mirror of
https://github.com/kenzok8/small-package.git
synced 2026-02-07 23:27:13 +08:00
update 2023-04-02 09:22:12
This commit is contained in:
github-actions[bot]
@@ -10,12 +10,12 @@
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=haproxy
|
||||
PKG_VERSION:=2.6.11
|
||||
PKG_VERSION:=2.6.12
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||
PKG_SOURCE_URL:=https://www.haproxy.org/download/2.6/src
|
||||
PKG_HASH:=e0bc430ac407747b077bc88ee6922b4616fa55a9e0f3ec84438dfb055eb9a715
|
||||
PKG_HASH:=58f9edb26bf3288f4b502658399281cc5d6478468bd178eafe579c8f41895854
|
||||
|
||||
PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de>, \
|
||||
Christian Lachner <gladiac@gmail.com>
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#!/bin/sh
|
||||
|
||||
CLONEURL=https://git.haproxy.org/git/haproxy-2.6.git
|
||||
BASE_TAG=v2.6.11
|
||||
BASE_TAG=v2.6.12
|
||||
TMP_REPODIR=tmprepo
|
||||
PATCHESDIR=patches
|
||||
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=luci-app-homeproxy
|
||||
PKG_VERSION:=usertesting-0328
|
||||
PKG_VERSION:=dev-230402
|
||||
|
||||
LUCI_TITLE:=The modern ImmortalWrt proxy platform for ARM64/AMD64
|
||||
LUCI_PKGARCH:=all
|
||||
@@ -18,7 +18,12 @@ LUCI_DEPENDS:= \
|
||||
define Package/luci-app-homeproxy/conffiles
|
||||
/etc/config/homeproxy
|
||||
/etc/homeproxy/certs/
|
||||
/etc/homeproxy/resources/
|
||||
/etc/homeproxy/resources/geoip.db
|
||||
/etc/homeproxy/resources/geoip.ver
|
||||
/etc/homeproxy/resources/geosite.db
|
||||
/etc/homeproxy/resources/geosite.ver
|
||||
/etc/homeproxy/resources/direct_list.txt
|
||||
/etc/homeproxy/resources/proxy_list.txt
|
||||
endef
|
||||
|
||||
include $(TOPDIR)/feeds/luci/luci.mk
|
||||
|
||||
@@ -14,6 +14,7 @@
|
||||
'require view';
|
||||
|
||||
'require homeproxy as hp';
|
||||
'require tools.firewall as fwtool';
|
||||
'require tools.widgets as widgets';
|
||||
|
||||
var callServiceList = rpc.declare({
|
||||
@@ -217,7 +218,8 @@ return view.extend({
|
||||
|
||||
o = s.taboption('routing', form.ListValue, 'proxy_mode', _('Proxy mode'));
|
||||
o.value('redirect', _('Redirect TCP'));
|
||||
o.value('redirect_tproxy', _('Redirect TCP + TProxy UDP'));
|
||||
if (features.hp_has_tproxy)
|
||||
o.value('redirect_tproxy', _('Redirect TCP + TProxy UDP'));
|
||||
if (features.hp_has_tun) {
|
||||
o.value('redirect_tun', _('Redirect TCP + Tun UDP'));
|
||||
o.value('tun', _('Tun TCP/UDP'));
|
||||
@@ -824,20 +826,6 @@ return view.extend({
|
||||
/* LAN IP policy start */
|
||||
ss.tab('lan_ip_policy', _('LAN IP Policy'));
|
||||
|
||||
var ipaddrs = {}, ip6addrs = {};
|
||||
Object.keys(hosts).forEach(function(mac) {
|
||||
var addrs = L.toArray(hosts[mac].ipaddrs || hosts[mac].ipv4);
|
||||
|
||||
for (var i = 0; i < addrs.length; i++)
|
||||
ipaddrs[addrs[i]] = hosts[mac].name || mac;
|
||||
});
|
||||
Object.keys(hosts).forEach(function(mac) {
|
||||
var addrs = L.toArray(hosts[mac].ip6addrs || hosts[mac].ipv6);
|
||||
|
||||
for (var i = 0; i < addrs.length; i++)
|
||||
ip6addrs[addrs[i]] = hosts[mac].name || mac;
|
||||
});
|
||||
|
||||
so = ss.taboption('lan_ip_policy', form.ListValue, 'lan_proxy_mode', _('Proxy filter mode'));
|
||||
so.value('disabled', _('Disable'));
|
||||
so.value('listed_only', _('Proxy listed only'));
|
||||
@@ -845,62 +833,39 @@ return view.extend({
|
||||
so.default = 'disabled';
|
||||
so.rmempty = false;
|
||||
|
||||
so = ss.taboption('lan_ip_policy', form.DynamicList, 'lan_direct_ipv4_ips', _('Direct IPv4 IP-s'));
|
||||
so.datatype = 'or(ip4addr, cidr4)';
|
||||
so = fwtool.addIPOption(ss, 'lan_ip_policy', 'lan_direct_ipv4_ips', _('Direct IPv4 IP-s'), null, 'ipv4', hosts, true);
|
||||
so.depends('lan_proxy_mode', 'except_listed');
|
||||
L.sortedKeys(ipaddrs, null, 'addr').forEach(function(ipv4) {
|
||||
so.value(ipv4, '%s (%s)'.format(ipv4, ipaddrs[ipv4]));
|
||||
});
|
||||
|
||||
so = ss.taboption('lan_ip_policy', form.DynamicList, 'lan_direct_ipv6_ips', _('Direct IPv6 IP-s'));
|
||||
so.datatype = 'or(ip6addr, cidr6)';
|
||||
so = fwtool.addIPOption(ss, 'lan_ip_policy', 'lan_direct_ipv6_ips', _('Direct IPv6 IP-s'), null, 'ipv6', hosts, true);
|
||||
so.depends({'lan_proxy_mode': 'except_listed', 'homeproxy.config.ipv6_support': '1'});
|
||||
|
||||
so = fwtool.addMACOption(ss, 'lan_ip_policy', 'lan_direct_mac_addrs', _('Direct MAC-s'), null, hosts);
|
||||
so.depends('lan_proxy_mode', 'except_listed');
|
||||
L.sortedKeys(ip6addrs, null, 'addr').forEach(function(ipv6) {
|
||||
so.value(ipv6, '%s (%s)'.format(ipv6, ip6addrs[ipv6]));
|
||||
});
|
||||
so.depends('homeproxy.config.ipv6_support', '1');
|
||||
|
||||
so = ss.taboption('lan_ip_policy', form.DynamicList, 'lan_proxy_ipv4_ips', _('Proxy IPv4 IP-s'));
|
||||
so.datatype = 'or(ip4addr, cidr4)';
|
||||
so = fwtool.addIPOption(ss, 'lan_ip_policy', 'lan_proxy_ipv4_ips', _('Proxy IPv4 IP-s'), null, 'ipv4', hosts, true);
|
||||
so.depends('lan_proxy_mode', 'listed_only');
|
||||
L.sortedKeys(ipaddrs, null, 'addr').forEach(function(ipv4) {
|
||||
so.value(ipv4, '%s (%s)'.format(ipv4, ipaddrs[ipv4]));
|
||||
});
|
||||
|
||||
so = ss.taboption('lan_ip_policy', form.DynamicList, 'lan_proxy_ipv6_ips', _('Proxy IPv6 IP-s'));
|
||||
so.datatype = 'or(ip6addr, cidr6)';
|
||||
so = fwtool.addIPOption(ss, 'lan_ip_policy', 'lan_proxy_ipv6_ips', _('Proxy IPv6 IP-s'), null, 'ipv6', hosts, true);
|
||||
so.depends({'lan_proxy_mode': 'listed_only', 'homeproxy.config.ipv6_support': '1'});
|
||||
|
||||
