xm/ShellCrash
1
0
Fork 0
mirror of https://github.com/juewuy/ShellCrash.git synced 2026-03-11 07:51:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
63381105307389461b08bf1fd8c8d2ab52ff3429
ShellCrash/scripts/menus/dns.sh
juewuy 18a829c101 ~继续拆分脚本 
~重写公网防火墙功能
2025-12-22 19:30:29 +08:00

258 lines
10 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/bin/sh
# Copyright (C) Juewuy
set_dns_mod() { #DNS模式设置
echo "-----------------------------------------------"
echo -e "当前DNS运行模式为\033[47;30m $dns_mod \033[0m"
echo -e "\033[33m切换模式后需要手动重启服务以生效\033[0m"
echo "-----------------------------------------------"
echo -e " 1 fake-ip模式 响应快,\033[33m兼容性较差\033[0m"
echo -e " 不支持CN-IP绕过功能"
echo -e " 2 redir_host模式\033[33m不安全易被污染\033[0m"
echo -e " 建议搭配第三方DNS服务使用"
if echo "$crashcore" | grep -q 'singbox' || [ "$crashcore" = meta ]; then
echo -e " 3 mix混合模式 \033[32m防污染防泄露响应快推荐\033[0m"
echo -e " cn域名realip其他fakeip分流"
echo -e " 4 route模式 \033[32m防污染防泄露全真实IP\033[0m"
echo -e " cn域名realip其他dns2proxy分流"
fi
[ "$dns_mod" = "fake-ip" ] || [ "$dns_mod" = "mix" ] &&
echo -e " 8 管理Fake-ip过滤列表"
echo -e " 9 \033[36mDNS进阶设置\033[0m"
echo " 0 返回上级菜单"
read -p "请输入对应数字 > " num
case "$num" in
0) ;;
1)
dns_mod=fake-ip
setconfig dns_mod $dns_mod
echo "-----------------------------------------------"
echo -e "\033[36m已设为 $dns_mod 模式!!\033[0m"
set_dns_mod
;;
2)
dns_mod=redir_host
setconfig dns_mod $dns_mod
echo "-----------------------------------------------"
echo -e "\033[36m已设为 $dns_mod 模式!!\033[0m"
set_dns_mod
;;
3)
if echo "$crashcore" | grep -q 'singbox' || [ "$crashcore" = meta ]; then
dns_mod=mix
setconfig dns_mod $dns_mod
echo "-----------------------------------------------"
echo -e "\033[36m已设为 $dns_mod 模式!!\033[0m"
else
echo -e "\033[31m当前内核不支持的功能\033[0m"
sleep 1
fi
set_dns_mod
;;
4)
if echo "$crashcore" | grep -q 'singbox' || [ "$crashcore" = meta ]; then
dns_mod=route
setconfig dns_mod $dns_mod
echo "-----------------------------------------------"
echo -e "\033[36m已设为 $dns_mod 模式!!\033[0m"
else
echo -e "\033[31m当前内核不支持的功能\033[0m"
sleep 1
fi
set_dns_mod
;;
8)
echo "-----------------------------------------------"
fake_ip_filter
set_dns_mod
;;
9)
set_dns_adv
set_dns_mod
;;
*)
errornum
;;
esac
}
fake_ip_filter() {
echo -e "\033[32m用于解决Fake-ip模式下部分地址或应用无法连接的问题\033[0m"
echo -e "\033[31m脚本已经内置了大量地址你只需要添加出现问题的地址\033[0m"
echo -e "\033[36m示例a.b.com"
echo -e "示例:*.b.com"
echo -e "示例:*.*.b.com\033[0m"
echo "-----------------------------------------------"
if [ -s ${CRASHDIR}/configs/fake_ip_filter ]; then
echo -e "\033[33m已添加Fake-ip过滤地址\033[0m"
cat ${CRASHDIR}/configs/fake_ip_filter | awk '{print NR" "$1}'
else
echo -e "\033[33m你还未添加Fake-ip过滤地址\033[0m"
fi
echo "-----------------------------------------------"
echo -e "\033[32m输入数字直接移除对应地址输入地址直接添加\033[0m"
read -p "请输入数字或地址 > " input
case "$input" in
0) ;;
'') ;;
*)
if [ $input -ge 1 ] 2>/dev/null; then
sed -i "${input}d" ${CRASHDIR}/configs/fake_ip_filter 2>/dev/null
echo -e "\033[32m移除成功\033[0m"
else
echo -e "你输入的地址是:\033[32m$input\033[0m"
read -p "确认添加?(1/0) > " res
[ "$res" = 1 ] && echo $input >>${CRASHDIR}/configs/fake_ip_filter
fi
sleep 1
fake_ip_filter
;;
esac
}
set_dns_adv() { #DNS详细设置
[ -z "$dns_nameserver" ] && dns_nameserver='223.5.5.5, 1.2.4.8'
[ -z "$dns_fallback" ] && dns_fallback="1.1.1.1, 8.8.8.8"
[ -z "$dns_resolver" ] && dns_resolver="223.5.5.5, 2400:3200::1"
[ -z "$hosts_opt" ] && hosts_opt=已启用
[ -z "$dns_protect" ] && dns_protect=ON
[ -z "$dns_redir" ] && dns_redir=未开启
[ -z "$dns_no" ] && dns_no=未禁用
echo "-----------------------------------------------"
echo -e "当前基础DNS\033[32m$dns_nameserver\033[0m"
echo -e "PROXY-DNS\033[36m$dns_fallback\033[0m"
echo -e "解析DNS\033[33m$dns_resolver\033[0m"
