~继续拆分脚本
~重写公网防火墙功能
This commit is contained in:
juewuy
@@ -9,9 +9,9 @@ settings() { #功能设置
|
||||
echo "-----------------------------------------------"
|
||||
echo -e "\033[30;47m欢迎使用功能设置菜单:\033[0m"
|
||||
echo "-----------------------------------------------"
|
||||
echo -e " 1 设置代理模式: \033[36m$redir_mod\033[0m"
|
||||
echo -e " 2 设置DNS模式: \033[36m$dns_mod\033[0m"
|
||||
echo -e " 3 设置各类流量过滤"
|
||||
echo -e " 1 代理模式设置: \033[36m$redir_mod\033[0m"
|
||||
echo -e " 2 DNS设置: \033[36m$dns_mod\033[0m"
|
||||
echo -e " 3 透明路由流量过滤"
|
||||
[ "$disoverride" != "1" ] && {
|
||||
echo -e " 4 跳过证书验证: \033[36m$skip_cert\033[0m"
|
||||
echo -e " 5 启用域名嗅探: \033[36m$sniffer\033[0m"
|
||||
@@ -224,13 +224,12 @@ set_redir_mod() { #代理模式设置
|
||||
set_redir_mod
|
||||
;;
|
||||
5)
|
||||
redir_mod=TCP旁路转发
|
||||
redir_mod='TCP旁路转发'
|
||||
set_redir_config
|
||||
set_redir_mod
|
||||
;;
|
||||
6)
|
||||
redir_mod=T &
|
||||
U旁路转发
|
||||
redir_mod='T&U旁路转发'
|
||||
set_redir_config
|
||||
set_redir_mod
|
||||
;;
|
||||
@@ -915,17 +914,13 @@ set_firewall_vm(){
|
||||
esac
|
||||
setconfig vm_redir $vm_redir
|
||||
setconfig vm_ipv4 "'$vm_ipv4'"
|
||||
sleep 1
|
||||
set_redir_mod
|
||||
}
|
||||
set_ipv6() { #ipv6设置
|
||||
[ -z "$ipv6_redir" ] && ipv6_redir=未开启
|
||||
[ -z "$ipv6_dns" ] && ipv6_dns=已开启
|
||||
[ -z "$cn_ipv6_route" ] && cn_ipv6_route=未开启
|
||||
echo "-----------------------------------------------"
|
||||
echo -e " 1 ipv6透明代理: \033[36m$ipv6_redir\033[0m ——代理ipv6流量"
|
||||
[ "$disoverride" != "1" ] && echo -e " 2 ipv6-DNS解析: \033[36m$ipv6_dns\033[0m ——决定内置DNS是否返回ipv6地址"
|
||||
echo -e " 3 CNV6绕过内核: \033[36m$cn_ipv6_route\033[0m ——优化性能,不兼容fake-ip"
|
||||
echo -e " 0 返回上级菜单"
|
||||
echo "-----------------------------------------------"
|
||||
read -p "请输入对应数字 > " num
|
||||
@@ -948,22 +943,6 @@ set_ipv6() { #ipv6设置
|
||||
setconfig ipv6_dns $ipv6_dns
|
||||
set_ipv6
|
||||
;;
|
||||
3)
|
||||
if [ "$ipv6_redir" = "未开启" ]; then
|
||||
ipv6_support=已开启
|
||||
ipv6_redir=已开启
|
||||
setconfig ipv6_redir $ipv6_redir
|
||||
setconfig ipv6_support $ipv6_support
|
||||
fi
|
||||
if [ -n "$(ipset -v 2>/dev/null)" ] || [ "$firewall_mod" = nftables ]; then
|
||||
[ "$cn_ipv6_route" = "未开启" ] && cn_ipv6_route=已开启 || cn_ipv6_route=未开启
|
||||
setconfig cn_ipv6_route $cn_ipv6_route
|
||||
else
|
||||
echo -e "\033[31m当前设备缺少ipset模块或防火墙未使用nftables,无法启用绕过功能!!\033[0m"
|
||||
sleep 1
|
||||
fi
|
||||
set_ipv6
|
||||
;;
|
||||
*)
|
||||
errornum
|
||||
;;
|
||||
@@ -1,6 +1,7 @@
|
||||
#!/bin/sh
|
||||
# Copyright (C) Juewuy
|
||||
. "$GT_CFG_PATH"
|
||||
. "$CRASHDIR"/menus/check_port.sh
|
||||
|
||||
gateway(){ #访问与控制主菜单
|
||||
echo -----------------------------------------------
|
||||
@@ -15,13 +16,13 @@ gateway(){ #访问与控制主菜单
|
||||
echo -e " 6 配置\033[36mTailscale内网穿透\033[0m(限Singbox) \033[32m$ts_service\033[0m"
|
||||
echo -e " 7 配置\033[36mWireguard客户端\033[0m(限Singbox) \033[32m$wg_service\033[0m"
|
||||
}
|
||||
echo -e " 0 返回上级菜单 \033[0m"
|
||||
echo -e " 0 返回上级菜单"
|
||||
echo -----------------------------------------------
|
||||
read -p "请输入对应数字 > " num
|
||||
case "$num" in
|
||||
0) ;;
|
||||
1)
|
||||
set_pub_fw
|
||||
set_fw_wan
|
||||
gateway
|
||||
;;
|
||||
2)
|
||||
@@ -61,43 +62,58 @@ gateway(){ #访问与控制主菜单
