Austin/ShellCrash
1
0
Fork 0
mirror of https://github.com/juewuy/ShellCrash.git synced 2024-11-16 11:42:18 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
ad34cda6e9
ShellCrash/scripts/clashservice
juewuy ad34cda6e9 v0.9.2 
~添加局域网设备过滤功能
2020-08-14 20:55:15 +08:00

170 lines
5.6 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/sh /etc/rc.common
# Example script
# Copyright (C) 2007 OpenWrt.org
USE_PROCD=1
START=99
getconfig(){
#开机加载环境变量保证找到文件路径
source /etc/profile > /dev/null 2>&1
ccfg=$clashdir/mark
if [ ! -f "$ccfg" ]; then
echo mark文件不存在默认以Redir模式运行
cat >$ccfg<<EOF
#标识clash运行状态的文件不明勿动
EOF
#指定一些默认状态
redir_mod=redir模式
common_ports=未开启
dns_mod=redir-host
modify_yaml=未开启
ipv6_support=未开启
fi
source $ccfg #加载配置文件
#是否代理常用端口
if [ "$common_ports" = "已开启" ];then
ports='-m multiport --dports 22,53,587,465,995,993,143,80,443 '
fi
#DNS模式
if [ "$common_ports" = "已开启" ];then
ports='-m multiport --dports 22,53,587,465,995,993,143,80,443 '
fi
}
modify_yaml(){
##########需要变更的配置###########
mix='mixed-port: 7890'
redir='redir-port: 7892'
lan='allow-lan: true'
mode='mode: Rule'
log='log-level: info'
if [ "$ipv6_support" = "已开启" ];then
ipv6='ipv6: true'
else
ipv6='ipv6: false'
fi
external='external-controller: 0.0.0.0:9999'
if [ "$dns_mod" = "fake-ip" ];then
dns='dns: {enable: true, listen: 0.0.0.0:1053, fake-ip-range: 198.18.0.1/16, enhanced-mode: fake-ip, nameserver: [114.114.114.114, 127.0.0.1:53], fallback: [tcp://1.0.0.1, 8.8.4.4]}'
else
dns='dns: {enable: true, ipv6: true, listen: 0.0.0.0:1053, enhanced-mode: redir-host, nameserver: [114.114.114.114, 127.0.0.1:53], fallback: [1.0.0.1, 8.8.4.4]}'
fi
if [ "$redir_mod" != "Redir模式" ];then
tun='tun: {enable: true, stack: system}'
else
tun='tun: {enable: false}'
fi
exper='experimental: {ignore-resolve-fail: true, interface-name: en0}'
###################################
#预删除需要添加的项目
i=$(grep -n "^proxies:" $clashdir/config.yaml | head -1 | cut -d ":" -f 1)
i=$(($i-1))
sed -i '1,'$i'd' $clashdir/config.yaml
#添加配置
sed -i "1i$mix" $clashdir/config.yaml
sed -i "1a$redir" $clashdir/config.yaml
sed -i "2a$lan" $clashdir/config.yaml
sed -i "3a$mode" $clashdir/config.yaml
sed -i "4a$log" $clashdir/config.yaml
sed -i "5a$ipv6" $clashdir/config.yaml
sed -i "6a$external" $clashdir/config.yaml
sed -i "7a$dns" $clashdir/config.yaml
sed -i "8a$tun" $clashdir/config.yaml
sed -i "9a$exper" $clashdir/config.yaml
#跳过本地tls证书验证
if [ "$skip_cert" != "未开启" ];then
sed -i "10,99s/sni: \S*/\1skip-cert-verify: true}/" $clashdir/config.yaml #跳过trojan本地证书验证
sed -i '10,99s/}}/}, skip-cert-verify: true}/' $clashdir/config.yaml #跳过v2+ssl本地证书验证
fi
#sed -i '/rules:/a \ - DOMAIN-SUFFIX,clash.razord.top,🎯 全球直连' $clashdir/config.yaml
}
mark_time(){
start_time=`date +%s`
sed -i '/start_time*/'d $ccfg
