR,/g' | sed 's|$|/32,DIRECT,no-resolve #节点绕过|g' >>"$TMPDIR"/proxies_bypass
cat "$TMPDIR"/proxies.yaml | sed '/^proxy-/,$d' | sed '/^rule-/,$d' | grep -v '^\s*#' | grep -vE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -oE '[a-zA-Z0-9][-a-zA-Z0-9]{0,62}(\.[a-zA-Z0-9][-a-zA-Z0-9]{0,62})+\.?' | awk '!a[$0]++' | sed 's/^/\ -\ DOMAIN,/g' | sed 's/$/,DIRECT #节点绕过/g' >>"$TMPDIR"/proxies_bypass cat "$TMPDIR"/proxies.yaml | sed '/^proxy-/,$d' | sed '/^rule-/,$d' | grep -v '^\s*#' | grep -vE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -oE '[a-zA-Z0-9][-a-zA-Z0-9]{0,62}(\.[a-zA-Z0-9][-a-zA-Z0-9]{0,62})+\.?' | awk '!a[$0]++' | sed 's/^/\ -\ DOMAIN,/g' | sed 's/$/,DIRECT #节点绕过/g' >>"$TMPDIR"/proxies_bypass
cat "$TMPDIR"/rules.yaml >>"$TMPDIR"/proxies_bypass cat "$TMPDIR"/rules.yaml >>"$TMPDIR"/proxies_bypass

6
scripts/starts/fw_getlanip.sh
View File

@@ -3,14 +3,14 @@ getlanip() { #获取局域网host地址
i=1 i=1
while [ "$i" -le "20" ]; do while [ "$i" -le "20" ]; do
host_ipv4=$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep 'brd' | grep -Ev 'utun|iot|peer|docker|podman|virbr|vnet|ovs|vmbr|veth|vmnic|vboxnet|lxcbr|xenbr|vEthernet' | grep -E ' 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/br.*$//g' | sed 's/metric.*$//g') #ipv4局域网网段 host_ipv4=$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep 'brd' | grep -Ev 'utun|iot|peer|docker|podman|virbr|vnet|ovs|vmbr|veth|vmnic|vboxnet|lxcbr|xenbr|vEthernet' | grep -E ' 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/br.*$//g' | sed 's/metric.*$//g') #ipv4局域网网段
[ "$ipv6_redir" = "已开启" ] && host_ipv6=$(ip a 2>&1 | grep -w 'inet6' | grep -E 'global' | sed 's/.*inet6.//g' | sed 's/scope.*$//g') #ipv6公网地址段 [ "$ipv6_redir" = "ON" ] && host_ipv6=$(ip a 2>&1 | grep -w 'inet6' | grep -E 'global' | sed 's/.*inet6.//g' | sed 's/scope.*$//g') #ipv6公网地址段
[ -f "$TMPDIR"/ShellCrash.log ] && break [ -f "$TMPDIR"/ShellCrash.log ] && break
[ -n "$host_ipv4" -a "$ipv6_redir" != "已开启" ] && break [ -n "$host_ipv4" -a "$ipv6_redir" != "ON" ] && break
[ -n "$host_ipv4" -a -n "$host_ipv6" ] && break [ -n "$host_ipv4" -a -n "$host_ipv6" ] && break
sleep 1 && i=$((i + 1)) sleep 1 && i=$((i + 1))
done done
#添加自定义ipv4局域网网段 #添加自定义ipv4局域网网段
if [ "$replace_default_host_ipv4" == "已启用" ]; then if [ "$replace_default_host_ipv4" == "ON" ]; then
host_ipv4="$cust_host_ipv4" host_ipv4="$cust_host_ipv4"
else else
host_ipv4="$host_ipv4$cust_host_ipv4" host_ipv4="$host_ipv4$cust_host_ipv4"

24
scripts/starts/fw_iptables.sh
View File

@@ -34,8 +34,8 @@ start_ipt_route() { #iptables-route通用工具
"$1" $w -t "$2" -A "$4" -d $ip -j RETURN "$1" $w -t "$2" -A "$4" -d $ip -j RETURN
done done
#绕过CN_IP #绕过CN_IP
