~修复cn绕过未生效的bug

~修复华硕设备ip6tables报错的问题
This commit is contained in:
juewuy 2024-03-11 15:53:03 +08:00
parent eb025899cd
commit 33a2ed8a71
2 changed files with 9 additions and 11 deletions

View File

@ -667,8 +667,6 @@ setipv6(){ #ipv6设置
case $num in case $num in
1) 1)
if [ "$ipv6_redir" = "未开启" ]; then if [ "$ipv6_redir" = "未开启" ]; then
echo -e "如果启用后导致部分应用加载缓慢,请关闭此功能即可恢复"
echo -e "\033[31m除非特殊需要否则无需开启此功能\033[0m"
ipv6_support=已开启 ipv6_support=已开启
ipv6_redir=已开启 ipv6_redir=已开启
sleep 2 sleep 2
@ -691,11 +689,11 @@ setipv6(){ #ipv6设置
setconfig ipv6_redir $ipv6_redir setconfig ipv6_redir $ipv6_redir
setconfig ipv6_support $ipv6_support setconfig ipv6_support $ipv6_support
fi fi
if [ -n "$(ipset -v 2>/dev/null)" -o "$firewall_mod" = 'nftables' ];then if [ -n "$(ipset -v 2>/dev/null)"] || [ "$firewall_mod" = nftables ];then
[ "$cn_ipv6_route" = "未开启" ] && cn_ipv6_route=已开启 || cn_ipv6_route=未开启 [ "$cn_ipv6_route" = "未开启" ] && cn_ipv6_route=已开启 || cn_ipv6_route=未开启
setconfig cn_ipv6_route $cn_ipv6_route setconfig cn_ipv6_route $cn_ipv6_route
else else
echo -e "\033[31m当前设备缺少ipset模块或未使用Nft模式,无法启用绕过功能!!\033[0m" echo -e "\033[31m当前设备缺少ipset模块或防火墙未使用nftables,无法启用绕过功能!!\033[0m"
sleep 1 sleep 1
fi fi
setipv6 setipv6
@ -1441,7 +1439,7 @@ normal_set(){ #基础设置
normal_set normal_set
elif [ "$num" = 8 ]; then elif [ "$num" = 8 ]; then
if [ -n "$(ipset -v 2>/dev/null)" -o "$firewall_mod" = 'nftables' ];then if [ -n "$(ipset -v 2>/dev/null)" ] || [ "$firewall_mod" = 'nftables' ];then
if [ "$cn_ip_route" = "未开启" ]; then if [ "$cn_ip_route" = "未开启" ]; then
echo -e "\033[32m已开启CN_IP绕过内核功能\033[0m" echo -e "\033[32m已开启CN_IP绕过内核功能\033[0m"
echo -e "\033[31m注意此功能会导致全局模式及一切CN相关规则失效\033[0m" echo -e "\033[31m注意此功能会导致全局模式及一切CN相关规则失效\033[0m"
@ -1453,7 +1451,7 @@ normal_set(){ #基础设置
fi fi
setconfig cn_ip_route $cn_ip_route setconfig cn_ip_route $cn_ip_route
else else
echo -e "\033[31m当前设备缺少ipset模块或未使用Nft模式,无法启用绕过功能!!\033[0m" echo -e "\033[31m当前设备缺少ipset模块或未使用nftables模式,无法启用绕过功能!!\033[0m"
sleep 1 sleep 1
fi fi
normal_set normal_set

