298977887/lede
1
0
Fork 0
mirror of https://github.com/coolsnowwolf/lede.git synced 2025-06-18 15:25:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

luci-app-ssr-plus: add LAN ac control

Browse Source
This commit is contained in:
coolsnowwolf 2020-02-18 21:56:34 +08:00
parent 8269399df9
commit dcc9bb5879
5 changed files with 36 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
package/lean/luci-app-ssr-plus/Makefile
View File

@ -1,8 +1,8 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-ssr-plus PKG_NAME:=luci-app-ssr-plus
PKG_RELEASE:=143 PKG_VERSION:=145
PKG_VERSION:=1 PKG_RELEASE:=1
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME) PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)
include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/package.mk

18
package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/control.lua
View File

@ -18,7 +18,23 @@ o.datatype = "ip4addr"
-- Part of LAN -- Part of LAN
s:tab("lan_ac", translate("LAN IP AC")) s:tab("lan_ac", translate("LAN IP AC"))
o = s:taboption("lan_ac", DynamicList, "lan_ac_ips", translate("LAN Bypassed Host List")) o = s:taboption("lan_ac", ListValue, "lan_ac_mode", translate("LAN Access Control"))
o:value("0", translate("Disable"))
o:value("w", translate("Allow listed only"))
o:value("b", translate("Allow all except listed"))
o.rmempty = false
o = s:taboption("lan_ac", DynamicList, "lan_ac_ips", translate("LAN Host List"))
o.datatype = "ipaddr"
luci.ip.neighbors({ family = 4 }, function(entry)
if entry.reachable then
o:value(entry.dest:string())
end
end)
o:depends("lan_ac_mode", "w")
o:depends("lan_ac_mode", "b")
o = s:taboption("lan_ac", DynamicList, "lan_bp_ips", translate("LAN Bypassed Host List"))
o.datatype = "ipaddr" o.datatype = "ipaddr"
luci.ip.neighbors({ family = 4 }, function(entry) luci.ip.neighbors({ family = 4 }, function(entry)
if entry.reachable then if entry.reachable then

6
package/lean/luci-app-ssr-plus/po/zh-cn/ssr-plus.po
View File

@ -104,13 +104,13 @@ msgid "Interfaces - LAN"
msgstr "接口 - LAN" msgstr "接口 - LAN"
msgid "LAN Access Control" msgid "LAN Access Control"
msgstr "内网访问控制" msgstr "内网客户端分流代理控制"
msgid "Allow listed only" msgid "Allow listed only"
msgstr "仅允许列表内" msgstr "仅允许列表内主机"
msgid "Allow all except listed" msgid "Allow all except listed"
msgstr "仅允许列表外" msgstr "除列表外主机皆允许"
msgid "LAN Host List" msgid "LAN Host List"
msgstr "内网主机列表" msgstr "内网主机列表"

4
package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
View File

@ -162,7 +162,7 @@ start_rules() {
fi fi
local local_port=$(uci_get_by_name $GLOBAL_SERVER local_port) local local_port=$(uci_get_by_name $GLOBAL_SERVER local_port)
local lan_ac_ips=$(uci_get_by_type access_control lan_ac_ips) local lan_ac_ips=$(uci_get_by_type access_control lan_ac_ips)
local lan_ac_mode="b" local lan_ac_mode=$(uci_get_by_type access_control lan_ac_mode)
local router_proxy=$(uci_get_by_type access_control router_proxy) local router_proxy=$(uci_get_by_type access_control router_proxy)
if [ "$GLOBAL_SERVER" == "$UDP_RELAY_SERVER" -a "$kcp_flag" == "0" ]; then if [ "$GLOBAL_SERVER" == "$UDP_RELAY_SERVER" -a "$kcp_flag" == "0" ]; then
ARG_UDP="-u" ARG_UDP="-u"
@ -176,6 +176,7 @@ start_rules() {
w | W | b | B) local ac_ips="$lan_ac_mode$lan_ac_ips" ;; w | W | b | B) local ac_ips="$lan_ac_mode$lan_ac_ips" ;;
esac esac
fi fi
#deal gfw firewall rule #deal gfw firewall rule
local gfwmode="" local gfwmode=""
if [ "$run_mode" == "gfw" ]; then if [ "$run_mode" == "gfw" ]; then
@ -202,6 +203,7 @@ start_rules() {
-i "$(uci_get_by_type access_control wan_bp_list)" \ -i "$(uci_get_by_type access_control wan_bp_list)" \
-b "$(uci_get_by_type access_control wan_bp_ips)" \ -b "$(uci_get_by_type access_control wan_bp_ips)" \
-w "$(uci_get_by_type access_control wan_fw_ips)" \ -w "$(uci_get_by_type access_control wan_fw_ips)" \
-B "$(uci_get_by_type access_control lan_bp_ips)" \
-p "$(uci_get_by_type access_control lan_fp_ips)" \ -p "$(uci_get_by_type access_control lan_fp_ips)" \
-G "$(uci_get_by_type access_control lan_gm_ips)" \ -G "$(uci_get_by_type access_control lan_gm_ips)" \
-D "$proxyport" \ -D "$proxyport" \

