diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/rule.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/rule.lua index b5f16699db..a53f8d72bb 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/rule.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/rule.lua @@ -94,7 +94,8 @@ if has_xray or has_singbox then o.rmempty = false o.description = "" end diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua index 906c4ca8c9..551d6612e2 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua @@ -41,7 +41,7 @@ o.validate = function(self, value) value = value:gsub("^%s+", ""):gsub("%s+$","\n"):gsub("\r\n","\n"):gsub("[ \t]*\n[ \t]*", "\n") string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(hosts, w) end) for index, host in ipairs(hosts) do - if host:sub(1, 1) == "#" then + if host:sub(1, 1) == "#" or host:sub(1, 8) == "geosite:" then return value end if not datatypes.hostname(host) then @@ -70,7 +70,7 @@ o.validate = function(self, value) value = value:gsub("^%s+", ""):gsub("%s+$","\n"):gsub("\r\n","\n"):gsub("[ \t]*\n[ \t]*", "\n") string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(ipmasks, w) end) for index, ipmask in ipairs(ipmasks) do - if ipmask:sub(1, 1) == "#" then + if ipmask:sub(1, 1) == "#" or ipmask:sub(1, 6) == "geoip:" then return value end if not ( datatypes.ipmask4(ipmask) or datatypes.ipmask6(ipmask) ) then @@ -101,7 +101,7 @@ o.validate = function(self, value) value = value:gsub("^%s+", ""):gsub("%s+$","\n"):gsub("\r\n","\n"):gsub("[ \t]*\n[ \t]*", "\n") string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(hosts, w) end) for index, host in ipairs(hosts) do - if host:sub(1, 1) == "#" then + if host:sub(1, 1) == "#" or host:sub(1, 8) == "geosite:" then return value end if not datatypes.hostname(host) then @@ -130,7 +130,7 @@ o.validate = function(self, value) value = value:gsub("^%s+", ""):gsub("%s+$","\n"):gsub("\r\n","\n"):gsub("[ \t]*\n[ \t]*", "\n") string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(ipmasks, w) end) for index, ipmask in ipairs(ipmasks) do - if ipmask:sub(1, 1) == "#" then + if ipmask:sub(1, 1) == "#" or ipmask:sub(1, 6) == "geoip:" then return value end if not ( datatypes.ipmask4(ipmask) or datatypes.ipmask6(ipmask) ) then @@ -159,7 +159,7 @@ o.validate = function(self, value) value = value:gsub("^%s+", ""):gsub("%s+$","\n"):gsub("\r\n","\n"):gsub("[ \t]*\n[ \t]*", "\n") string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(hosts, w) end) for index, host in ipairs(hosts) do - if host:sub(1, 1) == "#" then + if host:sub(1, 1) == "#" or host:sub(1, 8) == "geosite:" then return value end if not datatypes.hostname(host) then @@ -188,7 +188,7 @@ o.validate = function(self, value) value = value:gsub("^%s+", ""):gsub("%s+$","\n"):gsub("\r\n","\n"):gsub("[ \t]*\n[ \t]*", "\n") string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(ipmasks, w) end) for index, ipmask in ipairs(ipmasks) do - if ipmask:sub(1, 1) == "#" then + if ipmask:sub(1, 1) == "#" or ipmask:sub(1, 6) == "geoip:" then return value end if not ( datatypes.ipmask4(ipmask) or datatypes.ipmask6(ipmask) ) then diff --git a/luci-app-passwall/po/zh-cn/passwall.po b/luci-app-passwall/po/zh-cn/passwall.po index 12c1c894e3..dfb3bd636e 100644 --- a/luci-app-passwall/po/zh-cn/passwall.po +++ b/luci-app-passwall/po/zh-cn/passwall.po @@ -934,6 +934,9 @@ msgstr "开启 Geo 数据解析" msgid "Analyzes and preloads GeoIP/Geosite data to enhance the shunt performance of Sing-box/Xray." msgstr "分析和预加载 GeoIP/Geosite 数据,以增强 Sing-box/Xray 的分流效果。" +msgid "Once enabled, the rule list can support GeoIP/Geosite rules." +msgstr "启用后,规则列表可以支持 GeoIP/Geosite 规则。" + msgid "Note: Increases resource usage; Geosite analysis is only supported in ChinaDNS-NG and SmartDNS modes." msgstr "注:会增加一些系统资源的开销,仅在 ChinaDNS-NG 和 SmartDNS 模式下支持分析 Geosite 。" diff --git a/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua b/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua index dc9cf486f7..60e847dd81 100644 --- a/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua +++ b/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua @@ -30,6 +30,7 @@ local RULES_PATH = "/usr/share/" .. appname .. "/rules" local FLAG_PATH = TMP_ACL_PATH .. "/" .. FLAG local config_lines = {} local tmp_lines = {} +local USE_GEOVIEW = uci:get(appname, "@global_rules[0]", "enable_geoview") local function log(...) if NO_LOGIC_LOG == "1" then @@ -115,12 +116,18 @@ end --自定义规则组,后声明的组具有更高优先级 --屏蔽列表 local file_block_host = TMP_ACL_PATH .. "/block_host" -if USE_BLOCK_LIST == "1" and not fs.access(file_block_host) then --对自定义列表进行清洗 +if USE_BLOCK_LIST == "1" and not fs.access(file_block_host) then local block_domain, lookup_block_domain = {}, {} + local geosite_arg = "" for line in io.lines(RULES_PATH .. "/block_host") do - line = api.get_std_domain(line) - if line ~= "" and not line:find("#") then - insert_unique(block_domain, line, lookup_block_domain) + if not line:find("#") and line:find("geosite:") then + line = string.match(line, ":([^:]+)$") + geosite_arg = geosite_arg .. (geosite_arg ~= "" and "," or "") .. line + else + line = api.get_std_domain(line) + if line ~= "" and not line:find("#") then + insert_unique(block_domain, line, lookup_block_domain) + end end end if #block_domain > 0 then @@ -130,6 +137,10 @@ if USE_BLOCK_LIST == "1" and not fs.access(file_block_host) then --对自定 end f_out:close() end + if USE_GEOVIEW == "1" and geosite_arg ~= "" and api.is_finded("geoview") then + get_geosite(geosite_arg, file_block_host) + log(" * 解析[屏蔽列表] Geosite 到屏蔽域名表(blocklist)完成") + end end if USE_BLOCK_LIST == "1" and is_file_nonzero(file_block_host) then tmp_lines = { @@ -168,12 +179,18 @@ end --直连(白名单)列表 local file_direct_host = TMP_ACL_PATH .. "/direct_host" -if USE_DIRECT_LIST == "1" and not fs.access(file_direct_host) then --对自定义列表进行清洗 +if USE_DIRECT_LIST == "1" and not fs.access(file_direct_host) then local direct_domain, lookup_direct_domain = {}, {} + local geosite_arg = "" for line in io.lines(RULES_PATH .. "/direct_host") do - line = api.get_std_domain(line) - if line ~= "" and not line:find("#") then - insert_unique(direct_domain, line, lookup_direct_domain) + if not line:find("#") and line:find("geosite:") then + line = string.match(line, ":([^:]+)$") + geosite_arg = geosite_arg .. (geosite_arg ~= "" and "," or "") .. line + else + line = api.get_std_domain(line) + if line ~= "" and not line:find("#") then + insert_unique(direct_domain, line, lookup_direct_domain) + end end end if #direct_domain > 0 then @@ -183,6 +200,10 @@ if USE_DIRECT_LIST == "1" and not fs.access(file_direct_host) then --对自定 end f_out:close() end + if USE_GEOVIEW == "1" and geosite_arg ~= "" and api.is_finded("geoview") then + get_geosite(geosite_arg, file_direct_host) + log(" * 解析[直连列表] Geosite 到域名白名单(whitelist)完成") + end end if USE_DIRECT_LIST == "1" and is_file_nonzero(file_direct_host) then tmp_lines = { @@ -197,12 +218,18 @@ end --代理(黑名单)列表 local file_proxy_host = TMP_ACL_PATH .. "/proxy_host" -if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then --对自定义列表进行清洗 +if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then local proxy_domain, lookup_proxy_domain = {}, {} + local geosite_arg = "" for line in