luci-app-ssr-plus: can enable socks5 access for wan (option)

package/lean/luci-app-ssr-plus/Makefile

@@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-ssr-plus
 PKG_VERSION:=162
-PKG_RELEASE:=5
+PKG_RELEASE:=7
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)
 

package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua

@@ -52,7 +52,7 @@ o.rmempty = false
 
 o = s:option(Value, "local_port", translate("Local Port"))
 o.datatype = "port"
-o.default = 1080
+o.default = 10800
 o.rmempty = true
 o:depends("socks", "1")
 
@@ -62,12 +62,17 @@ o.default = "0"
 o:depends("socks", "1")
 
 o = s:option(Value, "username", translate("Username"))
-o.rmempty = true
+o.default = "username"
 o:depends("auth_enable", "1")
 
 o = s:option(Value, "password", translate("Password"))
 o.password = true
+o.default = "password"
+o:depends("auth_enable", "1")
+
+o = s:option(Flag, "wan_enable", translate("Enable WAN Access"))
 o.rmempty = true
+o.default = "0"
 o:depends("auth_enable", "1")
 
 end

package/lean/luci-app-ssr-plus/po/zh-cn/ssr-plus.po

@@ -626,10 +626,13 @@ msgid "Enable SOCKS5 Proxy Server"
 msgstr "启用 SOCKS5 代理服务"
 
 msgid "Enable Authentication"
-msgstr "启用 用户名/密码 认证"
+msgstr "启用用户名/密码认证"
 
-msgid "SOCKS5 Proxy Server"
-msgstr "SOCKS5 代理服务端"
+msgid "Enable SOCKS5 Proxy Server"
+msgstr "启用 SOCKS5 代理服务"
+
+msgid "Enable WAN Access"
+msgstr "允许从 WAN 访问"
 
 msgid "Redirect traffic to this network interface"
 msgstr "分流到这个网络接口"

package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr

@@ -431,8 +431,10 @@ start_service() {
 	[ $(uci_get_by_name $1 enable 0) == "0" ] && return 1
 	let server_count=server_count+1
 	if [ "$server_count" == "1" ]; then
-		iptables -N SSR-SERVER-RULE && \
-		iptables -t filter -I INPUT -j SSR-SERVER-RULE
+    if ! (iptables-save -t filter | grep SSR-SERVER-RULE >/dev/null); then
+      iptables -N SSR-SERVER-RULE && \
+      iptables -t filter -I INPUT -j SSR-SERVER-RULE
+		fi
 	fi
 	gen_service_file $1 /var/etc/${NAME}_$server_count.json
 	/usr/bin/ssr-server -c /var/etc/${NAME}_$server_count.json -u -f /var/run/ssr-server$server_count.pid >/dev/null 2>&1
@@ -474,12 +476,22 @@ start_local() {
 	local local_server=$(uci_get_by_type socks5_proxy socks 0)
 	[ "$local_server" == "0" ] && return 0
 	local auth_enable=$(uci_get_by_type socks5_proxy auth_enable 0)
+	local socks_port=$(uci_get_by_type socks5_proxy local_port 1080)
 	if [ "$auth_enable" == "1" ]; then
-    microsocks -i 0.0.0.0 -p $(uci_get_by_type socks5_proxy local_port 1080) -1 -u $(uci_get_by_type socks5_proxy username) -P $(uci_get_by_type socks5_proxy password) ssr-socks >/dev/null 2>&1 &
+    microsocks -i 0.0.0.0 -p $socks_port -1 -u $(uci_get_by_type socks5_proxy username) -P $(uci_get_by_type socks5_proxy password) ssr-socks >/dev/null 2>&1 &
 	else
-    microsocks -i 0.0.0.0 -p $(uci_get_by_type socks5_proxy local_port 1080) ssr-socks >/dev/null 2>&1 &
+    microsocks -i 0.0.0.0 -p $socks_port ssr-socks >/dev/null 2>&1 &
 	fi
 	local_enable=1
+	if [ "$(uci_get_by_type socks5_proxy wan_enable 0)" == "1" ]; then
+    if ! (iptables-save -t filter | grep SSR-SERVER-RULE >/dev/null); then
+      iptables -N SSR-SERVER-RULE && \
+      iptables -t filter -I INPUT -j SSR-SERVER-RULE
+    fi
+    iptables -t filter -A SSR-SERVER-RULE -p tcp --dport $socks_port -j ACCEPT
+    iptables -t filter -A SSR-SERVER-RULE -p udp --dport $socks_port -j ACCEPT
+    gen_serv_include
+	fi
 }
 
 rules() {