diff --git a/bin/Country.mmdb b/bin/Country.mmdb index a759e96b..484fe68f 100644 Binary files a/bin/Country.mmdb and b/bin/Country.mmdb differ diff --git a/bin/clash/clash-linux-386 b/bin/clash/clash-linux-386 index e100b56d..e123fe12 100644 Binary files a/bin/clash/clash-linux-386 and b/bin/clash/clash-linux-386 differ diff --git a/bin/clash/clash-linux-amd64 b/bin/clash/clash-linux-amd64 index 609e8571..6fee69c2 100644 Binary files a/bin/clash/clash-linux-amd64 and b/bin/clash/clash-linux-amd64 differ diff --git a/bin/clash/clash-linux-armv5 b/bin/clash/clash-linux-armv5 index 937a03df..603e01a9 100644 Binary files a/bin/clash/clash-linux-armv5 and b/bin/clash/clash-linux-armv5 differ diff --git a/bin/clash/clash-linux-armv7 b/bin/clash/clash-linux-armv7 index cb351369..e09fe382 100644 Binary files a/bin/clash/clash-linux-armv7 and b/bin/clash/clash-linux-armv7 differ diff --git a/bin/clash/clash-linux-armv8 b/bin/clash/clash-linux-armv8 index 081c3eaa..cee8618e 100644 Binary files a/bin/clash/clash-linux-armv8 and b/bin/clash/clash-linux-armv8 differ diff --git a/bin/clash/clash-linux-mips-softfloat b/bin/clash/clash-linux-mips-softfloat index fa9fb232..6f0b38ee 100644 Binary files a/bin/clash/clash-linux-mips-softfloat and b/bin/clash/clash-linux-mips-softfloat differ diff --git a/bin/clash/clash-linux-mipsle-hardfloat b/bin/clash/clash-linux-mipsle-hardfloat index 68aafdf7..e2699450 100644 Binary files a/bin/clash/clash-linux-mipsle-hardfloat and b/bin/clash/clash-linux-mipsle-hardfloat differ diff --git a/bin/clash/clash-linux-mipsle-softfloat b/bin/clash/clash-linux-mipsle-softfloat index 0e68c2c8..882a08ab 100644 Binary files a/bin/clash/clash-linux-mipsle-softfloat and b/bin/clash/clash-linux-mipsle-softfloat differ diff --git a/bin/clashfm.tar.gz b/bin/clashfm.tar.gz index 105ee36e..c1964c9e 100644 Binary files a/bin/clashfm.tar.gz and b/bin/clashfm.tar.gz differ diff --git a/bin/clashpre/clash-linux-386 b/bin/clashpre/clash-linux-386 index 8e043dfe..894b20bb 100644 Binary files a/bin/clashpre/clash-linux-386 and b/bin/clashpre/clash-linux-386 differ diff --git a/bin/clashpre/clash-linux-amd64 b/bin/clashpre/clash-linux-amd64 index 89f2e11d..ad8b0224 100644 Binary files a/bin/clashpre/clash-linux-amd64 and b/bin/clashpre/clash-linux-amd64 differ diff --git a/bin/clashpre/clash-linux-armv5 b/bin/clashpre/clash-linux-armv5 index 6b3e3b72..7ba8faf6 100644 Binary files a/bin/clashpre/clash-linux-armv5 and b/bin/clashpre/clash-linux-armv5 differ diff --git a/bin/clashpre/clash-linux-armv7 b/bin/clashpre/clash-linux-armv7 index 60c0f18c..56e9611b 100644 Binary files a/bin/clashpre/clash-linux-armv7 and b/bin/clashpre/clash-linux-armv7 differ diff --git a/bin/clashpre/clash-linux-armv8 b/bin/clashpre/clash-linux-armv8 index 70f8364e..15b70827 100644 Binary files a/bin/clashpre/clash-linux-armv8 and b/bin/clashpre/clash-linux-armv8 differ diff --git a/bin/clashpre/clash-linux-mips-softfloat b/bin/clashpre/clash-linux-mips-softfloat index ca91fce5..a942038d 100644 Binary files a/bin/clashpre/clash-linux-mips-softfloat