mirror of
https://github.com/juewuy/ShellCrash.git
synced 2024-11-16 03:32:34 +08:00
~修复cn绕过未生效的bug
~修复华硕设备ip6tables报错的问题
This commit is contained in:
parent
eb025899cd
commit
33a2ed8a71
|
@ -667,8 +667,6 @@ setipv6(){ #ipv6设置
|
||||||
case $num in
|
case $num in
|
||||||
1)
|
1)
|
||||||
if [ "$ipv6_redir" = "未开启" ]; then
|
if [ "$ipv6_redir" = "未开启" ]; then
|
||||||
echo -e "如果启用后导致部分应用加载缓慢,请关闭此功能即可恢复"
|
|
||||||
echo -e "\033[31m除非特殊需要,否则无需开启此功能!\033[0m"
|
|
||||||
ipv6_support=已开启
|
ipv6_support=已开启
|
||||||
ipv6_redir=已开启
|
ipv6_redir=已开启
|
||||||
sleep 2
|
sleep 2
|
||||||
|
@ -691,11 +689,11 @@ setipv6(){ #ipv6设置
|
||||||
setconfig ipv6_redir $ipv6_redir
|
setconfig ipv6_redir $ipv6_redir
|
||||||
setconfig ipv6_support $ipv6_support
|
setconfig ipv6_support $ipv6_support
|
||||||
fi
|
fi
|
||||||
if [ -n "$(ipset -v 2>/dev/null)" -o "$firewall_mod" = 'nftables' ];then
|
if [ -n "$(ipset -v 2>/dev/null)"] || [ "$firewall_mod" = nftables ];then
|
||||||
[ "$cn_ipv6_route" = "未开启" ] && cn_ipv6_route=已开启 || cn_ipv6_route=未开启
|
[ "$cn_ipv6_route" = "未开启" ] && cn_ipv6_route=已开启 || cn_ipv6_route=未开启
|
||||||
setconfig cn_ipv6_route $cn_ipv6_route
|
setconfig cn_ipv6_route $cn_ipv6_route
|
||||||
else
|
else
|
||||||
echo -e "\033[31m当前设备缺少ipset模块或未使用Nft模式,无法启用绕过功能!!\033[0m"
|
echo -e "\033[31m当前设备缺少ipset模块或防火墙未使用nftables,无法启用绕过功能!!\033[0m"
|
||||||
sleep 1
|
sleep 1
|
||||||
fi
|
fi
|
||||||
setipv6
|
setipv6
|
||||||
|
@ -1441,7 +1439,7 @@ normal_set(){ #基础设置
|
||||||
normal_set
|
normal_set
|
||||||
|
|
||||||
elif [ "$num" = 8 ]; then
|
elif [ "$num" = 8 ]; then
|
||||||
if [ -n "$(ipset -v 2>/dev/null)" -o "$firewall_mod" = 'nftables' ];then
|
if [ -n "$(ipset -v 2>/dev/null)" ] || [ "$firewall_mod" = 'nftables' ];then
|
||||||
if [ "$cn_ip_route" = "未开启" ]; then
|
if [ "$cn_ip_route" = "未开启" ]; then
|
||||||
echo -e "\033[32m已开启CN_IP绕过内核功能!!\033[0m"
|
echo -e "\033[32m已开启CN_IP绕过内核功能!!\033[0m"
|
||||||
echo -e "\033[31m注意!!!此功能会导致全局模式及一切CN相关规则失效!!!\033[0m"
|
echo -e "\033[31m注意!!!此功能会导致全局模式及一切CN相关规则失效!!!\033[0m"
|
||||||
|
@ -1453,7 +1451,7 @@ normal_set(){ #基础设置
|
||||||
fi
|
fi
|
||||||
setconfig cn_ip_route $cn_ip_route
|
setconfig cn_ip_route $cn_ip_route
|
||||||
else
|
else
|
||||||
echo -e "\033[31m当前设备缺少ipset模块或未使用Nft模式,无法启用绕过功能!!\033[0m"
|
echo -e "\033[31m当前设备缺少ipset模块或未使用nftables模式,无法启用绕过功能!!\033[0m"
|
||||||
sleep 1
|
sleep 1
|
||||||
fi
|
fi
|
||||||
normal_set
|
normal_set
|
||||||
|
|
|
@ -844,7 +844,7 @@ EOF
|
||||||
#设置路由规则
|
#设置路由规则
|
||||||
cn_ip_route(){ #CN-IP绕过
|
cn_ip_route(){ #CN-IP绕过
|
||||||
ckgeo cn_ip.txt china_ip_list.txt
|
ckgeo cn_ip.txt china_ip_list.txt
|
||||||
[ -f ${BINDIR}/cn_ip.txt -a -z "$(echo $redir_mod|grep 'Nft')" ] && {
|
[ -f ${BINDIR}/cn_ip.txt ] && [ "$firewall_mod" = iptables ] && {
|
||||||
# see https://raw.githubusercontent.com/Hackl0us/GeoIP2-CN/release/CN-ip-cidr.txt
|
# see https://raw.githubusercontent.com/Hackl0us/GeoIP2-CN/release/CN-ip-cidr.txt
|