io.lines(RULES_PATH .. "/proxy_host") do - line = api.get_std_domain(line) - if line ~= "" and not line:find("#") then - insert_unique(proxy_domain, line, lookup_proxy_domain) + if not line:find("#") and line:find("geosite:") then + line = string.match(line, ":([^:]+)$") + geosite_arg = geosite_arg .. (geosite_arg ~= "" and "," or "") .. line + else + line = api.get_std_domain(line) + if line ~= "" and not line:find("#") then + insert_unique(proxy_domain, line, lookup_proxy_domain) + end end end if #proxy_domain > 0 then @@ -212,6 +239,10 @@ if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then --对自定 end f_out:close() end + if USE_GEOVIEW == "1" and geosite_arg ~= "" and api.is_finded("geoview") then + get_geosite(geosite_arg, file_proxy_host) + log(" * 解析[代理列表] Geosite 到代理域名表(blacklist)完成") + end end if USE_PROXY_LIST == "1" and is_file_nonzero(file_proxy_host) then tmp_lines = { @@ -334,14 +365,14 @@ if uci:get(appname, TCP_NODE, "protocol") == "_shunt" then end end - local use_geoview = uci:get(appname, "@global_rules[0]", "enable_geoview") - if GFWLIST == "1" and CHNLIST == "0" and use_geoview == "1" then --仅GFW模式解析geosite + if GFWLIST == "1" and CHNLIST == "0" and USE_GEOVIEW == "1" and api.is_finded("geoview") then --仅GFW模式解析geosite if geosite_white_arg ~= "" then get_geosite(geosite_white_arg, file_white_host) end if geosite_shunt_arg ~= "" then get_geosite(geosite_shunt_arg, file_shunt_host) end + log(" * 解析[分流节点] Geosite 完成") end if is_file_nonzero(file_white_host) then @@ -409,11 +440,11 @@ end table.insert(config_lines, "hosts") if DEFAULT_TAG == "chn" then - log(string.format(" - 默认:%s", DNS_LOCAL)) + log(string.format(" - 默认 DNS :%s", DNS_LOCAL)) elseif DEFAULT_TAG == "gfw" then - log(string.format(" - 默认:%s", DNS_TRUST)) + log(string.format(" - 默认 DNS :%s", DNS_TRUST)) else - log(string.format(" - 默认:%s", "智能匹配")) + log(string.format(" - 默认 DNS :%s", "智能匹配")) end --输出配置文件 diff --git a/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua b/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua index 894631ec02..06b54e77e9 100644 --- a/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua +++ b/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua @@ -36,6 +36,7 @@ local RULES_PATH = "/usr/share/" .. appname .. "/rules" local FLAG_PATH = TMP_ACL_PATH .. "/" .. FLAG local config_lines = {} local tmp_lines = {} +local USE_GEOVIEW = uci:get(appname, "@global_rules[0]", "enable_geoview") local function log(...) if NO_LOGIC_LOG == "1" then @@ -233,12 +234,18 @@ end --屏蔽列表 local file_block_host = TMP_ACL_PATH .. "/block_host" -if USE_BLOCK_LIST == "1" and not fs.access(file_block_host) then --对自定义列表进行清洗 +if USE_BLOCK_LIST == "1" and not fs.access(file_block_host) then local block_domain, lookup_block_domain = {}, {} + local geosite_arg = "" for line in io.lines(RULES_PATH .. "/block_host") do - line = api.get_std_domain(line) - if line ~= "" and not line:find("#") then - insert_unique(block_domain, line, lookup_block_domain) + if not line:find("#") and line:find("geosite:") then + line = string.match(line, ":([^:]+)$") + geosite_arg = geosite_arg .. (geosite_arg ~= "" and "," or "") .. line + else + line = api.get_std_domain(line) + if line ~= "" and not line:find("#") then + insert_unique(block_domain, line, lookup_block_domain) + end end end if #block_domain > 0 then @@ -248,6 +255,10 @@ if USE_BLOCK_LIST == "1" and not fs.access(file_block_host) then --对自定 end f_out:close() end + if USE_GEOVIEW == "1" and geosite_arg ~= "" and api.is_finded("geoview") then + get_geosite(geosite_arg, file_block_host) + log(" * 