From ac6cb48969f25a3cfd85934bbf70f36190d80bce Mon Sep 17 00:00:00 2001 From: LEAN-ESX Date: Tue, 15 Oct 2019 12:36:15 -0700 Subject: [PATCH] luci-app-ssr-plus: add whitelist and blacklist domain support --- package/lean/luci-app-ssr-plus/Makefile | 2 +- .../luasrc/model/cbi/shadowsocksr/control.lua | 36 +++++++++++++++++++ .../luci-app-ssr-plus/po/zh-cn/ssr-plus.po | 2 +- .../root/etc/config/black.list | 0 .../root/etc/config/white.list | 0 .../root/etc/init.d/shadowsocksr | 2 ++ .../luci-app-ssr-plus/root/usr/bin/ssr-rules | 9 ++++- .../root/usr/share/shadowsocksr/gfw2ipset.sh | 6 ++++ 8 files changed, 54 insertions(+), 3 deletions(-) create mode 100644 package/lean/luci-app-ssr-plus/root/etc/config/black.list create mode 100644 package/lean/luci-app-ssr-plus/root/etc/config/white.list diff --git a/package/lean/luci-app-ssr-plus/Makefile b/package/lean/luci-app-ssr-plus/Makefile index 97944f207..a7d05b116 100644 --- a/package/lean/luci-app-ssr-plus/Makefile +++ b/package/lean/luci-app-ssr-plus/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luci-app-ssr-plus PKG_VERSION:=1 -PKG_RELEASE:=110 +PKG_RELEASE:=112 PKG_CONFIG_DEPENDS:= CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks \ CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_V2ray \ diff --git a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/control.lua b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/control.lua index 62e8d2a0d..3cd320ef3 100644 --- a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/control.lua +++ b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/control.lua @@ -1,4 +1,5 @@ local m, s, o +local NXFS = require "nixio.fs" m = Map("shadowsocksr", translate("IP black-and-white list")) @@ -49,4 +50,39 @@ end) -- o:value("2", translatef("Forwarded Proxy")) -- o.rmempty = false +s:tab("esc", translate("Bypass Domain List")) + +local escconf = "/etc/config/white.list" +o = s:taboption("esc", TextValue, "escconf") +o.rows = 13 +o.wrap = "off" +o.rmempty = true +o.cfgvalue = function(self, section) + return NXFS.readfile(escconf) or "" +end +o.write = function(self, section, value) + NXFS.writefile(escconf, value:gsub("\r\n", "\n")) +end +o.remove = function(self, section, value) + NXFS.writefile(escconf, "") +end + + +s:tab("block", translate("Black Domain List")) + +local blockconf = "/etc/config/black.list" +o = s:taboption("block", TextValue, "blockconf") +o.rows = 13 +o.wrap = "off" +o.rmempty = true +o.cfgvalue = function(self, section) + return NXFS.readfile(blockconf) or " " +end +o.write = function(self, section, value) + NXFS.writefile(blockconf, value:gsub("\r\n", "\n")) +end +o.remove = function(self, section, value) + NXFS.writefile(blockconf, "") +end + return m \ No newline at end of file diff --git a/package/lean/luci-app-ssr-plus/po/zh-cn/ssr-plus.po b/package/lean/luci-app-ssr-plus/po/zh-cn/ssr-plus.po index ac064f056..b261d79c0 100644 --- a/package/lean/luci-app-ssr-plus/po/zh-cn/ssr-plus.po +++ b/package/lean/luci-app-ssr-plus/po/zh-cn/ssr-plus.po @@ -408,7 +408,7 @@ msgid "Server Count" msgstr "服务器节点数量" msgid "IP black-and-white list" -msgstr "IP黑白名单" +msgstr "黑白名单" msgid "WAN IP AC" msgstr "WAN IP访问控制" diff --git a/package/lean/luci-app-ssr-plus/root/etc/config/black.list b/package/lean/luci-app-ssr-plus/root/etc/config/black.list new file mode 100644 index 000000000..e69de29bb diff --git a/package/lean/luci-app-ssr-plus/root/etc/config/white.list b/package/lean/luci-app-ssr-plus/root/etc/config/white.list new file mode 100644 index 000000000..e69de29bb diff --git a/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr b/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr index 1f6cbec8d..90904204e 100755 --- a/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr +++ b/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr @@ -484,6 +484,8 @@ start() { if rules ;then start_redir + + /usr/share/shadowsocksr/gfw2ipset.sh mkdir -p /tmp/dnsmasq.d if ! [ "$run_mode" = "oversea" ] ;then diff --git a/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules index d30b3d569..ba48aa424 100755 --- a/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules +++ b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules @@ -67,6 +67,8 @@ flush_r() { ipset -X fplan 2>/dev/null ipset -X gmlan 2>/dev/null ipset -X oversea 2>/dev/null + ipset -X whitelist 2>/dev/null + ipset -X blacklist 2>/dev/null [ -n "$FWI" ] && echo '#!/bin/sh' >$FWI return 0 } @@ -74,7 +76,7 @@ flush_r() { ipset_r() { ipset -N gmlan hash:net 2>/dev/null for ip in $LAN_GM_IP; do ipset -! add gmlan $ip ; done - + if [ "$RUNMODE" = "router" ] ;then ipset -! -R <<-EOF || return 1 create ss_spec_wan_ac hash:net @@ -114,6 +116,11 @@ EOF ipset -N fplan hash:net 2>/dev/null for ip in $LAN_FP_IP; do ipset -! add fplan $ip ; done $IPT -I SS_SPEC_WAN_AC -m set --match-set fplan src -j SS_SPEC_WAN_FW + + ipset -N whitelist hash:net 2>/dev/null + ipset -N blacklist hash:net 2>/dev/null + $IPT -I SS_SPEC_WAN_AC -m set --match-set blacklist src -j SS_SPEC_WAN_FW + $IPT -I SS_SPEC_WAN_AC -m set --match-set whitelist src -j SS_SPEC_WAN_FW return $? } diff --git a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/gfw2ipset.sh b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/gfw2ipset.sh index 1a1ec856e..536f679e0 100755 --- a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/gfw2ipset.sh +++ b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/gfw2ipset.sh @@ -3,3 +3,9 @@ awk '!/^$/&&!/^#/{printf("ipset=/.%s/'"gfwlist"'\n",$0)}' /etc/config/gfw.list > /etc/dnsmasq.ssr/custom_forward.conf awk '!/^$/&&!/^#/{printf("server=/.%s/'"127.0.0.1#5335"'\n",$0)}' /etc/config/gfw.list >> /etc/dnsmasq.ssr/custom_forward.conf +awk '!/^$/&&!/^#/{printf("ipset=/.%s/'"blacklist"'\n",$0)}' /etc/config/black.list > /etc/dnsmasq.ssr/blacklist_forward.conf +awk '!/^$/&&!/^#/{printf("server=/.%s/'"127.0.0.1#5335"'\n",$0)}' /etc/config/black.list >> /etc/dnsmasq.ssr/blacklist_forward.conf + +awk '!/^$/&&!/^#/{printf("ipset=/.%s/'"whitelist"'\n",$0)}' /etc/config/white.list > /etc/dnsmasq.ssr/whitelist_forward.conf + +