xm/ShellCrash
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

~修复部分设备因iptables版本过低导致-w参数无法使用的问题

Browse Source
This commit is contained in:
juewuy
2024-09-03 08:15:50 +08:00
parent ca72df9584
commit f790aee120
3 changed files with 147 additions and 138 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
scripts/init.sh
View File

@@ -207,7 +207,7 @@ fi
setconfig COMMAND "$COMMAND" ${CRASHDIR}/configs/command.env setconfig COMMAND "$COMMAND" ${CRASHDIR}/configs/command.env
#设置防火墙执行模式 #设置防火墙执行模式
[ -z "$(grep firewall_mod $CRASHDIR/configs/ShellClash.cfg 2>/dev/null)" ] && { [ -z "$(grep firewall_mod $CRASHDIR/configs/ShellClash.cfg 2>/dev/null)" ] && {
iptables -w -j REDIRECT -h >/dev/null 2>&1 && firewall_mod=iptables iptables -j REDIRECT -h >/dev/null 2>&1 && firewall_mod=iptables
nft add table inet shellcrash 2>/dev/null && firewall_mod=nftables nft add table inet shellcrash 2>/dev/null && firewall_mod=nftables
setconfig firewall_mod $firewall_mod setconfig firewall_mod $firewall_mod
} }

247
scripts/start.sh
View File

@@ -43,6 +43,9 @@ getconfig() { #读取配置及全局变量
format=yaml format=yaml
core_config="$CRASHDIR"/yamls/config.yaml core_config="$CRASHDIR"/yamls/config.yaml
fi fi
#检查$iptable命令可用性
iptables -h | grep -q '\-w' && iptable='iptables -w' || iptable=iptables
ip6tables -h | grep -q '\-w' && ip6table='ip6tables -w' || ip6table=ip6tables
} }
setconfig() { #脚本配置工具 setconfig() { #脚本配置工具
#参数1代表变量名参数2代表变量值,参数3即文件路径 #参数1代表变量名参数2代表变量值,参数3即文件路径
@@ -894,39 +897,41 @@ start_ipt_route() { #iptables-route通用工具
HOST_IP=$host_ipv4 HOST_IP=$host_ipv4
[ "$3" = 'OUTPUT' ] && HOST_IP="127.0.0.0/8 $local_ipv4" [ "$3" = 'OUTPUT' ] && HOST_IP="127.0.0.0/8 $local_ipv4"
[ "$4" = 'shellcrash_vm' ] && HOST_IP="$vm_ipv4" [ "$4" = 'shellcrash_vm' ] && HOST_IP="$vm_ipv4"
iptables -h | grep -q '\-w' && w='-w' || w=''
} }
[ "$1" = 'ip6tables' ] && { [ "$1" = 'ip6tables' ] && {
RESERVED_IP=$reserve_ipv6 RESERVED_IP=$reserve_ipv6
HOST_IP=$host_ipv6 HOST_IP=$host_ipv6
[ "$3" = 'OUTPUT' ] && HOST_IP="::1 $host_ipv6" [ "$3" = 'OUTPUT' ] && HOST_IP="::1 $host_ipv6"
ip6tables -h | grep -q '\-w' && w='-w' || w=''
} }
#创建新的shellcrash链表 #创建新的shellcrash链表
$1 -w -t $2 -N $4 $1 $w -t $2 -N $4
#过滤dns #过滤dns
$1 -w -t $2 -A $4 -p tcp --dport 53 -j RETURN $1 $w -t $2 -A $4 -p tcp --dport 53 -j RETURN
$1 -w -t $2 -A $4 -p udp --dport 53 -j RETURN $1 $w -t $2 -A $4 -p udp --dport 53 -j RETURN
#防回环 #防回环
$1 -w -t $2 -A $4 -m mark --mark $routing_mark -j RETURN $1 $w -t $2 -A $4 -m mark --mark $routing_mark -j RETURN
[ "$3" = 'OUTPUT' ] && for gid in 453 7890; do [ "$3" = 'OUTPUT' ] && for gid in 453 7890; do
$1 -w -t $2 -A $4 -m owner --gid-owner $gid -j RETURN $1 $w -t $2 -A $4 -m owner --gid-owner $gid -j RETURN
done done
[ "$firewall_area" = 5 ] && $1 -w -t $2 -A $4 -s $bypass_host -j RETURN [ "$firewall_area" = 5 ] && $1 $w -t $2 -A $4 -s $bypass_host -j RETURN
#跳过目标保留地址及目标本机网段 #跳过目标保留地址及目标本机网段
for ip in $HOST_IP $RESERVED_IP; do for ip in $HOST_IP $RESERVED_IP; do
$1 -w -t $2 -A $4 -d $ip -j RETURN $1 $w -t $2 -A $4 -d $ip -j RETURN
done done
#绕过CN_IP #绕过CN_IP
[ "$1" = iptables ] && [ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" = "已开启" ] && [ -f "$BINDIR"/cn_ip.txt ] && $1 -w -t $2 -A $4 -m set --match-set cn_ip dst -j RETURN 2>/dev/null [ "$1" = iptables ] && [ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" = "已开启" ] && [ -f "$BINDIR"/cn_ip.txt ] && $1 $w -t $2 -A $4 -m set --match-set cn_ip dst -j RETURN 2>/dev/null
[ "$1" = ip6tables ] && [ "$dns_mod" != "fake-ip" ] && [ "$cn_ipv6_route" = "已开启" ] && [ -f "$BINDIR"/cn_ipv6.txt ] && $1 -w -t $2 -A $4 -m set --match-set cn_ip6 dst -j RETURN 2>/dev/null [ "$1" = ip6tables ] && [ "$dns_mod" != "fake-ip" ] && [ "$cn_ipv6_route" = "已开启" ] && [ -f "$BINDIR"/cn_ipv6.txt ] && $1 $w -t $2 -A $4 -m set --match-set cn_ip6 dst -j RETURN 2>/dev/null
#局域网mac地址黑名单过滤 #局域网mac地址黑名单过滤
[ "$3" = 'PREROUTING' ] && [ "$macfilter_type" != "白名单" ] && { [ "$3" = 'PREROUTING' ] && [ "$macfilter_type" != "白名单" ] && {
[ -s "$CRASHDIR"/configs/mac ] && \ [ -s "$CRASHDIR"/configs/mac ] && \
for mac in $(cat "$CRASHDIR"/configs/mac); do for mac in $(cat "$CRASHDIR"/configs/mac); do
$1 -w -t $2 -A $4 -m mac --mac-source $mac -j RETURN $1 $w -t $2 -A $4 -m mac --mac-source $mac -j RETURN
done done
