mirror of
https://github.com/juewuy/ShellCrash.git
synced 2024-11-16 03:32:34 +08:00
~增加基于IP和IP地址段的局域网过滤功能
This commit is contained in:
juewuy
parent
58e644f9f4
commit
0247645770
130
scripts/menu.sh
130
scripts/menu.sh
|
|
@ -824,10 +824,15 @@ checkport(){ #自动检查端口冲突
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
macfilter(){ #局域网设备过滤
|
macfilter(){ #局域网设备过滤
|
||||||
|
get_devinfo(){
|
||||||
|
dev_ip=$(cat $dhcpdir | grep $dev | awk '{print $3}') && [ -z "$dev_ip" ] && dev_ip=$dev
|
||||||
|
dev_mac=$(cat $dhcpdir | grep $dev | awk '{print $2}') && [ -z "$dev_mac" ] && dev_mac=$dev
|
||||||
|
dev_name=$(cat $dhcpdir | grep $dev | awk '{print $4}') && [ -z "$dev_name" ] && dev_name='未知设备'
|
||||||
|
}
|
||||||
add_mac(){
|
add_mac(){
|
||||||
echo -----------------------------------------------
|
echo -----------------------------------------------
|
||||||
echo 已添加的mac地址:
|
echo 已添加的mac地址:
|
||||||
cat ${CRASHDIR}/configs/mac
|
cat ${CRASHDIR}/configs/mac 2>/dev/null
|
||||||
echo -----------------------------------------------
|
echo -----------------------------------------------
|
||||||
echo -e "\033[33m序号 设备IP 设备mac地址 设备名称\033[32m"
|
echo -e "\033[33m序号 设备IP 设备mac地址 设备名称\033[32m"
|
||||||
cat $dhcpdir | awk '{print " "NR" "$3,$2,$4}'
|
cat $dhcpdir | awk '{print " "NR" "$3,$2,$4}'
|
||||||
|
|
@ -861,34 +866,80 @@ macfilter(){ #局域网设备过滤
|
||||||
add_mac
|
add_mac
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
del_mac(){
|
add_ip(){
|
||||||
echo -----------------------------------------------
|
echo -----------------------------------------------
|
||||||
if [ -z "$(cat ${CRASHDIR}/configs/mac)" ];then
|
echo "已添加的IP地址(段):"
|
||||||
echo -e "\033[31m列表中没有需要移除的设备!\033[0m"
|
cat ${CRASHDIR}/configs/ip_filter 2>/dev/null
|
||||||
|
echo -----------------------------------------------
|
||||||
|
echo -e "\033[33m序号 设备IP 设备名称\033[32m"
|
||||||
|
cat $dhcpdir | awk '{print " "NR" "$3,$4}'
|
||||||
|
echo -e "\033[0m-----------------------------------------------"
|
||||||
|
echo -e "手动输入时仅支持\033[32m 192.168.1.0/24\033[0m 或 \033[32m192.168.1.0\033[0m 的形式"
|
||||||
|
echo -e "不支持ipv6地址过滤,如有需求请使用mac地址过滤"
|
||||||
|
echo -e " 0 或回车 结束添加"
|
||||||
|
echo -----------------------------------------------
|
||||||
|
read -p "请输入对应序号或直接输入IP地址段 > " num
|
||||||
|
if [ -z "$num" -o "$num" = 0 ]; then
|
||||||
|
i=
|
||||||
|
elif [ -n "$(echo $num | grep -aE '^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(/(3[0-2]|[12]?[0-9]))?$')" ];then
|
||||||
|
if [ -z "$(cat ${CRASHDIR}/configs/ip_filter | grep -E "$num")" ];then
|
||||||
|
echo $num | grep -oE '^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(/(3[0-2]|[12]?[0-9]))?$' >> ${CRASHDIR}/configs/ip_filter
|
||||||
|
else
|
||||||
|
echo -----------------------------------------------
|
||||||
|
echo -e "\033[31m已添加的地址,请勿重复添加!\033[0m"
|
||||||
|
fi
|
||||||
|
add_ip
|
||||||
|