so = fwtool.addMACOption(ss, 'lan_ip_policy', 'lan_proxy_mac_addrs', _('Proxy MAC-s'), null, hosts);
|
||||
so.depends('lan_proxy_mode', 'listed_only');
|
||||
L.sortedKeys(ip6addrs, null, 'addr').forEach(function(ipv6) {
|
||||
so.value(ipv6, '%s (%s)'.format(ipv6, ip6addrs[ipv6]));
|
||||
});
|
||||
|
||||
so = fwtool.addIPOption(ss, 'lan_ip_policy', 'lan_gaming_mode_ipv4_ips', _('Gaming mode IPv4 IP-s'), null, 'ipv4', hosts, true);
|
||||
|
||||
so = fwtool.addIPOption(ss, 'lan_ip_policy', 'lan_gaming_mode_ipv6_ips', _('Gaming mode IPv6 IP-s'), null, 'ipv6', hosts, true);
|
||||
so.depends('homeproxy.config.ipv6_support', '1');
|
||||
|
||||
so = ss.taboption('lan_ip_policy', form.DynamicList, 'lan_gaming_mode_ipv4_ips', _('Gaming mode IPv4 IP-s'));
|
||||
so.datatype = 'or(ip4addr, cidr4)';
|
||||
L.sortedKeys(ipaddrs, null, 'addr').forEach(function(ipv4) {
|
||||
so.value(ipv4, '%s (%s)'.format(ipv4, ipaddrs[ipv4]));
|
||||
});
|
||||
so = fwtool.addMACOption(ss, 'lan_ip_policy', 'lan_gaming_mode_mac_addrs', _('Gaming mode MAC-s'), null, hosts);
|
||||
|
||||
so = ss.taboption('lan_ip_policy', form.DynamicList, 'lan_gaming_mode_ipv6_ips', _('Gaming mode IPv6 IP-s'));
|
||||
so.datatype = 'or(ip6addr, cidr6)';
|
||||
L.sortedKeys(ip6addrs, null, 'addr').forEach(function(ipv6) {
|
||||
so.value(ipv6, '%s (%s)'.format(ipv6, ip6addrs[ipv6]));
|
||||
});
|
||||
so.depends('homeproxy.config.ipv6_support', '1');
|
||||
|
||||
so = ss.taboption('lan_ip_policy', form.DynamicList, 'lan_global_proxy_ipv4_ips', _('Global proxy IPv4 IP-s'));
|
||||
so.datatype = 'or(ip4addr, cidr4)';
|
||||
L.sortedKeys(ipaddrs, null, 'addr').forEach(function(ipv4) {
|
||||
so.value(ipv4, '%s (%s)'.format(ipv4, ipaddrs[ipv4]));
|
||||
});
|
||||
so = fwtool.addIPOption(ss, 'lan_ip_policy', 'lan_global_proxy_ipv4_ips', _('Global proxy IPv4 IP-s'), null, 'ipv4', hosts, true);
|
||||
so.depends({'homeproxy.config.routing_mode': 'custom', '!reverse': true});
|
||||
|
||||
so = ss.taboption('lan_ip_policy', form.DynamicList, 'lan_global_proxy_ipv6_ips', _('Global proxy IPv6 IP-s'));
|
||||
so.datatype = 'or(ip6addr, cidr6)';
|
||||
L.sortedKeys(ip6addrs, null, 'addr').forEach(function(ipv6) {
|
||||
so.value(ipv6, '%s (%s)'.format(ipv6, ip6addrs[ipv6]));
|
||||
});
|
||||
so = fwtool.addIPOption(ss, 'lan_ip_policy', 'lan_global_proxy_ipv6_ips', _('Global proxy IPv6 IP-s'), null, 'ipv6', hosts, true);
|
||||
so.depends({'homeproxy.config.routing_mode': /^((?!custom).)+$/, 'homeproxy.config.ipv6_support': '1'});
|
||||
|
||||
so = fwtool.addMACOption(ss, 'lan_ip_policy', 'lan_global_proxy_mac_addrs', _('Global proxy MAC-s'), null, hosts);
|
||||
so.depends({'homeproxy.config.routing_mode': 'custom', '!reverse': true});
|
||||
/* LAN IP policy end */
|
||||
|
||||
/* WAN IP policy start */
|
||||
|
||||
@@ -35,7 +35,7 @@ return view.extend({
|
||||
o.default = o.disabled;
|
||||
o.rmempty = false;
|
||||
|
||||
s = m.section(form.GridSection, 'server');
|
||||
s = m.section(form.GridSection, 'server', _('Server settings'));
|
||||
s.addremove = true;
|
||||
s.rowcolors = true;
|
||||
s.sortable = true;
|
||||
|
||||
@@ -9,6 +9,7 @@
|
||||
'require fs';
|
||||
'require poll';
|
||||
'require rpc';
|
||||
'require uci';
|
||||
'require ui';
|
||||
'require view';
|
||||
|
||||
@@ -74,7 +75,8 @@ function getResVersion(self, type) {
|
||||
}, [ _('Check update') ]),
|
||||
' ',
|
||||
E('strong', { 'style': (res.error ? 'color:red' : 'color:green') },
|
||||
[ res.error ? 'not found' : res.version ]),
|
||||
[ res.error ? 'not found' : res.version ]
|
||||
),
|
||||
]);
|
||||
|
||||
self.default = spanTemp;
|
||||
@@ -144,21 +146,30 @@ function getRuntimeLog(name) {
|
||||
}
|
||||
|
||||
return view.extend({
|
||||
render: function() {
|
||||
load: function() {
|
||||
return Promise.all([
|
||||
uci.load('homeproxy')
|
||||
]);
|
||||
},
|
||||
|
||||
render: function(data) {
|
||||
var m, s, o;
|
||||
var routing_mode = uci.get(data[0], 'config', 'routing_mode') || 'bypass_mainland_china';
|
||||
|
||||
m = new form.Map('homeproxy');
|
||||
|
||||
s = m.section(form.NamedSection, 'config', 'homeproxy', _('Resources management'));
|
||||
s.anonymous = true;
|
||||
|
||||
o = s.option(form.DummyValue, '_geoip_version', _('GeoIP version'));
|
||||
o.cfgvalue = function() { return getResVersion(this, 'geoip') };
|
||||
o.rawhtml = true;
|
||||
if (routing_mode === 'custom') {
|
||||
o = s.option(form.DummyValue, '_geoip_version', _('GeoIP version'));
|
||||
o.cfgvalue = function() { return getResVersion(this, 'geoip') };
|
||||
o.rawhtml = true;
|
||||
|
||||
o = s.option(form.DummyValue, '_geosite_version', _('GeoSite version'));
|
||||
o.cfgvalue = function() { return getResVersion(this, 'geosite') };
|
||||
o.rawhtml = true;
|
||||
o = s.option(form.DummyValue, '_geosite_version', _('GeoSite version'));
|
||||
o.cfgvalue = function() { return getResVersion(this, 'geosite') };
|
||||
o.rawhtml = true;
|
||||
}
|
||||
|
||||
o = s.option(form.DummyValue, '_china_ip4_version', _('China IPv4 list version'));
|
||||
o.cfgvalue = function() { return getResVersion(this, 'china_ip4') };
|
||||
@@ -168,14 +179,14 @@ return view.extend({
|
||||
o.cfgvalue = function() { return getResVersion(this, 'china_ip6') };
|
||||
o.rawhtml = true;
|
||||
|
||||
o = s.option(form.DummyValue, '_gfw_list_version', _('GFW list version'));
|
||||
o.cfgvalue = function() { return getResVersion(this, 'gfw_list') };
|
||||
o.rawhtml = true;
|
||||
|
||||
o = s.option(form.DummyValue, '_china_list_version', _('China list version'));