[ -s "$CRASHDIR"/configs/ip_filter ] && [ "$1" = 'iptables' ] && \ [ -s "$CRASHDIR"/configs/ip_filter ] && [ "$1" = 'iptables' ] && \
for ip in $(cat "$CRASHDIR"/configs/ip_filter); do for ip in $(cat "$CRASHDIR"/configs/ip_filter); do
$1 -w -t $2 -A $4 -s $ip -j RETURN $1 $w -t $2 -A $4 -s $ip -j RETURN
done done
} }
#tcp&udp分别进代理链 #tcp&udp分别进代理链
@@ -934,20 +939,20 @@ start_ipt_route() { #iptables-route通用工具
if [ "$3" = 'PREROUTING' ] && [ "$4" != 'shellcrash_vm' ] && [ "$macfilter_type" = "白名单" ] && [ -n "$(cat $CRASHDIR/configs/mac $CRASHDIR/configs/ip_filter 2>/dev/null)" ];then if [ "$3" = 'PREROUTING' ] && [ "$4" != 'shellcrash_vm' ] && [ "$macfilter_type" = "白名单" ] && [ -n "$(cat $CRASHDIR/configs/mac $CRASHDIR/configs/ip_filter 2>/dev/null)" ];then
[ -s "$CRASHDIR"/configs/mac ] && \ [ -s "$CRASHDIR"/configs/mac ] && \
for mac in $(cat "$CRASHDIR"/configs/mac); do for mac in $(cat "$CRASHDIR"/configs/mac); do
$1 -w -t $2 -A $4 -p $5 -m mac --mac-source $mac -j $JUMP $1 $w -t $2 -A $4 -p $5 -m mac --mac-source $mac -j $JUMP
done done
[ -s "$CRASHDIR"/configs/ip_filter ] && [ "$1" = 'iptables' ] && \ [ -s "$CRASHDIR"/configs/ip_filter ] && [ "$1" = 'iptables' ] && \
for ip in $(cat "$CRASHDIR"/configs/ip_filter); do for ip in $(cat "$CRASHDIR"/configs/ip_filter); do
$1 -w -t $2 -A $4 -p $5 -s $ip -j $JUMP $1 $w -t $2 -A $4 -p $5 -s $ip -j $JUMP
done done
else else
for ip in $HOST_IP; do #仅限指定网段流量 for ip in $HOST_IP; do #仅限指定网段流量
$1 -w -t $2 -A $4 -p $5 -s $ip -j $JUMP $1 $w -t $2 -A $4 -p $5 -s $ip -j $JUMP
done done
fi fi
#将所在链指定流量指向shellcrash表 #将所在链指定流量指向shellcrash表
$1 -w -t $2 -I $3 -p $5 $ports -j $4 $1 $w -t $2 -I $3 -p $5 $ports -j $4
[ "$dns_mod" != "redir_host" ] && [ "$common_ports" = "已开启" ] && [ "$1" = iptables ] && $1 -w -t $2 -I $3 -p $5 -d 198.18.0.0/16 -j $4 [ "$dns_mod" != "redir_host" ] && [ "$common_ports" = "已开启" ] && [ "$1" = iptables ] && $1 $w -t $2 -I $3 -p $5 -d 198.18.0.0/16 -j $4
} }
[ "$5" = "tcp" -o "$5" = "all" ] && proxy_set $1 $2 $3 $4 tcp [ "$5" = "tcp" -o "$5" = "all" ] && proxy_set $1 $2 $3 $4 tcp
[ "$5" = "udp" -o "$5" = "all" ] && proxy_set $1 $2 $3 $4 udp [ "$5" = "udp" -o "$5" = "all" ] && proxy_set $1 $2 $3 $4 udp
@@ -959,79 +964,83 @@ start_ipt_dns() { #iptables-dns通用工具
HOST_IP="$host_ipv4" HOST_IP="$host_ipv4"
[ "$2" = 'OUTPUT' ] && HOST_IP="127.0.0.0/8 $local_ipv4" [ "$2" = 'OUTPUT' ] && HOST_IP="127.0.0.0/8 $local_ipv4"
[ "$3" = 'shellcrash_vm_dns' ] && HOST_IP="$vm_ipv4" [ "$3" = 'shellcrash_vm_dns' ] && HOST_IP="$vm_ipv4"
iptables -h | grep -q '\-w' && w='-w' || w=''
} }
[ "$1" = 'ip6tables' ] && HOST_IP=$host_ipv6 [ "$1" = 'ip6tables' ] && {
$1 -w -t nat -N $3 HOST_IP=$host_ipv6
ip6tables -h | grep -q '\-w' && w='-w' || w=''
}
$1 $w -t nat -N $3
#防回环 #防回环
$1 -w -t nat -A $3 -m mark --mark $routing_mark -j RETURN $1 $w -t nat -A $3 -m mark --mark $routing_mark -j RETURN
[ "$2" = 'OUTPUT' ] && for gid in 453 7890; do [ "$2" = 'OUTPUT' ] && for gid in 453 7890; do
$1 -w -t nat -A $3 -m owner --gid-owner $gid -j RETURN $1 $w -t nat -A $3 -m owner --gid-owner $gid -j RETURN
done done
[ "$firewall_area" = 5 ] && { [ "$firewall_area" = 5 ] && {
$1 -w -t nat -A $3 -p tcp -s $bypass_host -j RETURN $1 $w -t nat -A $3 -p tcp -s $bypass_host -j RETURN
$1 -w -t nat -A $3 -p udp -s $bypass_host -j RETURN $1 $w -t nat -A $3 -p udp -s $bypass_host -j RETURN
} }
#局域网mac地址黑名单过滤 #局域网mac地址黑名单过滤
[ "$2" = 'PREROUTING' ] && [ "$macfilter_type" != "白名单" ] && { [ "$2" = 'PREROUTING' ] && [ "$macfilter_type" != "白名单" ] && {
[ -s "$CRASHDIR"/configs/mac ] && \ [ -s "$CRASHDIR"/configs/mac ] && \
for mac in $(cat "$CRASHDIR"/configs/mac); do for mac in $(cat "$CRASHDIR"/configs/mac); do
$1 -w -t nat -A $3 -m mac --mac-source $mac -j RETURN $1 $w -t nat -A $3 -m mac --mac-source $mac -j RETURN
done done
[ -s "$CRASHDIR"/configs/ip_filter ] && [ "$1" = 'iptables' ] && \ [ -s "$CRASHDIR"/configs/ip_filter ] && [ "$1" = 'iptables' ] && \
for ip in $(cat "$CRASHDIR"/configs/ip_filter); do for ip in $(cat "$CRASHDIR"/configs/ip_filter); do
$1 -w -t nat -A $3 -s $ip -j RETURN $1 $w -t nat -A $3 -s $ip -j RETURN
done done
} }
if [ "$2" = 'PREROUTING' ] && [ "$3" != 'shellcrash_vm_dns' ] && [ "$macfilter_type" = "白名单" ] && [ -n "$(cat $CRASHDIR/configs/mac $CRASHDIR/configs/ip_filter 2>/dev/null)" ];then if [ "$2" = 'PREROUTING' ] && [ "$3" != 'shellcrash_vm_dns' ] && [ "$macfilter_type" = "白名单" ] && [ -n "$(cat $CRASHDIR/configs/mac $CRASHDIR/configs/ip_filter 2>/dev/null)" ];then