elif [ $num -le $(cat $dhcpdir 2>/dev/null | awk 'END{print NR}') ]; then
|
||||||
|
ipadd=$(cat $dhcpdir | awk '{print $3}' | sed -n "$num"p)
|
||||||
|
if [ -z "$(cat ${CRASHDIR}/configs/mac | grep -E "$ipadd")" ];then
|
||||||
|
echo $ipadd >> ${CRASHDIR}/configs/ip_filter
|
||||||
|
else
|
||||||
|
echo -----------------------------------------------
|
||||||
|
echo -e "\033[31m已添加的地址,请勿重复添加!\033[0m"
|
||||||
|
fi
|
||||||
|
add_ip
|
||||||
else
|
else
|
||||||
echo -e "\033[33m序号 设备IP 设备mac地址 设备名称\033[0m"
|
echo -----------------------------------------------
|
||||||
|
echo -e "\033[31m输入有误,请重新输入!\033[0m"
|
||||||
|
add_ip
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
del_all(){
|
||||||
|
echo -----------------------------------------------
|
||||||
|
if [ -z "$(cat ${CRASHDIR}/configs/mac ${CRASHDIR}/configs/ip_filter 2>/dev/null)" ];then
|
||||||
|
echo -e "\033[31m列表中没有需要移除的设备!\033[0m"
|
||||||
|
sleep 1
|
||||||
|
else
|
||||||
|
echo -e "请选择需要移除的设备:\033[36m"
|
||||||
|
echo -e "\033[33m 设备IP 设备mac地址 设备名称\033[0m"
|
||||||
i=1
|
i=1
|
||||||
for mac in $(cat ${CRASHDIR}/configs/mac); do
|
for dev in $(cat ${CRASHDIR}/configs/mac ${CRASHDIR}/configs/ip_filter 2>/dev/null); do
|
||||||
dev_ip=$(cat $dhcpdir | grep $mac | awk '{print $3}') && [ -z "$dev_ip" ] && dev_ip='000.000.00.00'
|
get_devinfo
|
||||||
dev_mac=$(cat $dhcpdir | grep $mac | awk '{print $2}') && [ -z "$dev_mac" ] && dev_mac=$mac
|
|
||||||
dev_name=$(cat $dhcpdir | grep $mac | awk '{print $4}') && [ -z "$dev_name" ] && dev_name='未知设备'
|
|
||||||
echo -e " $i \033[32m$dev_ip \033[36m$dev_mac \033[32m$dev_name\033[0m"
|
echo -e " $i \033[32m$dev_ip \033[36m$dev_mac \033[32m$dev_name\033[0m"
|
||||||
i=$((i+1))
|
i=$((i + 1))
|
||||||
done
|
done
|
||||||
echo -----------------------------------------------
|
echo -----------------------------------------------
|
||||||
echo -e "\033[0m 0 或回车 结束删除"
|
echo -e "\033[0m 0 或回车 结束删除"
|
||||||
read -p "请输入需要移除的设备的对应序号 > " num
|
read -p "请输入需要移除的设备的对应序号 > " num
|
||||||
|
mac_filter_rows=$(cat ${CRASHDIR}/configs/mac 2>/dev/null | wc -l)
|
||||||
|
ip_filter_rows=$(cat ${CRASHDIR}/configs/ip_filter 2>/dev/null | wc -l)
|
||||||
if [ -z "$num" ]||[ "$num" -le 0 ]; then
|
if [ -z "$num" ]||[ "$num" -le 0 ]; then
|
||||||
n=
|
n=
|
||||||
elif [ $num -le $(cat ${CRASHDIR}/configs/mac | wc -l) ];then
|
elif [ $num -le $mac_filter_rows ];then
|
||||||
sed -i "${num}d" ${CRASHDIR}/configs/mac
|
sed -i "${num}d" ${CRASHDIR}/configs/mac
|
||||||
echo -----------------------------------------------
|
echo -----------------------------------------------
|
||||||
echo -e "\033[32m对应设备已移除!\033[0m"
|
echo -e "\033[32m对应设备已移除!\033[0m"
|
||||||
del_mac
|
del_all
|
||||||
|
elif [ $num -le $((mac_filter_rows + ip_filter_rows)) ];then
|
||||||
|
num=$((num - mac_filter_rows))
|
||||||
|
sed -i "${num}d" ${CRASHDIR}/configs/ip_filter
|
||||||
|