|
||||
o.cfgvalue = function() { return getResVersion(this, 'china_list') };
|
||||
o.rawhtml = true;
|
||||
|
||||
o = s.option(form.DummyValue, '_gfw_list_version', _('GFW list version'));
|
||||
o.cfgvalue = function() { return getResVersion(this, 'gfw_list') };
|
||||
o.rawhtml = true;
|
||||
|
||||
o = s.option(form.DummyValue, '_homeproxy_logview');
|
||||
o.render = L.bind(getRuntimeLog, this, 'HomeProxy');
|
||||
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -5,12 +5,29 @@
|
||||
|
||||
import { readfile } from 'fs';
|
||||
import { cursor } from 'uci';
|
||||
import { isEmpty } from '/etc/homeproxy/scripts/homeproxy.uc';
|
||||
|
||||
function array_to_nftstr(array) {
|
||||
const fw4 = require('fw4');
|
||||
|
||||
function array_to_nftarr(array) {
|
||||
if (type(array) !== 'array')
|
||||
return array;
|
||||
return null;
|
||||
|
||||
return join(', ', array);
|
||||
return `{ ${join(', ', uniq(array))} }`;
|
||||
}
|
||||
|
||||
function resolve_ipv6(str) {
|
||||
if (isEmpty(str))
|
||||
return null;
|
||||
|
||||
let ipv6 = fw4.parse_subnet(str)?.[0];
|
||||
if (!ipv6 || ipv6.family !== 6)
|
||||
return null;
|
||||
|
||||
if (ipv6.bits > -1)
|
||||
return `${ipv6.addr}/${ipv6.bits}`;
|
||||
else
|
||||
return `& ${ipv6.mask} == ${ipv6.addr}`;
|
||||
}
|
||||
|
||||
/* Misc config */
|
||||
@@ -62,7 +79,7 @@ const control_options = [
|
||||
"lan_direct_mac_addrs", "lan_direct_ipv4_ips", "lan_direct_ipv6_ips",
|
||||
"lan_proxy_mac_addrs", "lan_proxy_ipv4_ips", "lan_proxy_ipv6_ips",
|
||||
"lan_gaming_mode_mac_addrs", "lan_gaming_mode_ipv4_ips", "lan_gaming_mode_ipv6_ips",
|
||||
"lan_global_proxy_ipv4_ips", "lan_global_proxy_ipv6_ips",
|
||||
"lan_global_proxy_mac_addrs", "lan_global_proxy_ipv4_ips", "lan_global_proxy_ipv6_ips",
|
||||
"wan_proxy_ipv4_ips", "wan_proxy_ipv6_ips",
|
||||
"wan_direct_ipv4_ips", "wan_direct_ipv6_ips"
|
||||
];
|
||||
@@ -160,91 +177,6 @@ set homeproxy_mainland_addr_v6 {
|
||||
{% endif /* ipv6_support */ %}
|
||||
{% endif /* routing_mode */ %}
|
||||
|
||||
{# LAN ACL addresses #}
|
||||
{% if (control_info.lan_proxy_mode === 'listed_only'): %}
|
||||
set homeproxy_lan_proxy_addr_v4 {
|
||||
type ipv4_addr
|
||||
flags interval
|
||||
auto-merge
|
||||
{% if (control_info.lan_proxy_ipv4_ips): %}
|
||||
elements = { {{ join(', ', control_info.lan_proxy_ipv4_ips) }} }
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
{% if (ipv6_support === '1'): %}
|
||||
set homeproxy_lan_proxy_addr_v6 {
|
||||
type ipv6_addr
|
||||
flags interval
|
||||
auto-merge
|
||||
{% if (control_info.lan_proxy_ipv6_ips): %}
|
||||
elements = { {{ join(', ', control_info.lan_proxy_ipv6_ips) }} }
|
||||
{% endif /* lan_proxy_ipv6_ips */ %}
|
||||
{% endif /* ipv6_support */ %}
|
||||
}
|
||||
{% elif (control_info.lan_proxy_mode === 'except_listed'): %}
|
||||
set homeproxy_lan_direct_addr_v4 {
|
||||
type ipv4_addr
|
||||
flags interval
|
||||
auto-merge
|
||||
{% if (control_info.lan_direct_ipv4_ips): %}
|
||||
elements = { {{ join(', ', control_info.lan_direct_ipv4_ips) }} }
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
{% if (ipv6_support === '1'): %}
|
||||
set homeproxy_lan_direct_addr_v6 {
|
||||
type ipv6_addr
|
||||
flags interval
|
||||
auto-merge
|
||||
{% if (control_info.lan_direct_ipv6_ips): %}
|
||||
elements = { {{ join(', ', control_info.lan_direct_ipv6_ips) }} }
|
||||
{% endif /* lan_direct_ipv6_ips */ %}
|
||||
}
|
||||
{% endif /* ipv6_support */ %}
|
||||
{% endif /* lan_proxy_mode */ %}
|
||||
|
||||
set homeproxy_lan_gaming_addr_v4 {
|
||||
type ipv4_addr
|
||||
flags interval
|
||||
auto-merge
|
||||
{% if (control_info.lan_gaming_mode_ipv4_ips): %}
|
||||
elements = { {{ join(', ', control_info.lan_gaming_mode_ipv4_ips) }} }
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
{% if (ipv6_support === '1'): %}
|
||||
set homeproxy_lan_gaming_addr_v6 {
|
||||
type ipv6_addr
|
||||
flags interval
|
||||
auto-merge
|
||||
{% if (control_info.lan_gaming_mode_ipv6_ips): %}
|
||||
elements = { {{ join(', ', control_info.lan_gaming_mode_ipv6_ips) }} }
|
||||
{% endif /* lan_gaming_mode_ipv6_ips */ %}
|
||||
}
|
||||
{% endif /* ipv6_support */ %}
|
||||
|
||||
{% if (routing_mode !== 'custom'): %}
|
||||
set homeproxy_lan_global_proxy_addr_v4 {
|
||||
type ipv4_addr
|
||||
flags interval
|
||||
auto-merge
|
||||
{% if (control_info.lan_global_proxy_ipv4_ips): %}
|
||||
elements = { {{ join(', ', control_info.lan_global_proxy_ipv4_ips) }} }
|
||||
{% endif /* lan_global_proxy_ipv4_ips */ %}
|
||||
}
|
||||
|
||||
{% if (ipv6_support === '1'): %}
|
||||
set homeproxy_lan_global_proxy_addr_v6 {
|
||||
type ipv6_addr
|
||||
flags interval
|
||||
auto-merge
|
||||
{% if (control_info.lan_global_proxy_ipv6_ips): %}
|
||||
elements = { {{ join(', ', control_info.lan_global_proxy_ipv6_ips) }} }
|
||||
{% endif /* lan_global_proxy_ipv6_ips */ %}
|
||||
}
|
||||
{% endif /* ipv6_support */ %}
|
||||
{% endif /* routing_mode */ %}
|
||||
|
||||
{# WAN ACL addresses #}
|
||||
set homeproxy_wan_proxy_addr_v4 {
|
||||
type ipv4_addr
|
||||
@@ -297,6 +229,10 @@ set homeproxy_routing_port {
|
||||
|
||||
{# TCP redirect #}
|
||||
{% if (match(proxy_mode, /redirect/)): %}
|
||||
chain homeproxy_redirect_proxy {
|
||||
meta l4proto tcp counter redirect to :{{ redirect_port }}
|
||||
}
|
||||
|
||||
chain homeproxy_redirect_proxy_port {
|
||||
{% if (routing_port !== 'all'): %}
|
||||
tcp dport != @homeproxy_routing_port counter return
|
||||