解析[屏蔽列表] Geosite 到屏蔽域名表(blocklist)完成") + end end if USE_BLOCK_LIST == "1" and is_file_nonzero(file_block_host) then local domain_set_name = "passwall-block" @@ -289,12 +300,18 @@ end --直连(白名单)列表 local file_direct_host = TMP_ACL_PATH .. "/direct_host" -if USE_DIRECT_LIST == "1" and not fs.access(file_direct_host) then --对自定义列表进行清洗 +if USE_DIRECT_LIST == "1" and not fs.access(file_direct_host) then local direct_domain, lookup_direct_domain = {}, {} + local geosite_arg = "" for line in io.lines(RULES_PATH .. "/direct_host") do - line = api.get_std_domain(line) - if line ~= "" and not line:find("#") then - insert_unique(direct_domain, line, lookup_direct_domain) + if not line:find("#") and line:find("geosite:") then + line = string.match(line, ":([^:]+)$") + geosite_arg = geosite_arg .. (geosite_arg ~= "" and "," or "") .. line + else + line = api.get_std_domain(line) + if line ~= "" and not line:find("#") then + insert_unique(direct_domain, line, lookup_direct_domain) + end end end if #direct_domain > 0 then @@ -304,6 +321,10 @@ if USE_DIRECT_LIST == "1" and not fs.access(file_direct_host) then --对自定 end f_out:close() end + if USE_GEOVIEW == "1" and geosite_arg ~= "" and api.is_finded("geoview") then + get_geosite(geosite_arg, file_direct_host) + log(" * 解析[直连列表] Geosite 到域名白名单(whitelist)完成") + end end if USE_DIRECT_LIST == "1" and is_file_nonzero(file_direct_host) then local domain_set_name = "passwall-directlist" @@ -320,12 +341,18 @@ end --代理(黑名单)列表 local file_proxy_host = TMP_ACL_PATH .. "/proxy_host" -if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then --对自定义列表进行清洗 +if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then local proxy_domain, lookup_proxy_domain = {}, {} + local geosite_arg = "" for line in io.lines(RULES_PATH .. "/proxy_host") do - line = api.get_std_domain(line) - if line ~= "" and not line:find("#") then - insert_unique(proxy_domain, line, lookup_proxy_domain) + if not line:find("#") and line:find("geosite:") then + line = string.match(line, ":([^:]+)$") + geosite_arg = geosite_arg .. (geosite_arg ~= "" and "," or "") .. line + else + line = api.get_std_domain(line) + if line ~= "" and not line:find("#") then + insert_unique(proxy_domain, line, lookup_proxy_domain) + end end end if #proxy_domain > 0 then @@ -335,6 +362,10 @@ if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then --对自定 end f_out:close() end + if USE_GEOVIEW == "1" and geosite_arg ~= "" and api.is_finded("geoview") then + get_geosite(geosite_arg, file_proxy_host) + log(" * 解析[代理列表] Geosite 到代理域名表(blacklist)完成") + end end if USE_PROXY_LIST == "1" and is_file_nonzero(file_proxy_host) then local domain_set_name = "passwall-proxylist" @@ -477,14 +508,14 @@ if uci:get(appname, TCP_NODE, "protocol") == "_shunt" then end end - local use_geoview = uci:get(appname, "@global_rules[0]", "enable_geoview") - if USE_GFW_LIST == "1" and CHN_LIST == "0" and use_geoview == "1" then --仅GFW模式解析geosite + if USE_GFW_LIST == "1" and CHN_LIST == "0" and USE_GEOVIEW == "1" and api.is_finded("geoview") then --仅GFW模式解析geosite if geosite_white_arg ~= "" then get_geosite(geosite_white_arg, file_white_host) end if geosite_shunt_arg ~= "" then get_geosite(geosite_shunt_arg, file_shunt_host) end + log(" * 解析[分流节点] Geosite 完成") end if is_file_nonzero(file_white_host) then @@ -535,7 +566,7 @@ if #config_lines > 0 then end if DEFAULT_DNS_GROUP then - log(string.format(" - 默认分组:%s", DEFAULT_DNS_GROUP)) + log(string.format(" - 默认 DNS 分组:%s", DEFAULT_DNS_GROUP)) end fs.symlink(CACHE_DNS_FILE, SMARTDNS_CONF) diff --git a/luci-app-passwall/root/usr/share/passwall/iptables.sh