[ -s "$CRASHDIR"/configs/mac ] && \ [ -s "$CRASHDIR"/configs/mac ] && \
for mac in $(cat "$CRASHDIR"/configs/mac); do for mac in $(cat "$CRASHDIR"/configs/mac); do
$1 -w -t nat -A $3 -p tcp -m mac --mac-source $mac -j REDIRECT --to-ports $dns_port $1 $w -t nat -A $3 -p tcp -m mac --mac-source $mac -j REDIRECT --to-ports $dns_port
$1 -w -t nat -A $3 -p udp -m mac --mac-source $mac -j REDIRECT --to-ports $dns_port $1 $w -t nat -A $3 -p udp -m mac --mac-source $mac -j REDIRECT --to-ports $dns_port
done done
[ -s "$CRASHDIR"/configs/ip_filter ] && [ "$1" = 'iptables' ] && \ [ -s "$CRASHDIR"/configs/ip_filter ] && [ "$1" = 'iptables' ] && \
for ip in $(cat "$CRASHDIR"/configs/ip_filter); do for ip in $(cat "$CRASHDIR"/configs/ip_filter); do
$1 -w -t nat -A $3 -p tcp -s $ip -j REDIRECT --to-ports $dns_port $1 $w -t nat -A $3 -p tcp -s $ip -j REDIRECT --to-ports $dns_port
$1 -w -t nat -A $3 -p udp -s $ip -j REDIRECT --to-ports $dns_port $1 $w -t nat -A $3 -p udp -s $ip -j REDIRECT --to-ports $dns_port
done done
else else
for ip in $HOST_IP; do #仅限指定网段流量 for ip in $HOST_IP; do #仅限指定网段流量
$1 -w -t nat -A $3 -p tcp -s $ip -j REDIRECT --to-ports $dns_port $1 $w -t nat -A $3 -p tcp -s $ip -j REDIRECT --to-ports $dns_port
$1 -w -t nat -A $3 -p udp -s $ip -j REDIRECT --to-ports $dns_port $1 $w -t nat -A $3 -p udp -s $ip -j REDIRECT --to-ports $dns_port
done done
fi fi
[ "$1" = 'ip6tables' ] && { [ "$1" = 'ip6tables' ] && {
$1 -w -t nat -A $3 -p tcp -j RETURN $1 $w -t nat -A $3 -p tcp -j RETURN
$1 -w -t nat -A $3 -p udp -j RETURN $1 $w -t nat -A $3 -p udp -j RETURN
} }
$1 -w -t nat -I $2 -p tcp --dport 53 -j $3 $1 $w -t nat -I $2 -p tcp --dport 53 -j $3
$1 -w -t nat -I $2 -p udp --dport 53 -j $3 $1 $w -t nat -I $2 -p udp --dport 53 -j $3
} }
start_ipt_wan() { #iptables公网防火墙 start_ipt_wan() { #iptables公网防火墙
#获取局域网host地址 #获取局域网host地址
getlanip getlanip
if [ "$public_support" = "已开启" ]; then if [ "$public_support" = "已开启" ]; then
iptables -w -I INPUT -p tcp --dport $db_port -j ACCEPT $iptable -I INPUT -p tcp --dport $db_port -j ACCEPT
ckcmd ip6tables && ip6tables -w -I INPUT -p tcp --dport $db_port -j ACCEPT ckcmd ip6tables && $ip6table -I INPUT -p tcp --dport $db_port -j ACCEPT
else else
#仅允许非公网设备访问面板 #仅允许非公网设备访问面板
for ip in $reserve_ipv4; do for ip in $reserve_ipv4; do
iptables -w -A INPUT -p tcp -s $ip --dport $db_port -j ACCEPT $iptable -A INPUT -p tcp -s $ip --dport $db_port -j ACCEPT
done done
iptables -w -A INPUT -p tcp --dport $db_port -j REJECT $iptable -A INPUT -p tcp --dport $db_port -j REJECT
ckcmd ip6tables && ip6tables -w -A INPUT -p tcp --dport $db_port -j REJECT ckcmd ip6tables && $ip6table -A INPUT -p tcp --dport $db_port -j REJECT
fi fi
if [ "$public_mixport" = "已开启" ]; then if [ "$public_mixport" = "已开启" ]; then
iptables -w -I INPUT -p tcp --dport $mix_port -j ACCEPT $iptable -I INPUT -p tcp --dport $mix_port -j ACCEPT
ckcmd ip6tables && ip6tables -w -I INPUT -p tcp --dport $mix_port -j ACCEPT ckcmd ip6tables && $ip6table -I INPUT -p tcp --dport $mix_port -j ACCEPT
else else
#仅允许局域网设备访问混合端口 #仅允许局域网设备访问混合端口
for ip in $reserve_ipv4; do for ip in $reserve_ipv4; do
iptables -w -A INPUT -p tcp -s $ip --dport $mix_port -j ACCEPT $iptable -A INPUT -p tcp -s $ip --dport $mix_port -j ACCEPT
done done
iptables -w -A INPUT -p tcp --dport $mix_port -j REJECT $iptable -A INPUT -p tcp --dport $mix_port -j REJECT
ckcmd ip6tables && ip6tables -w -A INPUT -p tcp --dport $mix_port -j REJECT ckcmd ip6tables && $ip6table -A INPUT -p tcp --dport $mix_port -j REJECT
fi fi
iptables -w -I INPUT -p tcp -d 127.0.0.1 -j ACCEPT #本机请求全放行 $iptable -I INPUT -p tcp -d 127.0.0.1 -j ACCEPT #本机请求全放行
} }
start_iptables() { #iptables配置总入口 start_iptables() { #iptables配置总入口
#启动公网访问防火墙 #启动公网访问防火墙
@@ -1042,7 +1051,7 @@ start_iptables() { #iptables配置总入口
[ "$lan_proxy" = true ] && { [ "$lan_proxy" = true ] && {
start_ipt_route iptables nat PREROUTING shellcrash tcp #ipv4-局域网tcp转发 start_ipt_route iptables nat PREROUTING shellcrash tcp #ipv4-局域网tcp转发
[ "$ipv6_redir" = "已开启" ] && { [ "$ipv6_redir" = "已开启" ] && {
if ip6tables -w -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports'; then if $ip6table -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports'; then