@@ -304,25 +240,42 @@ chain homeproxy_redirect_proxy_port {
|
||||
goto homeproxy_redirect_proxy
|
||||
}
|
||||
|
||||
chain homeproxy_redirect_proxy {
|
||||
meta l4proto tcp counter redirect to :{{ redirect_port }}
|
||||
chain homeproxy_redirect_lanac {
|
||||
{% if (control_info.listen_interfaces): %}
|
||||
meta iifname != {{ array_to_nftarr(control_info.listen_interfaces) }} counter return
|
||||
{% endif %}
|
||||
meta mark {{ self_mark }} counter return
|
||||
|
||||
{% if (control_info.lan_proxy_mode === 'listed_only'): %}
|
||||
{% if (!isEmpty(control_info.lan_proxy_ipv4_ips)): %}
|
||||
ip saddr {{ array_to_nftarr(control_info.lan_proxy_ipv4_ips) }} counter goto homeproxy_redirect
|
||||
{% endif /* lan_proxy_ipv4_ips */ %}
|
||||
{% for (let ipv6 in control_info.lan_proxy_ipv6_ips): %}
|
||||
ip6 saddr {{ resolve_ipv6(ipv6) }} counter goto homeproxy_redirect
|
||||
{% endfor /* lan_proxy_ipv6_ips */ %}
|
||||
{% if (!isEmpty(control_info.lan_proxy_mac_addrs)): %}
|
||||
ether saddr {{ array_to_nftarr(control_info.lan_proxy_mac_addrs) }} counter goto homeproxy_redirect
|
||||
{% endif /* lan_proxy_mac_addrs */ %}
|
||||
{% elif (control_info.lan_proxy_mode === 'except_listed'): %}
|
||||
{% if (!isEmpty(control_info.lan_direct_ipv4_ips)): %}
|
||||
ip saddr {{ array_to_nftarr(control_info.lan_direct_ipv4_ips) }} counter return
|
||||
{% endif /* lan_direct_ipv4_ips */ %}
|
||||
{% for (let ipv6 in control_info.lan_direct_ipv6_ips): %}
|
||||
ip6 saddr {{ resolve_ipv6(ipv6) }} counter return
|
||||
{% endfor /* lan_direct_ipv6_ips */ %}
|
||||
{% if (!isEmpty(control_info.lan_direct_mac_addrs)): %}
|
||||
ether saddr {{ array_to_nftarr(control_info.lan_direct_mac_addrs) }} counter return
|
||||
{% endif /* lan_direct_mac_addrs */ %}
|
||||
{% endif /* lan_proxy_mode */ %}
|
||||
|
||||
{% if (control_info.lan_proxy_mode !== 'listed_only'): %}
|
||||
counter goto homeproxy_redirect
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
chain homeproxy_redirect {
|
||||
meta mark {{ self_mark }} counter return
|
||||
|
||||
{% if (control_info.lan_proxy_mode === 'listed_only'): %}
|
||||
ip saddr != @homeproxy_lan_proxy_addr_v4 counter return
|
||||
{% if (ipv6_support === '1'): %}
|
||||
ip6 saddr != @homeproxy_lan_proxy_addr_v6 counter return
|
||||
{% endif /* ipv6_support */ %}
|
||||
{% elif (control_info.lan_proxy_mode === 'except_listed'): %}
|
||||
ip saddr @homeproxy_lan_direct_addr_v4 counter return
|
||||
{% if (ipv6_support === '1'): %}
|
||||
ip6 saddr @homeproxy_lan_direct_addr_v6 counter return
|
||||
{% endif /* ipv6_support */ %}
|
||||
{% endif /* lan_proxy_mode */ %}
|
||||
|
||||
ip daddr @homeproxy_wan_proxy_addr_v4 counter goto homeproxy_redirect_proxy_port
|
||||
{% if (ipv6_support === '1'): %}
|
||||
ip6 daddr @homeproxy_wan_proxy_addr_v6 counter goto homeproxy_redirect_proxy_port
|
||||
@@ -334,10 +287,15 @@ chain homeproxy_redirect {
|
||||
{% endif %}
|
||||
|
||||
{% if (routing_mode !== 'custom'): %}
|
||||
ip saddr @homeproxy_lan_global_proxy_addr_v4 counter goto homeproxy_redirect_proxy_port
|
||||
{% if (ipv6_support === '1'): %}
|
||||
ip6 saddr @homeproxy_lan_global_proxy_addr_v6 counter goto homeproxy_redirect_proxy_port
|
||||
{% endif /* ipv6_support */ %}
|
||||
{% if (!isEmpty(control_info.lan_global_proxy_ipv4_ips)): %}
|
||||
ip saddr {{ array_to_nftarr(control_info.lan_global_proxy_ipv4_ips) }} counter goto homeproxy_redirect
|
||||
{% endif /* lan_global_proxy_ipv4_ips */ %}
|
||||
{% for (let ipv6 in control_info.lan_global_proxy_ipv6_ips): %}
|
||||
ip6 saddr {{ resolve_ipv6(ipv6) }} counter goto homeproxy_redirect
|
||||
{% endfor /* lan_global_proxy_ipv6_ips */ %}
|
||||
{% if (!isEmpty(control_info.lan_global_proxy_mac_addrs)): %}
|
||||
ether saddr {{ array_to_nftarr(control_info.lan_global_proxy_mac_addrs) }} counter goto homeproxy_redirect
|
||||
{% endif /* lan_global_proxy_mac_addrs */ %}
|
||||
{% endif /* routing_mode */ %}
|
||||
|
||||
ip daddr @homeproxy_wan_direct_addr_v4 counter return
|
||||
@@ -362,41 +320,31 @@ chain homeproxy_redirect {
|
||||
{% endif /* ipv6_support */ %}
|
||||
{% endif /* routing_mode */ %}
|
||||
|
||||
ip saddr @homeproxy_lan_gaming_addr_v4 counter goto homeproxy_redirect_proxy
|
||||
{% if (ipv6_support === '1'): %}
|
||||
ip6 saddr @homeproxy_lan_gaming_addr_v6 counter goto homeproxy_redirect_proxy
|
||||
{% endif /* ipv6_support */ %}
|
||||
{% if (!isEmpty(control_info.lan_gaming_mode_ipv4_ips)): %}
|
||||
ip saddr {{ array_to_nftarr(control_info.lan_gaming_mode_ipv4_ips) }} counter goto homeproxy_redirect_proxy
|
||||
{% endif /* lan_gaming_mode_ipv4_ips */ %}
|
||||
{% for (let ipv6 in control_info.lan_gaming_mode_ipv6_ips): %}
|
||||
ip6 saddr {{ resolve_ipv6(ipv6) }} counter goto homeproxy_redirect_proxy
|
||||
{% endfor /* lan_gaming_mode_ipv6_ips */ %}
|
||||
{% if (!isEmpty(control_info.lan_gaming_mode_mac_addrs)): %}
|
||||
ether saddr {{ array_to_nftarr(control_info.lan_gaming_mode_mac_addrs) }} counter goto homeproxy_redirect_proxy
|
||||
{% endif /* lan_gaming_mode_mac_addrs */ %}
|
||||
|
||||
counter goto homeproxy_redirect_proxy_port
|
||||
}
|
||||
|
||||
chain homeproxy_dstnat_redir {
|
||||
{% if (control_info.listen_interfaces): %}
|
||||
meta iifname != { {{ array_to_nftstr(control_info.listen_interfaces) }} } counter return
|
||||
{% endif %}
|
||||
|
||||
goto homeproxy_redirect
|
||||
}
|
||||
|
||||
chain homeproxy_output_redir {
|
||||
type nat hook output priority filter -105; policy accept
|
||||