echo -----------------------------------------------
|
||||||
|
echo -e "\033[32m对应设备已移除!\033[0m"
|
||||||
|
del_all
|
||||||
else
|
else
|
||||||
echo -----------------------------------------------
|
echo -----------------------------------------------
|
||||||
echo -e "\033[31m输入有误,请重新输入!\033[0m"
|
echo -e "\033[31m输入有误,请重新输入!\033[0m"
|
||||||
del_mac
|
del_all
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
@ -913,46 +964,57 @@ macfilter(){ #局域网设备过滤
|
||||||
if [ -n "$(cat ${CRASHDIR}/configs/mac)" ]; then
|
if [ -n "$(cat ${CRASHDIR}/configs/mac)" ]; then
|
||||||
echo -----------------------------------------------
|
echo -----------------------------------------------
|
||||||
echo -e "当前已过滤设备为:\033[36m"
|
echo -e "当前已过滤设备为:\033[36m"
|
||||||
echo -e "\033[33m 设备IP 设备mac地址 设备名称\033[0m"
|
echo -e "\033[33m 设备mac/ip地址 设备名称\033[0m"
|
||||||
for mac in $(cat ${CRASHDIR}/configs/mac); do
|
for dev in $(cat ${CRASHDIR}/configs/mac 2>/dev/null); do
|
||||||
dev_ip=$(cat $dhcpdir | grep $mac | awk '{print $3}') && [ -z "$dev_ip" ] && dev_ip='000.000.00.00'
|
get_devinfo
|
||||||
dev_mac=$(cat $dhcpdir | grep $mac | awk '{print $2}') && [ -z "$dev_mac" ] && dev_mac=$mac
|
echo -e "\033[36m$dev_mac \033[0m$dev_name"
|
||||||
dev_name=$(cat $dhcpdir | grep $mac | awk '{print $4}') && [ -z "$dev_name" ] && dev_name='未知设备'
|
done
|
||||||
echo -e "\033[32m$dev_ip \033[36m$dev_mac \033[32m$dev_name\033[0m"
|
for dev in $(cat ${CRASHDIR}/configs/ip_filter 2>/dev/null); do
|
||||||
|
get_devinfo
|
||||||
|
echo -e "\033[32m$dev_ip \033[0m$dev_name"
|
||||||
done
|
done
|
||||||
echo -----------------------------------------------
|
echo -----------------------------------------------
|
||||||
fi
|
fi
|
||||||
echo -e " 1 切换为\033[33m$macfilter_over模式\033[0m"
|
echo -e " 1 切换为\033[33m$macfilter_over模式\033[0m"
|
||||||
echo -e " 2 \033[32m添加指定设备\033[0m"
|
echo -e " 2 \033[32m添加指定设备(mac地址)\033[0m"
|
||||||
echo -e " 3 \033[36m移除指定设备\033[0m"
|
echo -e " 3 \033[32m添加指定设备(IP地址/网段)\033[0m"
|
||||||
echo -e " 4 \033[31m清空整个列表\033[0m"
|
echo -e " 4 \033[36m移除指定设备\033[0m"
|
||||||
|
echo -e " 9 \033[31m清空整个列表\033[0m"
|
||||||
echo -e " 0 返回上级菜单"
|
echo -e " 0 返回上级菜单"
|
||||||
read -p "请输入对应数字 > " num
|
read -p "请输入对应数字 > " num
|
||||||
if [ -z "$num" ]; then
|
case "$num" in
|
||||||
errornum
|
0)
|
||||||
elif [ "$num" = 0 ]; then
|
;;
|
||||||
i=
|
1)
|
||||||
elif [ "$num" = 1 ]; then
|
|
||||||
macfilter_type=$macfilter_over
|
macfilter_type=$macfilter_over
|
||||||
setconfig macfilter_type $macfilter_type
|
setconfig macfilter_type $macfilter_type
|
||||||
echo -----------------------------------------------
|
echo -----------------------------------------------
|
||||||
echo -e "\033[32m已切换为$macfilter_type模式!\033[0m"
|
echo -e "\033[32m已切换为$macfilter_type模式!\033[0m"
|
||||||
macfilter
|
macfilter
|
||||||
elif [ "$num" = 2 ]; then
|
;;
|
||||||
|
2)
|
||||||
add_mac