and b/bin/clashpre/clash-linux-mips-softfloat differ diff --git a/bin/clashpre/clash-linux-mipsle-hardfloat b/bin/clashpre/clash-linux-mipsle-hardfloat index a567069d..5f2c44fa 100644 Binary files a/bin/clashpre/clash-linux-mipsle-hardfloat and b/bin/clashpre/clash-linux-mipsle-hardfloat differ diff --git a/bin/clashpre/clash-linux-mipsle-softfloat b/bin/clashpre/clash-linux-mipsle-softfloat index a8e29416..75a30cdd 100644 Binary files a/bin/clashpre/clash-linux-mipsle-softfloat and b/bin/clashpre/clash-linux-mipsle-softfloat differ diff --git a/bin/cn_mini.mmdb b/bin/cn_mini.mmdb index dd07f054..41243d06 100644 Binary files a/bin/cn_mini.mmdb and b/bin/cn_mini.mmdb differ diff --git a/bin/release_version b/bin/release_version index 95232d53..df1029d8 100644 --- a/bin/release_version +++ b/bin/release_version @@ -1,8 +1,7 @@ +1.3.0 1.2.0 1.1.0 -1.0.0beta18.2 1.0.0beta17 -1.0.0beta15 1.0.0beta11 1.0.0beta5 0.9.7 diff --git a/bin/version b/bin/version index e7af56ce..be0677fd 100644 --- a/bin/version +++ b/bin/version @@ -1,4 +1,4 @@ -clash_v=1.5.0 -clashpre_v=2021.04.08 -GeoIP_v=20210409 -versionsh=1.2.4 +clash_v=1.6.0 +clashpre_v=2021.05.08 +GeoIP_v=20210514 +versionsh=1.3.2 diff --git a/install.sh b/install.sh index 8890cf5f..b4cec0fe 100644 --- a/install.sh +++ b/install.sh @@ -37,7 +37,7 @@ webget(){ url="https://cdn.jsdelivr.net/gh/juewuy/ShellClash" if [ "$test" -gt 0 ];then url="https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master" - [ "$test" -eq 2 ] && url="http://192.168.31.31:8080/ShellClash" + [ "$test" -eq 2 ] && url="http://192.168.0.4:8080/ShellClash" [ "$test" -eq 3 ] && url="http://192.168.123.90:8080/clash-for-Miwifi" else webget /tmp/clashrelease $url@master/bin/release_version echoon rediroff 2>/tmp/clashrelease diff --git a/scripts/clash.sh b/scripts/clash.sh index 925ac5b5..1653df49 100644 --- a/scripts/clash.sh +++ b/scripts/clash.sh @@ -471,8 +471,7 @@ localproxy(){ echo ----------------------------------------------- echo -e " 1 \033[36m$proxy_set本机代理\033[0m" echo -e " 2 使用\033[32m环境变量\033[0m方式配置" - echo -e " 3 使用\033[32mGNOME桌面API\033[0m配置" - echo -e " 4 使用\033[32mKDE桌面API\033[0m配置" + echo -e " 3 使用\033[32miptables增强模式\033[0m配置(仅支持Linux系统)" echo -e " 0 返回上级菜单" echo ----------------------------------------------- read -p "请输入对应数字 > " num @@ -493,6 +492,7 @@ localproxy(){ $clashdir/start.sh set_proxy $mix_port $db_port echo -e "\033[32m已经成功使用$local_proxy_type方式配置本机代理~\033[0m" [ "$local_proxy_type" = "环境变量" ] && echo -e "\033[36m如未生效,请重新启动终端或重新连接SSH!\033[0m" && sleep 1 + [ "$local_proxy_type" = "iptables增强模式" ] && $clashdir/start.sh start fi else local_proxy=未开启 @@ -506,20 +506,25 @@ localproxy(){ setconfig local_proxy_type $local_proxy_type localproxy elif [ "$num" = 3 ]; then - if gsettings --version >/dev/null 2>&1 ;then - local_proxy_type="GNOME" + [ -w /etc/systemd/system/clash.service ] && servdir=/etc/systemd/system/clash.service + [ -w /usr/lib/systemd/system/clash.service ] && servdir=/usr/lib/systemd/system/clash.service + if [ -n "$servdir" ];then + #检测用户如无则创建并提权 + if [ -z "$(id shellclash 2>/dev/null | grep 'root')" ];then + userdel shellclash 2>/dev/null + useradd shellclash -u 7890 + sed -Ei s/7890:7890/0:7890/g /etc/passwd + fi + #停止clash服务 + $clashdir/start.sh stop + #修改service文件,使用shellclash用户运行clash服务 + setconfig ExecStart "su\ shellclash\ -c\ \"$bindir/clash\ -d\ $bindir\"" $servdir + systemctl daemon-reload + #修改模式变量 + local_proxy_type="iptables增强模式" setconfig local_proxy_type $local_proxy_type else - echo -e "\033[31m没有找到GNOME桌面,无法设置!\033[0m" - sleep 1 - fi - localproxy - elif [ "$num" = 4 ]; then - if kwriteconfig5 -h >/dev/null 2>&1 ;then - local_proxy_type="KDE" - setconfig local_proxy_type $local_proxy_type - else - echo -e "\033[31m没有找到KDE桌面,无法设置!\033[0m" + echo -e "\033[31m当前设备无法使用增强模式!\033[0m" sleep 1 fi localproxy @@ -660,7 +665,7 @@ clashcfg(){ echo -e " 3 跳过本地证书验证: \033[36m$skip_cert\033[0m ————解决节点证书验证错误" echo -e " 4 只代理常用端口: \033[36m$common_ports\033[0m ————用于过滤P2P流量" echo -e " 5 过滤局域网设备: \033[36m$mac_return\033[0m ————使用黑名单/白名单进行过滤" - echo -e " 6 设置本机代理服务: \033[36m$local_proxy\033[0m ————使用环境变量或GUI/api配置本机代理" + echo -e " 6 设置本机代理服务: \033[36m$local_proxy\033[0m ————使用环境变量或iptables配置本机代理" echo ----------------------------------------------- echo -e " 0 返回上级菜单 \033[0m" echo ----------------------------------------------- diff --git a/scripts/clashservice b/scripts/clashservice index 7d203479..745210d4 100644 --- a/scripts/clashservice +++ b/scripts/clashservice @@ -1,6 +1,6 @@ #!/bin/sh /etc/rc.common -START=92 +START=101 SERVICE_DAEMONIZE=1 SERVICE_WRITE_PID=1 diff --git a/scripts/getdate.sh b/scripts/getdate.sh index 3a42e1b5..33c19e92 100644 --- a/scripts/getdate.sh +++ b/scripts/getdate.sh @@ -355,6 +355,7 @@ gettar(){ mv $clashdir/clash.service $sysdir/clash.service sed -i "s%/etc/clash%$clashdir%g" $sysdir/clash.service systemctl daemon-reload + #useradd shellclash else #设为保守模式启动 sed -i '/start_old=*/'d $clashdir/mark @@ -849,6 +850,8 @@ update(){ rm -rf /etc/systemd/system/clash.service rm -rf /usr/lib/systemd/system/clash.service rm -rf /www/clash + sed -Ei s/0:7890/7890:7890/g /etc/passwd + userdel -r shellclash 2>/dev/null echo ----------------------------------------------- echo -e "\033[36m已卸载ShellClash相关文件!有缘再会!\033[0m" echo -e "\033[33m请手动关闭当前窗口以重置环境变量!\033[0m" diff --git a/scripts/start.sh b/scripts/start.sh index 0e0f48fd..8c9d824b 100644 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -417,6 +417,50 @@ start_udp(){ fi iptables -t mangle -A PREROUTING -p udp $lanhost -j clash } +start_output(){ + #流量过滤规则 + iptables -t nat -N clash_out + iptables -t nat -A clash_out -m owner --gid-owner 7890 -j RETURN + iptables -t nat -A clash_out -d 0.0.0.0/8 -j RETURN + iptables -t nat -A clash_out -d 10.0.0.0/8 -j RETURN + iptables -t nat -A clash_out -d 127.0.0.0/8 -j RETURN + iptables -t nat -A clash_out -d 169.254.0.0/16 -j RETURN + iptables -t nat -A clash_out -d 172.16.0.0/12 -j RETURN + iptables -t nat -A clash_out -d 192.168.0.0/16 -j RETURN + iptables -t nat -A clash_out -d 224.0.0.0/4 -j RETURN + iptables -t nat -A clash_out -d 240.0.0.0/4 -j RETURN + if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then + #mac白名单 + for mac in $(cat $clashdir/mac); do + iptables -t nat -A clash_out -p tcp $ports -m mac --mac-source $mac -j REDIRECT --to-ports $redir_port + done + else + #mac黑名单 + for mac in $(cat $clashdir/mac); do + iptables -t nat -A clash_out -m mac --mac-source $mac -j RETURN + done + iptables -t nat -A clash_out -p tcp $ports -j REDIRECT --to-ports $redir_port + fi + iptables -t nat -A OUTPUT -p tcp -j clash_out + #设置dns转发 + iptables -t nat -N clash_dns_out + iptables -t nat -A clash_dns_out -m owner --gid-owner 7890 -j RETURN + if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then + #mac白名单 + for mac in $(cat $clashdir/mac); do + iptables -t nat -A clash_dns_out -p udp --dport 53 -m mac --mac-source $mac -j REDIRECT --to $dns_port + iptables -t nat -A clash_dns_out -p tcp --dport 53 -m mac --mac-source $mac -j REDIRECT --to $dns_port + done + else + #mac黑名单 + for mac in $(cat $clashdir/mac); do + iptables -t nat -A clash_dns_out -m mac --mac-source $mac -j RETURN + done + iptables -t nat -A clash_dns_out -p udp --dport 53 -j REDIRECT --to $dns_port + iptables -t nat -A clash_dns_out -p tcp --dport 53 -j REDIRECT --to $dns_port + fi + iptables -t nat -A OUTPUT -p udp -j clash_dns_out +} stop_iptables(){ gethost #获取本地局域网地址段 #重置iptables规则 @@ -431,6 +475,13 @@ stop_iptables(){ iptables -t nat -F clash_dns 2> /dev/null iptables -t nat -X clash_dns 2> /dev/null iptables -D FORWARD -o utun -j ACCEPT 2> /dev/null + #重置output规则 + iptables -t nat -D OUTPUT -p tcp -j clash_out 2> /dev/null + iptables -t nat -F clash_out 2> /dev/null + iptables -t nat -X clash_out 2> /dev/null + iptables -t nat -D OUTPUT -p udp -j clash_dns_out 2> /dev/null + iptables -t nat -F clash_dns_out 2> /dev/null + iptables -t nat -X clash_dns_out 2> /dev/null #重置udp规则 iptables -t mangle -D PREROUTING -p udp $lanhost -j clash 2> /dev/null iptables -t mangle -F clash 2> /dev/null @@ -682,14 +733,9 @@ cronset) ;; set_proxy) getconfig - #GNOME配置 - if [ "$local_proxy_type" = "GNOME" ];then - gsettings set org.gnome.system.proxy autoconfig-url "http://127.0.0.1:$db_port/ui/pac" - gsettings set org.gnome.system.proxy mode "auto" - #KDE配置 - elif [ "$local_proxy_type" = "KDE" ];then - kwriteconfig5 --file kioslaverc --group "Proxy Settings" --key "Proxy Config Script" "http://127.0.0.1:$db_port/ui/pac" - kwriteconfig5 --file kioslaverc --group "Proxy Settings" --key "ProxyType" 2 + #iptables增强模式 + if [ "$local_proxy_type" = "iptables增强模式" ];then + start_output #环境变量方式 else [ -w ~/.bashrc ] && profile=~/.bashrc @@ -698,16 +744,7 @@ set_proxy) echo 'export ALL_PROXY=$all_proxy' >> $profile fi ;; -unset_proxy) - #GNOME配置 - if gsettings --version >/dev/null 2>&1 ;then - gsettings set org.gnome.system.proxy mode "none" - fi - #KDE配置 - if kwriteconfig5 -h >/dev/null 2>&1 ;then - kwriteconfig5 --file kioslaverc --group "Proxy Settings" --key "ProxyType" 0 - fi - #环境变量方式 +unset_proxy) [ -w ~/.bashrc ] && profile=~/.bashrc [ -w /etc/profile ] && profile=/etc/profile sed -i '/all_proxy/'d $profile