b/luci-app-passwall/root/usr/share/passwall/iptables.sh index d724f7c867..6015672616 100755 --- a/luci-app-passwall/root/usr/share/passwall/iptables.sh +++ b/luci-app-passwall/root/usr/share/passwall/iptables.sh @@ -776,53 +776,97 @@ add_firewall_rule() { ipset -! create $IPSET_WHITELIST6 nethash family inet6 maxelem 1048576 timeout 172800 ipset -! create $IPSET_BLOCKLIST6 nethash family inet6 maxelem 1048576 timeout 172800 - #分流规则的IP列表(使用分流节点时导入) + cat $RULES_PATH/chnroute | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + cat $RULES_PATH/chnroute6 | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + + #导入规则列表、分流规则中的IP列表 local USE_SHUNT_NODE=0 + local USE_PROXY_LIST_ALL=${USE_PROXY_LIST} + local USE_DIRECT_LIST_ALL=${USE_DIRECT_LIST} + local USE_BLOCK_LIST_ALL=${USE_BLOCK_LIST} local _TCP_NODE=$(config_t_get global tcp_node nil) local _UDP_NODE=$(config_t_get global udp_node nil) + local USE_GEOVIEW=$(config_t_get global_rules enable_geoview) [ "$_TCP_NODE" != "nil" ] && [ "$(config_n_get $_TCP_NODE protocol)" = "_shunt" ] && USE_SHUNT_TCP=1 && USE_SHUNT_NODE=1 [ "$_UDP_NODE" != "nil" ] && [ "$(config_n_get $_UDP_NODE protocol)" = "_shunt" ] && USE_SHUNT_UDP=1 && USE_SHUNT_NODE=1 [ "$_UDP_NODE" = "tcp" ] && USE_SHUNT_UDP=$USE_SHUNT_TCP - - [ "$USE_SHUNT_NODE" = "0" ] && { - for acl_section in $(uci show ${CONFIG} | grep "=acl_rule" | cut -d '.' -sf 2 | cut -d '=' -sf 1); do - [ "$(config_n_get $acl_section enabled)" != "1" ] && continue - for _node in $(config_n_get $acl_section tcp_node) $(config_n_get $acl_section udp_node); do - local node_protocol=$(config_n_get $_node protocol) - [ "$node_protocol" = "_shunt" ] && { USE_SHUNT_NODE=1; break 2; } - done + + for acl_section in $(uci show ${CONFIG} | grep "=acl_rule" | cut -d '.' -sf 2 | cut -d '=' -sf 1); do + [ "$(config_n_get $acl_section enabled)" != "1" ] && continue + [ "$(config_n_get $acl_section use_global_config 0)" != "1" ] && { + [ "$(config_n_get $acl_section use_direct_list 1)" = "1" ] && USE_PROXY_LIST_ALL=1 + [ "$(config_n_get $acl_section use_proxy_list 1)" = "1" ] && USE_DIRECT_LIST_ALL=1 + [ "$(config_n_get $acl_section use_block_list 1)" = "1" ] && USE_BLOCK_LIST_ALL=1 + } + for _node in $(config_n_get $acl_section tcp_node) $(config_n_get $acl_section udp_node); do + local node_protocol=$(config_n_get $_node protocol) + [ "$node_protocol" = "_shunt" ] && { USE_SHUNT_NODE=1; break; } done + done + + #直连列表 + [ "$USE_DIRECT_LIST_ALL" = "1" ] && { + cat $RULES_PATH/direct_ip | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_WHITELIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + cat $RULES_PATH/direct_ip | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_WHITELIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + [ "$USE_GEOVIEW" = "1" ] && { + local GEOIP_CODE=$(cat $RULES_PATH/direct_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g') + if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then + get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_WHITELIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_WHITELIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + echolog " - [$?]解析并加入[直连列表] GeoIP 到 IPSET 完成" + fi + } } + #代理列表 + [ "$USE_PROXY_LIST_ALL" = "1" ] && { + cat $RULES_PATH/proxy_ip | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLACKLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + cat $RULES_PATH/proxy_ip | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_BLACKLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + [ "$USE_GEOVIEW" = "1" ] && { + local GEOIP_CODE=$(cat $RULES_PATH/proxy_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g') + if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then + get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLACKLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_BLACKLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + echolog " - [$?]