echo -e "多个DNS地址请用\033[30;47m“|”\033[0m或者\033[30;47m“, ”\033[0m分隔输入"
echo -e "\033[33m必须拥有本地根证书文件才能使用dot/doh类型的加密dns\033[0m"
echo -e "\033[31m注意singbox内核只有首个dns会被加载\033[0m"
echo "-----------------------------------------------"
echo -e " 1 修改\033[32m基础DNS\033[0m"
echo -e " 2 修改\033[36mPROXY-DNS\033[0m(该DNS查询会经过节点)"
echo -e " 3 修改\033[33m解析DNS\033[0m(必须是IP,用于解析其他DNS)"
echo -e " 4 DNS防泄漏 \033[36m$dns_protect\033[0m ———启用时少量网站可能连接卡顿"
echo -e " 5 hosts优化 \033[36m$hosts_opt\033[0m ———调用本机hosts并劫持NTP服务"
echo -e " 7 禁用DNS劫持\033[36m$dns_no\033[0m ———搭配第三方DNS使用"
echo -e " 8 一键配置\033[32m加密DNS\033[0m"
echo -e " 9 \033[33m重置\033[0m默认DNS配置"
echo -e " 0 返回上级菜单"
echo "-----------------------------------------------"
read -p "请输入对应数字 > " num
case "$num" in
0) ;;
1)
read -p "请输入新的DNS > " dns_nameserver
dns_nameserver=$(echo $dns_nameserver | sed 's#|#\,\ #g')
if [ -n "$dns_nameserver" ]; then
setconfig dns_nameserver "'$dns_nameserver'"
echo -e "\033[32m设置成功\033[0m"
fi
sleep 1
set_dns_adv
;;
2)
read -p "请输入新的DNS > " dns_fallback
dns_fallback=$(echo $dns_fallback | sed 's/|/\,\ /g')
if [ -n "$dns_fallback" ]; then
setconfig dns_fallback "'$dns_fallback'"
echo -e "\033[32m设置成功\033[0m"
fi
sleep 1
set_dns_adv
;;
3)
read -p "请输入新的DNS > " text
if echo "$text" | grep -qE '://.*::'; then
echo -e "\033[31m此选项暂不支持ipv6加密DNS\033[0m"
elif [ -n "$text" ]; then
dns_resolver=$(echo $text | sed 's/|/\,\ /g')
setconfig dns_resolver "'$dns_resolver'"
echo -e "\033[32m设置成功\033[0m"
fi
sleep 1
set_dns_adv
;;
4)
[ "$dns_protect" = "ON" ] && dns_protect=OFF || dns_protect=ON
setconfig dns_protect $dns_protect
set_dns_adv
;;
5)
echo "-----------------------------------------------"
if [ "$hosts_opt" = "已启用" ]; then
hosts_opt=未启用
echo -e "\033[32m已禁用hosts优化功能\033[0m"
else
hosts_opt=已启用
echo -e "\033[33m已启用hosts优化功能\033[0m"
fi
setconfig hosts_opt $hosts_opt
sleep 1
set_dns_adv
;;
6)
echo "-----------------------------------------------"
if [ "$dns_redir" = "未开启" ]; then
echo -e "\033[31m将使用OpenWrt中Dnsmasq插件自带的DNS转发功能转发DNS请求至内核\033[0m"
echo -e "\033[33m启用后将禁用本插件自带的iptables转发功能\033[0m"
dns_redir=已开启
echo -e "\033[32m已启用Dnsmasq转发DNS功能\033[0m"
else
uci del dhcp.@dnsmasq[-1].server
uci set dhcp.@dnsmasq[0].noresolv=0
uci commit dhcp
/etc/init.d/dnsmasq restart
echo -e "\033[33m禁用成功如有报错请重启设备\033[0m"
dns_redir=未开启
fi
setconfig dns_redir $dns_redir
sleep 1
set_dns_adv
;;
7)
echo "-----------------------------------------------"
if [ "$dns_no" = "未禁用" ]; then
echo -e "\033[31m仅限搭配其他DNS服务(比如dnsmasq、smartDNS)时使用!\033[0m"
dns_no=已禁用
echo -e "\033[32m已禁用DNS劫持\033[0m"
else
dns_no=未禁用
echo -e "\033[33m已启用DNS劫持\033[0m"
fi
setconfig dns_no $dns_no
sleep 1
set_dns_adv
;;
8)
echo "-----------------------------------------------"
openssldir="$(openssl version -d 2>&1 | awk -F '"' '{print $2}')"
if [ -s "$openssldir/certs/ca-certificates.crt" ] || [ -s "/etc/ssl/certs/ca-certificates.crt" ] ||
echo "$crashcore" | grep -qE 'meta|singbox'; then
dns_nameserver='https://dns.alidns.com/dns-query, https://doh.pub/dns-query'
dns_fallback='https://cloudflare-dns.com/dns-query, https://dns.google/dns-query, https://doh.opendns.com/dns-query'
dns_resolver='https://223.5.5.5/dns-query, 2400:3200::1'
setconfig dns_nameserver "'$dns_nameserver'"
setconfig dns_fallback "'$dns_fallback'"
setconfig dns_resolver "'$dns_resolver'"
echo -e "\033[32m已设置加密DNS如出现DNS解析问题请尝试重置DNS配置\033[0m"
else
echo -e "\033[31m找不到根证书文件无法启用加密DNSLinux系统请自行搜索安装OpenSSL的方式\033[0m"
fi
sleep 1
set_dns_adv
;;
9)
dns_nameserver=
dns_fallback=
dns_resolver=
setconfig dns_nameserver
setconfig dns_fallback
setconfig dns_resolver
echo -e "\033[33mDNS配置已重置\033[0m"
sleep 1
set_dns_adv
;;
*)
errornum
sleep 1
;;
esac
}
Reference in New Issue View Git Blame Copy Permalink