start_ipt_route ip6tables nat PREROUTING shellcrashv6 tcp #ipv6-局域网tcp转发 start_ipt_route ip6tables nat PREROUTING shellcrashv6 tcp #ipv6-局域网tcp转发
else else
logger "当前设备内核缺少ip6tables_REDIRECT模块支持已放弃启动相关规则" 31 logger "当前设备内核缺少ip6tables_REDIRECT模块支持已放弃启动相关规则" 31
@@ -1052,7 +1061,7 @@ start_iptables() { #iptables配置总入口
[ "$local_proxy" = true ] && { [ "$local_proxy" = true ] && {
start_ipt_route iptables nat OUTPUT shellcrash_out tcp #ipv4-本机tcp转发 start_ipt_route iptables nat OUTPUT shellcrash_out tcp #ipv4-本机tcp转发
[ "$ipv6_redir" = "已开启" ] && { [ "$ipv6_redir" = "已开启" ] && {
if ip6tables -w -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports'; then if $ip6table -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports'; then
start_ipt_route ip6tables nat OUTPUT shellcrashv6_out tcp #ipv6-本机tcp转发 start_ipt_route ip6tables nat OUTPUT shellcrashv6_out tcp #ipv6-本机tcp转发
else else
logger "当前设备内核缺少ip6tables_REDIRECT模块支持已放弃启动相关规则" 31 logger "当前设备内核缺少ip6tables_REDIRECT模块支持已放弃启动相关规则" 31
@@ -1062,14 +1071,14 @@ start_iptables() { #iptables配置总入口
} }
[ "$redir_mod" = "Tproxy模式" ] && { [ "$redir_mod" = "Tproxy模式" ] && {
JUMP="TPROXY --on-port $tproxy_port --tproxy-mark $fwmark" #跳转劫持的具体命令 JUMP="TPROXY --on-port $tproxy_port --tproxy-mark $fwmark" #跳转劫持的具体命令
if iptables -w -j TPROXY -h 2>/dev/null | grep -q '\--on-port'; then if $iptable -j TPROXY -h 2>/dev/null | grep -q '\--on-port'; then
[ "$lan_proxy" = true ] && start_ipt_route iptables mangle PREROUTING shellcrash_mark all [ "$lan_proxy" = true ] && start_ipt_route iptables mangle PREROUTING shellcrash_mark all
[ "$local_proxy" = true ] && { [ "$local_proxy" = true ] && {
if [ -n "$(grep -E '^MARK$' /proc/net/ip_tables_targets)" ]; then if [ -n "$(grep -E '^MARK$' /proc/net/ip_tables_targets)" ]; then
JUMP="MARK --set-mark $fwmark" #跳转劫持的具体命令 JUMP="MARK --set-mark $fwmark" #跳转劫持的具体命令
start_ipt_route iptables mangle OUTPUT shellcrash_mark_out all start_ipt_route iptables mangle OUTPUT shellcrash_mark_out all
iptables -w -t mangle -A PREROUTING -m mark --mark $fwmark -p tcp -j TPROXY --on-port $tproxy_port $iptable -t mangle -A PREROUTING -m mark --mark $fwmark -p tcp -j TPROXY --on-port $tproxy_port
iptables -w -t mangle -A PREROUTING -m mark --mark $fwmark -p udp -j TPROXY --on-port $tproxy_port $iptable -t mangle -A PREROUTING -m mark --mark $fwmark -p udp -j TPROXY --on-port $tproxy_port
else else
logger "当前设备内核可能缺少xt_mark模块支持已放弃启动本机代理相关规则" 31 logger "当前设备内核可能缺少xt_mark模块支持已放弃启动本机代理相关规则" 31
fi fi
@@ -1078,15 +1087,15 @@ start_iptables() { #iptables配置总入口
logger "当前设备内核可能缺少kmod_ipt_tproxy模块支持已放弃启动相关规则" 31 logger "当前设备内核可能缺少kmod_ipt_tproxy模块支持已放弃启动相关规则" 31
fi fi
[ "$ipv6_redir" = "已开启" ] && { [ "$ipv6_redir" = "已开启" ] && {
if ip6tables -w -j TPROXY -h 2>/dev/null | grep -q '\--on-port'; then if $ip6table -j TPROXY -h 2>/dev/null | grep -q '\--on-port'; then
JUMP="TPROXY --on-port $tproxy_port --tproxy-mark $fwmark" #跳转劫持的具体命令 JUMP="TPROXY --on-port $tproxy_port --tproxy-mark $fwmark" #跳转劫持的具体命令
[ "$lan_proxy" = true ] && start_ipt_route ip6tables mangle PREROUTING shellcrashv6_mark all [ "$lan_proxy" = true ] && start_ipt_route ip6tables mangle PREROUTING shellcrashv6_mark all
[ "$local_proxy" = true ] && { [ "$local_proxy" = true ] && {
if [ -n "$(grep -E '^MARK$' /proc/net/ip6_tables_targets)" ]; then if [ -n "$(grep -E '^MARK$' /proc/net/ip6_tables_targets)" ]; then
JUMP="MARK --set-mark $fwmark" #跳转劫持的具体命令 JUMP="MARK --set-mark $fwmark" #跳转劫持的具体命令
start_ipt_route ip6tables mangle OUTPUT shellcrashv6_mark_out all start_ipt_route ip6tables mangle OUTPUT shellcrashv6_mark_out all
ip6tables -w -t mangle -A PREROUTING -m mark --mark $fwmark -p tcp -j TPROXY --on-port $tproxy_port $ip6table -t mangle -A PREROUTING -m mark --mark $fwmark -p tcp -j TPROXY --on-port $tproxy_port
ip6tables -w -t mangle -A PREROUTING -m mark --mark $fwmark -p udp -j TPROXY --on-port $tproxy_port $ip6table -t mangle -A PREROUTING -m mark --mark $fwmark -p udp -j TPROXY --on-port $tproxy_port
else else
logger "当前设备内核可能缺少xt_mark模块支持已放弃启动本机代理相关规则" 31 logger "当前设备内核可能缺少xt_mark模块支持已放弃启动本机代理相关规则" 31
fi fi
@@ -1101,9 +1110,9 @@ start_iptables() { #iptables配置总入口
[ "$redir_mod" = "Tun模式" -o "$redir_mod" = "T&U旁路转发" ] && protocol=all [ "$redir_mod" = "Tun模式" -o "$redir_mod" = "T&U旁路转发" ] && protocol=all
[ "$redir_mod" = "混合模式" ] && protocol=udp [ "$redir_mod" = "混合模式" ] && protocol=udp
