Add interface control options

luci-app-ssr-plus/Makefile

@@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-ssr-plus
 PKG_VERSION:=181
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 include $(INCLUDE_DIR)/package.mk
 

luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/control.lua

@@ -2,11 +2,20 @@ require "luci.ip"
 require "nixio.fs"
 local m, s, o
 
-m = Map("shadowsocksr", translate("Block and Allow List"))
+m = Map("shadowsocksr")
 
 s = m:section(TypedSection, "access_control")
 s.anonymous = true
 
+-- Interface control
+s:tab("Interface", translate("Interface control"))
+o = s:taboption("Interface", DynamicList, "Interface", translate("Interface"))
+o.template = "cbi/network_netlist"
+o.widget = "checkbox"
+o.nocreate = true
+o.unspecified = true
+o.description = translate("Select the interface that needs to transmit data. If unchecked, all interfaces will pass data by default!")
+
 -- Part of WAN
 s:tab("wan_ac", translate("WAN IP AC"))
 

luci-app-ssr-plus/po/zh-cn/ssr-plus.po

@@ -463,8 +463,8 @@ msgstr "更新"
 msgid "Server Count"
 msgstr "服务器节点数量"
 
-msgid "Block and Allow List"
-msgstr "禁止/通行名单"
+msgid "Interface control"
+msgstr "接口控制"
 
 msgid "WAN IP AC"
 msgstr "WAN IP访问控制"
@@ -687,3 +687,6 @@ msgstr "禁止连接的域名"
 
 msgid "Obfuscate password (optional)"
 msgstr "混淆密码（可选）"
+
+msgid "Select the interface that needs to transmit data. If unchecked, all interfaces will pass data by default!"
+msgstr "选择需要传递数据的接口。如果未选择，则默认情况下所有接口都将传递数据！"

luci-app-ssr-plus/root/etc/config/shadowsocksr

@@ -26,6 +26,7 @@ config access_control
 	list wan_fw_ips '91.108.4.0/22'
 	list wan_fw_ips '91.108.56.0/22'
 	list wan_fw_ips '109.239.140.0/24'
+	list Interface 'lan'
 
 config server_subscribe
 	option proxy '0'

luci-app-ssr-plus/root/etc/init.d/shadowsocksr

@@ -724,6 +724,7 @@ start_rules() {
 	-B "$(uci_get_by_type access_control lan_bp_ips)" \
 	-p "$(uci_get_by_type access_control lan_fp_ips)" \
 	-G "$(uci_get_by_type access_control lan_gm_ips)" \
+	-m "$(uci_get_by_type access_control Interface)" \
 	-D "$proxyport" \
 	-F "$netflix" \
 	-N "$netflix_ip" \

luci-app-ssr-plus/root/etc/uci-defaults/luci-ssr-plus

@@ -56,6 +56,7 @@ add_list shadowsocksr.@access_control[0].wan_fw_ips=67.198.55.0/24
 add_list shadowsocksr.@access_control[0].wan_fw_ips=91.108.4.0/22
 add_list shadowsocksr.@access_control[0].wan_fw_ips=91.108.56.0/22
 add_list shadowsocksr.@access_control[0].wan_fw_ips=109.239.140.0/24
+add_list shadowsocksr.@access_control[0].Interface='lan'
 add shadowsocksr socks5_proxy
 set shadowsocksr.@socks5_proxy[0].server='nil'
 set shadowsocksr.@socks5_proxy[0].local_port='1080'

luci-app-ssr-plus/root/usr/bin/ssr-rules

@@ -31,6 +31,7 @@ Valid options are:
     -F                      netflix mode
     -N                      netflix server IP
     -M                      netflix proxy mode
+    -m <Interface>          Interface name
     -I <ip_list_file>       a file content is bypassed netflix ip list
     -e <extra_options>      extra options for iptables
     -o                      apply the rules to the OUTPUT chain
@@ -181,13 +182,19 @@ ac_rule() {
 			;;
 		esac
 	fi
-	IFNAME=$(uci -P /var/state get network.lan.ifname 2>/dev/null)
 	ipset -! -R <<-EOF || return 1
 		create ss_spec_lan_ac hash:net
 		$(for ip in ${LAN_AC_IP:1}; do echo "add ss_spec_lan_ac $ip"; done)
 	EOF
-	$IPT -I PREROUTING 1 ${IFNAME:+-i $IFNAME} -p tcp $EXT_ARGS $MATCH_SET \
-	-m comment --comment "$TAG" -j SS_SPEC_WAN_AC
+	if [ -z "$Interface" ]; then
+		$IPT -I PREROUTING 1 -p tcp $EXT_ARGS $MATCH_SET -m comment --comment "$TAG" -j SS_SPEC_WAN_AC
+	else
+		for name in $Interface;do 
+		local IFNAME=$(uci -P /var/state get network.$name.ifname 2>/dev/null)
+		[ -n "$IFNAME" ] && $IPT -I PREROUTING 1 ${IFNAME:+-i $IFNAME} -p tcp $EXT_ARGS $MATCH_SET -m comment --comment "$TAG" -j SS_SPEC_WAN_AC
+		done
+	fi
+
 	case "$OUTPUT" in
 	1)
 		$IPT -I OUTPUT 1 -p tcp $EXT_ARGS \
@@ -251,8 +258,14 @@ tp_rule() {
 		$ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
 		;;
 	esac
-	$ipt -I PREROUTING 1 ${IFNAME:+-i $IFNAME} -p udp $EXT_ARGS $MATCH_SET \
-	-m comment --comment "$TAG" -j SS_SPEC_TPROXY
+	if [ -z "$Interface" ]; then
+		$ipt -I PREROUTING 1 -p udp $EXT_ARGS $MATCH_SET -m comment --comment "$TAG" -j SS_SPEC_TPROXY
+	else
+		for name in $Interface;do 
+		local IFNAME=$(uci -P /var/state get network.$name.ifname 2>/dev/null)
+		[ -n "$IFNAME" ] && $ipt -I PREROUTING 1 ${IFNAME:+-i $IFNAME} -p udp $EXT_ARGS $MATCH_SET -m comment --comment "$TAG" -j SS_SPEC_TPROXY
+		done
+	fi
 	return $?
 }
 
@@ -304,8 +317,11 @@ gen_include() {
 	return 0
 }
 
-while getopts ":s:l:S:L:i:e:a:B:b:w:p:G:D:F:N:M:I:oOuUfgrczh" arg; do
+while getopts ":m:s:l:S:L:i:e:a:B:b:w:p:G:D:F:N:M:I:oOuUfgrczh" arg; do
 	case "$arg" in
+	m)
+		Interface=$OPTARG
+		;;
 	s)
 		server=$OPTARG
 		;;