meta nfproto { {{ (ipv6_support === '1') ? 'ipv4, ipv6' : 'ipv4' }} } meta l4proto tcp jump homeproxy_redirect
|
||||
}
|
||||
|
||||
chain dstnat {
|
||||
meta nfproto { {{ (ipv6_support === '1') ? 'ipv4, ipv6' : 'ipv4' }} } meta l4proto tcp jump homeproxy_dstnat_redir
|
||||
meta nfproto { {{ (ipv6_support === '1') ? 'ipv4, ipv6' : 'ipv4' }} } meta l4proto tcp jump homeproxy_redirect_lanac
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
{# UDP tproxy #}
|
||||
{% if (match(proxy_mode, /tproxy/) && (outbound_udp_node !== 'nil' || routing_mode === 'custom')): %}
|
||||
chain homeproxy_mangle_tproxy_port {
|
||||
{% if (routing_port !== 'all'): %}
|
||||
udp dport != @homeproxy_routing_port counter return
|
||||
{% endif %}
|
||||
goto homeproxy_mangle_tproxy
|
||||
}
|
||||
|
||||
chain homeproxy_mangle_tproxy {
|
||||
meta l4proto udp mark set {{ tproxy_mark }} tproxy ip to 127.0.0.1:{{ tproxy_port }} counter accept
|
||||
{% if (ipv6_support === '1'): %}
|
||||
@@ -404,6 +352,13 @@ chain homeproxy_mangle_tproxy {
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
chain homeproxy_mangle_tproxy_port {
|
||||
{% if (routing_port !== 'all'): %}
|
||||
udp dport != @homeproxy_routing_port counter return
|
||||
{% endif %}
|
||||
goto homeproxy_mangle_tproxy
|
||||
}
|
||||
|
||||
chain homeproxy_mangle_mark {
|
||||
{% if (routing_port !== 'all'): %}
|
||||
udp dport != @homeproxy_routing_port counter return
|
||||
@@ -411,25 +366,40 @@ chain homeproxy_mangle_mark {
|
||||
meta l4proto udp mark set {{ tproxy_mark }} counter accept
|
||||
}
|
||||
|
||||
chain homeproxy_mangle_prerouting {
|
||||
chain homeproxy_mangle_lanac {
|
||||
{% if (control_info.listen_interfaces): %}
|
||||
meta iifname != { {{ array_to_nftstr(control_info.listen_interfaces) }}, lo } counter return
|
||||
meta iifname != {{ array_to_nftarr(split(join(' ', control_info.listen_interfaces) + ' lo', ' ')) }} counter return
|
||||
{% endif %}
|
||||
|
||||
meta mark {{ self_mark }} counter return
|
||||
|
||||
{% if (control_info.lan_proxy_mode === 'listed_only'): %}
|
||||
ip saddr != @homeproxy_lan_proxy_addr_v4 counter return
|
||||
{% if (ipv6_support === '1'): %}
|
||||
ip6 saddr != @homeproxy_lan_proxy_addr_v6 counter return
|
||||
{% endif /* ipv6_support */ %}
|
||||
{% if (!isEmpty(control_info.lan_proxy_ipv4_ips)): %}
|
||||
ip saddr {{ array_to_nftarr(control_info.lan_proxy_ipv4_ips) }} counter goto homeproxy_mangle_prerouting
|
||||
{% endif /* lan_proxy_ipv4_ips */ %}
|
||||
{% for (let ipv6 in control_info.lan_proxy_ipv6_ips): %}
|
||||
ip6 saddr {{ resolve_ipv6(ipv6) }} counter goto homeproxy_mangle_prerouting
|
||||
{% endfor /* lan_proxy_ipv6_ips */ %}
|
||||
{% if (!isEmpty(control_info.lan_proxy_mac_addrs)): %}
|
||||
ether saddr {{ array_to_nftarr(control_info.lan_proxy_mac_addrs) }} counter goto homeproxy_mangle_prerouting
|
||||
{% endif /* lan_proxy_mac_addrs */ %}
|
||||
{% elif (control_info.lan_proxy_mode === 'except_listed'): %}
|
||||
ip saddr @homeproxy_lan_direct_addr_v4 counter return
|
||||
{% if (ipv6_support === '1'): %}
|
||||
ip6 saddr @homeproxy_lan_direct_addr_v6 counter return
|
||||
{% endif /* ipv6_support */ %}
|
||||
{% if (!isEmpty(control_info.lan_direct_ipv4_ips)): %}
|
||||
ip saddr {{ array_to_nftarr(control_info.lan_direct_ipv4_ips) }} counter return
|
||||
{% endif /* lan_direct_ipv4_ips */ %}
|
||||
{% for (let ipv6 in control_info.lan_direct_ipv6_ips): %}
|
||||
ip6 saddr {{ resolve_ipv6(ipv6) }} counter return
|
||||
{% endfor /* lan_direct_ipv6_ips */ %}
|
||||
{% if (!isEmpty(control_info.lan_direct_mac_addrs)): %}
|
||||
ether saddr {{ array_to_nftarr(control_info.lan_direct_mac_addrs) }} counter return
|
||||
{% endif /* lan_direct_mac_addrs */ %}
|
||||
{% endif /* lan_proxy_mode */ %}
|
||||
|
||||
{% if (control_info.lan_proxy_mode !== 'listed_only'): %}
|
||||
counter goto homeproxy_mangle_prerouting
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
chain homeproxy_mangle_prerouting {
|
||||
ip daddr @homeproxy_wan_proxy_addr_v4 counter goto homeproxy_mangle_tproxy_port
|
||||
{% if (ipv6_support === '1'): %}
|
||||
ip6 daddr @homeproxy_wan_proxy_addr_v6 counter goto homeproxy_mangle_tproxy_port
|
||||
@@ -441,10 +411,15 @@ chain homeproxy_mangle_prerouting {
|
||||
{% endif %}
|
||||
|
||||
{% if (routing_mode !== 'custom'): %}
|
||||
ip saddr @homeproxy_lan_global_proxy_addr_v4 counter goto homeproxy_mangle_tproxy_port
|
||||
{% if (ipv6_support === '1'): %}
|
||||
ip6 saddr @homeproxy_lan_global_proxy_addr_v6 counter goto homeproxy_mangle_tproxy_port
|
||||
{% endif /* ipv6_support */ %}
|
||||
{% if (!isEmpty(control_info.lan_global_proxy_ipv4_ips)): %}
|
||||
ip saddr {{ array_to_nftarr(control_info.lan_global_proxy_ipv4_ips) }} counter goto homeproxy_mangle_tproxy_port
|
||||
{% endif /* lan_global_proxy_ipv4_ips */ %}
|
||||
{% for (let ipv6 in control_info.lan_global_proxy_ipv6_ips): %}
|
||||
ip6 saddr {{ resolve_ipv6(ipv6) }} counter goto homeproxy_mangle_tproxy_port
|
||||
{% endfor /* lan_global_proxy_ipv6_ips */ %}
|
||||
{% if (!isEmpty(control_info.lan_global_proxy_mac_addrs)): %}
|
||||
ether saddr {{ array_to_nftarr(control_info.lan_global_proxy_mac_addrs) }} counter goto homeproxy_mangle_tproxy_port
|
||||
{% endif /* lan_global_proxy_mac_addrs */ %}
|
||||
{% endif /* routing_mode */ %}
|
||||
|
||||
ip daddr @homeproxy_wan_direct_addr_v4 counter return
|
||||
@@ -473,10 +448,15 @@ chain homeproxy_mangle_prerouting {
|
||||
{% endif /* ipv6_support */ %}
