luci ssr plus: bypass server itself in rules

2025-04-19 14:13:30 +00:00 · 2018-11-11 17:12:31 +08:00 · 2018-11-11 17:12:31 +08:00 · e25c6e4754
commit e25c6e4754
parent 74481c3ed1
2 changed files with 5 additions and 2 deletions
--- a/package/lean/luci-app-ssr-plus/Makefile
+++ b/package/lean/luci-app-ssr-plus/Makefile
@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=luci-app-ssr-plus
 PKG_VERSION:=1
-PKG_RELEASE:=42
+PKG_RELEASE:=43

 PO2LMO:=$(BUILD_DIR)/luci-base/po2lmo

--- a/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules
+++ b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules
@ -74,6 +74,7 @@ ipset_r() {
 		$(for ip in $WAN_FW_IP; do echo "add ss_spec_wan_ac $ip nomatch"; done)
 EOF
 	$IPT -N SS_SPEC_WAN_AC && \
+	$IPT -I SS_SPEC_WAN_AC -d $server -j RETURN && \
 	$IPT -A SS_SPEC_WAN_AC -m set --match-set ss_spec_wan_ac dst -j RETURN && \
 	$IPT -A SS_SPEC_WAN_AC -j SS_SPEC_WAN_FW
 	else
@ -81,12 +82,13 @@ EOF
 	for ip in $WAN_FW_IP; do ipset -! add gfwlist $ip ; done
 	$IPT -N SS_SPEC_WAN_AC
 	$IPT -A SS_SPEC_WAN_AC -m set --match-set gfwlist dst -j SS_SPEC_WAN_FW
-
 	$IPT -I SS_SPEC_WAN_AC -m set --match-set china dst -j RETURN
 	
 	ipset -N fplan hash:net 2>/dev/null
 	for ip in $LAN_FP_IP; do ipset add fplan $ip ; done
 	$IPT -I SS_SPEC_WAN_AC -m set --match-set fplan src -j SS_SPEC_WAN_FW
+	
+	$IPT -I SS_SPEC_WAN_AC -d $server -j RETURN
 	fi

 	return $?
@ -162,6 +164,7 @@ tp_rule() {
 	
 	$ipt -I SS_SPEC_TPROXY -p udp -m set --match-set china dst -j RETURN
 	$ipt -I SS_SPEC_TPROXY -p udp --dport 53 -j RETURN
+	$ipt -I SS_SPEC_TPROXY -p udp -d $SERVER -j RETURN
 	
 	$ipt -I PREROUTING 1 ${IFNAME:+-i $IFNAME} -p udp $EXT_ARGS $MATCH_SET \
 		-m comment --comment "$TAG" -j SS_SPEC_TPROXY