|
||||
*) errornum ;;
|
||||
esac
|
||||
}
|
||||
set_pub_fw() { #公网防火墙设置
|
||||
[ -z "$public_support" ] && public_support=未开启
|
||||
[ -z "$public_mixport" ] && public_mixport=未开启
|
||||
set_fw_wan() { #公网防火墙设置
|
||||
[ -z "$fw_wan" ] && fw_wan=ON
|
||||
echo -----------------------------------------------
|
||||
echo -e " 1 公网访问Dashboard面板: \033[36m$public_support\033[0m"
|
||||
echo -e " 2 公网访问Socks/Http代理: \033[36m$public_mixport\033[0m"
|
||||
echo -e "\033[31m注意:\033[0m如在vps运行,还需在vps安全策略对相关端口同时放行"
|
||||
[ -n "$fw_wan_ports" ] &&
|
||||
echo -e "当前放行端口:\033[36m$fw_wan_ports\033[0m"
|
||||
echo -e "默认拦截端口:\033[33m$dns_port,$mix_port,$db_port\033[0m"
|
||||
echo -----------------------------------------------
|
||||
echo -e " 1 启用/关闭公网防火墙: \033[36m$fw_wan\033[0m"
|
||||
echo -e " 2 添加放行端口(可包含默认拦截端口)"
|
||||
echo -e " 3 移除指定放行端口"
|
||||
echo -e " 0 返回上级菜单"
|
||||
echo -----------------------------------------------
|
||||
read -p "请输入对应数字 > " num
|
||||
case $num in
|
||||
1)
|
||||
if [ "$public_support" = "未开启" ]; then
|
||||
public_support=已开启
|
||||
else
|
||||
public_support=未开启
|
||||
fi
|
||||
setconfig public_support $public_support
|
||||
setfirewall
|
||||
;;
|
||||
[ "$fw_wan" = ON ] && fw_wan=OFF || fw_wan=ON
|
||||
setconfig ts_service "$ts_service"
|
||||
set_fw_wan
|
||||
;;
|
||||
2)
|
||||
if [ "$public_mixport" = "未开启" ]; then
|
||||
if [ "$mix_port" = "7890" -o -z "$authentication" ]; then
|
||||
echo -----------------------------------------------
|
||||
echo -e "\033[33m为了安全考虑,请先修改默认Socks/Http端口并设置代理密码\033[0m"
|
||||
sleep 1
|
||||
setport
|
||||
port_count=$(echo "$fw_wan_ports" | awk -F',' '{print NF}' )
|
||||
if [ "$port_count" -ge 10 ];then
|
||||
echo -e "\033[31m最多支持设置放行10个端口,请先减少一些!\033[0m"
|
||||
else
|
||||
read -p "请输入要放行的端口号 > " port
|
||||
if echo ",$fw_wan_ports," | grep -q ",$port,";then
|
||||
echo -e "\033[31m输入错误!请勿重复添加!\033[0m"
|
||||
elif [ "$port" -lt 1 ] || [ "$port" -gt 65535 ]; then
|
||||
echo -e "\033[31m输入错误!请输入正确的数值(1-65535)!\033[0m"
|
||||
else
|
||||
public_mixport=已开启
|
||||
fw_wan_ports=$(echo "$fw_wan_ports,$port" | sed "s/^,//")
|
||||
setconfig fw_wan_ports "$fw_wan_ports"
|
||||
fi
|
||||
fi
|
||||
sleep 1
|
||||
set_fw_wan
|
||||
;;
|
||||
3)
|
||||
read -p "请输入要移除的端口号 > " port
|
||||
if echo ",$fw_wan_ports," | grep -q ",$port,";then
|
||||
if [ "$port" -lt 1 ] || [ "$port" -gt 65535 ]; then
|
||||
echo -e "\033[31m输入错误!请输入正确的数值(1-65535)!\033[0m"
|
||||
else
|
||||
fw_wan_ports=$(echo ",$fw_wan_ports," | sed "s/,$port//; s/^,//; s/,$//")
|
||||
setconfig fw_wan_ports "$fw_wan_ports"
|
||||
fi
|
||||
else
|
||||
public_mixport=未开启
|
||||
echo -e "\033[31m输入错误!请输入已添加过的端口!\033[0m"
|
||||
fi
|
||||
setconfig public_mixport $public_mixport
|
||||
setfirewall
|
||||
;;
|
||||
3)
|
||||
set_cust_host_ipv4
|
||||
setfirewall
|
||||
sleep 1
|
||||
set_fw_wan
|
||||
;;
|
||||
*)
|
||||
errornum
|
||||
@@ -192,7 +208,7 @@ set_bot_tg(){
|
||||
}
|
||||
set_vmess(){
|
||||
echo -----------------------------------------------
|
||||
echo -e "\033[31m注意:\033[0m启动内核服务后会自动开放相应端口公网访问,请谨慎使用!\n 脚本只提供基础功能,更多需求请使用自定义配置文件功能!"
|
||||
echo -e "\033[31m注意:\033[0m设置的端口会添加到公网访问防火墙并自动放行!\n 脚本只提供基础功能,更多需求请用自定义配置文件功能!"