[ "$1" = iptables ] && [ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" = "已开启" ] && [ -f "$BINDIR"/cn_ip.txt ] && "$1" $w -t "$2" -A "$4" -m set --match-set cn_ip dst -j RETURN 2>/dev/null [ "$1" = iptables ] && [ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" = "ON" ] && [ -f "$BINDIR"/cn_ip.txt ] && "$1" $w -t "$2" -A "$4" -m set --match-set cn_ip dst -j RETURN 2>/dev/null
[ "$1" = ip6tables ] && [ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" = "已开启" ] && [ -f "$BINDIR"/cn_ipv6.txt ] && "$1" $w -t "$2" -A "$4" -m set --match-set cn_ip6 dst -j RETURN 2>/dev/null [ "$1" = ip6tables ] && [ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" = "ON" ] && [ -f "$BINDIR"/cn_ipv6.txt ] && "$1" $w -t "$2" -A "$4" -m set --match-set cn_ip6 dst -j RETURN 2>/dev/null
#局域网mac地址黑名单过滤 #局域网mac地址黑名单过滤
[ "$3" = 'PREROUTING' ] && [ "$macfilter_type" != "白名单" ] && { [ "$3" = 'PREROUTING' ] && [ "$macfilter_type" != "白名单" ] && {
[ -s "$CRASHDIR"/configs/mac ] && [ -s "$CRASHDIR"/configs/mac ] &&
@@ -65,8 +65,8 @@ start_ipt_route() { #iptables-route通用工具
fi fi
#将所在链指定流量指向shellcrash表 #将所在链指定流量指向shellcrash表
"$1" $w -t "$2" -I "$3" -p "$5" $ports -j "$4" "$1" $w -t "$2" -I "$3" -p "$5" $ports -j "$4"
[ "$dns_mod" = "mix" -o "$dns_mod" = "fake-ip" ] && [ "$common_ports" = "已开启" ] && [ "$1" = iptables ] && "$1" $w -t "$2" -I "$3" -p "$5" -d 28.0.0.0/8 -j "$4" [ "$dns_mod" = "mix" -o "$dns_mod" = "fake-ip" ] && [ "$common_ports" = "ON" ] && [ "$1" = iptables ] && "$1" $w -t "$2" -I "$3" -p "$5" -d 28.0.0.0/8 -j "$4"
[ "$dns_mod" = "mix" -o "$dns_mod" = "fake-ip" ] && [ "$common_ports" = "已开启" ] && [ "$1" = ip6tables ] && "$1" $w -t "$2" -I "$3" -p "$5" -d fc00::/16 -j "$4" [ "$dns_mod" = "mix" -o "$dns_mod" = "fake-ip" ] && [ "$common_ports" = "ON" ] && [ "$1" = ip6tables ] && "$1" $w -t "$2" -I "$3" -p "$5" -d fc00::/16 -j "$4"
} }
[ "$5" = "tcp" -o "$5" = "all" ] && proxy_set "$1" "$2" "$3" "$4" tcp [ "$5" = "tcp" -o "$5" = "all" ] && proxy_set "$1" "$2" "$3" "$4" tcp
[ "$5" = "udp" -o "$5" = "all" ] && proxy_set "$1" "$2" "$3" "$4" udp [ "$5" = "udp" -o "$5" = "all" ] && proxy_set "$1" "$2" "$3" "$4" udp
@@ -170,7 +170,7 @@ start_iptables() { #iptables配置总入口
JUMP="REDIRECT --to-ports $redir_port" #跳转劫持的具体命令 JUMP="REDIRECT --to-ports $redir_port" #跳转劫持的具体命令
[ "$lan_proxy" = true ] && { [ "$lan_proxy" = true ] && {
start_ipt_route iptables nat PREROUTING shellcrash tcp #ipv4-局域网tcp转发 start_ipt_route iptables nat PREROUTING shellcrash tcp #ipv4-局域网tcp转发
[ "$ipv6_redir" = "已开启" ] && { [ "$ipv6_redir" = "ON" ] && {
if $ip6table -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports'; then if $ip6table -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports'; then
start_ipt_route ip6tables nat PREROUTING shellcrashv6 tcp #ipv6-局域网tcp转发 start_ipt_route ip6tables nat PREROUTING shellcrashv6 tcp #ipv6-局域网tcp转发
else else
@@ -180,7 +180,7 @@ start_iptables() { #iptables配置总入口
} }
