Austin/ShellCrash
1
0
Fork 0
mirror of https://github.com/juewuy/ShellCrash.git synced 2024-11-16 11:42:18 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

v1.2.6-test

Browse Source 
~增加Linux系统本机代理增强模式
This commit is contained in:
juewuy 2021-05-15 16:25:18 +08:00
parent 674c7872f3
commit 64c50d3305
7 changed files with 66 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
bin/clashfm.tar.gz
View File

Binary file not shown.

2
bin/version
View File

@ -1,4 +1,4 @@
clash_v=1.6.0
clashpre_v=2021.05.08
GeoIP_v=20210514
versionsh=1.3.0
versionsh=1.3.1-test

3
install.sh
View File

@ -37,7 +37,7 @@ webget(){
url="https://cdn.jsdelivr.net/gh/juewuy/ShellClash"
if [ "$test" -gt 0 ];then
url="https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master"
[ "$test" -eq 2 ] && url="http://192.168.31.31:8080/ShellClash"
[ "$test" -eq 2 ] && url="http://192.168.0.4:8080/ShellClash"
[ "$test" -eq 3 ] && url="http://192.168.123.90:8080/clash-for-Miwifi"
else
webget /tmp/clashrelease $url@master/bin/release_version echoon rediroff 2>/tmp/clashrelease
@ -78,6 +78,7 @@ gettar(){
mv $clashdir/clash.service $sysdir/clash.service
sed -i "s%/etc/clash%$clashdir%g" $sysdir/clash.service
systemctl daemon-reload
useradd shellclash
else
#设为保守模式启动
sed -i '/start_old=*/'d $clashdir/mark

2
scripts/clash.service
View File

@ -5,7 +5,7 @@ After=network.target
[Service]
Type=simple
User=root
ExecStart=/etc/clash/clash -d /etc/clash
ExecStart=su shellclash -c "/etc/clash/clash -d /etc/clash"
ExecStartPost=/etc/clash/start.sh afstart
Restart=on-failure
RestartSec=3s

20
scripts/clash.sh
View File

@ -471,8 +471,7 @@ localproxy(){
echo -----------------------------------------------
echo -e " 1 \033[36m$proxy_set本机代理\033[0m"
echo -e " 2 使用\033[32m环境变量\033[0m方式配置"
echo -e " 3 使用\033[32mGNOME桌面API\033[0m配置"
echo -e " 4 使用\033[32mKDE桌面API\033[0m配置"
echo -e " 3 使用\033[32miptables增强模式\033[0m配置仅支持Linux系统"
echo -e " 0 返回上级菜单"
echo -----------------------------------------------
read -p "请输入对应数字 > " num
@ -506,20 +505,11 @@ localproxy(){
setconfig local_proxy_type $local_proxy_type
localproxy
elif [ "$num" = 3 ]; then
if gsettings --version >/dev/null 2>&1 ;then
local_proxy_type="GNOME"
if id shellclash >/dev/null 2>&1 ;then
local_proxy_type="iptables增强模式"
setconfig local_proxy_type $local_proxy_type
else
echo -e "\033[31m没有找到GNOME桌面无法设置\033[0m"
sleep 1
fi
localproxy
elif [ "$num" = 4 ]; then
if kwriteconfig5 -h >/dev/null 2>&1 ;then
local_proxy_type="KDE"
setconfig local_proxy_type $local_proxy_type
else
echo -e "\033[31m没有找到KDE桌面无法设置\033[0m"
echo -e "\033[31m当前设备无法使用增强模式\033[0m"
sleep 1
fi
localproxy
@ -660,7 +650,7 @@ clashcfg(){
echo -e " 3 跳过本地证书验证: \033[36m$skip_cert\033[0m ————解决节点证书验证错误"
echo -e " 4 只代理常用端口: \033[36m$common_ports\033[0m ————用于过滤P2P流量"
echo -e " 5 过滤局域网设备: \033[36m$mac_return\033[0m ————使用黑名单/白名单进行过滤"
echo -e " 6 设置本机代理服务: \033[36m$local_proxy\033[0m ————使用环境变量或GUI/api配置本机代理"
echo -e " 6 设置本机代理服务: \033[36m$local_proxy\033[0m ————使用环境变量或iptables配置本机代理"
echo -----------------------------------------------
echo -e " 0 返回上级菜单 \033[0m"
echo -----------------------------------------------

2
scripts/getdate.sh
View File

@ -359,6 +359,7 @@ gettar(){
mv $clashdir/clash.service $sysdir/clash.service
sed -i "s%/etc/clash%$clashdir%g" $sysdir/clash.service
systemctl daemon-reload
useradd shellclash
else
#设为保守模式启动
sed -i '/start_old=*/'d $clashdir/mark
@ -853,6 +854,7 @@ update(){
rm -rf /etc/systemd/system/clash.service
rm -rf /usr/lib/systemd/system/clash.service
rm -rf /www/clash
userdel -r shellclash
echo -----------------------------------------------
echo -e "\033[36m已卸载ShellClash相关文件有缘再会\033[0m"
echo -e "\033[33m请手动关闭当前窗口以重置环境变量\033[0m"