|
||||
{% endif /* routing_mode */ %}
|
||||
|
||||
ip saddr @homeproxy_lan_gaming_addr_v4 counter goto homeproxy_mangle_tproxy
|
||||
{% if (ipv6_support === '1'): %}
|
||||
ip6 saddr @homeproxy_lan_gaming_addr_v6 counter goto homeproxy_mangle_tproxy
|
||||
{% endif /* ipv6_support */ %}
|
||||
{% if (!isEmpty(control_info.lan_gaming_mode_ipv4_ips)): %}
|
||||
ip saddr {{ array_to_nftarr(control_info.lan_gaming_mode_ipv4_ips) }} counter goto homeproxy_mangle_tproxy
|
||||
{% endif /* lan_gaming_mode_ipv4_ips */ %}
|
||||
{% for (let ipv6 in control_info.lan_gaming_mode_ipv6_ips): %}
|
||||
ip6 saddr {{ resolve_ipv6(ipv6) }} counter goto homeproxy_mangle_tproxy
|
||||
{% endfor /* lan_gaming_mode_ipv6_ips */ %}
|
||||
{% if (!isEmpty(control_info.lan_gaming_mode_mac_addrs)): %}
|
||||
ether saddr {{ array_to_nftarr(control_info.lan_gaming_mode_mac_addrs) }} counter goto homeproxy_mangle_tproxy
|
||||
{% endif /* lan_gaming_mode_mac_addrs */ %}
|
||||
|
||||
counter goto homeproxy_mangle_tproxy_port
|
||||
}
|
||||
@@ -520,7 +500,7 @@ chain homeproxy_mangle_output {
|
||||
}
|
||||
|
||||
chain mangle_prerouting {
|
||||
meta nfproto { {{ (ipv6_support === '1') ? 'ipv4, ipv6' : 'ipv4' }} } meta l4proto udp jump homeproxy_mangle_prerouting
|
||||
meta nfproto { {{ (ipv6_support === '1') ? 'ipv4, ipv6' : 'ipv4' }} } meta l4proto udp jump homeproxy_mangle_lanac
|
||||
}
|
||||
|
||||
chain mangle_output {
|
||||
@@ -530,11 +510,38 @@ chain mangle_output {
|
||||
|
||||
{# TUN #}
|
||||
{% if (match(proxy_mode, /tun/)): %}
|
||||
chain homeproxy_mangle_prerouting_tun {
|
||||
chain homeproxy_mangle_lanac {
|
||||
iifname {{ tun_name }} counter return
|
||||
|
||||
{% if (control_info.listen_interfaces): %}
|
||||
meta iifname != { {{ array_to_nftstr(control_info.listen_interfaces) }} } counter return
|
||||
meta iifname != {{ array_to_nftarr(control_info.listen_interfaces) }} counter return
|
||||
{% endif %}
|
||||
|
||||
{% if (control_info.lan_proxy_mode === 'listed_only'): %}
|
||||
{% if (!isEmpty(control_info.lan_proxy_ipv4_ips)): %}
|
||||
ip saddr {{ array_to_nftarr(control_info.lan_proxy_ipv4_ips) }} counter goto homeproxy_mangle_tun
|
||||
{% endif /* lan_proxy_ipv4_ips */ %}
|
||||
{% for (let ipv6 in control_info.lan_proxy_ipv6_ips): %}
|
||||
ip6 saddr {{ resolve_ipv6(ipv6) }} counter goto homeproxy_mangle_tun
|
||||
{% endfor /* lan_proxy_ipv6_ips */ %}
|
||||
{% if (!isEmpty(control_info.lan_proxy_mac_addrs)): %}
|
||||
ether saddr {{ array_to_nftarr(control_info.lan_proxy_mac_addrs) }} counter goto homeproxy_mangle_tun
|
||||
{% endif /* lan_proxy_mac_addrs */ %}
|
||||
{% elif (control_info.lan_proxy_mode === 'except_listed'): %}
|
||||
{% if (!isEmpty(control_info.lan_direct_ipv4_ips)): %}
|
||||
ip saddr {{ array_to_nftarr(control_info.lan_direct_ipv4_ips) }} counter return
|
||||
{% endif /* lan_direct_ipv4_ips */ %}
|
||||
{% for (let ipv6 in control_info.lan_direct_ipv6_ips): %}
|
||||
ip6 saddr {{ resolve_ipv6(ipv6) }} counter return
|
||||
{% endfor /* lan_direct_ipv6_ips */ %}
|
||||
{% if (!isEmpty(control_info.lan_direct_mac_addrs)): %}
|
||||
ether saddr {{ array_to_nftarr(control_info.lan_direct_mac_addrs) }} counter return
|
||||
{% endif /* lan_direct_mac_addrs */ %}
|
||||
{% endif /* lan_proxy_mode */ %}
|
||||
|
||||
{% if (control_info.lan_proxy_mode !== 'listed_only'): %}
|
||||
counter goto homeproxy_mangle_tun
|
||||
{% endif %}
|
||||
jump homeproxy_mangle_tun
|
||||
}
|
||||
|
||||
chain homeproxy_mangle_tun_mark {
|
||||
@@ -551,18 +558,6 @@ chain homeproxy_mangle_tun_mark {
|
||||
chain homeproxy_mangle_tun {
|
||||
iifname {{ tun_name }} counter return
|
||||
|
||||
{% if (control_info.lan_proxy_mode === 'listed_only'): %}
|
||||
ip saddr != @homeproxy_lan_proxy_addr_v4 counter return
|
||||
{% if (ipv6_support === '1'): %}
|
||||
ip6 saddr != @homeproxy_lan_proxy_addr_v6 counter return
|
||||
{% endif /* ipv6_support */ %}
|
||||
{% elif (control_info.lan_proxy_mode === 'except_listed'): %}
|
||||
ip saddr @homeproxy_lan_direct_addr_v4 counter return
|
||||
{% if (ipv6_support === '1'): %}
|
||||
ip6 saddr @homeproxy_lan_direct_addr_v6 counter return
|
||||
{% endif /* ipv6_support */ %}
|
||||
{% endif /* lan_proxy_mode */ %}
|
||||
|
||||
ip daddr @homeproxy_wan_proxy_addr_v4 counter goto homeproxy_mangle_tun_mark
|
||||
{% if (ipv6_support === '1'): %}
|
||||
ip6 daddr @homeproxy_wan_proxy_addr_v6 counter goto homeproxy_mangle_tun_mark
|
||||
@@ -574,17 +569,22 @@ chain homeproxy_mangle_tun {
|
||||
{% endif %}
|
||||
|
||||
{% if (routing_mode !== 'custom'): %}
|
||||
ip saddr @homeproxy_lan_global_proxy_addr_v4 counter goto homeproxy_mangle_tun_mark
|
||||
{% if (ipv6_support === '1'): %}
|
||||
ip6 saddr @homeproxy_lan_global_proxy_addr_v6 counter goto homeproxy_mangle_tun_mark
|
||||
{% endif /* ipv6_support */ %}
|
||||
{% if (!isEmpty(control_info.lan_global_proxy_ipv4_ips)): %}
|
||||
ip saddr {{ array_to_nftarr(control_info.lan_global_proxy_ipv4_ips) }} counter goto homeproxy_mangle_tun_mark
|
||||
{% endif /* lan_global_proxy_ipv4_ips */ %}
|
||||
{% for (let ipv6 in control_info.lan_global_proxy_ipv6_ips): %}
|
||||
ip6 saddr {{ resolve_ipv6(ipv6) }} counter goto homeproxy_mangle_tun_mark
|
||||
{% endfor /* lan_global_proxy_ipv6_ips */ %}
|
||||
{% if (!isEmpty(control_info.lan_global_proxy_mac_addrs)): %}
|
||||
ether saddr {{ array_to_nftarr(control_info.lan_global_proxy_mac_addrs) }} counter goto homeproxy_mangle_tun_mark
|
||||