[ "$local_proxy" = true ] && { [ "$local_proxy" = true ] && {
start_ipt_route iptables nat OUTPUT shellcrash_out tcp #ipv4-本机tcp转发 start_ipt_route iptables nat OUTPUT shellcrash_out tcp #ipv4-本机tcp转发
[ "$ipv6_redir" = "已开启" ] && { [ "$ipv6_redir" = "ON" ] && {
if $ip6table -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports'; then if $ip6table -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports'; then
start_ipt_route ip6tables nat OUTPUT shellcrashv6_out tcp #ipv6-本机tcp转发 start_ipt_route ip6tables nat OUTPUT shellcrashv6_out tcp #ipv6-本机tcp转发
else else
@@ -207,7 +207,7 @@ start_iptables() { #iptables配置总入口
else else
logger "当前设备内核可能缺少kmod_ipt_tproxy模块支持已放弃启动相关规则" 31 logger "当前设备内核可能缺少kmod_ipt_tproxy模块支持已放弃启动相关规则" 31
fi fi
[ "$ipv6_redir" = "已开启" ] && { [ "$ipv6_redir" = "ON" ] && {
if $ip6table -j TPROXY -h 2>/dev/null | grep -q '\--on-port'; then if $ip6table -j TPROXY -h 2>/dev/null | grep -q '\--on-port'; then
JUMP="TPROXY --on-port $tproxy_port --tproxy-mark $fwmark" #跳转劫持的具体命令 JUMP="TPROXY --on-port $tproxy_port --tproxy-mark $fwmark" #跳转劫持的具体命令
[ "$lan_proxy" = true ] && start_ipt_route ip6tables mangle PREROUTING shellcrashv6_mark all [ "$lan_proxy" = true ] && start_ipt_route ip6tables mangle PREROUTING shellcrashv6_mark all
@@ -240,7 +240,7 @@ start_iptables() { #iptables配置总入口
else else
logger "当前设备内核可能缺少x_mark模块支持已放弃启动相关规则" 31 logger "当前设备内核可能缺少x_mark模块支持已放弃启动相关规则" 31
fi fi
[ "$ipv6_redir" = "已开启" ] && [ "$crashcore" != clashpre ] && { [ "$ipv6_redir" = "ON" ] && [ "$crashcore" != clashpre ] && {
if $ip6table -j MARK -h 2>/dev/null | grep -q '\--set-mark'; then if $ip6table -j MARK -h 2>/dev/null | grep -q '\--set-mark'; then
[ "$lan_proxy" = true ] && { [ "$lan_proxy" = true ] && {
[ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ] && $ip6table -I FORWARD -o utun -j ACCEPT [ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ] && $ip6table -I FORWARD -o utun -j ACCEPT
@@ -252,13 +252,13 @@ start_iptables() { #iptables配置总入口
fi fi
} }
} }
[ "$vm_redir" = "已开启" ] && [ -n "$$vm_ipv4" ] && { [ "$vm_redir" = "ON" ] && [ -n "$$vm_ipv4" ] && {
JUMP="REDIRECT --to-ports $redir_port" #跳转劫持的具体命令 JUMP="REDIRECT --to-ports $redir_port" #跳转劫持的具体命令
start_ipt_dns iptables PREROUTING shellcrash_vm_dns #ipv4-局域网dns转发 start_ipt_dns iptables PREROUTING shellcrash_vm_dns #ipv4-局域网dns转发
start_ipt_route iptables nat PREROUTING shellcrash_vm tcp #ipv4-局域网tcp转发 start_ipt_route iptables nat PREROUTING shellcrash_vm tcp #ipv4-局域网tcp转发
} }
#启动DNS劫持 #启动DNS劫持
[ "$dns_no" != "已禁用" -a "$dns_redir" != "已开启" -a "$firewall_area" -le 3 ] && { [ "$dns_no" != "已禁用" -a "$dns_redir" != "ON" -a "$firewall_area" -le 3 ] && {
[ "$lan_proxy" = true ] && { [ "$lan_proxy" = true ] && {
start_ipt_dns iptables PREROUTING shellcrash_dns #ipv4-局域网dns转发 start_ipt_dns iptables PREROUTING shellcrash_dns #ipv4-局域网dns转发