11
package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules
View File

@ -26,6 +26,7 @@ Valid options are:
define access control mode define access control mode
-b <wan_ips> wan ip of will be bypassed -b <wan_ips> wan ip of will be bypassed
-w <wan_ips> wan ip of will be forwarded -w <wan_ips> wan ip of will be forwarded
-B <bp_lan_ips> lan ip of will be bypassed proxy
-p <fp_lan_ips> lan ip of will be global proxy -p <fp_lan_ips> lan ip of will be global proxy
-G <gm_lan_ips> lan ip of will be game mode proxy -G <gm_lan_ips> lan ip of will be game mode proxy
-D <proxy_ports> proxy ports -D <proxy_ports> proxy ports
@ -65,6 +66,7 @@ flush_r() {
ipset -X ss_spec_wan_ac 2>/dev/null ipset -X ss_spec_wan_ac 2>/dev/null
ipset -X ssr_gen_router 2>/dev/null ipset -X ssr_gen_router 2>/dev/null
ipset -X fplan 2>/dev/null ipset -X fplan 2>/dev/null
ipset -X bplan 2>/dev/null
ipset -X gmlan 2>/dev/null ipset -X gmlan 2>/dev/null
ipset -X oversea 2>/dev/null ipset -X oversea 2>/dev/null
ipset -X whitelist 2>/dev/null ipset -X whitelist 2>/dev/null
@ -108,6 +110,9 @@ ipset_r() {
ipset -N fplan hash:net 2>/dev/null ipset -N fplan hash:net 2>/dev/null
for ip in $LAN_FP_IP; do ipset -! add fplan $ip; done for ip in $LAN_FP_IP; do ipset -! add fplan $ip; done
$IPT -I SS_SPEC_WAN_AC -m set --match-set fplan src -j SS_SPEC_WAN_FW $IPT -I SS_SPEC_WAN_AC -m set --match-set fplan src -j SS_SPEC_WAN_FW
ipset -N bplan hash:net 2>/dev/null
for ip in $LAN_BP_IP; do ipset -! add bplan $ip; done
$IPT -I SS_SPEC_WAN_AC -m set --match-set bplan src -j RETURN
ipset -N whitelist hash:net 2>/dev/null ipset -N whitelist hash:net 2>/dev/null
ipset -N blacklist hash:net 2>/dev/null ipset -N blacklist hash:net 2>/dev/null
$IPT -I SS_SPEC_WAN_AC -m set --match-set blacklist dst -j SS_SPEC_WAN_FW $IPT -I SS_SPEC_WAN_AC -m set --match-set blacklist dst -j SS_SPEC_WAN_FW
@ -190,6 +195,7 @@ tp_rule() {
$ipt -A SS_SPEC_TPROXY -p udp -d 224.0.0.0/4 -j RETURN $ipt -A SS_SPEC_TPROXY -p udp -d 224.0.0.0/4 -j RETURN
$ipt -A SS_SPEC_TPROXY -p udp -d 240.0.0.0/4 -j RETURN $ipt -A SS_SPEC_TPROXY -p udp -d 240.0.0.0/4 -j RETURN
$ipt -A SS_SPEC_TPROXY -p udp -d $SERVER -j RETURN $ipt -A SS_SPEC_TPROXY -p udp -d $SERVER -j RETURN
$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set bplan src -j RETURN
$ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set fplan src \ $ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set fplan src \
-j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
if [ "$RUNMODE" == "router" ]; then if [ "$RUNMODE" == "router" ]; then
@ -285,7 +291,7 @@ gen_include() {
return 0 return 0
} }
while getopts ":s:l:S:L:i:e:a:b:w:p:G:D:oOuUfgrczh" arg; do while getopts ":s:l:S:L:i:e:a:B:b:w:p:G:D:oOuUfgrczh" arg; do
case "$arg" in case "$arg" in
s) s)
server=$OPTARG server=$OPTARG
@ -308,6 +314,9 @@ while getopts ":s:l:S:L:i:e:a:b:w:p:G:D:oOuUfgrczh" arg; do
a) a)
LAN_AC_IP=$OPTARG LAN_AC_IP=$OPTARG
;; ;;
B)
LAN_BP_IP=$OPTARG
;;
b) b)
WAN_BP_IP=$(for ip in $OPTARG; do echo $ip; done) WAN_BP_IP=$(for ip in $OPTARG; do echo $ip; done)
;; ;;