mirror of
https://github.com/kenzok8/small-package.git
synced 2026-02-04 13:57:45 +08:00
update 2026-01-22 10:02:31
This commit is contained in:
kenzok8
@@ -261,15 +261,15 @@ disable_encryption = s:taboption("privacy", Flag, "disable_encryption", translat
|
||||
disable_encryption:depends("etcmd", "etcmd")
|
||||
|
||||
encryption_algorithm = s:taboption("privacy", ListValue, "encryption_algorithm", translate("Encryption Algorithm"),
|
||||
translate("encryption algorithm to use, supported: xor, chacha20, aes-gcm, aes-gcm-256, openssl-aes128-gcm, openssl-aes256-gcm, openssl-chacha20. default (aes-gcm) (--encryption-algorithm parameter)"))
|
||||
translate("encryption algorithm to use, supported: xor, chacha20, aes-gcm, aes-256-gcm, openssl-aes-gcm, openssl-chacha20, openssl-aes-256-gcm. default (aes-gcm) (--encryption-algorithm parameter)"))
|
||||
encryption_algorithm.default = "aes-gcm"
|
||||
encryption_algorithm:value("xor",translate("xor"))
|
||||
encryption_algorithm:value("chacha20",translate("chacha20"))
|
||||
encryption_algorithm:value("aes-gcm",translate("aes-gcm"))
|
||||
encryption_algorithm:value("aes-gcm-256",translate("aes-gcm-256"))
|
||||
encryption_algorithm:value("openssl-aes128-gcm",translate("openssl-aes128-gcm"))
|
||||
encryption_algorithm:value("openssl-aes256-gcm",translate("openssl-aes256-gcm"))
|
||||
encryption_algorithm:value("aes-256-gcm",translate("aes-256-gcm"))
|
||||
encryption_algorithm:value("openssl-aes-gcm",translate("openssl-aes-gcm"))
|
||||
encryption_algorithm:value("openssl-chacha20",translate("openssl-chacha20"))
|
||||
encryption_algorithm:value("openssl-aes-256-gcm",translate("openssl-aes-256-gcm"))
|
||||
encryption_algorithm:depends("etcmd", "etcmd")
|
||||
|
||||
multi_thread = s:taboption("privacy", Flag, "multi_thread", translate("Enable Multithreading"),
|
||||
@@ -449,6 +449,22 @@ log:value("info", translate("Info"))
|
||||
log:value("debug", translate("Debug"))
|
||||
log:value("trace", translate("Trace"))
|
||||
|
||||
-- Network Configuration Options
|
||||
auto_config_interface = s:taboption("privacy", Flag, "auto_config_interface", translate("Auto Configure Interface"),
|
||||
translate("Automatically create and configure the EasyTier network interface"))
|
||||
auto_config_interface.default = "1"
|
||||
|
||||
interface_netmask = s:taboption("privacy", Value, "interface_netmask", translate("Interface Netmask"),
|
||||
translate("Subnet mask for the EasyTier interface (default: 255.0.0.0)"))
|
||||
interface_netmask.placeholder = "255.0.0.0"
|
||||
interface_netmask.default = "255.0.0.0"
|
||||
interface_netmask.datatype = "ip4addr"
|
||||
interface_netmask:depends("auto_config_interface", "1")
|
||||
|
||||
auto_config_firewall = s:taboption("privacy", Flag, "auto_config_firewall", translate("Auto Configure Firewall"),
|
||||
translate("Automatically add and manage firewall rules"))
|
||||
auto_config_firewall.default = "1"
|
||||
|
||||
et_forward = s:taboption("privacy", MultiValue, "et_forward", translate("Access Control"),
|
||||
translate("Set traffic permission rules between different network zones"))
