Skip to content
Permalink
Browse files

The IP address in portal whitelist do not through Shadowsocks

  • Loading branch information...
luochongjun committed Feb 21, 2019
1 parent 47afb2e commit f465088c498d1b555629f6428a272b88ef154a3b
Showing with 10 additions and 2 deletions.
  1. +10 −2 files/portal-detect
@@ -61,13 +61,14 @@ ipt_safe()
#Check the VPN and cloudflare and rebind protection
check_vpn_dns()
{
local ov wg cf rb
local ov wg cf rb ss
ov=$(uci get glconfig.openvpn.enable)
wg=$( uci get wireguard.@proxy[0].enable)
cf=$(uci get glconfig.general.cloudflare_dns)
rb=$(uci get dhcp.@dnsmasq[0].rebind_protection)
ss=$(pidof ss-redir)

[ "$ov" != "1" -a "$wg" != "1" -a "$cf" != "1" -a "$rb" != "1" ] && return 0
[ "$ov" != "1" -a "$wg" != "1" -a "$cf" != "1" -a "$rb" != "1" -a "$ss" = "" ] && return 0
return 1
}

@@ -213,6 +214,10 @@ join_portal()
iptables -t nat -A GL_PORTAL_DETECT -p udp -m udp --dport 53 -j DNAT --to-destination $lan_ip
iptables -t nat -A GL_PORTAL_DETECT -p tcp -m tcp --dport 53 -j DNAT --to-destination $lan_ip

#The IP in the whitelist does not through SS
iptables -t nat -C SS_SPEC_LAN_DG -m mark --mark 0x80/0x80 -j RETURN
[ ! "$?" = "0" ] && iptables -t nat -I SS_SPEC_LAN_DG -m mark --mark 0x80/0x80 -j RETURN

#Mark the IP address in the whitelist
iptables -t mangle -N GL_PORTAL_DETECT
iptables -t mangle -A PREROUTING -j GL_PORTAL_DETECT
@@ -248,6 +253,9 @@ remove_portal()
ipt_safe iptables -t nat -F GL_PORTAL_DETECT
ipt_safe iptables -t nat -X GL_PORTAL_DETECT

iptables -t nat -C SS_SPEC_LAN_DG -m mark --mark 0x80/0x80 -j RETURN
[ "$?" = "0" ] && iptables -t nat -D SS_SPEC_LAN_DG -m mark --mark 0x80/0x80 -j RETURN

ipt_safe iptables -D FORWARD -j GL_PORTAL_DETECT
ipt_safe iptables -F GL_PORTAL_DETECT
ipt_safe iptables -X GL_PORTAL_DETECT

0 comments on commit f465088

Please sign in to comment.
You can’t perform that action at this time.