||||||
echo "create cn_ip hash:net family inet hashsize 10240 maxelem 10240" > ${TMPDIR}/cn_$USER.ipset
|
echo "create cn_ip hash:net family inet hashsize 10240 maxelem 10240" > ${TMPDIR}/cn_$USER.ipset
|
||||||
awk '!/^$/&&!/^#/{printf("add cn_ip %s'" "'\n",$0)}' ${BINDIR}/cn_ip.txt >> ${TMPDIR}/cn_$USER.ipset
|
awk '!/^$/&&!/^#/{printf("add cn_ip %s'" "'\n",$0)}' ${BINDIR}/cn_ip.txt >> ${TMPDIR}/cn_$USER.ipset
|
||||||
|
@ -855,7 +855,7 @@ cn_ip_route(){ #CN-IP绕过
|
||||||
}
|
}
|
||||||
cn_ipv6_route(){ #CN-IPV6绕过
|
cn_ipv6_route(){ #CN-IPV6绕过
|
||||||
ckgeo cn_ipv6.txt china_ipv6_list.txt
|
ckgeo cn_ipv6.txt china_ipv6_list.txt
|
||||||
[ -f ${BINDIR}/cn_ipv6.txt -a -z "$(echo $redir_mod|grep 'Nft')" ] && {
|
[ -f ${BINDIR}/cn_ipv6.txt ] && [ "$firewall_mod" = iptables ] && {
|
||||||
#ipv6
|
#ipv6
|
||||||
#see https://ispip.clang.cn/all_cn_ipv6.txt
|
#see https://ispip.clang.cn/all_cn_ipv6.txt
|
||||||
echo "create cn_ip6 hash:net family inet6 hashsize 4096 maxelem 4096" > ${TMPDIR}/cn6_$USER.ipset
|
echo "create cn_ip6 hash:net family inet6 hashsize 4096 maxelem 4096" > ${TMPDIR}/cn6_$USER.ipset
|
||||||
|
@ -980,7 +980,7 @@ start_iptables(){ #iptables配置总入口
|
||||||
[ "$dns_no" != "已禁用" -a "$dns_redir" != "已开启" -a "$firewall_area" -le 3 ] && {
|
[ "$dns_no" != "已禁用" -a "$dns_redir" != "已开启" -a "$firewall_area" -le 3 ] && {
|
||||||
[ "$lan_proxy" = true ] && {
|
[ "$lan_proxy" = true ] && {
|
||||||
start_ipt_dns iptables PREROUTING shellcrash_dns #ipv4-局域网dns转发
|
start_ipt_dns iptables PREROUTING shellcrash_dns #ipv4-局域网dns转发
|
||||||
if ip6tables -t nat -L >/dev/null 2>&1;then
|
if [ -n "$(grep -E '^REDIRECT$' /proc/net/ip6_tables_targets)" ];then
|
||||||
start_ipt_dns ip6tables PREROUTING shellcrashv6_dns #ipv6-局域网dns转发
|
start_ipt_dns ip6tables PREROUTING shellcrashv6_dns #ipv6-局域网dns转发
|
||||||
else
|
else
|
||||||
ip6tables -I INPUT -p udp --dport 53 -m comment --comment "ShellCrash-IPV6_DNS-REJECT" -j REJECT 2>/dev/null
|
ip6tables -I INPUT -p udp --dport 53 -m comment --comment "ShellCrash-IPV6_DNS-REJECT" -j REJECT 2>/dev/null
|
||||||
|
@ -994,10 +994,10 @@ start_iptables(){ #iptables配置总入口
|
||||||
[ "$lan_proxy" = true ] && {
|
[ "$lan_proxy" = true ] && {
|
||||||
start_ipt_route iptables nat PREROUTING shellcrash tcp #ipv4-局域网tcp转发
|
start_ipt_route iptables nat PREROUTING shellcrash tcp #ipv4-局域网tcp转发
|
||||||
[ "$ipv6_redir" = "已开启" ] && {
|
[ "$ipv6_redir" = "已开启" ] && {
|
||||||
if ip6tables -t nat -L >/dev/null 2>&1;then
|
if [ -n "$(grep -E '^REDIRECT$' /proc/net/ip6_tables_targets)" ];then
|
||||||
start_ipt_route ip6tables nat PREROUTING shellcrashv6 tcp #ipv6-局域网tcp转发
|
start_ipt_route ip6tables nat PREROUTING shellcrashv6 tcp #ipv6-局域网tcp转发
|
||||||
else
|
else
|
||||||
logger "当前设备内核缺少ip6tables_nat模块支持,已放弃启动相关规则!" 31
|
logger "当前设备内核缺少ip6tables_REDIRECT模块支持,已放弃启动相关规则!" 31
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user