{% endif /* lan_global_proxy_mac_addrs */ %}
|
||||
{% endif /* routing_mode */ %}
|
||||
|
||||
{% if (control_info.wan_direct_ipv4_ips): %}
|
||||
ip daddr { {{ array_to_nftstr(control_info.wan_direct_ipv4_ips) }} } counter return
|
||||
ip daddr {{ array_to_nftarr(control_info.wan_direct_ipv4_ips) }} counter return
|
||||
{% endif /* wan_direct_ipv4_ips */ %}
|
||||
{% if (control_info.wan_direct_ipv6_ips): %}
|
||||
ip6 daddr { {{ array_to_nftstr(control_info.wan_direct_ipv6_ips) }} } counter return
|
||||
ip6 daddr {{ array_to_nftarr(control_info.wan_direct_ipv6_ips) }} counter return
|
||||
{% endif /* wan_direct_ipv6_ips */ %}
|
||||
|
||||
{% if (routing_mode === 'gfwlist'): %}
|
||||
@@ -608,16 +608,21 @@ chain homeproxy_mangle_tun {
|
||||
{% endif /* ipv6_support */ %}
|
||||
{% endif /* routing_mode */ %}
|
||||
|
||||
ip saddr @homeproxy_lan_gaming_addr_v4 counter mark set {{ tun_mark }}
|
||||
{% if (ipv6_support === '1'): %}
|
||||
ip6 saddr @homeproxy_lan_gaming_addr_v6 counter mark set {{ tun_mark }}
|
||||
{% endif /* ipv6_support */ %}
|
||||
{% if (!isEmpty(control_info.lan_gaming_mode_ipv4_ips)): %}
|
||||
ip saddr {{ array_to_nftarr(control_info.lan_gaming_mode_ipv4_ips) }} counter mark set {{ tun_mark }}
|
||||
{% endif /* lan_gaming_mode_ipv4_ips */ %}
|
||||
{% for (let ipv6 in control_info.lan_gaming_mode_ipv6_ips): %}
|
||||
ip6 saddr {{ resolve_ipv6(ipv6) }} counter mark set {{ tun_mark }}
|
||||
{% endfor /* lan_gaming_mode_ipv6_ips */ %}
|
||||
{% if (!isEmpty(control_info.lan_gaming_mode_mac_addrs)): %}
|
||||
ether saddr {{ array_to_nftarr(control_info.lan_gaming_mode_mac_addrs) }} counter mark set {{ tun_mark }}
|
||||
{% endif /* lan_gaming_mode_mac_addrs */ %}
|
||||
|
||||
counter goto homeproxy_mangle_tun_mark
|
||||
}
|
||||
|
||||
chain mangle_prerouting {
|
||||
meta nfproto { {{ (ipv6_support === '1') ? 'ipv4, ipv6' : 'ipv4' }} } meta l4proto { {{ (proxy_mode === 'tun') ? 'tcp, udp' : 'udp' }} } jump homeproxy_mangle_prerouting_tun
|
||||
meta nfproto { {{ (ipv6_support === '1') ? 'ipv4, ipv6' : 'ipv4' }} } meta l4proto { {{ (proxy_mode === 'tun') ? 'tcp, udp' : 'udp' }} } jump homeproxy_mangle_lanac
|
||||
}
|
||||
|
||||
chain mangle_output {
|
||||
|
||||
@@ -609,24 +609,8 @@ if (!isEmpty(main_node) || !isEmpty(default_outbound))
|
||||
default_interface: default_interface
|
||||
};
|
||||
|
||||
/* Routing rules */
|
||||
if (!isEmpty(main_node)) {
|
||||
/* Routing rules */
|
||||
/* LAN ACL */
|
||||
if (length(lan_proxy_ips)) {
|
||||
if (dedicated_udp_node) {
|
||||
push(config.route.rules, {
|
||||
source_ip_cidr: lan_proxy_ips,
|
||||
network: 'udp',
|
||||
outbound: 'main-udp-out'
|
||||
});
|
||||
}
|
||||
|
||||
push(config.route.rules, {
|
||||
source_ip_cidr: lan_proxy_ips,
|
||||
outbound: 'main-out'
|
||||
});
|
||||
}
|
||||
|
||||
/* Direct list */
|
||||
if (length(direct_domain_list))
|
||||
push(config.route.rules, {
|
||||
|
||||
@@ -133,7 +133,6 @@ start_service() {
|
||||
fi
|
||||
|
||||
utpl -S "$HP_DIR/scripts/firewall_post.ut" > "$RUN_DIR/fw4_post.nft"
|
||||
|
||||
fi
|
||||
|
||||
utpl -S "$HP_DIR/scripts/firewall_pre.ut" > "$RUN_DIR/fw4_pre.nft"
|
||||
@@ -191,22 +190,18 @@ stop_service() {
|
||||
|
||||
# Nftables rules
|
||||
for i in "homeproxy_dstnat_redir" "homeproxy_output_redir" \
|
||||
"homeproxy_redirect" "homeproxy_redirect_proxy_port" \
|
||||
"homeproxy_redirect_proxy" "homeproxy_mangle_prerouting" \
|
||||
"homeproxy_mangle_output" "homeproxy_mangle_tproxy_port" \
|
||||
"homeproxy_mangle_tproxy" "homeproxy_mangle_mark" \
|
||||
"homeproxy_mangle_tun" "homeproxy_mangle_tun_mark" \
|
||||
"homeproxy_mangle_prerouting_tun"; do
|
||||
"homeproxy_redirect" "homeproxy_redirect_proxy" \
|
||||
"homeproxy_redirect_proxy_port" "homeproxy_redirect_lanac" \
|
||||
"homeproxy_mangle_prerouting" "homeproxy_mangle_output" \
|
||||
"homeproxy_mangle_tproxy" "homeproxy_mangle_tproxy_port" \
|
||||
"homeproxy_mangle_tproxy_lanac" "homeproxy_mangle_mark" \
|
||||
"homeproxy_mangle_tun" "homeproxy_mangle_tun_mark"; do
|
||||
nft flush chain inet fw4 "$i"
|
||||
nft delete chain inet fw4 "$i"
|
||||
done 2>"/dev/null"
|
||||
for i in "homeproxy_local_addr_v4" "homeproxy_local_addr_v6" \
|
||||
"homeproxy_gfw_list_v4" "homeproxy_gfw_list_v6" \
|
||||
"homeproxy_mainland_addr_v4" "homeproxy_mainland_addr_v6" \
|
||||
"homeproxy_lan_proxy_addr_v4" "homeproxy_lan_proxy_addr_v6" \
|
||||
"homeproxy_lan_direct_addr_v4" "homeproxy_lan_direct_addr_v6" \
|
||||
"homeproxy_lan_gaming_addr_v4" "homeproxy_lan_gaming_addr_v6" \
|
||||
"homeproxy_lan_global_proxy_addr_v4" "homeproxy_lan_global_proxy_addr_v6" \
|
||||
"homeproxy_wan_proxy_addr_v4" "homeproxy_wan_proxy_addr_v6" \
|
||||
"homeproxy_wan_direct_addr_v4" "homeproxy_wan_direct_addr_v6" \
|
||||
"homeproxy_routing_port"; do
|
||||
|
||||
@@ -148,6 +148,7 @@ const methods = {
|
||||
fd.close();
|
||||
}
|
||||
|
||||
features.hp_has_tproxy = access('/etc/modules.d/nft-tproxy');
|
||||
features.hp_has_tun = access('/etc/modules.d/30-tun');
|
||||
|
||||
return features;
|
||||
|
||||
@@ -643,6 +643,7 @@
|
||||
10000tc.com
|
||||
10000yao.com
|
||||
10001wan.com
|
||||
100024.xyz
|
||||
1000360.com
|
||||
10006.info
|
||||
1000ci.net
|
||||
@@ -1770,6 +1771,7 @@
|
||||
1kuang.com
|
||||
1kx.me
|
||||
1kxun.com
|
||||
1kyx.com
|
||||
1lan.tv
|
||||
1lewen.com
|
||||
1look.tv
|
||||
@@ -3207,6 +3209,7 @@
|
||||
3t769up6.com
|
||||
3tilabs.com
|
||||
3u.com
|
||||
3unshine.com
|
||||
3uol.com
|
||||
3us.com
|
||||
3uww.cc