|
||||
echo -----------------------------------------------
|
||||
echo -e " 1 \033[32m启用/关闭\033[0mVmess入站 \033[32m$vms_service\033[0m"
|
||||
echo -----------------------------------------------
|
||||
@@ -218,10 +234,11 @@ set_vmess(){
|
||||
2)
|
||||
read -p "请输入端口号(输入0删除) > " text
|
||||
[ "$text" = 0 ] && unset vms_port
|
||||
. "$CRASHDIR"/menus/check_port.sh
|
||||
if check_port "$text"; then
|
||||
vms_port="$text"
|
||||
setconfig vms_port "$text" "$CFG"
|
||||
fw_wan_ports=$(echo "$fw_wan_ports,$vms_port" | sed "s/^,//")
|
||||
setconfig fw_wan_ports "$fw_wan_ports"
|
||||
else
|
||||
sleep 1
|
||||
fi
|
||||
@@ -263,7 +280,7 @@ set_vmess(){
|
||||
set_shadowsocks(){
|
||||
[ -z "$sss_cipher" ] && sss_cipher='xchacha20-ietf-poly1305'
|
||||
echo -----------------------------------------------
|
||||
echo -e "\033[31m注意:\033[0m启动内核服务后会自动开放相应端口公网访问,请谨慎使用!\n 脚本只提供基础功能,更多需求请使用自定义配置文件功能!"
|
||||
echo -e "\033[31m注意:\033[0m设置的端口会添加到公网访问防火墙并自动放行!\n 脚本只提供基础功能,更多需求请用自定义配置文件功能!"
|
||||
echo -----------------------------------------------
|
||||
echo -e " 1 \033[32m启用/关闭\033[0mShadowSocks入站 \033[32m$sss_service\033[0m"
|
||||
echo -----------------------------------------------
|
||||
@@ -288,10 +305,11 @@ set_shadowsocks(){
|
||||
2)
|
||||
read -p "请输入端口号(输入0删除) > " text
|
||||
[ "$text" = 0 ] && unset sss_port
|
||||
. "$CRASHDIR"/menus/check_port.sh
|
||||
if check_port "$text"; then
|
||||
sss_port="$text"
|
||||
setconfig sss_port "$text" "$CFG"
|
||||
fw_wan_ports=$(echo "$fw_wan_ports,$sss_port" | sed "s/^,//")
|
||||
setconfig fw_wan_ports "$fw_wan_ports"
|
||||
else
|
||||
sleep 1
|
||||
fi
|
||||
@@ -518,183 +518,6 @@ log_pusher() {
|
||||
*) errornum ;;
|
||||
esac
|
||||
}
|
||||
#新手引导
|
||||
userguide(){
|
||||
|
||||
forwhat(){
|
||||
echo "-----------------------------------------------"
|
||||
echo -e "\033[30;46m 欢迎使用ShellCrash新手引导! \033[0m"
|
||||
echo "-----------------------------------------------"
|
||||
echo -e "\033[33m请先选择你的使用环境: \033[0m"
|
||||
echo -e "\033[0m(你之后依然可以在设置中更改各种配置)\033[0m"
|
||||
echo "-----------------------------------------------"
|
||||
echo -e " 1 \033[32m路由设备配置局域网透明代理\033[0m"
|
||||
echo -e " 2 \033[36mLinux设备仅配置本机代理\033[0m"
|
||||
[ -f "$CFG_PATH.bak" ] && echo -e " 3 \033[33m还原之前备份的设置\033[0m"
|
||||
echo "-----------------------------------------------"
|
||||
read -p "请输入对应数字 > " num
|
||||
case "$num" in
|
||||
1)
|
||||
#设置运行模式
|
||||
redir_mod="混合模式"
|
||||
[ -n "$(echo $cputype | grep -E "linux.*mips.*")" ] && {
|
||||
if grep -qE '^TPROXY$' /proc/net/ip_tables_targets || modprobe xt_TPROXY >/dev/null 2>&1; then
|
||||
redir_mod="Tproxy模式"
|
||||
else
|
||||
redir_mod="Redir模式"
|
||||
fi
|
||||
}
|
||||
setconfig crashcore "meta"
|
||||
setconfig redir_mod "$redir_mod"
|
||||
setconfig dns_mod mix
|
||||
setconfig firewall_area '1'
|
||||
#默认启用绕过CN-IP
|
||||
setconfig cn_ip_route 已开启
|
||||
#自动识别IPV6
|
||||
[ -n "$(ip a 2>&1 | grep -w 'inet6' | grep -E 'global' | sed 's/.*inet6.//g' | sed 's/scope.*$//g')" ] && {
|
||||
setconfig ipv6_redir 已开启
|
||||
setconfig ipv6_support 已开启
|
||||
setconfig ipv6_dns 已开启
|
||||
setconfig cn_ipv6_route 已开启
|
||||
}
|
||||
#设置开机启动
|
||||
[ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ] && /etc/init.d/shellcrash enable
|
||||
ckcmd systemctl && [ "$(cat /proc/1/comm)" = "systemd" ] && systemctl enable shellcrash.service > /dev/null 2>&1
|
||||
rm -rf "$CRASHDIR"/.dis_startup
|
||||
autostart=enable
|
||||
#检测IP转发
|
||||
if [ "$(cat /proc/sys/net/ipv4/ip_forward)" = "0" ];then
|
||||
echo "-----------------------------------------------"
|
||||
echo -e "\033[33m检测到你的设备尚未开启ip转发,局域网设备将无法正常连接网络,是否立即开启?\033[0m"
|
||||
read -p "是否开启?(1/0) > " res
|
||||
[ "$res" = 1 ] && {
|
||||
echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
|
||||
sysctl -w net.ipv4.ip_forward=1
|
||||
} && echo "已成功开启ipv4转发,如未正常开启,请手动重启设备!" || echo "开启失败!请自行谷歌查找当前设备的开启方法!"
