|
|
@@ -74,7 +74,7 @@ start_service()
|
|
|
append_param "-p" "${http_port}":"${https_port}"
|
|
|
|
|
|
if is_enabled "config" "pub_access"; then
|
|
|
- if [ -n "$(command -v fw4)" ]; then
|
|
|
+ if [ -e "$(command -v fw4)" ]; then
|
|
|
uci -q batch <<-EOF
|
|
|
add firewall rule
|
|
|
set firewall.@rule[-1].name='unblockneteasemusic_pub_access'
|
|
|
@@ -128,10 +128,9 @@ start_service()
|
|
|
procd_set_param stderr 1
|
|
|
procd_set_param respawn
|
|
|
|
|
|
- local lan_addr
|
|
|
- lan_addr="$(uci -q get network.lan.ipaddr)"
|
|
|
+ local lan_addr="$(uci -q get network.lan.ipaddr)"
|
|
|
if [ "${hijack_ways}" = "use_ipset" ]; then
|
|
|
- ## TODO:wating for dnsmasq support nftset
|
|
|
+ # TODO: wating for dnsmasq support nftset
|
|
|
mkdir -p "/tmp/dnsmasq.d"
|
|
|
rm -f "/tmp/dnsmasq.d/dnsmasq-$NAME.conf"
|
|
|
cat <<-EOF > "/tmp/dnsmasq.d/dnsmasq-$NAME.conf"
|
|
|
@@ -146,27 +145,37 @@ start_service()
|
|
|
EOF
|
|
|
/etc/init.d/dnsmasq reload
|
|
|
|
|
|
- [ -n "$(command -v fw4)" ] || {
|
|
|
+ [ -e "$(command -v fw4)" ] || {
|
|
|
ipset create "acl_neteasemusic_http" hash:ip
|
|
|
ipset create "acl_neteasemusic_https" hash:ip
|
|
|
ipset create "neteasemusic" hash:ip
|
|
|
}
|
|
|
- ip_addr_num="$(uci show "$NAME" | grep -c "filter_mode")"
|
|
|
+
|
|
|
+ local ip_addr_num="$(uci show "$NAME" | grep -c "filter_mode")"
|
|
|
let ip_addr_num="ip_addr_num-1"
|
|
|
local acl_http_addr acl_https_addr
|
|
|
[ "${ip_addr_num}" -ge "0" ] && for i in $(seq 0 "${ip_addr_num}")
|
|
|
do
|
|
|
ip_addr="$(uci_get_by_name "acl_rule" "ip_addr" "" "$i")"
|
|
|
filter_mode="$(uci_get_by_name "acl_rule" "filter_mode" "" "$i")"
|
|
|
+
|
|
|
case "${filter_mode}" in
|
|
|
"disable_http")
|
|
|
- [ -n "$(command -v fw4)" ] && acl_http_addr="${acl_http_addr}${ip_addr}\n" || ipset -! add "acl_neteasemusic_http" "${ip_addr}"
|
|
|
+ if [ -e "$(command -v fw4)" ];then
|
|
|
+ acl_http_addr="${acl_http_addr}${ip_addr}\n"
|
|
|
+ else
|
|
|
+ ipset -! add "acl_neteasemusic_http" "${ip_addr}"
|
|
|
+ fi
|
|
|
;;
|
|
|
"disable_https")
|
|
|
- [ -n "$(command -v fw4)" ] && acl_https_addr="${acl_https_addr}${ip_addr}\n" || ipset -! add "acl_neteasemusic_https" "${ip_addr}"
|
|
|
+ if [ -e "$(command -v fw4)" ]; then
|
|
|
+ acl_https_addr="${acl_https_addr}${ip_addr}\n"
|
|
|
+ else
|
|
|
+ ipset -! add "acl_neteasemusic_https" "${ip_addr}"
|
|
|
+ fi
|
|
|
;;
|
|
|
"disable_all")
|
|
|
- if [ -n "$(command -v fw4)" ]; then
|
|
|
+ if [ -e "$(command -v fw4)" ]; then
|
|
|
acl_http_addr="${acl_http_addr}${ip_addr}\n"
|
|
|
acl_https_addr="${acl_https_addr}${ip_addr}\n"
|
|
|
else
|
|
|
@@ -177,11 +186,9 @@ start_service()
|
|
|
esac
|
|
|
done
|
|
|
|
|
|
- local neteasemusic_addr
|
|
|
- netease_music_ips="$(uclient-fetch -qO- "http://httpdns.n.netease.com/httpdns/v2/d?domain=music.163.com,interface.music.163.com,interface3.music.163.com,apm.music.163.com,apm3.music.163.com,clientlog.music.163.com,clientlog3.music.163.com" |jsonfilter -e '@.data.*.ip.*')"
|
|
|
- netease_music_ips2="$(uclient-fetch -qO- "https://music.httpdns.c.163.com/d" --post-data="music.163.com,interface.music.163.com,interface3.music.163.com,apm.music.163.com,apm3.music.163.com,clientlog.music.163.com,clientlog3.music.163.com" |jsonfilter -e '@.dns.*["ips"].*')"
|
|
|
- if [ -n "$(command -v fw4)" ]; then
|
|
|
- ## Feature: use ucode to init NAT rules
|
|
|
+ local netease_music_ips="$(uclient-fetch -qO- "http://httpdns.n.netease.com/httpdns/v2/d?domain=music.163.com,interface.music.163.com,interface3.music.163.com,apm.music.163.com,apm3.music.163.com,clientlog.music.163.com,clientlog3.music.163.com" |jsonfilter -e '@.data.*.ip.*')"