if $ip6table -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports'; then if $ip6table -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports'; then
@@ -271,8 +271,8 @@ start_iptables() { #iptables配置总入口
[ "$local_proxy" = true ] && start_ipt_dns iptables OUTPUT shellcrash_dns_out #ipv4-本机dns转发 [ "$local_proxy" = true ] && start_ipt_dns iptables OUTPUT shellcrash_dns_out #ipv4-本机dns转发
} }
#屏蔽QUIC #屏蔽QUIC
[ "$quic_rj" = '已启用' -a "$lan_proxy" = true -a "$redir_mod" != "Redir模式" ] && { [ "$quic_rj" = 'ON' -a "$lan_proxy" = true -a "$redir_mod" != "Redir模式" ] && {
[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" ] && { [ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "ON" ] && {
set_cn_ip='-m set ! --match-set cn_ip dst' set_cn_ip='-m set ! --match-set cn_ip dst'
set_cn_ip6='-m set ! --match-set cn_ip6 dst' set_cn_ip6='-m set ! --match-set cn_ip6 dst'
} }

16
scripts/starts/fw_nftables.sh
View File

@@ -10,7 +10,7 @@ add_ip6_route(){
#仅代理本机局域网网段流量 #仅代理本机局域网网段流量
nft add rule inet shellcrash $1 ip6 saddr != {$HOST_IP6} return nft add rule inet shellcrash $1 ip6 saddr != {$HOST_IP6} return
#绕过CN_IPV6 #绕过CN_IPV6
[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" -a -f "$BINDIR"/cn_ipv6.txt ] && { [ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "ON" -a -f "$BINDIR"/cn_ipv6.txt ] && {
CN_IP6=$(awk '{printf "%s, ",$1}' "$BINDIR"/cn_ipv6.txt) CN_IP6=$(awk '{printf "%s, ",$1}' "$BINDIR"/cn_ipv6.txt)
[ -n "$CN_IP6" ] && { [ -n "$CN_IP6" ] && {
nft add set inet shellcrash cn_ip6 { type ipv6_addr \; flags interval \; } nft add set inet shellcrash cn_ip6 { type ipv6_addr \; flags interval \; }
@@ -21,7 +21,7 @@ add_ip6_route(){
} }
start_nft_route() { #nftables-route通用工具 start_nft_route() { #nftables-route通用工具
#$1:name $2:hook(prerouting/output) $3:type(nat/mangle/filter) $4:priority(-100/-150) #$1:name $2:hook(prerouting/output) $3:type(nat/mangle/filter) $4:priority(-100/-150)
[ "$common_ports" = "已开启" ] && PORTS=$(echo $multiport | sed 's/,/, /g') [ "$common_ports" = "ON" ] && PORTS=$(echo $multiport | sed 's/,/, /g')
[ "$1" = 'prerouting' ] && HOST_IP=$(echo $host_ipv4 | sed 's/ /, /g') [ "$1" = 'prerouting' ] && HOST_IP=$(echo $host_ipv4 | sed 's/ /, /g')
[ "$1" = 'output' ] && HOST_IP="127.0.0.0/8, $(echo $local_ipv4 | sed 's/ /, /g')" [ "$1" = 'output' ] && HOST_IP="127.0.0.0/8, $(echo $local_ipv4 | sed 's/ /, /g')"
[ "$1" = 'prerouting_vm' ] && HOST_IP="$(echo $vm_ipv4 | sed 's/ /, /g')" [ "$1" = 'prerouting_vm' ] && HOST_IP="$(echo $vm_ipv4 | sed 's/ /, /g')"
@@ -73,7 +73,7 @@ start_nft_route() { #nftables-route通用工具
} }
} }
#绕过CN-IP #绕过CN-IP
[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" -a -f "$BINDIR"/cn_ip.txt ] && { [ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "ON" -a -f "$BINDIR"/cn_ip.txt ] && {
