72 lines
1.8 KiB
Bash
Executable File
72 lines
1.8 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
V2RAY_PORT=12345
|
|
PROXY_SET="gfwlist"
|
|
PRIVATE=(0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16 224.0.0.0/4 240.0.0.0/4)
|
|
|
|
check_iptables() {
|
|
iptables_version=`iptables -V | grep -o "v1\.[0-9]"`
|
|
if [ "${iptables_version}" = "v1.8" ] ; then
|
|
echo "[Info]: Current iptables version: ${iptables_version}"
|
|
else
|
|
echo "[Error]: Cant run this script without iptables"
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
create_proxy_iptables() {
|
|
ipset list $PROXY_SET > /dev/null
|
|
if [ $? -ne 0 ]; then
|
|
echo "[Info]: Create ipset ${PROXY_SET}"
|
|
ipset create $PROXY_SET hash:ip
|
|
fi
|
|
echo "[Info]: Create proxy iptables rules"
|
|
iptables -t nat -N V2RAY
|
|
# 内网网段请求返回
|
|
for subnet in ${PRIVATE[@]}; do
|
|
iptables -t nat -A V2RAY -d ${subnet} -j RETURN
|
|
done
|
|
# 代理所有请求
|
|
iptables -t nat -A V2RAY -p tcp -j REDIRECT --to-ports ${V2RAY_PORT}
|
|
iptables -t nat -A V2RAY -p udp -j REDIRECT --to-ports ${V2RAY_PORT}
|
|
|
|
# 符合GFWLIST的包转发至V2RAY链
|
|
# 在PREROUTING链转发则可以处理来自于局域网的包
|
|
iptables -t nat -A PREROUTING -m set --match-set $PROXY_SET dst -j V2RAY
|
|
}
|
|
|
|
flush_nat_iptables() {
|
|
echo "[Info]: Clean nat proxy iptables rules."
|
|
ip_chain_check=`iptables-save -t nat | cut -d ' ' -f 1 | tr "\n" " "`
|
|
if eval "echo \"${ip_chain_check}\" | grep -q \":V2RAY\"" ; then
|
|
iptables -t nat -D PREROUTING -m set --match-set $PROXY_SET dst -j V2RAY
|
|
iptables -t nat -F V2RAY
|
|
iptables -t nat -X V2RAY
|
|
fi
|
|
unset ip_chain_check
|
|
}
|
|
|
|
disable_proxy() {
|
|
flush_nat_iptables
|
|
}
|
|
|
|
enable_proxy() {
|
|
create_proxy_iptables
|
|
}
|
|
|
|
# find_ip_path
|
|
check_iptables
|
|
|
|
case "$1" in
|
|
enable)
|
|
disable_proxy
|
|
enable_proxy
|
|
;;
|
|
disable)
|
|
disable_proxy
|
|
;;
|
|
*)
|
|
echo "$0: usage: $0 {enable|disable}"
|
|
;;
|
|
esac
|