|
add_mac
|
||||||
macfilter
|
macfilter
|
||||||
elif [ "$num" = 3 ]; then
|
;;
|
||||||
del_mac
|
3)
|
||||||
|
add_ip
|
||||||
macfilter
|
macfilter
|
||||||
elif [ "$num" = 4 ]; then
|
;;
|
||||||
|
4)
|
||||||
|
del_all
|
||||||
|
macfilter
|
||||||
|
;;
|
||||||
|
9)
|
||||||
:>${CRASHDIR}/configs/mac
|
:>${CRASHDIR}/configs/mac
|
||||||
|
:>${CRASHDIR}/configs/ip_filter
|
||||||
echo -----------------------------------------------
|
echo -----------------------------------------------
|
||||||
echo -e "\033[31m设备列表已清空!\033[0m"
|
echo -e "\033[31m设备列表已清空!\033[0m"
|
||||||
macfilter
|
macfilter
|
||||||
else
|
;;
|
||||||
|
*)
|
||||||
errornum
|
errornum
|
||||||
macfilter
|
;;
|
||||||
fi
|
esac
|
||||||
}
|
}
|
||||||
setboot(){ #启动相关设置
|
setboot(){ #启动相关设置
|
||||||
[ -z "$start_old" ] && start_old=未开启
|
[ -z "$start_old" ] && start_old=未开启
|
||||||
|
|
|
||||||
|
|
@ -919,17 +919,27 @@ start_ipt_route() { #iptables-route通用工具
|
||||||
[ "$1" = iptables ] && [ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" = "已开启" ] && [ -f "$BINDIR"/cn_ip.txt ] && $1 -w -t $2 -A $4 -m set --match-set cn_ip dst -j RETURN 2>/dev/null
|
[ "$1" = iptables ] && [ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" = "已开启" ] && [ -f "$BINDIR"/cn_ip.txt ] && $1 -w -t $2 -A $4 -m set --match-set cn_ip dst -j RETURN 2>/dev/null
|
||||||
[ "$1" = ip6tables ] && [ "$dns_mod" != "fake-ip" ] && [ "$cn_ipv6_route" = "已开启" ] && [ -f "$BINDIR"/cn_ipv6.txt ] && $1 -w -t $2 -A $4 -m set --match-set cn_ip6 dst -j RETURN 2>/dev/null
|
[ "$1" = ip6tables ] && [ "$dns_mod" != "fake-ip" ] && [ "$cn_ipv6_route" = "已开启" ] && [ -f "$BINDIR"/cn_ipv6.txt ] && $1 -w -t $2 -A $4 -m set --match-set cn_ip6 dst -j RETURN 2>/dev/null
|
||||||
#局域网mac地址黑名单过滤
|
#局域网mac地址黑名单过滤
|
||||||
[ "$3" = 'PREROUTING' ] && [ -s "$CRASHDIR"/configs/mac ] && [ "$macfilter_type" != "白名单" ] && {
|
[ "$3" = 'PREROUTING' ] && [ "$macfilter_type" != "白名单" ] && {
|
||||||
|
[ -s "$CRASHDIR"/configs/mac ] && \
|
||||||
for mac in $(cat "$CRASHDIR"/configs/mac); do
|
for mac in $(cat "$CRASHDIR"/configs/mac); do
|
||||||
$1 -w -t $2 -A $4 -m mac --mac-source $mac -j RETURN
|
$1 -w -t $2 -A $4 -m mac --mac-source $mac -j RETURN
|
||||||
done
|
done
|
||||||
|
[ -s "$CRASHDIR"/configs/ip_filter ] && [ "$1" = 'iptables' ] && \
|
||||||
|
for ip in $(cat "$CRASHDIR"/configs/ip_filter); do
|
||||||
|
$1 -w -t $2 -A $4 -s $ip -j RETURN
|
||||||
|
done
|
||||||
}
|
}
|
||||||
#tcp&udp分别进代理链
|
#tcp&udp分别进代理链
|
||||||
proxy_set() {
|
proxy_set() {
|
||||||
if [ "$3" = 'PREROUTING' ] && [ "$4" != 'shellcrash_vm' ] && [ "$macfilter_type" = "白名单" ] && [ -s "$CRASHDIR"/configs/mac ];then
|
if [ "$3" = 'PREROUTING' ] && [ "$4" != 'shellcrash_vm' ] && [ "$macfilter_type" = "白名单" ] && [ -n "$(cat $CRASHDIR/configs/mac $CRASHDIR/configs/ip_filter 2>/dev/null)" ];then
|
||||||
|
[ -s "$CRASHDIR"/configs/mac ] && \
|
||||||