|
||||
fi
|
||||
#禁止docker启用的net.bridge.bridge-nf-call-iptables
|
||||
sysctl -w net.bridge.bridge-nf-call-iptables=0 > /dev/null 2>&1
|
||||
sysctl -w net.bridge.bridge-nf-call-ip6tables=0 > /dev/null 2>&1
|
||||
;;
|
||||
2)
|
||||
setconfig redir_mod "Redir模式"
|
||||
[ -n "$(echo $cputype | grep -E "linux.*mips.*")" ] && setconfig crashcore "clash"
|
||||
setconfig common_ports "未开启"
|
||||
setconfig firewall_area '2'
|
||||
;;
|
||||
3)
|
||||
mv -f $CFG_PATH.bak $CFG_PATH
|
||||
echo -e "\033[32m脚本设置已还原!\033[0m"
|
||||
echo -e "\033[33m请重新启动脚本!\033[0m"
|
||||
exit 0
|
||||
;;
|
||||
*)
|
||||
errornum
|
||||
forwhat
|
||||
;;
|
||||
esac
|
||||
}
|
||||
forwhat
|
||||
#检测小内存模式
|
||||
dir_size=$(dir_avail "$CRASHDIR")
|
||||
if [ "$dir_size" -lt 10240 ];then
|
||||
echo "-----------------------------------------------"
|
||||
echo -e "\033[33m检测到你的安装目录空间不足10M,是否开启小闪存模式?\033[0m"
|
||||
echo -e "\033[0m开启后核心及数据库文件将被下载到内存中,这将占用一部分内存空间\033[0m"
|
||||
echo -e "\033[0m每次开机后首次运行服务时都会自动的重新下载相关文件\033[0m"
|
||||
echo "-----------------------------------------------"
|
||||
read -p "是否开启?(1/0) > " res
|
||||
[ "$res" = 1 ] && {
|
||||
BINDIR=/tmp/ShellCrash
|
||||
setconfig BINDIR /tmp/ShellCrash "$CRASHDIR"/configs/command.env
|
||||
}
|
||||
fi
|
||||
#检测及下载根证书
|
||||
openssldir="$(openssl version -d 2>&1 | awk -F '"' '{print $2}')"
|
||||
[ ! -d "$openssldir/certs" ] && openssldir=/etc/ssl
|
||||
if [ -d $openssldir/certs -a ! -f $openssldir/certs/ca-certificates.crt ];then
|
||||
echo "-----------------------------------------------"
|
||||
echo -e "\033[33m当前设备未找到根证书文件\033[0m"
|
||||
echo "-----------------------------------------------"
|
||||
read -p "是否下载并安装根证书?(1/0) > " res
|
||||
[ "$res" = 1 ] && checkupdate && getcrt
|
||||
fi
|
||||
#设置加密DNS
|
||||
if [ -s $openssldir/certs/ca-certificates.crt ];then
|
||||
dns_nameserver='https://dns.alidns.com/dns-query, https://doh.pub/dns-query'
|
||||
dns_fallback='https://cloudflare-dns.com/dns-query, https://dns.google/dns-query, https://doh.opendns.com/dns-query'
|
||||
dns_resolver='https://223.5.5.5/dns-query, 2400:3200::1'
|
||||
setconfig dns_nameserver "'$dns_nameserver'"
|
||||
setconfig dns_fallback "'$dns_fallback'"
|
||||
setconfig dns_resolver "'$dns_resolver'"
|
||||
fi
|
||||
#开启公网访问
|
||||
sethost(){
|
||||
read -p "请输入你的公网IP地址 > " host
|
||||
echo $host | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'
|
||||
if [ -z "$host" ];then
|
||||
echo -e "\033[31m请输入正确的IP地址!\033[0m"
|
||||
sethost
|
||||
fi
|
||||
}
|
||||
if ckcmd systemctl;then
|
||||
echo "-----------------------------------------------"
|
||||
echo -e "\033[32m是否开启公网访问Dashboard面板及socks服务?\033[0m"
|
||||
echo -e "注意当前设备必须有公网IP才能从公网正常访问"
|
||||
echo -e "\033[31m此功能会增加暴露风险请谨慎使用!\033[0m"
|
||||
echo -e "vps设备可能还需要额外在服务商后台开启相关端口"
|
||||
read -p "现在开启?(1/0) > " res
|
||||
if [ "$res" = 1 ];then
|
||||
read -p "请先设置面板访问秘钥 > " secret
|
||||
read -p "请先修改Socks服务端口(1-65535) > " mix_port
|
||||
read -p "请先设置Socks服务密码(账号默认为crash) > " sec
|
||||
[ -z "$sec" ] && authentication=crash:$sec
|
||||
host=$(curl ip.sb 2>/dev/null | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')
|
||||
if [ -z "$host" ];then
|
||||
sethost
|
||||
fi
|
||||
public_support=已开启
|
||||
setconfig secret $secret
|
||||
setconfig mix_port $mix_port
|
||||
setconfig host $host
|
||||
setconfig public_support $public_support
|
||||
setconfig authentication "'$authentication'"
|
||||
fi
|
||||
fi
|
||||
#启用推荐的自动任务配置
|
||||
. "$CRASHDIR"/task/task.sh && task_recom
|
||||
#小米设备软固化
|
||||