解析并加入[代理列表] GeoIP 到 IPSET 完成" + fi + } + } + + #屏蔽列表 + [ "$USE_PROXY_LIST_ALL" = "1" ] && { + cat $RULES_PATH/block_ip | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLOCKLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + cat $RULES_PATH/block_ip | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_BLOCKLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + [ "$USE_GEOVIEW" = "1" ] && { + local GEOIP_CODE=$(cat $RULES_PATH/block_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g') + if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then + get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLOCKLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_BLOCKLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + echolog " - [$?]解析并加入[屏蔽列表] GeoIP 到 IPSET 完成" + fi + } + } + + #分流列表 [ "$USE_SHUNT_NODE" = "1" ] && { local GEOIP_CODE="" local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}') for shunt_id in $shunt_ids; do - config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_SHUNTLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_SHUNTLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - [ "$(config_t_get global_rules enable_geoview)" = "1" ] && { + config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_SHUNTLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_SHUNTLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + [ "$USE_GEOVIEW" = "1" ] && { local geoip_code=$(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g') [ -n "$geoip_code" ] && GEOIP_CODE="${GEOIP_CODE:+$GEOIP_CODE,}$geoip_code" } done + if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then + get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_SHUNTLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_SHUNTLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + echolog " - [$?]解析并加入[分流节点] GeoIP 到 IPSET 完成" + fi } - if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then - get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_SHUNTLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_SHUNTLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - echolog " - [$?]解析并加入分流节点 GeoIP 到 IPSET 完成" - fi - - cat $RULES_PATH/chnroute | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - cat $RULES_PATH/proxy_ip | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLACKLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - cat $RULES_PATH/direct_ip | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_WHITELIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - cat $RULES_PATH/block_ip | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLOCKLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - - cat $RULES_PATH/chnroute6 | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - cat $RULES_PATH/proxy_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - cat $RULES_PATH/direct_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_WHITELIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - cat $RULES_PATH/block_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLOCKLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + #局域网IP列表 ipset -! -R <<-EOF $(gen_lanlist | sed -e "s/^/add $IPSET_LANLIST /") EOF diff --git a/luci-app-passwall/root/usr/share/passwall/nftables.sh b/luci-app-passwall/root/usr/share/passwall/nftables.sh