Tomato-ARM部署ShadowSocks科学上网（3）

yuyang911220

067	LAN=/jffs/lan.list

068	sed -n '1,15p' /jffs/ignore.list > /jffs/lan.list

069

070	ipset -F ss_spec_wan_ac &> /dev/null

071	ipset -F ss_spec_lan_ac &> /dev/null

072	sed -e "s/^/-A ss_spec_wan_ac &/g" -e "1 i\-N ss_spec_wan_ac hash:net " $LAN | ipset -R -!

073	rm -f /jffs/lan.list

074

;;

075

076

"flush" )

077	iptables -t nat -D PREROUTING -p tcp -m multiport --dports 22,80,443 -m set ! --match-set ss_spec_lan_ac src -j SS_SPEC_WAN_AC &> /dev/null

078	iptables -t nat -F SS_SPEC_WAN_AC &> /dev/null

079	iptables -t nat -F SS_SPEC_WAN_FW &> /dev/null

080	iptables -t nat -D OUTPUT -p tcp -m multiport --dports 22,80,443 -j SS_SPEC_WAN_AC &> /dev/null

081

sleep 1

082	iptables -t nat -X SS_SPEC_WAN_AC &> /dev/null

083	iptables -t nat -X SS_SPEC_WAN_FW &> /dev/null

084	ipset destroy ss_spec_wan_ac &> /dev/null

085	ipset destroy ss_spec_lan_ac &> /dev/null

086

;;

087

088	"update" )

089	if [ -f "/jffs/ignore.list" ]

090

then

091	rm -f /jffs/ignore.list

092

093

else

094	touch /jffs/ignore.list

095

fi

096

097	# Path to save you rule file

098	RULE_FILE=/jffs/ignore_tmp.txt

099	LINE=/jffs/ignore.list

100

101	EX_DOMAIN='0.0.0.0/8

102	10.0.0.0/8

103	100.64.0.0/10

104	127.0.0.0/8

105	169.254.0.0/16

106	172.16.0.0/12

107	192.0.0.0/24

108	192.0.2.0/24

109	192.88.99.0/24

110	192.168.0.0/16

111	198.18.0.0/15

112	198.51.100.0/24

113	203.0.113.0/24

114	224.0.0.0/4

115	240.0.0.0/4

116	255.255.255.255'

117

118	for each_line in $EX_DOMAIN

119

do

120	echo $each_line >> $LINE

121

done

122

123	wget -O- 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' | awk -F\| '/CN\|ipv4/ { printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > /jffs/ignore_tmp.txt

124	wget -O- 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' | awk -F\| '/CN\|ipv4/ { printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > /jffs/opt/etc/chnroute.txt

125	/opt/etc/init.d/S24chinadns restart

126

127	cat $RULE_FILE >> $LINE

128	rm -f /jffs/ignore_tmp.txt

129

130	/jffs/shadowsocks flush

131

sleep 1

132	/jffs/shadowsocks ipset

133	/jffs/shadowsocks rules

134

;;

135

136	"update_chinalist" )

137	cat /etc/resolv.dnsmasq | awk '/^nameserver/{print $2}' > /jffs/dns.list

138	DNS=`sed -n '1p' /jffs/dns.list`

139

140	sed -i "s|^\(server.*\)/[^/]*$|\1/$DNS|" /jffs/dnsmasq.d/chinalist.conf

141	rm -f /jffs/dns.list

142	service dnsmasq restart

143

;;

144

145

"check" )

146	LOGTIME=$(date "+%Y-%m-%d %H:%M:%S")

147	wget -s -q -timeout=3 www.google.com

148	if [ "$?" == "0" ]; then

149	echo '['$LOGTIME'] No problem, the normal operation of shadowsoks.' >> /var/log/shadowsocks_watchdog.log 2>&1

150

else

151	echo '['$LOGTIME'] Shadowsoks abnormal operation, restarting shadowsocks.' >> /var/log/shadowsocks_watchdog.log 2>&1

152	/opt/etc/init.d/S22shadowsocks restart

153	/opt/etc/init.d/S24chinadns restart

154

155

fi

156

;;

157

158

*)

159	echo "Usage : $0 {set_up|run|ipset|rules|global|flush|update|update_chinalist|check}"

160	echo "Examples : "

161	echo "   $0 set_up"

162	echo "   $0 run"

163	echo "   $0 ipset"

164	echo "   $0 rules"

165	echo "   $0 global"

166	echo "   $0 flush"

167	echo "   $0 update"

168	echo "   $0 update_chinalist"

169	echo "   $0 check"

170	echo "   [set_up] Set ShadowSocks and ChinaDNS"

171	echo "   [run] Running shadowsocks and ChinaDNS"

172	echo "   [ipset] Loading module and ipset rule"

173	echo "   [rules] Application Firewall Policy"

174	echo "   [global] Global Proxy"

175	echo "   [flush] Clear firewall policy"

176	echo "   [update] Update China routing table"

177	echo "   [update_chinalist] Update Chinese domain name"

178	echo "   [check] Guardian ss-redir"

179

exit

180

;;

181

esac

9