View File

@ -844,7 +844,7 @@ EOF
#设置路由规则 #设置路由规则
cn_ip_route(){ #CN-IP绕过 cn_ip_route(){ #CN-IP绕过
ckgeo cn_ip.txt china_ip_list.txt ckgeo cn_ip.txt china_ip_list.txt
[ -f ${BINDIR}/cn_ip.txt -a -z "$(echo $redir_mod|grep 'Nft')" ] && { [ -f ${BINDIR}/cn_ip.txt ] && [ "$firewall_mod" = iptables ] && {
# see https://raw.githubusercontent.com/Hackl0us/GeoIP2-CN/release/CN-ip-cidr.txt # see https://raw.githubusercontent.com/Hackl0us/GeoIP2-CN/release/CN-ip-cidr.txt
echo "create cn_ip hash:net family inet hashsize 10240 maxelem 10240" > ${TMPDIR}/cn_$USER.ipset echo "create cn_ip hash:net family inet hashsize 10240 maxelem 10240" > ${TMPDIR}/cn_$USER.ipset
awk '!/^$/&&!/^#/{printf("add cn_ip %s'" "'\n",$0)}' ${BINDIR}/cn_ip.txt >> ${TMPDIR}/cn_$USER.ipset awk '!/^$/&&!/^#/{printf("add cn_ip %s'" "'\n",$0)}' ${BINDIR}/cn_ip.txt >> ${TMPDIR}/cn_$USER.ipset
@ -855,7 +855,7 @@ cn_ip_route(){ #CN-IP绕过
} }
cn_ipv6_route(){ #CN-IPV6绕过 cn_ipv6_route(){ #CN-IPV6绕过
ckgeo cn_ipv6.txt china_ipv6_list.txt ckgeo cn_ipv6.txt china_ipv6_list.txt
[ -f ${BINDIR}/cn_ipv6.txt -a -z "$(echo $redir_mod|grep 'Nft')" ] && { [ -f ${BINDIR}/cn_ipv6.txt ] && [ "$firewall_mod" = iptables ] && {
#ipv6 #ipv6
#see https://ispip.clang.cn/all_cn_ipv6.txt #see https://ispip.clang.cn/all_cn_ipv6.txt
echo "create cn_ip6 hash:net family inet6 hashsize 4096 maxelem 4096" > ${TMPDIR}/cn6_$USER.ipset echo "create cn_ip6 hash:net family inet6 hashsize 4096 maxelem 4096" > ${TMPDIR}/cn6_$USER.ipset
@ -980,7 +980,7 @@ start_iptables(){ #iptables配置总入口
[ "$dns_no" != "已禁用" -a "$dns_redir" != "已开启" -a "$firewall_area" -le 3 ] && { [ "$dns_no" != "已禁用" -a "$dns_redir" != "已开启" -a "$firewall_area" -le 3 ] && {
[ "$lan_proxy" = true ] && { [ "$lan_proxy" = true ] && {
start_ipt_dns iptables PREROUTING shellcrash_dns #ipv4-局域网dns转发 start_ipt_dns iptables PREROUTING shellcrash_dns #ipv4-局域网dns转发
if ip6tables -t nat -L >/dev/null 2>&1;then if [ -n "$(grep -E '^REDIRECT$' /proc/net/ip6_tables_targets)" ];then
start_ipt_dns ip6tables PREROUTING shellcrashv6_dns #ipv6-局域网dns转发 start_ipt_dns ip6tables PREROUTING shellcrashv6_dns #ipv6-局域网dns转发
else else
ip6tables -I INPUT -p udp --dport 53 -m comment --comment "ShellCrash-IPV6_DNS-REJECT" -j REJECT 2>/dev/null ip6tables -I INPUT -p udp --dport 53 -m comment --comment "ShellCrash-IPV6_DNS-REJECT" -j REJECT 2>/dev/null
@ -994,10 +994,10 @@ start_iptables(){ #iptables配置总入口
[ "$lan_proxy" = true ] && { [ "$lan_proxy" = true ] && {
start_ipt_route iptables nat PREROUTING shellcrash tcp #ipv4-局域网tcp转发 start_ipt_route iptables nat PREROUTING shellcrash tcp #ipv4-局域网tcp转发
[ "$ipv6_redir" = "已开启" ] && { [ "$ipv6_redir" = "已开启" ] && {
if ip6tables -t nat -L >/dev/null 2>&1;then if [ -n "$(grep -E '^REDIRECT$' /proc/net/ip6_tables_targets)" ];then
start_ipt_route ip6tables nat PREROUTING shellcrashv6 tcp #ipv6-局域网tcp转发 start_ipt_route ip6tables nat PREROUTING shellcrashv6 tcp #ipv6-局域网tcp转发
else else
logger "当前设备内核缺少ip6tables_nat模块支持,已放弃启动相关规则!" 31 logger "当前设备内核缺少ip6tables_REDIRECT模块支持,已放弃启动相关规则!" 31
fi fi
} }
} }