|
|
|
+ local netease_music_ips2="$(uclient-fetch -qO- "https://music.httpdns.c.163.com/d" --post-data="music.163.com,interface.music.163.com,interface3.music.163.com,apm.music.163.com,apm3.music.163.com,clientlog.music.163.com,clientlog3.music.163.com" |jsonfilter -e '@.dns.*["ips"].*')"
|
|
|
+ if [ -e "$(command -v fw4)" ]; then
|
|
|
local tmp="/tmp/$NAME"
|
|
|
local neteasemusic_addr="$(echo -e "${netease_music_ips}\n${netease_music_ips2}" |sort -u |awk '{print $1}')"
|
|
|
json_init
|
|
|
@@ -196,19 +203,20 @@ start_service()
|
|
|
&& ! cmp -s "$tmp.nft" "$RULES_NFT"; then
|
|
|
echo "table inet chk {include \"$tmp.nft\";}" >"$tmp.nft.chk"
|
|
|
if nft -f "$tmp.nft.chk" -c; then
|
|
|
- mv "$tmp.nft" "$RULES_NFT"
|
|
|
+ mv -f "$tmp.nft" "$RULES_NFT"
|
|
|
fw4 reload
|
|
|
fi
|
|
|
rm -f "$tmp.nft.chk"
|
|
|
fi
|
|
|
- rm -f "$tmp.json"
|
|
|
- rm -f "$tmp.nft"
|
|
|
+ rm -f "$tmp.json" "$tmp.nft"
|
|
|
else
|
|
|
echo -e "${netease_music_ips}\n${netease_music_ips2}" |sort -u |awk '{print "ipset add neteasemusic "$1}' |sh
|
|
|
+
|
|
|
$IPT_N -N "netease_cloud_music"
|
|
|
for local_addr in "0.0.0.0/8" "10.0.0.0/8" "127.0.0.0/8" "169.254.0.0/16" "172.16.0.0/12" "192.168.0.0/16" "224.0.0.0/4" "240.0.0.0/4"; do
|
|
|
$IPT_N -A "netease_cloud_music" -d "${local_addr}" -j "RETURN"
|
|
|
done
|
|
|
+
|
|
|
$IPT_N -A "netease_cloud_music" -p "tcp" -m "set" ! --match-set "acl_neteasemusic_http" "src" --dport "80" -j "REDIRECT" --to-ports "${http_port}"
|
|
|
$IPT_N -A "netease_cloud_music" -p "tcp" -m "set" ! --match-set "acl_neteasemusic_https" "src" --dport "443" -j "REDIRECT" --to-ports "${https_port}"
|
|
|
$IPT_N -I "PREROUTING" -p "tcp" -m "set" --match-set "neteasemusic" "dst" -j "netease_cloud_music"
|
|
|
@@ -250,6 +258,7 @@ stop_service()
|
|
|
echo "/usr/share/$NAME/core/" >> "${UPGRADE_CONF}"
|
|
|
echo "/usr/share/$NAME/local_ver" >> "${UPGRADE_CONF}"
|
|
|
}
|
|
|
+
|
|
|
local self_issue_cert_crt self_issue_cert_key
|
|
|
config_get "self_issue_cert_crt" "config" "self_issue_cert_crt"
|
|
|
config_get "self_issue_cert_key" "config" "self_issue_cert_key"
|
|
|
@@ -258,7 +267,7 @@ stop_service()
|
|
|
echo "${self_issue_cert_key}" >> "${UPGRADE_CONF}"
|
|
|
}
|
|
|
|
|
|
- if [ -n "$(command -v fw4)" ]; then
|
|
|
+ if [ -e "$(command -v fw4)" ]; then
|
|
|
local rule="$(uci show firewall | grep "name='unblockneteasemusic_pub_access'" | awk -F '.' '{ print $2}')"
|
|
|
[ -n "${rule}" ] && {
|
|
|
uci -q batch <<-EOF
|
|
|
@@ -266,27 +275,31 @@ stop_service()
|
|
|
commit firewall
|
|
|
EOF
|
|
|
}
|
|
|
- if [ -f "$RULES_NFT" ]; then
|
|
|
- rm -f "$RULES_NFT"
|
|
|
- fi
|
|
|
+
|
|
|
+ [ ! -e "$RULES_NFT" ] || rm -f "$RULES_NFT"
|
|
|
+
|
|
|
fw4 reload
|
|
|
else
|
|
|
- [ -f "/tmp/$NAME.ports" ] && {
|
|
|
+ [ ! -e "/tmp/$NAME.ports" ] || {
|
|
|
iptables -D "INPUT" -p "tcp" --dport "$(awk -F ':' 'print $1' "/tmp/$NAME.ports")" -j "ACCEPT"
|
|
|
iptables -D "INPUT" -p "tcp" --dport "$(awk -F ':' 'print $2' "/tmp/$NAME.ports")" -j "ACCEPT"
|
|
|
}
|
|
|
rm -f "/tmp/$NAME.ports"
|
|
|
+
|
|
|
$IPT_N -D "PREROUTING" -p "tcp" -m set --match-set "neteasemusic" "dst" -j "netease_cloud_music"
|
|
|
$IPT_N -F "netease_cloud_music"
|
|
|
$IPT_N -X "netease_cloud_music"
|
|
|
+
|
|
|
ipset destroy "neteasemusic"
|
|
|
ipset destroy "acl_neteasemusic_http"
|
|
|
ipset destroy "acl_neteasemusic_https"
|
|
|
+
|
|
|
echo "" > "/var/etc/$NAME.include"
|
|
|
fi
|
|
|
|
|
|
rm -f "/tmp/dnsmasq.d/dnsmasq-$NAME.conf"
|
|
|
/etc/init.d/dnsmasq reload
|
|
|
+
|
|
|
ip route del "223.252.199.10"
|
|
|
|
|
|
rm -f "/tmp/$NAME.log"
|
Tianling Shen