if [ "$systype" = "mi_snapshot" ];then
|
||||
echo "-----------------------------------------------"
|
||||
echo -e "\033[33m检测到为小米路由设备,启用软固化可防止路由升级后丢失SSH\033[0m"
|
||||
read -p "是否启用软固化功能?(1/0) > " res
|
||||
[ "$res" = 1 ] && mi_autoSSH
|
||||
fi
|
||||
#提示导入订阅或者配置文件
|
||||
[ ! -s "$CRASHDIR"/yamls/config.yaml -a ! -s "$CRASHDIR"/jsons/config.json ] && {
|
||||
echo "-----------------------------------------------"
|
||||
echo -e "\033[32m是否导入配置文件?\033[0m(这是运行前的最后一步)"
|
||||
echo -e "\033[0m你必须拥有一份配置文件才能运行服务!\033[0m"
|
||||
echo "-----------------------------------------------"
|
||||
read -p "现在开始导入?(1/0) > " res
|
||||
[ "$res" = 1 ] && inuserguide=1 && {
|
||||
if [ -f "$CRASHDIR"/v2b_api.sh ];then
|
||||
. "$CRASHDIR"/v2b_api.sh
|
||||
else
|
||||
set_core_config
|
||||
fi
|
||||
set_core_config
|
||||
inuserguide=""
|
||||
}
|
||||
}
|
||||
#回到主界面
|
||||
echo "-----------------------------------------------"
|
||||
echo -e "\033[36m很好!现在只需要执行启动就可以愉快的使用了!\033[0m"
|
||||
echo "-----------------------------------------------"
|
||||
read -p "立即启动服务?(1/0) > " res
|
||||
[ "$res" = 1 ] && start_core && sleep 2
|
||||
main_menu
|
||||
}
|
||||
#测试菜单
|
||||
testcommand(){
|
||||
echo "$crashcore" | grep -q 'singbox' && config_path=${JSONSDIR}/config.json || config_path=${YAMLSDIR}/config.yaml
|
||||
@@ -882,3 +705,180 @@ debug(){
|
||||
esac
|
||||
}
|
||||
|
||||
#新手引导
|
||||
userguide(){
|
||||
|
||||
forwhat(){
|
||||
echo "-----------------------------------------------"
|
||||
echo -e "\033[30;46m 欢迎使用ShellCrash新手引导! \033[0m"
|
||||
echo "-----------------------------------------------"
|
||||
echo -e "\033[33m请先选择你的使用环境: \033[0m"
|
||||
echo -e "\033[0m(你之后依然可以在设置中更改各种配置)\033[0m"
|
||||
echo "-----------------------------------------------"
|
||||
echo -e " 1 \033[32m路由设备配置局域网透明代理\033[0m"
|
||||
echo -e " 2 \033[36mLinux设备仅配置本机代理\033[0m"
|
||||
[ -f "$CFG_PATH.bak" ] && echo -e " 3 \033[33m还原之前备份的设置\033[0m"
|
||||
echo "-----------------------------------------------"
|
||||
read -p "请输入对应数字 > " num
|
||||
case "$num" in
|
||||
1)
|
||||
#设置运行模式
|
||||
redir_mod="混合模式"
|
||||
[ -n "$(echo $cputype | grep -E "linux.*mips.*")" ] && {
|
||||
if grep -qE '^TPROXY$' /proc/net/ip_tables_targets || modprobe xt_TPROXY >/dev/null 2>&1; then
|
||||
redir_mod="Tproxy模式"
|
||||
else
|
||||
redir_mod="Redir模式"
|
||||
fi
|
||||
}
|
||||
setconfig crashcore "meta"
|
||||
setconfig redir_mod "$redir_mod"
|
||||
setconfig dns_mod mix
|
||||
setconfig firewall_area '1'
|
||||
#默认启用绕过CN-IP
|
||||
setconfig cn_ip_route 已开启
|
||||
#自动识别IPV6
|
||||
[ -n "$(ip a 2>&1 | grep -w 'inet6' | grep -E 'global' | sed 's/.*inet6.//g' | sed 's/scope.*$//g')" ] && {
|
||||
setconfig ipv6_redir 已开启
|
||||
setconfig ipv6_support 已开启
|
||||
setconfig ipv6_dns 已开启
|
||||
setconfig cn_ipv6_route 已开启
|
||||
}
|
||||
#设置开机启动
|
||||
[ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ] && /etc/init.d/shellcrash enable
|
||||
ckcmd systemctl && [ "$(cat /proc/1/comm)" = "systemd" ] && systemctl enable shellcrash.service > /dev/null 2>&1
|
||||
rm -rf "$CRASHDIR"/.dis_startup
|
||||
autostart=enable
|
||||
#检测IP转发
|
||||
if [ "$(cat /proc/sys/net/ipv4/ip_forward)" = "0" ];then
|
||||
echo "-----------------------------------------------"
|
||||
echo -e "\033[33m检测到你的设备尚未开启ip转发,局域网设备将无法正常连接网络,是否立即开启?\033[0m"
|
||||
read -p "是否开启?(1/0) > " res
|
||||
[ "$res" = 1 ] && {
|
||||
echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
|
||||
sysctl -w net.ipv4.ip_forward=1
|
||||
} && echo "已成功开启ipv4转发,如未正常开启,请手动重启设备!" || echo "开启失败!请自行谷歌查找当前设备的开启方法!"