for mac in $(cat "$CRASHDIR"/configs/mac); do
|
for mac in $(cat "$CRASHDIR"/configs/mac); do
|
||||||
$1 -w -t $2 -A $4 -p $5 -m mac --mac-source $mac -j $JUMP
|
$1 -w -t $2 -A $4 -p $5 -m mac --mac-source $mac -j $JUMP
|
||||||
done
|
done
|
||||||
|
[ -s "$CRASHDIR"/configs/ip_filter ] && [ "$1" = 'iptables' ] && \
|
||||||
|
for ip in $(cat "$CRASHDIR"/configs/ip_filter); do
|
||||||
|
$1 -w -t $2 -A $4 -p $5 -s $ip -j $JUMP
|
||||||
|
done
|
||||||
else
|
else
|
||||||
for ip in $HOST_IP; do #仅限指定网段流量
|
for ip in $HOST_IP; do #仅限指定网段流量
|
||||||
$1 -w -t $2 -A $4 -p $5 -s $ip -j $JUMP
|
$1 -w -t $2 -A $4 -p $5 -s $ip -j $JUMP
|
||||||
|
|
@ -962,16 +972,27 @@ start_ipt_dns() { #iptables-dns通用工具
|
||||||
$1 -w -t nat -A $3 -p udp -s $bypass_host -j RETURN
|
$1 -w -t nat -A $3 -p udp -s $bypass_host -j RETURN
|
||||||
}
|
}
|
||||||
#局域网mac地址黑名单过滤
|
#局域网mac地址黑名单过滤
|
||||||
[ "$2" = 'PREROUTING' ] && [ -s "$CRASHDIR"/configs/mac ] && [ "$macfilter_type" != "白名单" ] && {
|
[ "$2" = 'PREROUTING' ] && [ "$macfilter_type" != "白名单" ] && {
|
||||||
|
[ -s "$CRASHDIR"/configs/mac ] && \
|
||||||
for mac in $(cat "$CRASHDIR"/configs/mac); do
|
for mac in $(cat "$CRASHDIR"/configs/mac); do
|
||||||
$1 -w -t nat -A $3 -m mac --mac-source $mac -j RETURN
|
$1 -w -t nat -A $3 -m mac --mac-source $mac -j RETURN
|
||||||
done
|
done
|
||||||
|
[ -s "$CRASHDIR"/configs/ip_filter ] && [ "$1" = 'iptables' ] && \
|
||||||
|
for ip in $(cat "$CRASHDIR"/configs/ip_filter); do
|
||||||
|
$1 -w -t nat -A $3 -s $ip -j RETURN
|
||||||
|
done
|
||||||
}
|
}
|
||||||
if [ "$2" = 'PREROUTING' ] && [ "$3" != 'shellcrash_vm_dns' ] && [ -s "$CRASHDIR"/configs/mac ] && [ "$macfilter_type" = "白名单" ]; then
|
if [ "$2" = 'PREROUTING' ] && [ "$3" != 'shellcrash_vm_dns' ] && [ "$macfilter_type" = "白名单" ] && [ -n "$(cat $CRASHDIR/configs/mac $CRASHDIR/configs/ip_filter 2>/dev/null)" ];then
|
||||||
|
[ -s "$CRASHDIR"/configs/mac ] && \
|
||||||
for mac in $(cat "$CRASHDIR"/configs/mac); do
|
for mac in $(cat "$CRASHDIR"/configs/mac); do
|
||||||
$1 -w -t nat -A $3 -p tcp -m mac --mac-source $mac -j REDIRECT --to-ports $dns_port
|
$1 -w -t nat -A $3 -p tcp -m mac --mac-source $mac -j REDIRECT --to-ports $dns_port
|
||||||
$1 -w -t nat -A $3 -p udp -m mac --mac-source $mac -j REDIRECT --to-ports $dns_port
|
$1 -w -t nat -A $3 -p udp -m mac --mac-source $mac -j REDIRECT --to-ports $dns_port
|
||||||
done
|
done
|
||||||
|
[ -s "$CRASHDIR"/configs/ip_filter ] && [ "$1" = 'iptables' ] && \
|
||||||
|
for ip in $(cat "$CRASHDIR"/configs/ip_filter); do
|
||||||
|
$1 -w -t nat -A $3 -p tcp -s $ip -j REDIRECT --to-ports $dns_port
|
||||||
|
$1 -w -t nat -A $3 -p udp -s $ip -j REDIRECT --to-ports $dns_port
|
||||||
|
done
|
||||||
else
|
else
|
||||||
for ip in $HOST_IP; do #仅限指定网段流量
|
for ip in $HOST_IP; do #仅限指定网段流量
|
||||||
$1 -w -t nat -A $3 -p tcp -s $ip -j REDIRECT --to-ports $dns_port
|
