diff --git a/box/scripts/box.iptables b/box/scripts/box.iptables index 9677dd7e..f0ff883e 100755 --- a/box/scripts/box.iptables +++ b/box/scripts/box.iptables @@ -340,7 +340,7 @@ start_redirect() { if [ "${iptables}" = "$IPV" ]; then case "${proxy_mode}" in - blacklist) + blacklist|black) if [ -z "$(cat "${uid_list[@]}")" ] ; then ${iptables} -t nat -A BOX_LOCAL -p tcp -j REDIRECT --to-ports "${redir_port}" [ ${network_mode} = "enhance" ] || log Info "Transparent proxy for all apps." @@ -349,7 +349,7 @@ start_redirect() { ${iptables} -t nat -A BOX_LOCAL -m owner --uid-owner "${appid}" -j RETURN done < "${uid_list[@]}" ${iptables} -t nat -A BOX_LOCAL -p tcp -j REDIRECT --to-ports "${redir_port}" - [ ${network_mode} = "enhance" ] || log Info "proxy-mode: ${proxy_mode}, package ${packages_list[*]} no transparent proxy." + [ ${network_mode} = "enhance" ] || log Info "proxy mode: ${proxy_mode} (${packages_list[*]}) no transparent proxy." fi if [ "${gid_list}" != "" ] ; then @@ -357,11 +357,11 @@ start_redirect() { ${iptables} -t nat -A BOX_LOCAL -m owner --gid-owner ${gid} -j RETURN done [ ${network_mode} = "enhance" ] || { - [ "${iptables}" = "$IPV" ] && log Info "proxy mode: ${proxy_mode}, GID ${gid_list[*]} no transparent proxy." + [ "${iptables}" = "$IPV" ] && log Info "proxy mode: ${proxy_mode}, GID (${gid_list[*]}) no transparent proxy." } fi ;; - whitelist) + whitelist|white) if [ -z "$(cat "${uid_list[@]}")" ] ; then ${iptables} -t nat -A BOX_LOCAL -p tcp -j REDIRECT --to-ports "${redir_port}" [ ${network_mode} = "enhance" ] || log Info "Transparent proxy for all apps." @@ -371,18 +371,18 @@ start_redirect() { done < "${uid_list[@]}" ${iptables} -t nat -A BOX_LOCAL -p tcp -m owner --uid-owner 0 -j REDIRECT --to-ports "${redir_port}" ${iptables} -t nat -A BOX_LOCAL -p tcp -m owner --uid-owner 1052 -j REDIRECT --to-ports "${redir_port}" - [ ${network_mode} = "enhance" ] || log Info "proxy-mode: ${proxy_mode}, package ${packages_list[*]} transparent proxy." + [ ${network_mode} = "enhance" ] || log Info "proxy mode: ${proxy_mode} (${packages_list[*]}) transparent proxy." fi if [ "${gid_list}" != "" ] ; then for gid in ${gid_list[@]} ; do ${iptables} -t nat -A BOX_LOCAL -p tcp -m owner --gid-owner ${gid} -j REDIRECT --to-ports ${redir_port} done - [ ${network_mode} = "enhance" ] || [ "${iptables}" = "$IPV" ] && log Info "proxy mode: ${proxy_mode}, GID ${gid_list[*]} transparent proxy." + [ ${network_mode} = "enhance" ] || [ "${iptables}" = "$IPV" ] && log Info "proxy mode: ${proxy_mode}, GID (${gid_list[*]}) transparent proxy." fi ;; *) - log Warning "proxy-mode: ${proxy_mode} < error." + log Warning "proxy mode: ${proxy_mode} < error." ${iptables} -t nat -A BOX_LOCAL -p tcp -j REDIRECT --to-ports "${redir_port}" [ ${network_mode} = "enhance" ] || log Info "Transparent proxy for all apps." ;; @@ -524,7 +524,7 @@ start_tproxy() { fi case "${proxy_mode}" in - blacklist) + blacklist|black) if [ -z "$(cat "${uid_list[@]}")" ] ; then [ ${network_mode} = "enhance" ] || ${iptables} -t mangle -A BOX_LOCAL -p tcp -j MARK --set-mark "${fwmark}" ${iptables} -t mangle -A BOX_LOCAL -p udp -j MARK --set-mark "${fwmark}" @@ -535,17 +535,17 @@ start_tproxy() { done < "${uid_list[@]}" [ ${network_mode} = "enhance" ] || ${iptables} -t mangle -A BOX_LOCAL -p tcp -j MARK --set-mark "${fwmark}" ${iptables} -t mangle -A BOX_LOCAL -p udp -j MARK --set-mark "${fwmark}" - [ "${iptables}" = "$IPV" ] && log Info "proxy-mode: ${proxy_mode}, package ${packages_list[*]} no transparent proxy." + [ "${iptables}" = "$IPV" ] && log Info "proxy mode: ${proxy_mode} (${packages_list[*]}) no transparent proxy." fi if [ "${gid_list}" != "" ] ; then for gid in ${gid_list[@]} ; do ${iptables} -t mangle -A BOX_LOCAL -m owner --gid-owner ${gid} -j RETURN done - [ "${iptables}" = "$IPV" ] && log Info "proxy mode: ${proxy_mode}, GID ${gid_list[*]} no transparent proxy." + [ "${iptables}" = "$IPV" ] && log Info "proxy mode: ${proxy_mode}, GID (${gid_list[*]}) no transparent proxy." fi ;; - whitelist) + whitelist|white) if [ -z "$(cat "${uid_list[@]}")" ] ; then [ ${network_mode} = "enhance" ] || ${iptables} -t mangle -A BOX_LOCAL -p tcp -j MARK --set-mark "${fwmark}" ${iptables} -t mangle -A BOX_LOCAL -p udp -j MARK --set-mark "${fwmark}" @@ -559,7 +559,7 @@ start_tproxy() { ${iptables} -t mangle -A BOX_LOCAL -p udp -m owner --uid-owner 0 -j MARK --set-mark "${fwmark}" [ ${network_mode} = "enhance" ] || ${iptables} -t mangle -A BOX_LOCAL -p tcp -m owner --uid-owner 1052 -j MARK --set-mark "${fwmark}" ${iptables} -t mangle -A BOX_LOCAL -p udp -m owner --uid-owner 1052 -j MARK --set-mark "${fwmark}" - [ "${iptables}" = "$IPV" ] && log Info "proxy-mode: ${proxy_mode}, package ${packages_list[*]} transparent proxy." + [ "${iptables}" = "$IPV" ] && log Info "proxy mode: ${proxy_mode} (${packages_list[*]}) transparent proxy." fi if [ "${gid_list}" != "" ] ; then @@ -567,11 +567,11 @@ start_tproxy() { [ ${network_mode} = "enhance" ] || ${iptables} -t mangle -A BOX_LOCAL -p tcp -m owner --gid-owner ${gid} -j MARK --set-mark "${fwmark}" ${iptables} -t mangle -A BOX_LOCAL -p udp -m owner --gid-owner ${gid} -j MARK --set-mark "${fwmark}" done - [ "${iptables}" = "$IPV" ] && log Info "proxy mode: ${proxy_mode}, GID ${gid_list[*]} transparent proxy." + [ "${iptables}" = "$IPV" ] && log Info "proxy mode: ${proxy_mode}, GID (${gid_list[*]}) transparent proxy." fi ;; *) - log Debug "proxy-mode: ${proxy_mode} < error" + log Debug "proxy mode: ${proxy_mode} < error" [ ${network_mode} = "enhance" ] || ${iptables} -t mangle -A BOX_LOCAL -p tcp -j MARK --set-mark "${fwmark}" ${iptables} -t mangle -A BOX_LOCAL -p udp -j MARK --set-mark "${fwmark}" [ "${iptables}" = "$IPV" ] && log Info "transparent proxy for all apps." @@ -873,6 +873,9 @@ else probe_tun_device || log Error "tun device: (${tun_device}) not found" [ $1 = "renew" ] && log Warning "Cleaning up tun rules." iptables="$IPV" + + [ -n "${packages_list}" ] && log Debug "proxy mode: $proxy_mode (${packages_list[*]})" + if forward -I; then log Info "Create iptables tun rules done." else diff --git a/box/scripts/box.service b/box/scripts/box.service index 1c03da98..9ef7b32e 100755 --- a/box/scripts/box.service +++ b/box/scripts/box.service @@ -232,7 +232,7 @@ prepare_singbox() { # add exclude_package/include_package for tun "${yq}" '(.inbounds[] | select(.type == "tun") | .include_package) = []' -i --output-format=json "${sing_config}" "${yq}" '(.inbounds[] | select(.type == "tun") | .exclude_package) = []' -i --output-format=json "${sing_config}" - [ ${proxy_mode} = "blacklist" ] && local mode="exclude" || mode="include" + [[ ${proxy_mode} = "blacklist" || ${proxy_mode} = "black" ]] && local mode="exclude" || mode="include" for package in "${packages_list[@]}"; do "${yq}" eval '(.inbounds[] | select(.type == "tun") | .'${mode}'_package) += ["'${package}'"]' -i --output-format=json "${sing_config}" done @@ -330,9 +330,9 @@ prepare_clash() { # add exclude-package/include-package for tun package=$(IFS=","; echo "${packages_list[*]}" | tr ' ' ',') list_package="${package:-}" - if [ "${proxy_mode}" = "whitelist" ]; then + if [ "${proxy_mode}" = "whitelist" ] || [ "${proxy_mode}" = "white" ]; then mode="include-package" - elif [ "${proxy_mode}" = "blacklist" ]; then + elif [ "${proxy_mode}" = "blacklist" ] || [ "${proxy_mode}" = "black" ]; then mode="exclude-package" fi sed -i "s/exclude-package:.*/exclude-package: []/g" "${clash_config}"