[ "$redir_mod" = "TCP旁路转发" ] && protocol=tcp [ "$redir_mod" = "TCP旁路转发" ] && protocol=tcp
if iptables -w -j MARK -h 2>/dev/null | grep -q '\--set-mark'; then if $iptable -j MARK -h 2>/dev/null | grep -q '\--set-mark'; then
[ "$lan_proxy" = true ] && { [ "$lan_proxy" = true ] && {
[ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ] && iptables -w -I FORWARD -o utun -j ACCEPT [ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ] && $iptable -I FORWARD -o utun -j ACCEPT
start_ipt_route iptables mangle PREROUTING shellcrash_mark $protocol start_ipt_route iptables mangle PREROUTING shellcrash_mark $protocol
} }
[ "$local_proxy" = true ] && start_ipt_route iptables mangle OUTPUT shellcrash_mark_out $protocol [ "$local_proxy" = true ] && start_ipt_route iptables mangle OUTPUT shellcrash_mark_out $protocol
@@ -1111,9 +1120,9 @@ start_iptables() { #iptables配置总入口
logger "当前设备内核可能缺少x_mark模块支持已放弃启动相关规则" 31 logger "当前设备内核可能缺少x_mark模块支持已放弃启动相关规则" 31
fi fi
[ "$ipv6_redir" = "已开启" ] && [ "$crashcore" != clashpre ] && { [ "$ipv6_redir" = "已开启" ] && [ "$crashcore" != clashpre ] && {
if ip6tables -w -j MARK -h 2>/dev/null | grep -q '\--set-mark'; then if $ip6table -j MARK -h 2>/dev/null | grep -q '\--set-mark'; then
[ "$lan_proxy" = true ] && { [ "$lan_proxy" = true ] && {
[ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ] && ip6tables -w -I FORWARD -o utun -j ACCEPT [ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ] && $ip6table -I FORWARD -o utun -j ACCEPT
start_ipt_route ip6tables mangle PREROUTING shellcrashv6_mark $protocol start_ipt_route ip6tables mangle PREROUTING shellcrashv6_mark $protocol
} }
[ "$local_proxy" = true ] && start_ipt_route ip6tables mangle OUTPUT shellcrashv6_mark_out $protocol [ "$local_proxy" = true ] && start_ipt_route ip6tables mangle OUTPUT shellcrashv6_mark_out $protocol
@@ -1131,10 +1140,10 @@ start_iptables() { #iptables配置总入口
[ "$dns_no" != "已禁用" -a "$dns_redir" != "已开启" -a "$firewall_area" -le 3 ] && { [ "$dns_no" != "已禁用" -a "$dns_redir" != "已开启" -a "$firewall_area" -le 3 ] && {
[ "$lan_proxy" = true ] && { [ "$lan_proxy" = true ] && {
start_ipt_dns iptables PREROUTING shellcrash_dns #ipv4-局域网dns转发 start_ipt_dns iptables PREROUTING shellcrash_dns #ipv4-局域网dns转发
if ip6tables -w -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports'; then if $ip6table -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports'; then
start_ipt_dns ip6tables PREROUTING shellcrashv6_dns #ipv6-局域网dns转发 start_ipt_dns ip6tables PREROUTING shellcrashv6_dns #ipv6-局域网dns转发
else else
ip6tables -w -I INPUT -p udp --dport 53 -j REJECT $ip6table -I INPUT -p udp --dport 53 -j REJECT
fi fi
} }
[ "$local_proxy" = true ] && start_ipt_dns iptables OUTPUT shellcrash_dns_out #ipv4-本机dns转发 [ "$local_proxy" = true ] && start_ipt_dns iptables OUTPUT shellcrash_dns_out #ipv4-本机dns转发
@@ -1145,8 +1154,8 @@ start_iptables() { #iptables配置总入口
set_cn_ip='-m set ! --match-set cn_ip dst' set_cn_ip='-m set ! --match-set cn_ip dst'
set_cn_ip6='-m set ! --match-set cn_ip6 dst' set_cn_ip6='-m set ! --match-set cn_ip6 dst'
} }
iptables -w -I INPUT -p udp --dport 443 $set_cn_ip -j REJECT >/dev/null 2>&1 $iptable -I INPUT -p udp --dport 443 $set_cn_ip -j REJECT >/dev/null 2>&1
ip6tables -w -I INPUT -p udp --dport 443 $set_cn_ip6 -j REJECT >/dev/null 2>&1 $ip6table -I INPUT -p udp --dport 443 $set_cn_ip6 -j REJECT >/dev/null 2>&1
} }
} }
start_nft_route() { #nftables-route通用工具 start_nft_route() { #nftables-route通用工具
@@ -1396,94 +1405,94 @@ stop_firewall() { #还原防火墙配置
#重置iptables相关规则 #重置iptables相关规则
ckcmd iptables && { ckcmd iptables && {
#dns #dns
iptables -w -t nat -D PREROUTING -p tcp --dport 53 -j shellcrash_dns 2>/dev/null $iptable -t nat -D PREROUTING -p tcp --dport 53 -j shellcrash_dns 2>/dev/null
iptables -w -t nat -D PREROUTING -p udp --dport 53 -j shellcrash_dns 2>/dev/null $iptable -t nat -D PREROUTING -p udp --dport 53 -j shellcrash_dns 2>/dev/null
iptables -w -t nat -D OUTPUT -p udp --dport 53 -j shellcrash_dns_out 2>/dev/null $iptable -t nat -D OUTPUT -p udp --dport 53 -j shellcrash_dns_out 2>/dev/null
iptables -w -t nat -D OUTPUT -p tcp --dport 53 -j shellcrash_dns_out 2>/dev/null $iptable -t nat -D OUTPUT -p tcp --dport 53 -j shellcrash_dns_out 2>/dev/null
#redir #redir
iptables -w -t nat -D PREROUTING -p tcp $ports -j shellcrash 2>/dev/null $iptable -t nat -D PREROUTING -p tcp $ports -j shellcrash 2>/dev/null