|
||||
fi
|
||||
#禁止docker启用的net.bridge.bridge-nf-call-iptables
|
||||
sysctl -w net.bridge.bridge-nf-call-iptables=0 > /dev/null 2>&1
|
||||
sysctl -w net.bridge.bridge-nf-call-ip6tables=0 > /dev/null 2>&1
|
||||
;;
|
||||
2)
|
||||
setconfig redir_mod "Redir模式"
|
||||
[ -n "$(echo $cputype | grep -E "linux.*mips.*")" ] && setconfig crashcore "clash"
|
||||
setconfig common_ports "未开启"
|
||||
setconfig firewall_area '2'
|
||||
;;
|
||||
3)
|
||||
mv -f $CFG_PATH.bak $CFG_PATH
|
||||
echo -e "\033[32m脚本设置已还原!\033[0m"
|
||||
echo -e "\033[33m请重新启动脚本!\033[0m"
|
||||
exit 0
|
||||
;;
|
||||
*)
|
||||
errornum
|
||||
forwhat
|
||||
;;
|
||||
esac
|
||||
}
|
||||
forwhat
|
||||
#检测小内存模式
|
||||
dir_size=$(dir_avail "$CRASHDIR")
|
||||
if [ "$dir_size" -lt 10240 ];then
|
||||
echo "-----------------------------------------------"
|
||||
echo -e "\033[33m检测到你的安装目录空间不足10M,是否开启小闪存模式?\033[0m"
|
||||
echo -e "\033[0m开启后核心及数据库文件将被下载到内存中,这将占用一部分内存空间\033[0m"
|
||||
echo -e "\033[0m每次开机后首次运行服务时都会自动的重新下载相关文件\033[0m"
|
||||
echo "-----------------------------------------------"
|
||||
read -p "是否开启?(1/0) > " res
|
||||
[ "$res" = 1 ] && {
|
||||
BINDIR=/tmp/ShellCrash
|
||||
setconfig BINDIR /tmp/ShellCrash "$CRASHDIR"/configs/command.env
|
||||
}
|
||||
fi
|
||||
#检测及下载根证书
|
||||
openssldir="$(openssl version -d 2>&1 | awk -F '"' '{print $2}')"
|
||||
[ ! -d "$openssldir/certs" ] && openssldir=/etc/ssl
|
||||
if [ -d $openssldir/certs -a ! -f $openssldir/certs/ca-certificates.crt ];then
|
||||
echo "-----------------------------------------------"
|
||||
echo -e "\033[33m当前设备未找到根证书文件\033[0m"
|
||||
echo "-----------------------------------------------"
|
||||
read -p "是否下载并安装根证书?(1/0) > " res
|
||||
[ "$res" = 1 ] && checkupdate && getcrt
|
||||
fi
|
||||
#设置加密DNS
|
||||
if [ -s $openssldir/certs/ca-certificates.crt ];then
|
||||
dns_nameserver='https://dns.alidns.com/dns-query, https://doh.pub/dns-query'
|
||||
dns_fallback='https://cloudflare-dns.com/dns-query, https://dns.google/dns-query, https://doh.opendns.com/dns-query'
|
||||
dns_resolver='https://223.5.5.5/dns-query, 2400:3200::1'
|
||||
setconfig dns_nameserver "'$dns_nameserver'"
|
||||
setconfig dns_fallback "'$dns_fallback'"
|
||||
setconfig dns_resolver "'$dns_resolver'"
|
||||
fi
|
||||
#开启公网访问
|
||||
sethost(){
|
||||
read -p "请输入你的公网IP地址 > " host
|
||||
echo $host | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'
|
||||
if [ -z "$host" ];then
|
||||
echo -e "\033[31m请输入正确的IP地址!\033[0m"
|
||||
sethost
|
||||
fi
|
||||
}
|
||||
if ckcmd systemctl;then
|
||||
echo "-----------------------------------------------"
|
||||
echo -e "\033[32m是否开启公网访问Dashboard面板及socks服务?\033[0m"
|
||||
echo -e "注意当前设备必须有公网IP才能从公网正常访问"
|
||||
echo -e "\033[31m此功能会增加暴露风险请谨慎使用!\033[0m"
|
||||
echo -e "vps设备可能还需要额外在服务商后台开启相关端口"
|
||||
read -p "现在开启?(1/0) > " res
|
||||
if [ "$res" = 1 ];then
|
||||
read -p "请先设置面板访问秘钥 > " secret
|
||||
read -p "请先修改Socks服务端口(1-65535) > " mix_port
|
||||
read -p "请先设置Socks服务密码(账号默认为crash) > " sec
|
||||
[ -z "$sec" ] && authentication=crash:$sec
|
||||
host=$(curl ip.sb 2>/dev/null | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')
|
||||
if [ -z "$host" ];then
|
||||
sethost
|
||||
fi
|
||||
public_support=已开启
|
||||
setconfig secret $secret
|
||||
setconfig mix_port $mix_port
|
||||
setconfig host $host
|
||||
setconfig public_support $public_support
|
||||
setconfig authentication "'$authentication'"
|
||||
fi
|
||||
fi
|
||||
#启用推荐的自动任务配置
|
||||
. "$CRASHDIR"/task/task.sh && task_recom
|
||||
#小米设备软固化
|
||||
if [ "$systype" = "mi_snapshot" ];then
|
||||
echo "-----------------------------------------------"
|
||||
echo -e "\033[33m检测到为小米路由设备,启用软固化可防止路由升级后丢失SSH\033[0m"
|
||||
read -p "是否启用软固化功能?(1/0) > " res
|
||||
[ "$res" = 1 ] && mi_autoSSH
|
||||
fi
|
||||
#提示导入订阅或者配置文件
|
||||
[ ! -s "$CRASHDIR"/yamls/config.yaml -a ! -s "$CRASHDIR"/jsons/config.json ] && {
|
||||
echo "-----------------------------------------------"
|
||||
echo -e "\033[32m是否导入配置文件?\033[0m(这是运行前的最后一步)"
|
||||
echo -e "\033[0m你必须拥有一份配置文件才能运行服务!\033[0m"
|
||||
echo "-----------------------------------------------"
|
||||
read -p "现在开始导入?(1/0) > " res
|
||||
[ "$res" = 1 ] && inuserguide=1 && {
|
||||
if [ -f "$CRASHDIR"/v2b_api.sh ];then
|
