├── Makefile ├── README.md ├── files ├── bin │ ├── arm │ ├── i386 │ ├── mips │ ├── mipsel │ └── x86_64 ├── etc │ ├── adblocklist │ │ ├── adblock │ │ ├── adblockip │ │ ├── adbypass │ │ └── adbypassip │ ├── config │ │ └── koolproxy │ ├── init.d │ │ └── koolproxy │ └── uci-defaults │ │ └── luci-koolproxy ├── lib │ └── upgrade │ │ └── keep.d │ │ └── koolproxy └── usr │ ├── lib │ └── lua │ │ └── luci │ │ ├── controller │ │ └── koolproxy.lua │ │ ├── i18n │ │ └── koolproxy.zh-cn.lmo │ │ ├── model │ │ └── cbi │ │ │ └── koolproxy │ │ │ ├── global.lua │ │ │ └── rss_rule.lua │ │ └── view │ │ └── koolproxy │ │ ├── cadvalue.htm │ │ ├── caupload.htm │ │ ├── dvalue.htm │ │ ├── feedback.htm │ │ └── index.htm │ ├── sbin │ └── adblockplus │ └── share │ └── koolproxy │ ├── adblock.conf │ ├── camanagement │ ├── data │ ├── gen_ca.sh │ ├── openssl.cnf │ ├── rules │ │ └── user.txt │ ├── source.list │ └── user.txt │ ├── dnsmasq.adblock │ ├── koolproxy_ipset.conf │ └── kpupdate ├── koolproxy.txt └── koolproxyupdate.sh /Makefile: -------------------------------------------------------------------------------- 1 | include $(TOPDIR)/rules.mk 2 | 3 | PKG_NAME:=luci-app-koolproxyR 4 | PKG_VERSION:=3.8.4 5 | PKG_RELEASE:=5-20200331 6 | 7 | PKG_MAINTAINER:=panda-mute 8 | PKG_LICENSE:=GPLv3 9 | PKG_LICENSE_FILES:=LICENSE 10 | 11 | PKG_BUILD_PARALLEL:=1 12 | 13 | RSTRIP:=true 14 | 15 | include $(INCLUDE_DIR)/package.mk 16 | 17 | define Package/luci-app-koolproxyR 18 | SECTION:=luci 19 | CATEGORY:=LuCI 20 | SUBMENU:=3. Applications 21 | TITLE:=LuCI support for koolproxyR 22 | DEPENDS:=+openssl-util +ipset +dnsmasq-full +@BUSYBOX_CONFIG_DIFF +iptables-mod-nat-extra +wget 23 | MAINTAINER:=panda-mute 24 | endef 25 | 26 | define Package/luci-app-koolproxyR/description 27 | This package contains LuCI configuration pages for koolproxy. 28 | endef 29 | 30 | define Build/Compile 31 | endef 32 | 33 | define Package/luci-app-koolproxyR/postinst 34 | #!/bin/sh 35 | if [ -z "$${IPKG_INSTROOT}" ]; then 36 | ( . /etc/uci-defaults/luci-koolproxy ) && rm -f /etc/uci-defaults/luci-koolproxy 37 | rm -f /tmp/luci-indexcache 38 | fi 39 | exit 0 40 | endef 41 | 42 | define Package/luci-app-koolproxyR/install 43 | $(INSTALL_DIR) $(1)/etc/uci-defaults 44 | $(INSTALL_DIR) $(1)/etc/config 45 | $(INSTALL_DIR) $(1)/etc/adblocklist 46 | $(INSTALL_DIR) $(1)/etc/init.d 47 | $(INSTALL_DIR) $(1)/lib/upgrade/keep.d 48 | $(INSTALL_DIR) $(1)/usr/lib/lua/luci/i18n/ 49 | $(INSTALL_DIR) $(1)/usr/lib/lua/luci/controller 50 | $(INSTALL_DIR) $(1)/usr/lib/lua/luci/model/cbi/koolproxy 51 | $(INSTALL_DIR) $(1)/usr/lib/lua/luci/view 52 | $(INSTALL_DIR) $(1)/usr/lib/lua/luci/view/koolproxy 53 | $(INSTALL_DIR) $(1)/usr/sbin 54 | $(INSTALL_DIR) $(1)/usr/share/koolproxy 55 | $(INSTALL_DIR) $(1)/usr/share/koolproxy/data 56 | $(INSTALL_DIR) $(1)/usr/share/koolproxy/data/rules/ 57 | 58 | $(INSTALL_BIN) ./files/etc/uci-defaults/luci-koolproxy $(1)/etc/uci-defaults/luci-koolproxy 59 | $(INSTALL_BIN) ./files/etc/init.d/* $(1)/etc/init.d/ 60 | $(INSTALL_DATA) ./files/etc/config/* $(1)/etc/config/ 61 | $(INSTALL_DATA) ./files/etc/adblocklist/* $(1)/etc/adblocklist/ 62 | $(INSTALL_DATA) ./files/lib/upgrade/keep.d/koolproxy $(1)/lib/upgrade/keep.d/ 63 | $(INSTALL_DATA) ./files/usr/lib/lua/luci/model/cbi/koolproxy/global.lua $(1)/usr/lib/lua/luci/model/cbi/koolproxy/global.lua 64 | $(INSTALL_DATA) ./files/usr/lib/lua/luci/model/cbi/koolproxy/rss_rule.lua $(1)/usr/lib/lua/luci/model/cbi/koolproxy/rss_rule.lua 65 | $(INSTALL_DATA) ./files/usr/lib/lua/luci/controller/koolproxy.lua $(1)/usr/lib/lua/luci/controller/koolproxy.lua 66 | $(INSTALL_DATA) ./files/usr/lib/lua/luci/view/koolproxy/* $(1)/usr/lib/lua/luci/view/koolproxy/ 67 | $(INSTALL_DATA) ./files/usr/lib/lua/luci/i18n/koolproxy.zh-cn.lmo $(1)/usr/lib/lua/luci/i18n/koolproxy.zh-cn.lmo 68 | $(INSTALL_BIN) ./files/usr/sbin/* $(1)/usr/sbin/ 69 | $(INSTALL_BIN) ./files/usr/share/koolproxy/data/gen_ca.sh $(1)/usr/share/koolproxy/data/ 70 | $(INSTALL_DATA) ./files/usr/share/koolproxy/data/openssl.cnf $(1)/usr/share/koolproxy/data/ 71 | $(INSTALL_DATA) ./files/usr/share/koolproxy/data/user.txt $(1)/usr/share/koolproxy/data/ 72 | $(INSTALL_DATA) ./files/usr/share/koolproxy/data/source.list $(1)/usr/share/koolproxy/data/ 73 | $(INSTALL_DATA) ./files/usr/share/koolproxy/data/rules/* $(1)/usr/share/koolproxy/data/rules/ 74 | $(INSTALL_BIN) ./files/usr/share/koolproxy/camanagement $(1)/usr/share/koolproxy/camanagement 75 | $(INSTALL_BIN) ./files/usr/share/koolproxy/kpupdate $(1)/usr/share/koolproxy/kpupdate 76 | $(INSTALL_DATA) ./files/usr/share/koolproxy/koolproxy_ipset.conf $(1)/usr/share/koolproxy/koolproxy_ipset.conf 77 | $(INSTALL_DATA) ./files/usr/share/koolproxy/dnsmasq.adblock $(1)/usr/share/koolproxy/dnsmasq.adblock 78 | ifeq ($(ARCH),mipsel) 79 | $(INSTALL_BIN) ./files/bin/mipsel $(1)/usr/share/koolproxy/koolproxy 80 | endif 81 | ifeq ($(ARCH),mips) 82 | $(INSTALL_BIN) ./files/bin/mips $(1)/usr/share/koolproxy/koolproxy 83 | endif 84 | ifeq ($(ARCH),i386) 85 | $(INSTALL_BIN) ./files/bin/i386 $(1)/usr/share/koolproxy/koolproxy 86 | endif 87 | ifeq ($(ARCH),x86_64) 88 | $(INSTALL_BIN) ./files/bin/x86_64 $(1)/usr/share/koolproxy/koolproxy 89 | endif 90 | ifeq ($(ARCH),arm) 91 | $(INSTALL_BIN) ./files/bin/arm $(1)/usr/share/koolproxy/koolproxy 92 | endif 93 | endef 94 | 95 | $(eval $(call BuildPackage,luci-app-koolproxyR)) 96 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | ## 准备工作: 3 | 先运行:
4 | `opkg install openssl-util ipset dnsmasq-full diffutils iptables-mod-nat-extra wget ca-bundle ca-certificates libustream-openssl`
5 | 手动安装以上依赖包
