From 5ff25682c1573e012d55f268e084c44a125b684c Mon Sep 17 00:00:00 2001 From: juewuy Date: Thu, 6 Jun 2024 14:40:22 +0800 Subject: [PATCH] =?UTF-8?q?~=E4=BC=98=E5=8C=96=E4=BA=86=E6=A0=B9=E8=AF=81?= =?UTF-8?q?=E4=B9=A6=E6=9B=B4=E6=96=B0=E5=8A=9F=E8=83=BD=EF=BC=8C=E6=94=AF?= =?UTF-8?q?=E6=8C=81=E9=95=9C=E5=83=8F=E5=8C=96=E8=AE=BE=E5=A4=87=E9=87=8D?= =?UTF-8?q?=E5=90=AF=E5=90=8E=E8=87=AA=E5=8A=A8=E8=A6=86=E7=9B=96=E5=8E=9F?= =?UTF-8?q?=E6=96=87=E4=BB=B6=20~=E4=BF=AE=E5=A4=8D=E5=8D=8E=E7=A1=95?= =?UTF-8?q?=E8=AE=BE=E5=A4=87=E7=A6=81=E7=94=A8quic=E5=8A=9F=E8=83=BD?= =?UTF-8?q?=E6=8A=A5=E9=94=99=E7=9A=84=E9=97=AE=E9=A2=98=20~=E4=BF=AE?= =?UTF-8?q?=E5=A4=8Dmac=E9=BB=91=E5=90=8D=E5=8D=95=E4=BC=9A=E9=94=99?= =?UTF-8?q?=E8=AF=AF=E8=AF=86=E5=88=AB=E4=B8=BA=E7=99=BD=E5=90=8D=E5=8D=95?= =?UTF-8?q?=E7=9A=84bug=20~=E4=BF=AE=E5=A4=8D=E6=96=B0=E6=89=8B=E5=BC=95?= =?UTF-8?q?=E5=AF=BC=E9=80=89=E6=8B=A9=E6=9C=AC=E6=9C=BA=E4=BB=A3=E7=90=86?= =?UTF-8?q?=E6=97=B6=E7=9A=84=E6=8A=A5=E9=94=99=E7=AD=89=E9=97=AE=E9=A2=98?= =?UTF-8?q?=20~=E4=BF=AE=E5=A4=8Dax6s/ax6000=E7=AD=89=E8=AE=BE=E5=A4=87tun?= =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E5=B7=A5=E5=85=B7=E4=BF=AE=E5=A4=8D=E5=A4=B1?= =?UTF-8?q?=E8=B4=A5=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- scripts/misnap_init.sh | 4 +++- scripts/start.sh | 23 ++++++++++++----------- scripts/update.sh | 11 ++++++----- 3 files changed, 21 insertions(+), 17 deletions(-) diff --git a/scripts/misnap_init.sh b/scripts/misnap_init.sh index 3ada5f0..ebd7122 100644 --- a/scripts/misnap_init.sh +++ b/scripts/misnap_init.sh @@ -62,9 +62,11 @@ init(){ #启动服务 if [ ! -f $CRASHDIR/.dis_startup ]; then #AX6S/AX6000修复tun功能 - [ -f $CRASHDIR/configs/tun.ko ] && tunfix + [ -s $CRASHDIR/tools/tun.ko ] && tunfix #小米7000/小米万兆修复tproxy [ -f /etc/init.d/qca-nss-ecm ] && [ -n "$(grep 'redir_mod=Tproxy' $CRASHDIR/configs/ShellCrash.cfg )" ] && tproxyfix + #自动覆盖根证书文件 + [ -s $CRASHDIR/tools/ca-certificates.crt ] && cp -f $CRASHDIR/tools/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt #启动服务 $CRASHDIR/start.sh start /etc/init.d/shellcrash enable diff --git a/scripts/start.sh b/scripts/start.sh index 9a47438..1d3f3f5 100644 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -12,7 +12,7 @@ CRASHDIR=$(cd $(dirname $0);pwd) getconfig() { #读取配置及全局变量 #加载配置文件 . "$CRASHDIR"/configs/ShellCrash.cfg >/dev/null - #默认设置 + #缺省值 [ -z "$redir_mod" ] && [ "$USER" = "root" -o "$USER" = "admin" ] && redir_mod=Redir模式 [ -z "$redir_mod" ] && redir_mod=纯净模式 [ -z "$skip_cert" ] && skip_cert=已开启 @@ -20,6 +20,7 @@ getconfig() { #读取配置及全局变量 [ -z "$ipv6_redir" ] && ipv6_redir=未开启 [ -z "$ipv6_dns" ] && ipv6_dns=已开启 [ -z "$cn_ipv6_route" ] && cn_ipv6_route=未开启 + [ -z "$macfilter_type" ] && macfilter_type=黑名单 [ -z "$mix_port" ] && mix_port=7890 [ -z "$redir_port" ] && redir_port=7892 [ -z "$tproxy_port" ] && tproxy_port=7893 @@ -1079,7 +1080,7 @@ start_iptables() { #iptables配置总入口 if ip6tables -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports'; then start_ipt_dns ip6tables PREROUTING shellcrashv6_dns #ipv6-局域网dns转发 else - ip6tables -I INPUT -p udp --dport 53 -m comment --comment "ShellCrash-IPV6_DNS-REJECT" -j REJECT + ip6tables -I INPUT -p udp --dport 53 -j REJECT fi } [ "$local_proxy" = true ] && start_ipt_dns iptables OUTPUT shellcrash_dns_out #ipv4-本机dns转发 @@ -1090,8 +1091,8 @@ start_iptables() { #iptables配置总入口 set_cn_ip='-m set ! --match-set cn_ip dst' set_cn_ip6='-m set ! --match-set cn_ip6 dst' } - iptables -I FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip -j REJECT >/dev/null 2>&1 - ip6tables -I FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip6 -j REJECT >/dev/null 