CN_IP=$(awk '{printf "%s, ",$1}' "$BINDIR"/cn_ip.txt) CN_IP=$(awk '{printf "%s, ",$1}' "$BINDIR"/cn_ip.txt)
[ -n "$CN_IP" ] && { [ -n "$CN_IP" ] && {
nft add set inet shellcrash cn_ip { type ipv4_addr \; flags interval \; } nft add set inet shellcrash cn_ip { type ipv4_addr \; flags interval \; }
@@ -82,17 +82,17 @@ start_nft_route() { #nftables-route通用工具
} }
} }
#局域网ipv6支持 #局域网ipv6支持
if [ "$ipv6_redir" = "已开启" -a "$1" = 'prerouting' -a "$firewall_area" != 5 ]; then if [ "$ipv6_redir" = "ON" -a "$1" = 'prerouting' -a "$firewall_area" != 5 ]; then
HOST_IP6=$(echo $host_ipv6 | sed 's/ /, /g') HOST_IP6=$(echo $host_ipv6 | sed 's/ /, /g')
add_ip6_route "$1" add_ip6_route "$1"
elif [ "$ipv6_redir" = "已开启" -a "$1" = 'output' -a \( "$firewall_area" = 2 -o "$firewall_area" = 3 \) ]; then elif [ "$ipv6_redir" = "ON" -a "$1" = 'output' -a \( "$firewall_area" = 2 -o "$firewall_area" = 3 \) ]; then
HOST_IP6="::1, $(echo $host_ipv6 | sed 's/ /, /g')" HOST_IP6="::1, $(echo $host_ipv6 | sed 's/ /, /g')"
add_ip6_route "$1" add_ip6_route "$1"
else else
nft add rule inet shellcrash $1 meta nfproto ipv6 return nft add rule inet shellcrash $1 meta nfproto ipv6 return
fi fi
#屏蔽quic #屏蔽quic
[ "$quic_rj" = '已启用' -a "$lan_proxy" = true ] && nft add rule inet shellcrash $1 udp dport {443, 8443} return [ "$quic_rj" = 'ON' -a "$lan_proxy" = true ] && nft add rule inet shellcrash $1 udp dport {443, 8443} return
#添加通用路由 #添加通用路由
nft add rule inet shellcrash "$1" "$JUMP" nft add rule inet shellcrash "$1" "$JUMP"
#处理特殊路由 #处理特殊路由
@@ -163,7 +163,7 @@ start_nftables() { #nftables配置总入口
#公网访问防火墙 #公网访问防火墙
[ "$fw_wan" != OFF ] && [ "$systype" != 'container' ] && start_nft_wan [ "$fw_wan" != OFF ] && [ "$systype" != 'container' ] && start_nft_wan
#启动DNS劫持 #启动DNS劫持
[ "$dns_no" != "已禁用" -a "$dns_redir" != "已开启" -a "$firewall_area" -le 3 ] && { [ "$dns_no" != "已禁用" -a "$dns_redir" != "ON" -a "$firewall_area" -le 3 ] && {
[ "$lan_proxy" = true ] && start_nft_dns prerouting prerouting #局域网dns转发 [ "$lan_proxy" = true ] && start_nft_dns prerouting prerouting #局域网dns转发
[ "$local_proxy" = true ] && start_nft_dns output output #本机dns转发 [ "$local_proxy" = true ] && start_nft_dns output output #本机dns转发
} }
@@ -203,7 +203,7 @@ start_nftables() { #nftables配置总入口
[ "$lan_proxy" = true ] && start_nft_route prerouting prerouting filter -150 [ "$lan_proxy" = true ] && start_nft_route prerouting prerouting filter -150
[ "$local_proxy" = true ] && start_nft_route output output route -150 [ "$local_proxy" = true ] && start_nft_route output output route -150
} }
[ "$vm_redir" = "已开启" ] && [ -n "$$vm_ipv4" ] && { [ "$vm_redir" = "ON" ] && [ -n "$$vm_ipv4" ] && {
start_nft_dns prerouting_vm prerouting start_nft_dns prerouting_vm prerouting