73
scripts/start.sh
View File

@ -417,6 +417,50 @@ start_udp(){
fi
iptables -t mangle -A PREROUTING -p udp $lanhost -j clash
}
start_output(){
#流量过滤规则
iptables -t nat -N clash_out
iptables -t nat -A clash_out -m owner --uid-owner shellclash -j RETURN
iptables -t nat -A clash_out -d 0.0.0.0/8 -j RETURN
iptables -t nat -A clash_out -d 10.0.0.0/8 -j RETURN
iptables -t nat -A clash_out -d 127.0.0.0/8 -j RETURN
iptables -t nat -A clash_out -d 169.254.0.0/16 -j RETURN
iptables -t nat -A clash_out -d 172.16.0.0/12 -j RETURN
iptables -t nat -A clash_out -d 192.168.0.0/16 -j RETURN
iptables -t nat -A clash_out -d 224.0.0.0/4 -j RETURN
iptables -t nat -A clash_out -d 240.0.0.0/4 -j RETURN
if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
#mac白名单
for mac in $(cat $clashdir/mac); do
iptables -t nat -A clash_out -p tcp $ports -m mac --mac-source $mac -j REDIRECT --to-ports $redir_port
done
else
#mac黑名单
for mac in $(cat $clashdir/mac); do
iptables -t nat -A clash_out -m mac --mac-source $mac -j RETURN
done
iptables -t nat -A clash_out -p tcp $ports -j REDIRECT --to-ports $redir_port
fi
iptables -t nat -A OUTPUT -p tcp -j clash_out
#设置dns转发
iptables -t nat -N clash_dns_out
iptables -t nat -A clash_dns_out -m owner --uid-owner shellclash -j RETURN
if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
#mac白名单
for mac in $(cat $clashdir/mac); do
iptables -t nat -A clash_dns_out -p udp --dport 53 -m mac --mac-source $mac -j REDIRECT --to $dns_port
iptables -t nat -A clash_dns_out -p tcp --dport 53 -m mac --mac-source $mac -j REDIRECT --to $dns_port
done
else
#mac黑名单
for mac in $(cat $clashdir/mac); do
iptables -t nat -A clash_dns_out -m mac --mac-source $mac -j RETURN
done
iptables -t nat -A clash_dns_out -p udp --dport 53 -j REDIRECT --to $dns_port
iptables -t nat -A clash_dns_out -p tcp --dport 53 -j REDIRECT --to $dns_port
fi
iptables -t nat -A OUTPUT -p udp -j clash_dns_out
}
stop_iptables(){
gethost #获取本地局域网地址段
#重置iptables规则
@ -431,6 +475,13 @@ stop_iptables(){
iptables -t nat -F clash_dns 2> /dev/null
iptables -t nat -X clash_dns 2> /dev/null
iptables -D FORWARD -o utun -j ACCEPT 2> /dev/null
#重置output规则
iptables -t nat -D OUTPUT -p tcp -j clash_out 2> /dev/null
iptables -t nat -F clash_out 2> /dev/null
iptables -t nat -X clash_out 2> /dev/null
iptables -t nat -D OUTPUT -p udp -j clash_dns_out 2> /dev/null
iptables -t nat -F clash_dns_out 2> /dev/null
iptables -t nat -X clash_dns_out 2> /dev/null
#重置udp规则
iptables -t mangle -D PREROUTING -p udp $lanhost -j clash 2> /dev/null
iptables -t mangle -F clash 2> /dev/null
@ -682,14 +733,9 @@ cronset)
;;
set_proxy)
getconfig
#GNOME配置
if [ "$local_proxy_type" = "GNOME" ];then
gsettings set org.gnome.system.proxy autoconfig-url "http://127.0.0.1:$db_port/ui/pac"
gsettings set org.gnome.system.proxy mode "auto"
#KDE配置
elif [ "$local_proxy_type" = "KDE" ];then
kwriteconfig5 --file kioslaverc --group "Proxy Settings" --key "Proxy Config Script" "http://127.0.0.1:$db_port/ui/pac"
kwriteconfig5 --file kioslaverc --group "Proxy Settings" --key "ProxyType" 2
#iptables增强模式
if [ "$local_proxy_type" = "iptables增强模式" ];then
start_output
#环境变量方式
else
[ -w ~/.bashrc ] && profile=~/.bashrc
@ -698,16 +744,7 @@ set_proxy)
echo 'export ALL_PROXY=$all_proxy' >> $profile
fi
;;
unset_proxy)
#GNOME配置
if gsettings --version >/dev/null 2>&1 ;then
gsettings set org.gnome.system.proxy mode "none"
fi
#KDE配置
if kwriteconfig5 -h >/dev/null 2>&1 ;then
kwriteconfig5 --file kioslaverc --group "Proxy Settings" --key "ProxyType" 0
fi
#环境变量方式
unset_proxy)
[ -w ~/.bashrc ] && profile=~/.bashrc
[ -w /etc/profile ] && profile=/etc/profile
sed -i '/all_proxy/'d $profile