iptables -w -t nat -D PREROUTING -p tcp -d 198.18.0.0/16 -j shellcrash 2>/dev/null $iptable -t nat -D PREROUTING -p tcp -d 198.18.0.0/16 -j shellcrash 2>/dev/null
iptables -w -t nat -D OUTPUT -p tcp $ports -j shellcrash_out 2>/dev/null $iptable -t nat -D OUTPUT -p tcp $ports -j shellcrash_out 2>/dev/null
iptables -w -t nat -D OUTPUT -p tcp -d 198.18.0.0/16 -j shellcrash_out 2>/dev/null $iptable -t nat -D OUTPUT -p tcp -d 198.18.0.0/16 -j shellcrash_out 2>/dev/null
#vm_dns #vm_dns
iptables -w -t nat -D PREROUTING -p tcp --dport 53 -j shellcrash_vm_dns 2>/dev/null $iptable -t nat -D PREROUTING -p tcp --dport 53 -j shellcrash_vm_dns 2>/dev/null
iptables -w -t nat -D PREROUTING -p udp --dport 53 -j shellcrash_vm_dns 2>/dev/null $iptable -t nat -D PREROUTING -p udp --dport 53 -j shellcrash_vm_dns 2>/dev/null
#vm_redir #vm_redir
iptables -w -t nat -D PREROUTING -p tcp $ports -j shellcrash_vm 2>/dev/null $iptable -t nat -D PREROUTING -p tcp $ports -j shellcrash_vm 2>/dev/null
iptables -w -t nat -D PREROUTING -p tcp -d 198.18.0.0/16 -j shellcrash_vm 2>/dev/null $iptable -t nat -D PREROUTING -p tcp -d 198.18.0.0/16 -j shellcrash_vm 2>/dev/null
#TPROXY&tun #TPROXY&tun
iptables -w -t mangle -D PREROUTING -p tcp $ports -j shellcrash_mark 2>/dev/null $iptable -t mangle -D PREROUTING -p tcp $ports -j shellcrash_mark 2>/dev/null
iptables -w -t mangle -D PREROUTING -p udp $ports -j shellcrash_mark 2>/dev/null $iptable -t mangle -D PREROUTING -p udp $ports -j shellcrash_mark 2>/dev/null
iptables -w -t mangle -D PREROUTING -p tcp -d 198.18.0.0/16 -j shellcrash_mark 2>/dev/null $iptable -t mangle -D PREROUTING -p tcp -d 198.18.0.0/16 -j shellcrash_mark 2>/dev/null
iptables -w -t mangle -D PREROUTING -p udp -d 198.18.0.0/16 -j shellcrash_mark 2>/dev/null $iptable -t mangle -D PREROUTING -p udp -d 198.18.0.0/16 -j shellcrash_mark 2>/dev/null
iptables -w -t mangle -D OUTPUT -p tcp $ports -j shellcrash_mark_out 2>/dev/null $iptable -t mangle -D OUTPUT -p tcp $ports -j shellcrash_mark_out 2>/dev/null
iptables -w -t mangle -D OUTPUT -p udp $ports -j shellcrash_mark_out 2>/dev/null $iptable -t mangle -D OUTPUT -p udp $ports -j shellcrash_mark_out 2>/dev/null
iptables -w -t mangle -D OUTPUT -p tcp -d 198.18.0.0/16 -j shellcrash_mark_out 2>/dev/null $iptable -t mangle -D OUTPUT -p tcp -d 198.18.0.0/16 -j shellcrash_mark_out 2>/dev/null
iptables -w -t mangle -D OUTPUT -p udp -d 198.18.0.0/16 -j shellcrash_mark_out 2>/dev/null $iptable -t mangle -D OUTPUT -p udp -d 198.18.0.0/16 -j shellcrash_mark_out 2>/dev/null
iptables -w -t mangle -D PREROUTING -m mark --mark $fwmark -p tcp -j TPROXY --on-port $tproxy_port 2>/dev/null $iptable -t mangle -D PREROUTING -m mark --mark $fwmark -p tcp -j TPROXY --on-port $tproxy_port 2>/dev/null
iptables -w -t mangle -D PREROUTING -m mark --mark $fwmark -p udp -j TPROXY --on-port $tproxy_port 2>/dev/null $iptable -t mangle -D PREROUTING -m mark --mark $fwmark -p udp -j TPROXY --on-port $tproxy_port 2>/dev/null
#tun #tun
iptables -w -D FORWARD -o utun -j ACCEPT 2>/dev/null $iptable -D FORWARD -o utun -j ACCEPT 2>/dev/null
#屏蔽QUIC #屏蔽QUIC
[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" ] && set_cn_ip='-m set ! --match-set cn_ip dst' [ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" ] && set_cn_ip='-m set ! --match-set cn_ip dst'
iptables -w -D INPUT -p udp --dport 443 $set_cn_ip -j REJECT 2>/dev/null $iptable -D INPUT -p udp --dport 443 $set_cn_ip -j REJECT 2>/dev/null
#公网访问 #公网访问
for ip in $host_ipv4 $local_ipv4 $reserve_ipv4; do for ip in $host_ipv4 $local_ipv4 $reserve_ipv4; do
iptables -w -D INPUT -p tcp -s $ip --dport $mix_port -j ACCEPT 2>/dev/null $iptable -D INPUT -p tcp -s $ip --dport $mix_port -j ACCEPT 2>/dev/null
iptables -w -D INPUT -p tcp -s $ip --dport $db_port -j ACCEPT 2>/dev/null $iptable -D INPUT -p tcp -s $ip --dport $db_port -j ACCEPT 2>/dev/null
done done
iptables -w -D INPUT -p tcp -d 127.0.0.1 -j ACCEPT 2>/dev/null $iptable -D INPUT -p tcp -d 127.0.0.1 -j ACCEPT 2>/dev/null
iptables -w -D INPUT -p tcp --dport $mix_port -j REJECT 2>/dev/null $iptable -D INPUT -p tcp --dport $mix_port -j REJECT 2>/dev/null
iptables -w -D INPUT -p tcp --dport $mix_port -j ACCEPT 2>/dev/null $iptable -D INPUT -p tcp --dport $mix_port -j ACCEPT 2>/dev/null