JUMP="meta l4proto tcp redirect to $redir_port" #跳转劫持的具体命令 JUMP="meta l4proto tcp redirect to $redir_port" #跳转劫持的具体命令
start_nft_route prerouting_vm prerouting nat -100 start_nft_route prerouting_vm prerouting nat -100

6
scripts/starts/fw_start.sh
View File

@@ -5,9 +5,9 @@
. "$CRASHDIR"/starts/fw_getlanip.sh && getlanip . "$CRASHDIR"/starts/fw_getlanip.sh && getlanip
#缺省值 #缺省值
[ -z "$macfilter_type" ] && macfilter_type='黑名单' [ -z "$macfilter_type" ] && macfilter_type='黑名单'
[ -z "$common_ports" ] && common_ports='已开启' [ -z "$common_ports" ] && common_ports='ON'
[ -z "$multiport" ] && multiport='22,80,143,194,443,465,587,853,993,995,5222,8080,8443' [ -z "$multiport" ] && multiport='22,80,143,194,443,465,587,853,993,995,5222,8080,8443'
[ "$common_ports" = "已开启" ] && ports="-m multiport --dports $multiport" [ "$common_ports" = "ON" ] && ports="-m multiport --dports $multiport"
[ -z "$redir_mod" ] && [ "$USER" = "root" -o "$USER" = "admin" ] && redir_mod='Redir模式' [ -z "$redir_mod" ] && [ "$USER" = "root" -o "$USER" = "admin" ] && redir_mod='Redir模式'
[ -z "$dns_mod" ] && dns_mod='redir_host' [ -z "$dns_mod" ] && dns_mod='redir_host'
[ -z "$redir_mod" ] && firewall_area='4' [ -z "$redir_mod" ] && firewall_area='4'
@@ -31,7 +31,7 @@
[ "$redir_mod" != "Redir模式" ] && ip rule add fwmark $fwmark table $table 2>/dev/null [ "$redir_mod" != "Redir模式" ] && ip rule add fwmark $fwmark table $table 2>/dev/null
} }
#添加ipv6路由 #添加ipv6路由
[ "$ipv6_redir" = "已开启" -a "$firewall_area" -le 3 ] && { [ "$ipv6_redir" = "ON" -a "$firewall_area" -le 3 ] && {
[ "$redir_mod" = "Tproxy模式" ] && ip -6 route add local default dev lo table $((table + 1)) 2>/dev/null [ "$redir_mod" = "Tproxy模式" ] && ip -6 route add local default dev lo table $((table + 1)) 2>/dev/null
[ -n "$(ip route list | grep utun)" ] && ip -6 route add default dev utun table $((table + 1)) 2>/dev/null [ -n "$(ip route list | grep utun)" ] && ip -6 route add default dev utun table $((table + 1)) 2>/dev/null
[ "$redir_mod" != "Redir模式" ] && ip -6 rule add fwmark $fwmark table $((table + 1)) 2>/dev/null [ "$redir_mod" != "Redir模式" ] && ip -6 rule add fwmark $fwmark table $((table + 1)) 2>/dev/null

15
scripts/starts/fw_stop.sh
View File

@@ -7,9 +7,9 @@
. "$CRASHDIR"/libs/check_cmd.sh . "$CRASHDIR"/libs/check_cmd.sh
. "$CRASHDIR"/starts/fw_getlanip.sh && getlanip #获取局域网host地址 . "$CRASHDIR"/starts/fw_getlanip.sh && getlanip #获取局域网host地址
#缺省值 #缺省值
[ -z "$common_ports" ] && common_ports='已开启' [ -z "$common_ports" ] && common_ports='ON'
[ -z "$multiport" ] && multiport='22,80,143,194,443,465,587,853,993,995,5222,8080,8443' [ -z "$multiport" ] && multiport='22,80,143,194,443,465,587,853,993,995,5222,8080,8443'
[ "$common_ports" = "已开启" ] && ports="-m multiport --dports $multiport" [ "$common_ports" = "ON" ] && ports="-m multiport --dports $multiport"