|
||||
et_forward:value("etfwlan", translate("Allow traffic from EasyTier virtual network to LAN"))
|
||||
|
||||
@@ -1027,7 +1027,7 @@ msgstr ""
|
||||
msgid "Encryption Algorithm"
|
||||
msgstr ""
|
||||
|
||||
msgid "encryption algorithm to use, supported: xor, chacha20, aes-gcm, aes-gcm-256, openssl-aes128-gcm, openssl-aes256-gcm, openssl-chacha20. default (aes-gcm) (--encryption-algorithm parameter)"
|
||||
msgid "encryption algorithm to use, supported: xor, chacha20, aes-gcm, aes-256-gcm, openssl-aes-gcm, openssl-chacha20, openssl-aes-256-gcm. default (aes-gcm) (--encryption-algorithm parameter)"
|
||||
msgstr ""
|
||||
|
||||
msgid "Stats"
|
||||
|
||||
@@ -1061,8 +1061,8 @@ msgstr "点击按钮刷新,查看管理映射的监听器"
|
||||
msgid "Encryption Algorithm"
|
||||
msgstr "加密算法"
|
||||
|
||||
msgid "encryption algorithm to use, supported: xor, chacha20, aes-gcm, aes-gcm-256, openssl-aes128-gcm, openssl-aes256-gcm, openssl-chacha20. default (aes-gcm) (--encryption-algorithm parameter)"
|
||||
msgstr "使用的加密算法,支持:xor、chacha20、aes-gcm、aes-gcm-256、openssl-aes128-gcm、openssl-aes256-gcm、openssl-chacha20。默认(aes-gcm)(--encryption-algorithm 参数)"
|
||||
msgid "encryption algorithm to use, supported: xor, chacha20, aes-gcm, aes-256-gcm, openssl-aes-gcm, openssl-chacha20, openssl-aes-256-gcm. default (aes-gcm) (--encryption-algorithm parameter)"
|
||||
msgstr "使用的加密算法,支持:xor、chacha20、aes-gcm、aes-256-gcm、openssl-aes-gcm、openssl-chacha20、openssl-aes-256-gcm。默认(aes-gcm)(--encryption-algorithm 参数)"
|
||||
|
||||
msgid "Stats"
|
||||
msgstr "Stats统计信息"
|
||||
|
||||
@@ -2,3 +2,6 @@
|
||||
config easytier
|
||||
option enabled '0'
|
||||
option easytierbin '/usr/bin/easytier-core'
|
||||
option auto_config_interface '1'
|
||||
option auto_config_firewall '1'
|
||||
option interface_netmask '255.0.0.0'
|
||||
|
||||
@@ -238,10 +238,18 @@ get_etconfig() {
|
||||
tcp_white_port="$(uci -q get easytier.@easytier[0].tcp_white_port)"
|
||||
disable_relay_kcp="$(uci -q get easytier.@easytier[0].disable_relay_kcp || echo 0)"
|
||||
relay_kcp="$(uci -q get easytier.@easytier[0].relay_kcp || echo 0)"
|
||||
auto_config_interface="$(uci -q get easytier.@easytier[0].auto_config_interface || echo 1)"
|
||||
interface_netmask="$(uci -q get easytier.@easytier[0].interface_netmask)"
|
||||
auto_config_firewall="$(uci -q get easytier.@easytier[0].auto_config_firewall || echo 1)"
|
||||
|
||||
}
|
||||
|
||||
set_firewall() {
|
||||
# Check if auto_config_firewall is enabled
|
||||
if [ "$auto_config_firewall" != "1" ]; then
|
||||
echo "$(date '+%Y-%m-%d %H:%M:%S') easytier : 自动防火墙配置已禁用,跳过配置" >>/tmp/easytier.log
|
||||
return
|
||||
fi
|
||||
|
||||
if [ ! -z "$tcp_port" ] ; then
|
||||
echo "$(date '+%Y-%m-%d %H:%M:%S') easytier : 添加防火墙规则 easytier_tcp_udp 放行端口 ${tcp_port} " >>/tmp/easytier.log
|
||||
@@ -311,31 +319,42 @@ set_firewall() {
|
||||
fi
|
||||
|
||||
[ -z "$tunname" ] && tunname="tun0"
|
||||
uci -q delete network.EasyTier >/dev/null 2>&1
|
||||
if [ -z "$(uci -q get network.EasyTier)" ]; then
|
||||
uci set network.EasyTier='interface'
|
||||
