From 7026d8e6a7da25bb53a3fb15b95090b9b1187e31 Mon Sep 17 00:00:00 2001 From: suzukua Date: Tue, 9 Jul 2024 16:36:32 +0800 Subject: [PATCH] support IPV6 --- clashg/base.sh | 3 +++ clashg/clashconfig.sh | 37 +++++++++++++++++++++++++++++++++++-- 2 files changed, 38 insertions(+), 2 deletions(-) diff --git a/clashg/base.sh b/clashg/base.sh index 8876995..6a791ab 100755 --- a/clashg/base.sh +++ b/clashg/base.sh @@ -17,10 +17,13 @@ remote_gfw_conf_lite='https://cdn.jsdelivr.net/gh/zhudan/gfwlist2dnsmasq@hidden/ remote_proxy_cidr='https://cdn.jsdelivr.net/gh/zhudan/gfwlist2dnsmasq@hidden/ip-cidr.ipset' dnsmasq_gfw_ipset="dnsmasq_gfw" +dnsmasq_gfw_ipset6="dnsmasq_gfw6" gfw_cidr_ipset="gfw_cidr" +gfw_cidr_ipset6="gfw_cidr6" #mangle 表名字 mangle_name=clashg +mangle_name6=clashg6 gfw_file=/tmp/clashg_gfw.conf ipcidr_file=/tmp/clashg_cidr_tmp.txt diff --git a/clashg/clashconfig.sh b/clashg/clashconfig.sh index 4eb97e5..dc5fb3d 100755 --- a/clashg/clashconfig.sh +++ b/clashg/clashconfig.sh @@ -37,6 +37,7 @@ add_nat(){ if [ -z "$(lsmod |grep "xt_TPROXY")" ]; then modprobe -a "xt_TPROXY" >/dev/null 2>&1 fi + # IPV4 ip rule add fwmark 10 table 100 ip route add local 0.0.0.0/0 dev lo table 100 iptables -t mangle -N "$mangle_name" @@ -54,14 +55,29 @@ add_nat(){ iptables -t mangle -A "$mangle_name" -p udp -m set --match-set $dnsmasq_gfw_ipset dst -j TPROXY --on-port $tproxy_port --tproxy-mark 10 iptables -t mangle -A "$mangle_name" -p tcp -m set --match-set $gfw_cidr_ipset dst -j TPROXY --on-port $tproxy_port --tproxy-mark 10 iptables -t mangle -A "$mangle_name" -p udp -m set --match-set $gfw_cidr_ipset dst -j TPROXY --on-port $tproxy_port --tproxy-mark 10 - iptables -t mangle -A PREROUTING -j "$mangle_name" - LOGGER "iptables 建立完成" >> $LOG_FILE + # IPV6 + # 设置策略路由 v6 + ip -6 rule add fwmark 10 table 100 + ip -6 route add local ::/0 dev lo table 100 + ip6tables -t mangle -N "$mangle_name6" + ip6tables -t mangle -F "$mangle_name6" + ip6tables -t mangle -A "$mangle_name6" -d ::1/128 -j RETURN + ip6tables -t mangle -A "$mangle_name6" -d fe80::/10 -j RETURN + ip6tables -t mangle -A "$mangle_name6" -d fd00::/8 -p tcp -j RETURN + ip6tables -t mangle -A "$mangle_name6" -p tcp -m set --match-set $dnsmasq_gfw_ipset6 dst -j TPROXY --on-port $tproxy_port --tproxy-mark 10 + ip6tables -t mangle -A "$mangle_name6" -p udp -m set --match-set $dnsmasq_gfw_ipset6 dst -j TPROXY --on-port $tproxy_port --tproxy-mark 10 + ip6tables -t mangle -A "$mangle_name6" -p tcp -m set --match-set $gfw_cidr_ipset6 dst -j TPROXY --on-port $tproxy_port --tproxy-mark 10 + ip6tables -t mangle -A "$mangle_name6" -p udp -m set --match-set $gfw_cidr_ipset6 dst -j TPROXY --on-port $tproxy_port --tproxy-mark 10 + ip6tables -t mangle -A PREROUTING -j "$mangle_name6" + + LOGGER "iptables IPV4+IPV6 建立完成" >> $LOG_FILE } rm_nat(){ LOGGER 删除iptables开始 >> $LOG_FILE #tproxy模式 + #IPV4 ip rule del fwmark 10 table 100 >/dev/null 2>&1 ip route del local 0.0.0.0/0 dev lo table 100 >/dev/null 2>&1 #删除 @@ -75,6 +91,20 @@ rm_nat(){ #删除 iptables -t mangle -X "$mangle_name" >/dev/null 2>&1 + #IPV6 + ip -6 rule del fwmark 10 table 100 >/dev/null 2>&1 + ip -6 route del local ::/0 dev lo table 100 >/dev/null 2>&1 + #删除 + ipset_indexs=$(ip6tables -t mangle -L PREROUTING --line-number | sed 1,2d | sed -n "/${mangle_name6}/=" | sort -r) + for ipset_index in $ipset_indexs; do + ip6tables -t mangle -D PREROUTING $ipset_index >/dev/null 2>&1 + done + ip6tables -t mangle -D PREROUTING -j "$mangle_name6" >/dev/null 2>&1 + #清空 + ip6tables -t mangle -F "$mangle_name6" >/dev/null 2>&1 + #删除 + ip6tables -t mangle -X "$mangle_name6" >/dev/null 2>&1 + # 清理shadowsocksport端口 if [ -n "$shadowsocksport" ]; then ipset_indexs=$(iptables -vnL INPUT --line-number | sed 1,2d | sed -n "/${shadowsocksport}/=" | sort -r) @@ -91,13 +121,16 @@ rm_nat(){ add_ipset(){ #创建名为gfwlist,格式为iphash的集合 ipset -N $dnsmasq_gfw_ipset hash:ip timeout 300 + ipset -N $dnsmasq_gfw_ipset6 hash:ip family inet6 timeout 300 add_cidr_proxy LOGGER "ipset 建立完成" >> $LOG_FILE } rm_ipset(){ LOGGER 删除ipset开始 >> $LOG_FILE ipset -F $dnsmasq_gfw_ipset >/dev/null 2>&1 && ipset -X $dnsmasq_gfw_ipset >/dev/null 2>&1 + ipset -F $dnsmasq_gfw_ipset6 >/dev/null 2>&1 && ipset -X $dnsmasq_gfw_ipset6 >/dev/null 2>&1 ipset -F $gfw_cidr_ipset >/dev/null 2>&1 && ipset -X $gfw_cidr_ipset >/dev/null 2>&1 + ipset -F $gfw_cidr_ipset6 >/dev/null 2>&1 && ipset -X $gfw_cidr_ipset6 >/dev/null 2>&1 LOGGER 删除ipset结束 >> $LOG_FILE } #开始添加需要走代理的ip-cidr