||||
. "$CRASHDIR"/v2b_api.sh
|
||||
else
|
||||
set_core_config
|
||||
fi
|
||||
set_core_config
|
||||
inuserguide=""
|
||||
}
|
||||
}
|
||||
#回到主界面
|
||||
echo "-----------------------------------------------"
|
||||
echo -e "\033[36m很好!现在只需要执行启动就可以愉快的使用了!\033[0m"
|
||||
echo "-----------------------------------------------"
|
||||
read -p "立即启动服务?(1/0) > " res
|
||||
[ "$res" = 1 ] && start_core && sleep 2
|
||||
main_menu
|
||||
}
|
||||
@@ -1,178 +0,0 @@
|
||||
#! /bin/bash
|
||||
# Copyright (C) Juewuy
|
||||
|
||||
ddns_dir=/etc/config/ddns
|
||||
tmp_dir=/tmp/ddns_$USER
|
||||
|
||||
[ ! -f $ddns_dir ] && echo -e "本脚本依赖OpenWrt内置的DDNS服务,当前设备无法运行,已退出!" && exit 1
|
||||
echo -----------------------------------------------
|
||||
echo -e "\033[30;46m欢迎使用ShellDDNS!\033[0m"
|
||||
echo -e "TG群:\033[36;4mhttps://t.me/ShellCrash\033[0m"
|
||||
|
||||
add_ddns() {
|
||||
cat >>$ddns_dir <<EOF
|
||||
|
||||
config service '$service'
|
||||
option enabled '1'
|
||||
option force_unit 'hours'
|
||||
option lookup_host '$domain'
|
||||
option service_name '$service_name'
|
||||
option domain '$domain'
|
||||
option username '$username'
|
||||
option use_https '0'
|
||||
option use_ipv6 '$use_ipv6'
|
||||
option password '$password'
|
||||
option ip_source 'web'
|
||||
option ip_url 'http://ip.sb'
|
||||
option check_unit 'minutes'
|
||||
option check_interval '$check_interval'
|
||||
option force_interval '$force_interval'
|
||||
option interface 'wan'
|
||||
option bind_network 'wan'
|
||||
EOF
|
||||
/usr/lib/ddns/dynamic_dns_updater.sh -S $service start >/dev/null 2>&1 &
|
||||
sleep 3
|
||||
echo 服务已经添加!
|
||||
}
|
||||
set_ddns() {
|
||||
echo -----------------------------------------------
|
||||
read -p "请输入你的域名 > " str
|
||||
[ -z "$str" ] && domain=$domain || domain=$str
|
||||
echo -----------------------------------------------
|
||||
read -p "请输入用户名或邮箱 > " str
|
||||
[ -z "$str" ] && username=$username || username=$str
|
||||
echo -----------------------------------------------
|
||||
read -p "请输入密码或令牌秘钥 > " str
|
||||
[ -z "$str" ] && password=$password || password=$str
|
||||
echo -----------------------------------------------
|
||||
read -p "请输入检测更新间隔(单位:分钟;默认为10) > " check_interval
|
||||
[ -z "$check_interval" ] || [ "$check_interval" -lt 1 -o "$check_interval" -gt 1440 ] && check_interval=10
|
||||
echo -----------------------------------------------
|
||||
read -p "请输入强制更新间隔(单位:小时;默认为24) > " force_interval
|
||||
[ -z "$force_interval" ] || [ "$force_interval" -lt 1 -o "$force_interval" -gt 240 ] && force_interval=24
|
||||
echo -----------------------------------------------
|
||||
echo -e "请核对如下信息:"
|
||||
echo -e "服务商: \033[32m$service\033[0m"
|
||||
echo -e "域名: \033[32m$domain\033[0m"
|
||||
echo -e "用户名: \033[32m$username\033[0m"
|
||||
echo -e "检测间隔: \033[32m$check_interval\033[0m"
|
||||
echo -----------------------------------------------
|
||||
read -p "确认添加?(1/0) > " res
|
||||
[ "$res" = 1 ] && add_ddns || set_ddns
|
||||
}
|
||||
|
||||
set_service() {
|
||||
services_dir=/etc/ddns/$serv
|
||||
[ -s $services_dir ] || services_dir=/usr/share/ddns/list
|
||||
echo -----------------------------------------------
|
||||
echo -e "\033[32m请选择服务提供商\033[0m"
|
||||
cat $services_dir | grep -v '^#' | awk '{print " "NR" " $1}'
|
||||
nr=$(cat $services_dir | grep -v '^#' | wc -l)
|
||||
read -p "请输入对应数字 > " num
|
||||
if [ -z "$num" ]; then
|
||||
i=
|
||||
elif [ "$num" -gt 0 -a "$num" -lt $nr ]; then
|
||||
service_name=$(cat $services_dir | grep -v '^#' | awk '{print $1}' | sed -n "$num"p | sed 's/"//g')
|
||||
service=$(echo $service_name | sed 's/\./_/g')
|
||||
set_ddns
|
||||
else
|
||||
echo "输入错误,请重新输入!"
|
||||
sleep 1
|
||||
set_service
|
||||
fi
|
||||
}
|
||||
|
||||
network_type() {
|
||||
echo -----------------------------------------------
|
||||
echo -e "\033[32m请选择网络模式\033[0m"
|
||||
echo -e " 1 \033[36mIPV4\033[0m"
|
||||
echo -e " 2 \033[36mIPV6\033[0m"
|
||||
read -p "请输入对应数字 > " num
|
||||
if [ -z "$num" ]; then
|
||||
i=
|
||||
elif [ "$num" = 1 ]; then
|
||||
use_ipv6=0
|
||||
serv=services
|
||||
set_service
|
||||
elif [ "$num" = 2 ]; then
|
||||
use_ipv6=1
|
||||
serv=services_ipv6
|
||||
set_service
|
||||
else
|
||||
echo "输入错误,请重新输入!"