if [ -z "$ipaddr" ]; then
|
||||
uci set network.EasyTier.proto='none'
|
||||
else
|
||||
uci set network.EasyTier.proto='static'
|
||||
uci set network.EasyTier.ipaddr=$ipaddr
|
||||
uci set network.EasyTier.netmask='255.0.0.0'
|
||||
fi
|
||||
echo "$(date '+%Y-%m-%d %H:%M:%S') easytier : 添加网络接口 EasyTier 绑定虚拟接口 ${tunname}" >>/tmp/easytier.log
|
||||
uci set network.EasyTier.device="$tunname"
|
||||
uci set network.EasyTier.ifname="$tunname"
|
||||
fi
|
||||
if [ -z "$(uci -q get firewall.easytierzone)" ]; then
|
||||
echo "$(date '+%Y-%m-%d %H:%M:%S') easytier : 添加防火墙规则,放行网络接口 EasyTier 允许出入转发,开启IP动态伪装 MSS钳制" >>/tmp/easytier.log
|
||||
uci set firewall.easytierzone='zone'
|
||||
uci set firewall.easytierzone.input='ACCEPT'
|
||||
uci set firewall.easytierzone.output='ACCEPT'
|
||||
uci set firewall.easytierzone.forward='ACCEPT'
|
||||
uci set firewall.easytierzone.masq='1'
|
||||
uci set firewall.easytierzone.mtu_fix='1'
|
||||
uci set firewall.easytierzone.name='EasyTier'
|
||||
uci set firewall.easytierzone.network='EasyTier'
|
||||
|
||||
# Check if auto_config_interface is enabled
|
||||
if [ "$auto_config_interface" = "1" ]; then
|
||||
echo "$(date '+%Y-%m-%d %H:%M:%S') easytier : 自动网络接口配置已启用" >>/tmp/easytier.log
|
||||
uci -q delete network.EasyTier >/dev/null 2>&1
|
||||
if [ -z "$(uci -q get network.EasyTier)" ]; then
|
||||
uci set network.EasyTier='interface'
|
||||
if [ -z "$ipaddr" ]; then
|
||||
uci set network.EasyTier.proto='none'
|
||||
else
|
||||
uci set network.EasyTier.proto='static'
|
||||
uci set network.EasyTier.ipaddr=$ipaddr
|
||||
[ -z "$interface_netmask" ] && interface_netmask="255.0.0.0"
|
||||
uci set network.EasyTier.netmask="$interface_netmask"
|
||||
fi
|
||||
echo "$(date '+%Y-%m-%d %H:%M:%S') easytier : 添加网络接口 EasyTier 绑定虚拟接口 ${tunname},子网掩码: ${interface_netmask:-255.0.0.0}" >>/tmp/easytier.log
|
||||
uci set network.EasyTier.device="$tunname"
|
||||
uci set network.EasyTier.ifname="$tunname"
|
||||
fi
|
||||
if [ -z "$(uci -q get firewall.easytierzone)" ]; then
|
||||
echo "$(date '+%Y-%m-%d %H:%M:%S') easytier : 添加防火墙规则,放行网络接口 EasyTier 允许出入转发,开启IP动态伪装 MSS钳制" >>/tmp/easytier.log
|
||||
uci set firewall.easytierzone='zone'
|
||||
uci set firewall.easytierzone.input='ACCEPT'
|
||||
uci set firewall.easytierzone.output='ACCEPT'
|
||||
uci set firewall.easytierzone.forward='ACCEPT'
|
||||
uci set firewall.easytierzone.masq='1'
|
||||
uci set firewall.easytierzone.mtu_fix='1'
|
||||
uci set firewall.easytierzone.name='EasyTier'
|
||||
uci set firewall.easytierzone.network='EasyTier'
|
||||
fi
|
||||
else
|
||||
echo "$(date '+%Y-%m-%d %H:%M:%S') easytier : 自动网络接口配置已禁用,不创建网络接口" >>/tmp/easytier.log
|
||||
uci -q delete network.EasyTier >/dev/null 2>&1
|
||||
uci -q delete firewall.easytierzone >/dev/null 2>&1
|
||||
fi
|
||||
|
||||
et_forward="$(uci -q get easytier.@easytier[0].et_forward)"
|
||||
if [ "${et_forward//etfwlan/}" != "$et_forward" ]; then
|
||||
echo "$(date '+%Y-%m-%d %H:%M:%S') easytier : 允许从虚拟网络 EasyTier 到局域网 lan 的流量" >>/tmp/easytier.log
|
||||
|
||||
Reference in New Issue
Block a user