2>&1 + iptables -I FORWARD -p udp --dport 443 -o utun $set_cn_ip -j REJECT >/dev/null 2>&1 + ip6tables -I FORWARD -p udp --dport 443 -o utun $set_cn_ip6 -j REJECT >/dev/null 2>&1 } } start_nft_route() { #nftables-route通用工具 @@ -1337,8 +1338,8 @@ stop_firewall() { #还原防火墙配置 iptables -D FORWARD -o utun -j ACCEPT 2>/dev/null #屏蔽QUIC [ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" ] && set_cn_ip='-m set ! --match-set cn_ip dst' - iptables -D INPUT -p udp --dport 443 -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip -j REJECT 2>/dev/null - iptables -D FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip -j REJECT 2>/dev/null + iptables -D INPUT -p udp --dport 443 $set_cn_ip -j REJECT 2>/dev/null + iptables -D FORWARD -p udp --dport 443 -o utun $set_cn_ip -j REJECT 2>/dev/null #公网访问 for ip in $host_ipv4 $local_ipv4 $reserve_ipv4; do iptables -D INPUT -p tcp -s $ip --dport $mix_port -j ACCEPT 2>/dev/null @@ -1364,18 +1365,18 @@ stop_firewall() { #还原防火墙配置 ip6tables -t nat -D PREROUTING -p udp --dport 53 -j shellcrashv6_dns 2>/dev/null #redir ip6tables -t nat -D PREROUTING -p tcp $ports -j shellcrashv6 2>/dev/null - ip6tables -D INPUT -p udp --dport 53 -m comment --comment "ShellCrash-IPV6_DNS-REJECT" -j REJECT 2>/dev/null + ip6tables -D INPUT -p udp --dport 53 -j REJECT 2>/dev/null #mark ip6tables -t mangle -D PREROUTING -p tcp $ports -j shellcrashv6_mark 2>/dev/null ip6tables -t mangle -D PREROUTING -p udp $ports -j shellcrashv6_mark 2>/dev/null - ip6tables -D INPUT -p udp --dport 443 -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip -j REJECT 2>/dev/null + ip6tables -D INPUT -p udp --dport 443 $set_cn_ip -j REJECT 2>/dev/null #tun ip6tables -D FORWARD -o utun -j ACCEPT 2>/dev/null - ip6tables -D FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellCrash-QUIC-REJECT" -j REJECT >/dev/null 2>&1 + ip6tables -D FORWARD -p udp --dport 443 -o utun -j REJECT >/dev/null 2>&1 #屏蔽QUIC [ "$dns_mod" != "fake-ip" -a "$cn_ipv6_route" = "已开启" ] && set_cn_ip6='-m set ! --match-set cn_ip6 dst' - ip6tables -D INPUT -p udp --dport 443 -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip6 -j REJECT 2>/dev/null - ip6tables -D FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip6 -j REJECT 2>/dev/null + ip6tables -D INPUT -p udp --dport 443 $set_cn_ip6 -j REJECT 2>/dev/null + ip6tables -D FORWARD -p udp --dport 443 -o utun $set_cn_ip6 -j REJECT 2>/dev/null #公网访问 ip6tables -D INPUT -p tcp --dport $mix_port -j REJECT 2>/dev/null ip6tables -D INPUT -p tcp --dport $mix_port -j ACCEPT 2>/dev/null diff --git a/scripts/update.sh b/scripts/update.sh index a116f6f..0b12b17 100644 --- a/scripts/update.sh +++ b/scripts/update.sh @@ -1917,7 +1917,9 @@ getcrt(){ #下载根证书文件 error_down else echo ----------------------------------------------- - mkdir -p $openssldir + [ "$systype" = 'mi_snapshot' ] && cp -f ${TMPDIR}/ca-certificates.crt $CRASHDIR/tools #镜像化设备特殊处理 + [ -f $openssldir/certs ] && rm -rf $openssldir/certs #如果certs不是目录而是文件则删除并创建目录 + mkdir -p $openssldir/certs mv -f ${TMPDIR}/ca-certificates.crt $crtdir ${CRASHDIR}/start.sh webget /dev/null https://baidu.com echooff rediron skipceroff if [ "$?" = "1" ];then @@ -2231,12 +2233,11 @@ userguide(){ } && echo "已成功开启ipv4转发,如未正常开启,请手动重启设备!" || echo "开启失败!请自行谷歌查找当前设备的开启方法!" fi elif [ "$num" = 2 ];then - setconfig redir_mod "纯净模式" + setconfig redir_mod "Redir模式" setconfig crashcore "clash" setconfig common_ports "未开启" - echo ----------------------------------------------- - echo -e "\033[36m请选择设置本机代理的方式\033[0m" - localproxy + setconfig firewall_area '2' + elif [ "$num" = 3 ];then mv -f $CFG_PATH.bak $CFG_PATH echo -e "\033[32m脚本设置已还原!\033[0m"