iptables -w -D INPUT -p tcp --dport $db_port -j REJECT 2>/dev/null $iptable -D INPUT -p tcp --dport $db_port -j REJECT 2>/dev/null
iptables -w -D INPUT -p tcp --dport $db_port -j ACCEPT 2>/dev/null $iptable -D INPUT -p tcp --dport $db_port -j ACCEPT 2>/dev/null
#清理shellcrash自建表 #清理shellcrash自建表
for table in shellcrash_dns shellcrash shellcrash_out shellcrash_dns_out shellcrash_vm shellcrash_vm_dns; do for table in shellcrash_dns shellcrash shellcrash_out shellcrash_dns_out shellcrash_vm shellcrash_vm_dns; do
iptables -w -t nat -F $table 2>/dev/null $iptable -t nat -F $table 2>/dev/null
iptables -w -t nat -X $table 2>/dev/null $iptable -t nat -X $table 2>/dev/null
done done
for table in shellcrash_mark shellcrash_mark_out; do for table in shellcrash_mark shellcrash_mark_out; do
iptables -w -t mangle -F $table 2>/dev/null $iptable -t mangle -F $table 2>/dev/null
iptables -w -t mangle -X $table 2>/dev/null $iptable -t mangle -X $table 2>/dev/null
done done
} }
#重置ipv6规则 #重置ipv6规则
ckcmd ip6tables && { ckcmd ip6tables && {
#dns #dns
ip6tables -w -t nat -D PREROUTING -p tcp --dport 53 -j shellcrashv6_dns 2>/dev/null $ip6table -t nat -D PREROUTING -p tcp --dport 53 -j shellcrashv6_dns 2>/dev/null
ip6tables -w -t nat -D PREROUTING -p udp --dport 53 -j shellcrashv6_dns 2>/dev/null $ip6table -t nat -D PREROUTING -p udp --dport 53 -j shellcrashv6_dns 2>/dev/null
#redir #redir
ip6tables -w -t nat -D PREROUTING -p tcp $ports -j shellcrashv6 2>/dev/null $ip6table -t nat -D PREROUTING -p tcp $ports -j shellcrashv6 2>/dev/null
ip6tables -w -t nat -D OUTPUT -p tcp $ports -j shellcrashv6_out 2>/dev/null $ip6table -t nat -D OUTPUT -p tcp $ports -j shellcrashv6_out 2>/dev/null
ip6tables -w -D INPUT -p udp --dport 53 -j REJECT 2>/dev/null $ip6table -D INPUT -p udp --dport 53 -j REJECT 2>/dev/null
#mark #mark
ip6tables -w -t mangle -D PREROUTING -p tcp $ports -j shellcrashv6_mark 2>/dev/null $ip6table -t mangle -D PREROUTING -p tcp $ports -j shellcrashv6_mark 2>/dev/null
ip6tables -w -t mangle -D PREROUTING -p udp $ports -j shellcrashv6_mark 2>/dev/null $ip6table -t mangle -D PREROUTING -p udp $ports -j shellcrashv6_mark 2>/dev/null
ip6tables -w -t mangle -D OUTPUT -p tcp $ports -j shellcrashv6_mark_out 2>/dev/null $ip6table -t mangle -D OUTPUT -p tcp $ports -j shellcrashv6_mark_out 2>/dev/null
ip6tables -w -t mangle -D OUTPUT -p udp $ports -j shellcrashv6_mark_out 2>/dev/null $ip6table -t mangle -D OUTPUT -p udp $ports -j shellcrashv6_mark_out 2>/dev/null
ip6tables -w -D INPUT -p udp --dport 443 $set_cn_ip -j REJECT 2>/dev/null $ip6table -D INPUT -p udp --dport 443 $set_cn_ip -j REJECT 2>/dev/null
#tun #tun
ip6tables -w -D FORWARD -o utun -j ACCEPT 2>/dev/null $ip6table -D FORWARD -o utun -j ACCEPT 2>/dev/null
ip6tables -w -D FORWARD -p udp --dport 443 -o utun -j REJECT >/dev/null 2>&1 $ip6table -D FORWARD -p udp --dport 443 -o utun -j REJECT >/dev/null 2>&1
#屏蔽QUIC #屏蔽QUIC
[ "$dns_mod" != "fake-ip" -a "$cn_ipv6_route" = "已开启" ] && set_cn_ip6='-m set ! --match-set cn_ip6 dst' [ "$dns_mod" != "fake-ip" -a "$cn_ipv6_route" = "已开启" ] && set_cn_ip6='-m set ! --match-set cn_ip6 dst'
ip6tables -w -D INPUT -p udp --dport 443 $set_cn_ip6 -j REJECT 2>/dev/null $ip6table -D INPUT -p udp --dport 443 $set_cn_ip6 -j REJECT 2>/dev/null
#公网访问 #公网访问
ip6tables -w -D INPUT -p tcp --dport $mix_port -j REJECT 2>/dev/null $ip6table -D INPUT -p tcp --dport $mix_port -j REJECT 2>/dev/null
ip6tables -w -D INPUT -p tcp --dport $mix_port -j ACCEPT 2>/dev/null $ip6table -D INPUT -p tcp --dport $mix_port -j ACCEPT 2>/dev/null
ip6tables -w -D INPUT -p tcp --dport $db_port -j REJECT 2>/dev/null $ip6table -D INPUT -p tcp --dport $db_port -j REJECT 2>/dev/null
ip6tables -w -D INPUT -p tcp --dport $db_port -j ACCEPT 2>/dev/null $ip6table -D INPUT -p tcp --dport $db_port -j ACCEPT 2>/dev/null
#清理shellcrash自建表 #清理shellcrash自建表
for table in shellcrashv6_dns shellcrashv6 shellcrashv6_out; do for table in shellcrashv6_dns shellcrashv6 shellcrashv6_out; do
ip6tables -w -t nat -F $table 2>/dev/null $ip6table -t nat -F $table 2>/dev/null
ip6tables -w -t nat -X $table 2>/dev/null $ip6table -t nat -X $table 2>/dev/null
done done
for table in shellcrashv6_mark shellcrashv6_mark_out; do for table in shellcrashv6_mark shellcrashv6_mark_out; do
ip6tables -w -t mangle -F $table 2>/dev/null $ip6table -t mangle -F $table 2>/dev/null
