i11th/ruantiblock_openwrt
1
0
Fork 0
mirror of https://github.com/gSpotx2f/ruantiblock_openwrt.git synced 2026-05-14 14:40:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

BYPASS_MODE

Browse Source
This commit is contained in:
gSpot
2023-07-31 01:12:53 +03:00
parent ebaa24c022
commit a3ad091599
17 changed files with 310 additions and 168 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ruantiblock/files/usr/share/ruantiblock/config_script
+1 -1
View File
@@ -1,6 +1,6 @@
AWK_CMD="awk"
UCI_SECTION="ruantiblock.config"
UCI_VARS="proxy_mode proxy_local_clients nftset_clear_sets allowed_hosts_mode allowed_hosts_list bypass_ip_mode bypass_ip_list if_vpn tor_trans_port tor_allow_udp onion_dns_addr t_proxy_port_tcp t_proxy_port_udp t_proxy_allow_udp add_user_entries user_entries_dns enable_logging bllist_min_entries bllist_module bllist_preset bllist_ip_limit bllist_gr_excluded_nets bllist_summarize_ip bllist_summarize_cidr bllist_ip_filter bllist_ip_filter_type bllist_sd_limit bllist_gr_excluded_sld bllist_fqdn_filter bllist_fqdn_filter_type bllist_enable_idn bllist_alt_nslookup bllist_alt_dns_addr update_at_startup"
UCI_VARS="proxy_mode proxy_local_clients nftset_clear_sets allowed_hosts_mode allowed_hosts_list bypass_mode bypass_entries_dns if_vpn tor_trans_port tor_allow_udp onion_dns_addr t_proxy_port_tcp t_proxy_port_udp t_proxy_allow_udp add_user_entries user_entries_dns enable_logging bllist_min_entries bllist_module bllist_preset bllist_ip_limit bllist_gr_excluded_nets bllist_summarize_ip bllist_summarize_cidr bllist_ip_filter bllist_ip_filter_type bllist_sd_limit bllist_gr_excluded_sld bllist_fqdn_filter bllist_fqdn_filter_type bllist_enable_idn bllist_alt_nslookup bllist_alt_dns_addr update_at_startup"
eval `uci show "$UCI_SECTION" | $AWK_CMD -F "=" -v UCI_VARS="$UCI_VARS" '
BEGIN {
ruantiblock/files/usr/share/ruantiblock/info_output
+4
View File
@@ -29,6 +29,10 @@ Info() {
if [ $? -eq 0 ]; then
printf ",\"dnsmasq\":"
$NFT_CMD -j list set $NFT_TABLE "$NFTSET_DNSMASQ" 2> /dev/null
if [ "$BYPASS_MODE" = "1" ]; then
printf ",\"dnsmasq_bypass\":"
$NFT_CMD -j list set $NFT_TABLE "$NFTSET_BYPASS_FQDN" 2> /dev/null
fi
printf "}"
fi
}
ruantiblock/files/usr/share/ruantiblock/nft_functions
+8 -9
View File
@@ -26,12 +26,6 @@ case "$ALLOWED_HOSTS_MODE" in
;;
esac
if [ "$BYPASS_IP_MODE" = "1" ]; then
NFT_BYPASS_IP_EXPR="ip daddr @${NFTSET_BYPASS_IP} counter accept"
else
NFT_BYPASS_IP_EXPR="continue"
fi
if [ "$NFTSET_DNSMASQ_TIMEOUT_UPDATE" = "1" ]; then
NFT_DNSMASQ_RULE_TARGET="$NFT_DNSMASQ_TIMEOUT_UPDATE_CHAIN"
else
@@ -72,7 +66,7 @@ NftVpnRouteStatus() {
}
NftMainAdd() {
local _nft_sets="${NFTSET_CIDR} ${NFTSET_IP}" _set
local _set
$NFT_CMD add chain $NFT_TABLE "$NFT_LOCAL_CLIENTS_CHAIN" { $LOCAL_CLIENTS_CHAIN_TYPE }
$NFT_CMD add chain $NFT_TABLE "$NFT_ACTION_CHAIN"
$NFT_CMD add chain $NFT_TABLE "$NFT_DNSMASQ_TIMEOUT_UPDATE_CHAIN"
@@ -95,8 +89,13 @@ NftMainAdd() {
fi
NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_BLLIST_CHAIN" ip daddr "@${NFTSET_ONION}" counter goto "$NFT_ACTION_CHAIN"
fi
NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_BLLIST_CHAIN" $NFT_BYPASS_IP_EXPR
for _set in $_nft_sets
if [ "$BYPASS_MODE" = "1" ]; then
for _set in "$NFTSET_BYPASS_IP" "$NFTSET_BYPASS_FQDN"
do
NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_BLLIST_CHAIN" ip daddr "@${_set}" counter accept
done
fi
for _set in "$NFTSET_CIDR" "$NFTSET_IP"
do
NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_BLLIST_CHAIN" ip daddr "@${_set}" counter goto "$NFT_ACTION_CHAIN"
done