index 6d87dfa477..53affc84e2 100755 --- a/luci-app-passwall/root/usr/share/passwall/nftables.sh +++ b/luci-app-passwall/root/usr/share/passwall/nftables.sh @@ -839,9 +839,9 @@ add_firewall_rule() { else gen_nftset $NFTSET_CHN ipv4_addr "2d" 0 $(cat $RULES_PATH/chnroute | tr -s '\n' | grep -v "^#") fi - gen_nftset $NFTSET_BLACKLIST ipv4_addr "2d" 0 $(cat $RULES_PATH/proxy_ip | tr -s '\n' | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}") - gen_nftset $NFTSET_WHITELIST ipv4_addr "2d" 0 $(cat $RULES_PATH/direct_ip | tr -s '\n' | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}") - gen_nftset $NFTSET_BLOCKLIST ipv4_addr "2d" 0 $(cat $RULES_PATH/block_ip | tr -s '\n' | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}") + gen_nftset $NFTSET_BLACKLIST ipv4_addr "2d" 0 + gen_nftset $NFTSET_WHITELIST ipv4_addr "2d" 0 + gen_nftset $NFTSET_BLOCKLIST ipv4_addr "2d" 0 gen_nftset $NFTSET_SHUNTLIST ipv4_addr "2d" 0 gen_nftset $NFTSET_VPSLIST6 ipv6_addr 0 0 @@ -853,47 +853,97 @@ add_firewall_rule() { else gen_nftset $NFTSET_CHN6 ipv6_addr "2d" 0 $(cat $RULES_PATH/chnroute6 | tr -s '\n' | grep -v "^#") fi - gen_nftset $NFTSET_BLACKLIST6 ipv6_addr "2d" 0 $(cat $RULES_PATH/proxy_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") - gen_nftset $NFTSET_WHITELIST6 ipv6_addr "2d" 0 $(cat $RULES_PATH/direct_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") - gen_nftset $NFTSET_BLOCKLIST6 ipv6_addr "2d" 0 $(cat $RULES_PATH/block_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") + gen_nftset $NFTSET_BLACKLIST6 ipv6_addr "2d" 0 + gen_nftset $NFTSET_WHITELIST6 ipv6_addr "2d" 0 + gen_nftset $NFTSET_BLOCKLIST6 ipv6_addr "2d" 0 gen_nftset $NFTSET_SHUNTLIST6 ipv6_addr "2d" 0 - #分流规则的IP列表(使用分流节点时导入) + #导入规则列表、分流规则中的IP列表 local USE_SHUNT_NODE=0 + local USE_PROXY_LIST_ALL=${USE_PROXY_LIST} + local USE_DIRECT_LIST_ALL=${USE_DIRECT_LIST} + local USE_BLOCK_LIST_ALL=${USE_BLOCK_LIST} local _TCP_NODE=$(config_t_get global tcp_node nil) local _UDP_NODE=$(config_t_get global udp_node nil) + local USE_GEOVIEW=$(config_t_get global_rules enable_geoview) [ "$_TCP_NODE" != "nil" ] && [ "$(config_n_get $_TCP_NODE protocol)" = "_shunt" ] && USE_SHUNT_TCP=1 && USE_SHUNT_NODE=1 [ "$_UDP_NODE" != "nil" ] && [ "$(config_n_get $_UDP_NODE protocol)" = "_shunt" ] && USE_SHUNT_UDP=1 && USE_SHUNT_NODE=1 [ "$_UDP_NODE" = "tcp" ] && USE_SHUNT_UDP=$USE_SHUNT_TCP - [ "$USE_SHUNT_NODE" = "0" ] && { - for acl_section in $(uci show ${CONFIG} | grep "=acl_rule" | cut -d '.' -sf 2 | cut -d '=' -sf 1); do - [ "$(config_n_get $acl_section enabled)" != "1" ] && continue - for _node in $(config_n_get $acl_section tcp_node) $(config_n_get $acl_section udp_node); do - local node_protocol=$(config_n_get $_node protocol) - [ "$node_protocol" = "_shunt" ] && { USE_SHUNT_NODE=1; break 2; } - done + for acl_section in $(uci show ${CONFIG} | grep "=acl_rule" | cut -d '.' -sf 2 | cut -d '=' -sf 1); do + [ "$(config_n_get $acl_section enabled)" != "1" ] && continue + [ "$(config_n_get $acl_section use_global_config 0)" != "1" ] && { + [ "$(config_n_get $acl_section use_direct_list 1)" = "1" ] && USE_PROXY_LIST_ALL=1 + [ "$(config_n_get $acl_section use_proxy_list 1)" = "1" ] && USE_DIRECT_LIST_ALL=1 + [ "$(config_n_get $acl_section use_block_list 1)" = "1" ] && USE_BLOCK_LIST_ALL=1 + } + for _node in $(config_n_get $acl_section tcp_node) $(config_n_get $acl_section udp_node); do + local node_protocol=$(config_n_get $_node protocol) + [ "$node_protocol" = "_shunt" ] && { USE_SHUNT_NODE=1; break; } done + done + + #直连列表 + [ "$USE_DIRECT_LIST_ALL" = "1" ] && { + insert_nftset $NFTSET_WHITELIST "0" $(cat $RULES_PATH/direct_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}") + insert_nftset $NFTSET_WHITELIST6 "0" $(cat $RULES_PATH/direct_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") + [ "$USE_GEOVIEW" = "1" ] && { + local GEOIP_CODE=$(cat $RULES_PATH/direct_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g') + if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then + insert_nftset $NFTSET_WHITELIST "0" $(get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}") + insert_nftset $NFTSET_WHITELIST6 "0" $(get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") + echolog " - [$?]解析并加入[直连列表] GeoIP 到 NFTSET 完成" + fi + } + } + + #代理列表 + [ "$USE_PROXY_LIST_ALL" = "1" ] && { + insert_nftset $NFTSET_BLACKLIST "0" $(cat $RULES_PATH/proxy_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}") + insert_nftset $NFTSET_BLACKLIST6 "0" $(cat $RULES_PATH/proxy_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") + [ "$USE_GEOVIEW" = "1" ] && { + local GEOIP_CODE=$(cat $RULES_PATH/proxy_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g') + if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then + insert_nftset $NFTSET_BLACKLIST "0" $(get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}") + insert_nftset $NFTSET_BLACKLIST6 "0" $(get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") + echolog " - [$?]解析并加入[代理列表] GeoIP 到 NFTSET 完成" + fi + } + } + + #屏蔽列表 + [ "$USE_PROXY_LIST_ALL" = "1" ] && { + insert_nftset $NFTSET_BLOCKLIST "0" $(cat $RULES_PATH/block_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}") + insert_nftset $NFTSET_BLOCKLIST6 "0" $(cat $RULES_PATH/block_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") + [ "$USE_GEOVIEW" = "1" ] && { + local GEOIP_CODE=$(cat $RULES_PATH/block_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g') + if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then + insert_nftset $NFTSET_BLOCKLIST "0" $(get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}") + insert_nftset $NFTSET_BLOCKLIST6 "0" $(get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") + echolog " - [$?]解析并加入[屏蔽列表] GeoIP 到 NFTSET 完成" + fi + } } + #分流列表 [ "$USE_SHUNT_NODE" = "1" ] && { local GEOIP_CODE="" local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}') for shunt_id in $shunt_ids; do - insert_nftset $NFTSET_SHUNTLIST "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}") - insert_nftset $NFTSET_SHUNTLIST6 "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") - [ "$(config_t_get global_rules enable_geoview)" = "1" ] && { + insert_nftset $NFTSET_SHUNTLIST "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}") + insert_nftset $NFTSET_SHUNTLIST6 "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") + [ "$USE_GEOVIEW" = "1" ] && { local geoip_code=$(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g') [ -n "$geoip_code" ] && GEOIP_CODE="${GEOIP_CODE:+$GEOIP_CODE,}$geoip_code" } done + if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then + insert_nftset $NFTSET_SHUNTLIST "0" $(get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}") + insert_nftset $NFTSET_SHUNTLIST6 "0" $(get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") + echolog " - [$?]解析并加入[分流节点] GeoIP 到 NFTSET 完成" + fi } - if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then - insert_nftset $NFTSET_SHUNTLIST "0" $(get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}") - insert_nftset $NFTSET_SHUNTLIST6 "0" $(get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") - echolog " - [$?]解析并加入分流节点 GeoIP 到 NFTSET 完成" - fi # 忽略特殊IP段 local lan_ifname lan_ip