ip6tables -w -t mangle -X $table 2>/dev/null $ip6table -t mangle -X $table 2>/dev/null
done done
ip6tables -w -t mangle -F shellcrashv6_mark 2>/dev/null $ip6table -t mangle -F shellcrashv6_mark 2>/dev/null
ip6tables -w -t mangle -X shellcrashv6_mark 2>/dev/null $ip6table -t mangle -X shellcrashv6_mark 2>/dev/null
} }
#清理ipset规则 #清理ipset规则
ipset destroy cn_ip >/dev/null 2>&1 ipset destroy cn_ip >/dev/null 2>&1

36
scripts/webget.sh
View File

@@ -2474,45 +2474,45 @@ testcommand(){
else else
[ "$firewall_area" = 1 -o "$firewall_area" = 3 -o "$firewall_area" = 5 -o "$vm_redir" = "已开启" ] && { [ "$firewall_area" = 1 -o "$firewall_area" = 3 -o "$firewall_area" = 5 -o "$vm_redir" = "已开启" ] && {
echo ----------------Redir+DNS--------------------- echo ----------------Redir+DNS---------------------
iptables -w -t nat -L PREROUTING --line-numbers iptables -t nat -L PREROUTING --line-numbers
iptables -w -t nat -L shellcrash_dns --line-numbers iptables -t nat -L shellcrash_dns --line-numbers
[ -n "$(echo $redir_mod | grep -E 'Redir模式|混合模式')" ] && iptables -w -t nat -L shellcrash --line-numbers [ -n "$(echo $redir_mod | grep -E 'Redir模式|混合模式')" ] && iptables -t nat -L shellcrash --line-numbers
[ -n "$(echo $redir_mod | grep -E 'Tproxy模式|混合模式|Tun模式')" ] && { [ -n "$(echo $redir_mod | grep -E 'Tproxy模式|混合模式|Tun模式')" ] && {
echo ----------------Tun/Tproxy------------------- echo ----------------Tun/Tproxy-------------------
iptables -w -t mangle -L PREROUTING --line-numbers iptables -t mangle -L PREROUTING --line-numbers
iptables -w -t mangle -L shellcrash_mark --line-numbers iptables -t mangle -L shellcrash_mark --line-numbers
} }
} }
[ "$firewall_area" = 2 -o "$firewall_area" = 3 ] && { [ "$firewall_area" = 2 -o "$firewall_area" = 3 ] && {
echo -------------OUTPUT-Redir+DNS---------------- echo -------------OUTPUT-Redir+DNS----------------
iptables -w -t nat -L OUTPUT --line-numbers iptables -t nat -L OUTPUT --line-numbers
iptables -w -t nat -L shellcrash_dns_out --line-numbers iptables -t nat -L shellcrash_dns_out --line-numbers
[ -n "$(echo $redir_mod | grep -E 'Redir模式|混合模式')" ] && iptables -w -t nat -L shellcrash_out --line-numbers [ -n "$(echo $redir_mod | grep -E 'Redir模式|混合模式')" ] && iptables -t nat -L shellcrash_out --line-numbers
[ -n "$(echo $redir_mod | grep -E 'Tproxy模式|混合模式|Tun模式')" ] && { [ -n "$(echo $redir_mod | grep -E 'Tproxy模式|混合模式|Tun模式')" ] && {
echo ------------OUTPUT-Tun/Tproxy--------------- echo ------------OUTPUT-Tun/Tproxy---------------
iptables -w -t mangle -L OUTPUT --line-numbers iptables -t mangle -L OUTPUT --line-numbers
iptables -w -t mangle -L shellcrash_mark_out --line-numbers iptables -t mangle -L shellcrash_mark_out --line-numbers
} }
} }
[ "$ipv6_redir" = "已开启" ] && { [ "$ipv6_redir" = "已开启" ] && {
[ "$firewall_area" = 1 -o "$firewall_area" = 3 ] && { [ "$firewall_area" = 1 -o "$firewall_area" = 3 ] && {
ip6tables -w -t nat -L >/dev/null 2>&1 && { ip6tables -t nat -L >/dev/null 2>&1 && {
echo -------------IPV6-Redir+DNS------------------- echo -------------IPV6-Redir+DNS-------------------
ip6tables -w -t nat -L PREROUTING --line-numbers ip6tables -t nat -L PREROUTING --line-numbers
ip6tables -w -t nat -L shellcrashv6_dns --line-numbers ip6tables -t nat -L shellcrashv6_dns --line-numbers
[ -n "$(echo $redir_mod | grep -E 'Redir模式|混合模式')" ] && ip6tables -w -t nat -L shellcrashv6 --line-numbers [ -n "$(echo $redir_mod | grep -E 'Redir模式|混合模式')" ] && ip6tables -t nat -L shellcrashv6 --line-numbers
} }
[ -n "$(echo $redir_mod | grep -E 'Tproxy模式|混合模式|Tun模式')" ] && { [ -n "$(echo $redir_mod | grep -E 'Tproxy模式|混合模式|Tun模式')" ] && {
echo -------------IPV6-Tun/Tproxy------------------ echo -------------IPV6-Tun/Tproxy------------------
ip6tables -w -t mangle -L PREROUTING --line-numbers ip6tables -t mangle -L PREROUTING --line-numbers
ip6tables -w -t mangle -L shellcrashv6_mark --line-numbers ip6tables -t mangle -L shellcrashv6_mark --line-numbers
} }
} }
} }
[ "$vm_redir" = "已开启" ] && { [ "$vm_redir" = "已开启" ] && {
echo -------------vm-Redir------------------- echo -------------vm-Redir-------------------
iptables -w -t nat -L shellcrash_vm --line-numbers iptables -t nat -L shellcrash_vm --line-numbers
iptables -w -t nat -L shellcrash_vm_dns --line-numbers iptables -t nat -L shellcrash_vm_dns --line-numbers
} }
fi fi
exit; exit;