sed -i "3i\start_time=$start_time" $ccfg
}
start_redir(){
#修改iptables规则使流量进入clash
iptables -t nat -N clash
iptables -t nat -A clash -d 0.0.0.0/8 -j RETURN
iptables -t nat -A clash -d 10.0.0.0/8 -j RETURN
iptables -t nat -A clash -d 127.0.0.0/8 -j RETURN
iptables -t nat -A clash -d 169.254.0.0/16 -j RETURN
iptables -t nat -A clash -d 172.16.0.0/12 -j RETURN
iptables -t nat -A clash -d 192.168.0.0/16 -j RETURN
iptables -t nat -A clash -d 224.0.0.0/4 -j RETURN
iptables -t nat -A clash -d 240.0.0.0/4 -j RETURN
for mac in $(cat $clashdir/mac); do
iptables -t nat -A clash -m mac --mac-source $mac -j RETURN
done
iptables -t nat -A clash -p tcp $ports-j REDIRECT --to-ports 7892
iptables -t nat -A PREROUTING -p tcp -j clash
if [ "$ipv6_support" = "已开启" ];then
ip6tables -t nat -N clash
for mac in $(cat $clashdir/mac); do
ip6tables -t nat -A clash -m mac --mac-source $mac -j RETURN
done
ip6tables -t nat -A clash -p tcp $ports-j REDIRECT --to-ports 7892
ip6tables -t nat -A PREROUTING -p tcp -j clash
fi
}
stop_iptables(){
#重置iptables规则
iptables -t nat -D PREROUTING -p tcp -j clash > /dev/null 2>&1
iptables -t nat -D PREROUTING -p tcp -j clash_dns > /dev/null 2>&1
iptables -t nat -F clash > /dev/null 2>&1
iptables -t nat -X clash > /dev/null 2>&1
iptables -t nat -F clash_dns > /dev/null 2>&1
iptables -t nat -X clash_dns > /dev/null 2>&1
#重置ipv6规则
ip6tables -t nat -D PREROUTING -p tcp -j clash > /dev/null 2>&1
ip6tables -t nat -D PREROUTING -p tcp -j clash_dns > /dev/null 2>&1
ip6tables -t nat -F clash > /dev/null 2>&1
ip6tables -t nat -X clash > /dev/null 2>&1
ip6tables -t nat -F clash_dns > /dev/null 2>&1
ip6tables -t nat -X clash_dns > /dev/null 2>&1
}
start_dns(){
#允许tun网卡接受流量
iptables -I FORWARD -o utun -j ACCEPT
ip6tables -I FORWARD -o utun -j ACCEPT
#设置dns转发
iptables -t nat -N clash_dns
for mac in $(cat $clashdir/mac); do
iptables -t nat -A clash_dns -m mac --mac-source $mac -j RETURN
done
iptables -t nat -A clash_dns -p udp --dport 53 -j REDIRECT --to 1053
iptables -t nat -A PREROUTING -p udp -j clash_dns
#ipv6DNS
ip6tables -t nat -N clash_dns
for mac in $(cat $clashdir/mac); do
ip6tables -t nat -A clash_dns -m mac --mac-source $mac -j RETURN
done
ip6tables -t nat -A clash_dns -p udp --dport 53 -j REDIRECT --to 1053
ip6tables -t nat -A PREROUTING -p udp -j clash_dns
}
start_service() {
getconfig
#使用内置规则强行覆盖config配置文件
if [ "$modify_yaml" != "已开启" ];then
modify_yaml
fi
#创建clash后台进程
procd_open_instance
procd_set_param respawn
procd_set_param stderr 1
procd_set_param stdout 1
procd_set_param command $clashdir/clash -d $clashdir
procd_close_instance
#修改iptables规则使流量进入clash
stop_iptables
start_dns
if [ "$redir_mod" != "Tun模式" ];then
start_redir
fi
mark_time
}
stop_service() {
stop_iptables
}
Reference in New Issue View Git Blame Copy Permalink