#重置iptables相关规则 #重置iptables相关规则
ckcmd iptables && { ckcmd iptables && {
ckcmd iptables && iptables -h | grep -q '\-w' && iptable='iptables -w' || iptable=iptables ckcmd iptables && iptables -h | grep -q '\-w' && iptable='iptables -w' || iptable=iptables
@@ -43,7 +43,7 @@ ckcmd iptables && {
#tun #tun
$iptable -D FORWARD -o utun -j ACCEPT 2>/dev/null $iptable -D FORWARD -o utun -j ACCEPT 2>/dev/null
#屏蔽QUIC #屏蔽QUIC
[ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" != "未开启" ] && set_cn_ip='-m set ! --match-set cn_ip dst' [ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" != "OFF" ] && set_cn_ip='-m set ! --match-set cn_ip dst'
$iptable -D INPUT -p udp --dport 443 $set_cn_ip -j REJECT 2>/dev/null $iptable -D INPUT -p udp --dport 443 $set_cn_ip -j REJECT 2>/dev/null
$iptable -D FORWARD -p udp --dport 443 -o utun $set_cn_ip -j REJECT 2>/dev/null $iptable -D FORWARD -p udp --dport 443 -o utun $set_cn_ip -j REJECT 2>/dev/null
#公网访问 #公网访问
@@ -93,7 +93,7 @@ ckcmd ip6tables && {
#tun #tun
$ip6table -D FORWARD -o utun -j ACCEPT 2>/dev/null $ip6table -D FORWARD -o utun -j ACCEPT 2>/dev/null
#屏蔽QUIC #屏蔽QUIC
[ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" != "未开启" ] && set_cn_ip6='-m set ! --match-set cn_ip6 dst' [ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" != "OFF" ] && set_cn_ip6='-m set ! --match-set cn_ip6 dst'
$ip6table -D INPUT -p udp --dport 443 $set_cn_ip6 -j REJECT 2>/dev/null $ip6table -D INPUT -p udp --dport 443 $set_cn_ip6 -j REJECT 2>/dev/null
$ip6table -D FORWARD -p udp --dport 443 -o utun $set_cn_ip6 -j REJECT 2>/dev/null $ip6table -D FORWARD -p udp --dport 443 -o utun $set_cn_ip6 -j REJECT 2>/dev/null
#公网访问 #公网访问
@@ -120,13 +120,6 @@ ckcmd ip6tables && {
#清理ipset规则 #清理ipset规则
ipset destroy cn_ip >/dev/null 2>&1 ipset destroy cn_ip >/dev/null 2>&1
ipset destroy cn_ip6 >/dev/null 2>&1 ipset destroy cn_ip6 >/dev/null 2>&1
#移除dnsmasq转发规则
[ "$dns_redir" = "已开启" ] && {
uci del dhcp.@dnsmasq[-1].server >/dev/null 2>&1
uci set dhcp.@dnsmasq[0].noresolv=0 2>/dev/null
uci commit dhcp >/dev/null 2>&1
/etc/init.d/dnsmasq restart >/dev/null 2>&1
}
#清理路由规则 #清理路由规则
ip rule del fwmark $fwmark table $table 2>/dev/null ip rule del fwmark $fwmark table $table 2>/dev/null
ip route flush table $table 2>/dev/null ip route flush table $table 2>/dev/null

8
scripts/starts/singbox_modify.sh
View File

@@ -97,7 +97,7 @@ EOF
EOF EOF
fi fi
#生成dns.json #生成dns.json
[ "$ipv6_dns" != "未开启" ] && strategy='prefer_ipv4' || strategy='ipv4_only' [ "$ipv6_dns" != "OFF" ] && strategy='prefer_ipv4' || strategy='ipv4_only'
#获取detour出口 #获取detour出口
auto_detour=$(grep -E '"type": "urltest"' -A 1 "$TMPDIR"/jsons/outbounds.json | grep '自动' | head -n 1 | sed 's/^[[:space:]]*"tag": //;s/,$//') auto_detour=$(grep -E '"type": "urltest"' -A 1 "$TMPDIR"/jsons/outbounds.json | grep '自动' | head -n 1 | sed 's/^[[:space:]]*"tag": //;s/,$//')