|
||||
sleep 1
|
||||
network_type
|
||||
fi
|
||||
}
|
||||
|
||||
rev_service() {
|
||||
enabled=$(uci show ddns.$service | grep 'enabled' | awk -F "=" '{print $2}' | tr -d "'\"")
|
||||
[ "$enabled" = 1 ] && enabled_b="停用" || enabled_b="启用"
|
||||
echo -----------------------------------------------
|
||||
echo -e " 1 \033[32m立即更新\033[0m"
|
||||
echo -e " 2 编辑当前服务\033[0m"
|
||||
echo -e " 3 $enabled_b当前服务"
|
||||
echo -e " 4 移除当前服务"
|
||||
echo -e " 5 查看运行日志"
|
||||
echo -e " 0 返回上级菜单"
|
||||
echo -----------------------------------------------
|
||||
read -p "请输入对应数字 > " num
|
||||
if [ -z "$num" -o "$num" = 0 ]; then
|
||||
i=
|
||||
elif [ "$num" = 1 ]; then
|
||||
/usr/lib/ddns/dynamic_dns_updater.sh -S $service start >/dev/null 2>&1 &
|
||||
sleep 3
|
||||
elif [ "$num" = 2 ]; then
|
||||
domain=$(uci show ddns.$service | grep 'domain' | awk -F "=" '{print $2}' | tr -d "'\"")
|
||||
username=$(uci show ddns.$service | grep 'username' | awk -F "=" '{print $2}' | tr -d "'\"")
|
||||
password=$(uci show ddns.$service | grep 'password' | awk -F "=" '{print $2}' | tr -d "'\"")
|
||||
service_name=$(uci show ddns.$service | grep 'service_name' | awk -F "=" '{print $2}' | tr -d "'\"")
|
||||
uci delete ddns.$service
|
||||
set_ddns
|
||||
elif [ "$num" = 3 ]; then
|
||||
[ "$enabled" = 1 ] && uci set ddns.$service.enabled='0' || uci set ddns.$service.enabled='1' && sleep 3
|
||||
uci commit ddns.$service
|
||||
elif [ "$num" = 4 ]; then
|
||||
uci delete ddns.$service
|
||||
uci commit ddns.$service
|
||||
elif [ "$num" = 5 ]; then
|
||||
echo -----------------------------------------------
|
||||
cat /var/log/ddns/$service.log 2>/dev/null
|
||||
sleep 1
|
||||
fi
|
||||
}
|
||||
|
||||
load_ddns() {
|
||||
nr=0
|
||||
cat $ddns_dir | grep 'config service' | awk '{print $3}' | sed "s/\'//g" | sed "s/\"//g" >$tmp_dir
|
||||
echo -----------------------------------------------
|
||||
echo -e "列表 域名 启用 IP地址"
|
||||
echo -----------------------------------------------
|
||||
for service in $(cat $tmp_dir); do
|
||||
#echo $service >>$tmp_dir
|
||||
nr=$((nr + 1))
|
||||
enabled=$(uci show ddns.$service 2>/dev/null | grep 'enabled' | awk -F "=" '{print $2}' | tr -d "'\"")
|
||||
domain=$(uci show ddns.$service 2>/dev/null | grep 'domain' | awk -F "=" '{print $2}' | tr -d "'\"")
|
||||
local_ip=$(sed '1!G;h;$!d' /var/log/ddns/$service.log 2>/dev/null | grep -E 'Registered IP' | tail -1 | awk -F "'" '{print $2}' | tr -d "'\"")
|
||||
echo -e " $nr $domain $enabled $local_ip"
|
||||
done
|
||||
echo -e " $((nr + 1)) 添加DDNS服务"
|
||||
echo -e " 0 退出"
|
||||
echo -----------------------------------------------
|
||||
read -p "请输入对应序号 > " num
|
||||
if [ -z "$num" -o "$num" = 0 ]; then
|
||||
i=
|
||||
elif [ "$num" -gt $nr ]; then
|
||||
network_type
|
||||
load_ddns
|
||||
elif [ "$num" -gt 0 -a "$num" -le $nr ]; then
|
||||
service=$(cat $tmp_dir | sed -n "$num"p)
|
||||
rev_service
|
||||
load_ddns
|
||||
else
|
||||
echo "请输入正确数字!" && load_ddns
|
||||
fi
|
||||
}
|
||||
|
||||
load_ddns
|
||||
rm -rf $tmp_dir
|
||||
@@ -129,7 +129,6 @@ set_dns_adv() { #DNS详细设置
|
||||
echo -e " 3 修改\033[33m解析DNS\033[0m(必须是IP,用于解析其他DNS)"
|
||||
echo -e " 4 DNS防泄漏: \033[36m$dns_protect\033[0m ———启用时少量网站可能连接卡顿"
|
||||
echo -e " 5 hosts优化: \033[36m$hosts_opt\033[0m ———调用本机hosts并劫持NTP服务"
|
||||
#echo -e " 6 Dnsmasq转发:\033[36m$dns_redir\033[0m ———不推荐使用"
|
||||
echo -e " 7 禁用DNS劫持:\033[36m$dns_no\033[0m ———搭配第三方DNS使用"
|
||||
echo -e " 8 一键配置\033[32m加密DNS\033[0m"
|
||||
echo -e " 9 \033[33m重置\033[0m默认DNS配置"
|
||||
|
||||
Reference in New Issue
Block a user