diff --git a/scripts/menu.sh b/scripts/menu.sh index 9bfec0b..2523c75 100644 --- a/scripts/menu.sh +++ b/scripts/menu.sh @@ -667,8 +667,6 @@ setipv6(){ #ipv6设置 case $num in 1) if [ "$ipv6_redir" = "未开启" ]; then - echo -e "如果启用后导致部分应用加载缓慢,请关闭此功能即可恢复" - echo -e "\033[31m除非特殊需要,否则无需开启此功能!\033[0m" ipv6_support=已开启 ipv6_redir=已开启 sleep 2 @@ -691,11 +689,11 @@ setipv6(){ #ipv6设置 setconfig ipv6_redir $ipv6_redir setconfig ipv6_support $ipv6_support fi - if [ -n "$(ipset -v 2>/dev/null)" -o "$firewall_mod" = 'nftables' ];then + if [ -n "$(ipset -v 2>/dev/null)"] || [ "$firewall_mod" = nftables ];then [ "$cn_ipv6_route" = "未开启" ] && cn_ipv6_route=已开启 || cn_ipv6_route=未开启 setconfig cn_ipv6_route $cn_ipv6_route else - echo -e "\033[31m当前设备缺少ipset模块或未使用Nft模式,无法启用绕过功能!!\033[0m" + echo -e "\033[31m当前设备缺少ipset模块或防火墙未使用nftables,无法启用绕过功能!!\033[0m" sleep 1 fi setipv6 @@ -1441,7 +1439,7 @@ normal_set(){ #基础设置 normal_set elif [ "$num" = 8 ]; then - if [ -n "$(ipset -v 2>/dev/null)" -o "$firewall_mod" = 'nftables' ];then + if [ -n "$(ipset -v 2>/dev/null)" ] || [ "$firewall_mod" = 'nftables' ];then if [ "$cn_ip_route" = "未开启" ]; then echo -e "\033[32m已开启CN_IP绕过内核功能!!\033[0m" echo -e "\033[31m注意!!!此功能会导致全局模式及一切CN相关规则失效!!!\033[0m" @@ -1453,7 +1451,7 @@ normal_set(){ #基础设置 fi setconfig cn_ip_route $cn_ip_route else - echo -e "\033[31m当前设备缺少ipset模块或未使用Nft模式,无法启用绕过功能!!\033[0m" + echo -e "\033[31m当前设备缺少ipset模块或未使用nftables模式,无法启用绕过功能!!\033[0m" sleep 1 fi normal_set diff --git a/scripts/start.sh b/scripts/start.sh index aaef839..a85cec5 100644 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -844,7 +844,7 @@ EOF #设置路由规则 cn_ip_route(){ #CN-IP绕过 ckgeo cn_ip.txt china_ip_list.txt - [ -f ${BINDIR}/cn_ip.txt -a -z "$(echo $redir_mod|grep 'Nft')" ] && { + [ -f ${BINDIR}/cn_ip.txt ] && [ "$firewall_mod" = iptables ] && { # see https://raw.githubusercontent.com/Hackl0us/GeoIP2-CN/release/CN-ip-cidr.txt echo "create cn_ip hash:net family inet hashsize 10240 maxelem 10240" > ${TMPDIR}/cn_$USER.ipset awk '!/^$/&&!/^#/{printf("add cn_ip %s'" "'\n",$0)}' ${BINDIR}/cn_ip.txt >> ${TMPDIR}/cn_$USER.ipset @@ -855,7 +855,7 @@ cn_ip_route(){ #CN-IP绕过 } cn_ipv6_route(){ #CN-IPV6绕过 ckgeo cn_ipv6.txt china_ipv6_list.txt - [ -f ${BINDIR}/cn_ipv6.txt -a -z "$(echo $redir_mod|grep 'Nft')" ] && { + [ -f ${BINDIR}/cn_ipv6.txt ] && [ "$firewall_mod" = iptables ] && { #ipv6 #see https://ispip.clang.cn/all_cn_ipv6.txt echo "create cn_ip6 hash:net family inet6 hashsize 4096 maxelem 4096" > ${TMPDIR}/cn6_$USER.ipset @@ -980,7 +980,7 @@ start_iptables(){ #iptables配置总入口 [ "$dns_no" != "已禁用" -a "$dns_redir" != "已开启" -a "$firewall_area" -le 3 ] && { [ "$lan_proxy" = true ] && { start_ipt_dns iptables PREROUTING shellcrash_dns #ipv4-局域网dns转发 - if ip6tables -t nat -L >/dev/null 2>&1;then + if [ -n "$(grep -E '^REDIRECT$' /proc/net/ip6_tables_targets)" ];then start_ipt_dns ip6tables PREROUTING shellcrashv6_dns #ipv6-局域网dns转发 else ip6tables -I INPUT -p udp --dport 53 -m comment --comment "ShellCrash-IPV6_DNS-REJECT" -j REJECT 2>/dev/null @@ -994,10 +994,10 @@ start_iptables(){ #iptables配置总入口 [ "$lan_proxy" = true ] && { start_ipt_route iptables nat PREROUTING shellcrash tcp #ipv4-局域网tcp转发 [ "$ipv6_redir" = "已开启" ] && { - if ip6tables -t nat -L >/dev/null 2>&1;then + if [ -n "$(grep -E '^REDIRECT$' /proc/net/ip6_tables_targets)" ];then start_ipt_route ip6tables nat PREROUTING shellcrashv6 tcp #ipv6-局域网tcp转发 else - logger "当前设备内核缺少ip6tables_nat模块支持,已放弃启动相关规则!" 31 + logger "当前设备内核缺少ip6tables_REDIRECT模块支持,已放弃启动相关规则!" 31 fi } }