[ -z "$auto_detour" ] && auto_detour=$(grep -E '"type": "urltest"' -A 1 "$TMPDIR"/jsons/outbounds.json | grep '"tag":' | head -n 1 | sed 's/^[[:space:]]*"tag": //;s/,$//') [ -z "$auto_detour" ] && auto_detour=$(grep -E '"type": "urltest"' -A 1 "$TMPDIR"/jsons/outbounds.json | grep '"tag":' | head -n 1 | sed 's/^[[:space:]]*"tag": //;s/,$//')
@@ -189,7 +189,7 @@ EOF
EOF EOF
#生成add_route.json #生成add_route.json
#域名嗅探配置 #域名嗅探配置
[ "$sniffer" = "已启用" ] && sniffer_set='{ "action": "sniff", "timeout": "500ms" },' [ "$sniffer" = ON ] && sniffer_set='{ "action": "sniff", "timeout": "500ms" },'
[ "$ts_service" = ON ] && tailscale_set='{ "inbound": [ "ts-ep" ], "port": 53, "action": "hijack-dns" },' [ "$ts_service" = ON ] && tailscale_set='{ "inbound": [ "ts-ep" ], "port": 53, "action": "hijack-dns" },'
cat >"$TMPDIR"/jsons/add_route.json <<EOF cat >"$TMPDIR"/jsons/add_route.json <<EOF
{ {
@@ -257,7 +257,7 @@ EOF
. "$CRASHDIR"/libs/sb_inbounds.sh . "$CRASHDIR"/libs/sb_inbounds.sh
} }
if [ "$redir_mod" = "混合模式" -o "$redir_mod" = "Tun模式" ]; then if [ "$redir_mod" = "混合模式" -o "$redir_mod" = "Tun模式" ]; then
[ "ipv6_redir" = '已开启' ] && ipv6_address='"fe80::e5c5:2469:d09b:609a/64",' [ "ipv6_redir" = 'ON' ] && ipv6_address='"fe80::e5c5:2469:d09b:609a/64",'
cat >>"$TMPDIR"/jsons/tun.json <<EOF cat >>"$TMPDIR"/jsons/tun.json <<EOF
{ {
"inbounds": [ "inbounds": [
@@ -336,7 +336,7 @@ EOF
sed -i '/"process_name": "[^"]*",/d' "$TMPDIR"/jsons/route.json sed -i '/"process_name": "[^"]*",/d' "$TMPDIR"/jsons/route.json
sed -i 's/"auto_detect_interface": true/"auto_detect_interface": false/g' "$TMPDIR"/jsons/route.json sed -i 's/"auto_detect_interface": true/"auto_detect_interface": false/g' "$TMPDIR"/jsons/route.json
#跳过本地tls证书验证 #跳过本地tls证书验证
if [ "$skip_cert" != "未开启" ]; then if [ "$skip_cert" != "OFF" ]; then
sed -i 's/"insecure": false/"insecure": true/' "$TMPDIR"/jsons/outbounds.json "$TMPDIR"/jsons/providers.json 2>/dev/null sed -i 's/"insecure": false/"insecure": true/' "$TMPDIR"/jsons/outbounds.json "$TMPDIR"/jsons/providers.json 2>/dev/null
else else
sed -i 's/"insecure": true/"insecure": false/' "$TMPDIR"/jsons/outbounds.json "$TMPDIR"/jsons/providers.json 2>/dev/null sed -i 's/"insecure": true/"insecure": false/' "$TMPDIR"/jsons/outbounds.json "$TMPDIR"/jsons/providers.json 2>/dev/null

2
scripts/starts/start_error.sh
View File

@@ -1,5 +1,5 @@
if [ "$start_old" != "已开启" ] && ckcmd journalctl; then if [ "$start_old" != "ON" ] && ckcmd journalctl; then
journalctl -u shellcrash >"$TMPDIR"/core_test.log journalctl -u shellcrash >"$TMPDIR"/core_test.log
else else
PID=$(pidof CrashCore) && [ -n "$PID" ] && kill -9 "$PID" >/dev/null 2>&1 PID=$(pidof CrashCore) && [ -n "$PID" ] && kill -9 "$PID" >/dev/null 2>&1