|
||||
@@ -12292,6 +12295,7 @@ can.tv
|
||||
canaan-creative.com
|
||||
canasy.com
|
||||
cancda.net
|
||||
cancer361.com
|
||||
candou.com
|
||||
candylab.net
|
||||
candypay.com
|
||||
@@ -17120,6 +17124,7 @@ d.cg
|
||||
d03jd.com
|
||||
d1222.com
|
||||
d17.cc
|
||||
d1999.com
|
||||
d1cm.com
|
||||
d1com.com
|
||||
d1dengju.com
|
||||
@@ -18380,6 +18385,7 @@ digitalvolvo.com
|
||||
digitalwuhan.com
|
||||
digitalwuhan.net
|
||||
digitlink.net
|
||||
digitocero.com
|
||||
digitser.net
|
||||
digiwin.com
|
||||
digiwork.com
|
||||
@@ -18902,6 +18908,7 @@ dongcaibaoxian.com
|
||||
dongchaba.com
|
||||
dongchedi.com
|
||||
dongchediapp.com
|
||||
dongcheng1.com
|
||||
dongcheng120.com
|
||||
dongchenghotels.com
|
||||
dongdao.net
|
||||
@@ -19158,6 +19165,7 @@ dpcyjt.com
|
||||
dper.com
|
||||
dpevmh.com
|
||||
dpfile.com
|
||||
dplayerjsvideo.com
|
||||
dplayersvideostatic.com
|
||||
dplor.com
|
||||
dplord.com
|
||||
@@ -23912,6 +23920,7 @@ gohong.com
|
||||
gohugo.org
|
||||
going-link.com
|
||||
gojiaju.com
|
||||
gokaigai.com
|
||||
goke.com
|
||||
gokols.com
|
||||
gokuai.com
|
||||
@@ -33822,6 +33831,7 @@ kikoplay.fun
|
||||
kiku.vip
|
||||
kililife.com
|
||||
killdb.com
|
||||
kiloai.com
|
||||
kimiss.com
|
||||
kimiss.net
|
||||
kimiter.com
|
||||
@@ -36447,6 +36457,7 @@ lnrcu.com
|
||||
lnrsks.com
|
||||
lnsent.com
|
||||
lnsgczb.com
|
||||
lnsyrjwz.com
|
||||
lntenghui.com
|
||||
lntvu.com
|
||||
lntycp.com
|
||||
@@ -36666,7 +36677,6 @@ looyuoms.com
|
||||
looyush.com
|
||||
lopetech.net
|
||||
lopkino.com
|
||||
lopopoo.com
|
||||
lopss.com
|
||||
lorefree.com
|
||||
losking.com
|
||||
@@ -37177,6 +37187,7 @@ lxxm.com
|
||||
lxybaike.com
|
||||
lxyes.com
|
||||
lxyl539.com
|
||||
lxyllawfirm.com
|
||||
ly-sky.com
|
||||
ly.com
|
||||
ly200-cdn.com
|
||||
@@ -41263,6 +41274,7 @@ okad.com
|
||||
okada-china.com
|
||||
okaoyan.com
|
||||
okayapi.com
|
||||
okaybio.com
|
||||
okbao.com
|
||||
okbase.net
|
||||
okbiao.com
|
||||
@@ -41927,6 +41939,7 @@ palace-international.com
|
||||
palanceli.com
|
||||
palm-h.com
|
||||
palmestore.com
|
||||
palmfungames.com
|
||||
palmjoys.com
|
||||
palmtrends.com
|
||||
palmyou.com
|
||||
@@ -42755,6 +42768,7 @@ plcloud.com
|
||||
plcsq.com
|
||||
plesk-cn.com
|
||||
plexjiasuqi.com
|
||||
plexpt.com
|
||||
plob.org
|
||||
plotcup.com
|
||||
plqdf.com
|
||||
@@ -50680,7 +50694,6 @@ tapas.net
|
||||
tapdata.net
|
||||
tapdb.com
|
||||
tapdb.net
|
||||
tapechat.net
|
||||
tapenjoy.com
|
||||
tapimg.com
|
||||
tapotiexie.com
|
||||
@@ -51808,7 +51821,6 @@ tokenglish.com
|
||||
tokensky.net
|
||||
tokenworld.pro
|
||||
tokimekiclub.org
|
||||
toktok-mall.com
|
||||
tol24.com
|
||||
tom.cat
|
||||
tom.com
|
||||
@@ -54523,6 +54535,7 @@ wandongli.com
|
||||
wandouip.com
|
||||
wandoujia.com
|
||||
waneziyuan.com
|
||||
wanfangche.com
|
||||
wanfangdata.com
|
||||
wanfangqikan.com
|
||||
wanfangs.com
|
||||
@@ -55013,6 +55026,7 @@ wefinger.club
|
||||
wefitos.com
|
||||
wefunol.com
|
||||
wegame.com
|
||||
wegameapi.com
|
||||
wegamedeveloper.com
|
||||
wegameplus.com
|
||||
wegamex.com.hk
|
||||
@@ -57613,6 +57627,7 @@ xiangqu.com
|
||||
xiangrikui.co
|
||||
xiangrikui.com
|
||||
xiangrikuijianzhan.com
|
||||
xiangruizulin.com
|
||||
xiangshang360.com
|
||||
xiangshangban.com
|
||||
xiangshanpark.com
|
||||
@@ -57918,6 +57933,7 @@ xiaotee.com
|
||||
xiaoten.com
|
||||
xiaotengyouxi.com
|
||||
xiaotiancai.com
|
||||
xiaotud.com
|
||||
xiaotut.com
|
||||
xiaotuzhan.com
|
||||
xiaou2014.com
|
||||
@@ -60814,6 +60830,7 @@ yjk.com
|
||||
yjk.im
|
||||
yjldp.com
|
||||
yjlin4.com
|
||||
yjlink.cc
|
||||
yjnbn.com
|
||||
yjopen.com
|
||||
yjpal.com
|
||||
@@ -61178,6 +61195,7 @@ youease.net
|
||||
youedata.com
|
||||
youeryun.com
|
||||
youez.com
|
||||
youfangou.com
|
||||
youfangzx.com
|
||||
youfen666.com
|
||||
youfh.com
|
||||
@@ -61403,6 +61421,7 @@ youyannet.com
|
||||
youyeetoo.com
|
||||
youyegame.com
|
||||
youyi-game.com
|
||||
youyigame.com
|
||||
youyilm.com
|
||||
youyiqi.com
|
||||
youyiqiaogou.com
|
||||
@@ -63275,6 +63294,7 @@ zhengyexing.com
|
||||
zhengyifeng.com
|
||||
zhengyinyong.com
|
||||
zhengyounet.com
|
||||
zhengyouyoule.com
|
||||
zhengzai.tv
|
||||
zhengzhen25.xyz
|
||||
zhengzhen26.xyz
|
||||
|
||||
@@ -14272,6 +14272,7 @@ hgsacx.com
|
||||
hgseav.com
|
||||
hgtg022.com
|
||||
hgtv
|
||||
hh-content.com
|
||||
hh176.net
|
||||
hh2267.com
|
||||
hh22hh.com
|
||||
@@ -17086,6 +17087,7 @@ kinkbook.com
|
||||
kinkcult.com
|
||||
kinkidt.i-cweb.net
|
||||
kinklive.com
|
||||
kinkoid.com
|
||||
kinkyfamily.com
|
||||
kinkypeepz.com
|
||||
kinmen.travel
|
||||
@@ -22175,6 +22177,7 @@ pinterest.engineering
|
||||
pinterest.id
|
||||
pinterest.info
|
||||
pinterest.it
|
||||
pinterest.net
|
||||
pinterest.pt
|
||||
pinterestmail.com
|
||||
pintool.com
|
||||
|
||||
@@ -21,13 +21,13 @@ define Download/geoip
|
||||
HASH:=1b6beebefa6ee3fb68e824d4664ccd75a21e8831700bb352d3b74d1c298e9793
|
||||
endef
|
||||
|
||||
GEOSITE_VER:=20230401161112
|
||||
GEOSITE_VER:=20230401170636
|
||||
GEOSITE_FILE:=dlc.dat.$(GEOSITE_VER)
|
||||
define Download/geosite
|
||||
URL:=https://github.com/v2fly/domain-list-community/releases/download/$(GEOSITE_VER)/
|
||||
URL_FILE:=dlc.dat
|
||||
FILE:=$(GEOSITE_FILE)
|
||||
HASH:=d63a3179224f69df6071d0bb8450c2df0bccec431d48b6618a64d284d20fea7b
|
||||
HASH:=c884da813675fba5a15f322905623d5971e0c60ed5f2fbb8a54bfba1b401bc3b
|
||||
endef
|
||||
|
||||
define Package/v2ray-geodata/template
|
||||
|
||||
Reference in New Issue
Block a user