$1 -w -t nat -A $3 -p tcp -s $ip -j REDIRECT --to-ports $dns_port
|
||||||
|
|
@ -1145,17 +1166,30 @@ start_nft_route() { #nftables-route通用工具
|
||||||
nft add rule inet shellcrash $1 meta skgid 7890 return
|
nft add rule inet shellcrash $1 meta skgid 7890 return
|
||||||
#nft add rule inet shellcrash $1 ip saddr 198.18.0.0/16 return
|
#nft add rule inet shellcrash $1 ip saddr 198.18.0.0/16 return
|
||||||
[ "$firewall_area" = 5 ] && nft add rule inet shellcrash $1 ip saddr $bypass_host return
|
[ "$firewall_area" = 5 ] && nft add rule inet shellcrash $1 ip saddr $bypass_host return
|
||||||
#过滤局域网设备
|
|
||||||
[ "$1" = 'prerouting' ] && [ -s "$CRASHDIR"/configs/mac ] && {
|
|
||||||
MAC=$(awk '{printf "%s, ",$1}' "$CRASHDIR"/configs/mac)
|
|
||||||
if [ "$macfilter_type" = "黑名单" ]; then
|
|
||||||
nft add rule inet shellcrash $1 ether saddr {$MAC} return
|
|
||||||
else
|
|
||||||
nft add rule inet shellcrash $1 ether saddr != {$MAC} return
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
nft add rule inet shellcrash $1 ip daddr {$RESERVED_IP} return #过滤保留地址
|
nft add rule inet shellcrash $1 ip daddr {$RESERVED_IP} return #过滤保留地址
|
||||||
nft add rule inet shellcrash $1 ip saddr != {$HOST_IP} return #仅代理本机局域网网段流量
|
#过滤局域网设备
|
||||||
|
if [ "$1" = 'prerouting' ] && [ "$macfilter_type" != "白名单" ];then
|
||||||
|
[ -s "$CRASHDIR"/configs/mac ] && {
|
||||||
|
MAC=$(awk '{printf "%s, ",$1}' "$CRASHDIR"/configs/mac)
|
||||||
|
nft add rule inet shellcrash $1 ether saddr {$MAC} return
|
||||||
|
}
|
||||||
|
[ -s "$CRASHDIR"/configs/ip_filter ] && {
|
||||||
|
FL_IP=$(awk '{printf "%s, ",$1}' "$CRASHDIR"/configs/ip_filter)
|
||||||
|
nft add rule inet shellcrash $1 ip saddr {$FL_IP} return
|
||||||
|
}
|
||||||
|
nft add rule inet shellcrash $1 ip saddr != {$HOST_IP} return #仅代理本机局域网网段流量
|
||||||
|
fi
|
||||||
|
if [ "$1" = 'prerouting' ] && [ "$macfilter_type" = "白名单" ];then
|
||||||
|
[ -s "$CRASHDIR"/configs/mac ] && MAC=$(awk '{printf "%s, ",$1}' "$CRASHDIR"/configs/mac)
|
||||||
|
[ -s "$CRASHDIR"/configs/ip_filter ] && FL_IP=$(awk '{printf "%s, ",$1}' "$CRASHDIR"/configs/ip_filter)
|
||||||
|
if [ -n "$MAC" ] && [ -n "$FL_IP" ];then
|
||||||
|
nft add rule inet shellcrash $1 ether saddr != {$MAC} ip saddr != {$FL_IP} return
|
||||||
|
elif [ -n "$MAC" ];then
|
||||||
|
nft add rule inet shellcrash $1 ether saddr != {$MAC} return
|
||||||
|
elif [ -n "$FL_IP" ];then
|
||||||
|
nft add rule inet shellcrash $1 ip saddr != {$FL_IP} return
|
||||||
|
fi
|
||||||
|
fi
|
||||||
#绕过CN-IP
|
#绕过CN-IP
|
||||||
[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" -a -f "$BINDIR"/cn_ip.txt ] && {
|
[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" -a -f "$BINDIR"/cn_ip.txt ] && {
|
||||||
CN_IP=$(awk '{printf "%s, ",$1}' "$BINDIR"/cn_ip.txt)
|
CN_IP=$(awk '{printf "%s, ",$1}' "$BINDIR"/cn_ip.txt)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user