6 | * 如果没有 **openssl** ,就不能正常生成证书,导致https过滤失败! 7 | * 如果没有 **ipset, dnsmasq-full, diffutils**,黑名单模式也会出现问题!(ipset 需要版本6),如果你的固件的busybox带有支持diff支持,那么diffutils包可以不安装 8 | * 如果没有 **iptables-mod-nat-extra** ,会导致mac过滤失效! 9 | * 如果没有 **wget, ca-bundle, ca-certificates, libustream-openssl** ,会导致规则文件更新失败,host规则条数变为0,如果你的固件的busybox带有支持https的wget,那么这几个包可以不安装 10 | 11 | ## 使用方法 12 | ```Brach 13 | #源码根目录,进入package文件夹 14 | cd package 15 | #下载源码 16 | git clone https://github.com/Ameykyl/luci-app-koolproxyR 17 | #回到源码根目录 18 | cd .. 19 | make menuconfig 20 | #编译 21 | make package/luci-app-koolproxyR/{clean,compile} V=s 22 | 23 | 24 | 25 | 26 | 27 | 28 | -------------------------------------------------------------------------------- /files/bin/arm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/immortalwrt-collections/luci-app-koolproxyR/045e1395f86786fcc8f95294dd3534db46b92cca/files/bin/arm -------------------------------------------------------------------------------- /files/bin/i386: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/immortalwrt-collections/luci-app-koolproxyR/045e1395f86786fcc8f95294dd3534db46b92cca/files/bin/i386 -------------------------------------------------------------------------------- /files/bin/mips: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/immortalwrt-collections/luci-app-koolproxyR/045e1395f86786fcc8f95294dd3534db46b92cca/files/bin/mips -------------------------------------------------------------------------------- /files/bin/mipsel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/immortalwrt-collections/luci-app-koolproxyR/045e1395f86786fcc8f95294dd3534db46b92cca/files/bin/mipsel -------------------------------------------------------------------------------- /files/bin/x86_64: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/immortalwrt-collections/luci-app-koolproxyR/045e1395f86786fcc8f95294dd3534db46b92cca/files/bin/x86_64 -------------------------------------------------------------------------------- /files/etc/adblocklist/adblock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/immortalwrt-collections/luci-app-koolproxyR/045e1395f86786fcc8f95294dd3534db46b92cca/files/etc/adblocklist/adblock -------------------------------------------------------------------------------- /files/etc/adblocklist/adblockip: -------------------------------------------------------------------------------- 1 | 61.160.200.252 -------------------------------------------------------------------------------- /files/etc/adblocklist/adbypass: -------------------------------------------------------------------------------- 1 | v2ex.com 2 | -------------------------------------------------------------------------------- /files/etc/adblocklist/adbypassip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/immortalwrt-collections/luci-app-koolproxyR/045e1395f86786fcc8f95294dd3534db46b92cca/files/etc/adblocklist/adbypassip -------------------------------------------------------------------------------- /files/etc/config/koolproxy: -------------------------------------------------------------------------------- 1 | 2 | config global 3 | option time_update '4' 4 | option koolproxy_port '0' 5 | option startup_delay '5' 6 | option enabled '0' 7 | option koolproxy_ipv6 '0' 8 | option koolproxy_mode '1' 9 | option koolproxy_rules 'easylistchina.txt fanboy.txt yhosts.txt koolproxy.txt daily.txt kp.dat user.txt' 10 | option koolproxy_acl_default '3' 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /files/etc/init.d/koolproxy: -------------------------------------------------------------------------------- 1 | #!/bin/sh /etc/rc.common 2 | # 3 | # Copyright (C) 2015 OpenWrt-dist 4 | # Copyright (C) 2016 fw867 5 | # 6 | # This is free software, licensed under the GNU General Public License v3. 7 | # See /LICENSE for more information. 8 | # 9 | 10 | START=99 11 | USE_PROCD=1 12 | 13 | CONFIG=koolproxy 14 | KP_DIR=/usr/share/koolproxy 15 | TMP_DIR=/tmp 16 | 17 | alias echo_date='echo $(date +%Y年%m月%d日\ %X):' 18 | 19 | config_n_get() { 20 | local ret=$(uci get $CONFIG.$1.$2 2>/dev/null) 21 | echo ${ret:=$3} 22 | } 23 | 24 | config_t_get() { 25 | local index=0 26 | [ -n "$4" ] && index=$4 27 | local ret=$(uci get $CONFIG.@$1[$index].$2 2>/dev/null) 28 | echo ${ret:=$3} 29 | } 30 | 31 | add_ipset_conf() { 32 | if [ -s /etc/adblocklist/adbypass ]; then 33 | echo_date 添加白名单软连接... 34 | cat /etc/adblocklist/adbypass | sed "s/,/\n/g" | sed "s/^/ipset=&\/./g" | sed "s/$/\/white_kp_list/g" >> /tmp/adbypass.conf 35 | rm -rf /tmp/dnsmasq.d/adbypass.conf 36 | ln -sf /tmp/adbypass.conf /tmp/dnsmasq.d/adbypass.conf 37 | 38 | dnsmasq_restart=1 39 | fi 40 | 41 | if [ "$koolproxy_mode" == "2" ]; then 42 | if [ "$koolproxy_host" == "1" ];then 43 | echo_date 添加Adblock Plus Host软连接... 44 | ln -sf $KP_DIR/dnsmasq.adblock /tmp/dnsmasq.d/dnsmasq.adblock 45 | fi 46 | 47 | echo_date 添加黑名单软连接... 48 | rm -rf /tmp/dnsmasq.d/koolproxy_ipset.conf 49 | ln -sf $KP_DIR/koolproxy_ipset.conf /tmp/dnsmasq.d/koolproxy_ipset.conf 50 | 51 | echo_date 添加自定义黑名单软连接... 52 | if [ -s /etc/adblocklist/adblock ]; then 53 | cat /etc/adblocklist/adblock | sed "s/,/\n/g" | sed "s/^/ipset=&\/./g" | sed "s/$/\/black_koolproxy/g" >> /tmp/adblock.conf 54 | rm -rf /tmp/dnsmasq.d/adblock.conf 55 | ln -sf /tmp/adblock.conf /tmp/dnsmasq.d/adblock.conf 56 | fi 57 | 58 | dnsmasq_restart=1 59 | fi 60 | } 61 | 62 | remove_ipset_conf() { 63 | if [ -L "/tmp/dnsmasq.d/adbypass.conf" ]; then 64 | echo_date 移除白名单软连接... 65 | rm -rf /tmp/adbypass.conf 66 | rm -rf /tmp/dnsmasq.d/adbypass.conf 67 | dnsmasq_restart=1 68 | fi 69 | 70 | if [ -L "/tmp/dnsmasq.d/koolproxy_ipset.conf" ]; then 71 | echo_date 移除黑名单软连接... 72 | rm -rf /tmp/dnsmasq.d/koolproxy_ipset.conf 73 | dnsmasq_restart=1 74 | fi 75 | 76 | if [ -L "/tmp/dnsmasq.d/adblock.conf" ]; then 77 | echo_date 移除自定义黑名单软连接... 78 | rm -rf /tmp/dnsmasq.d/adblock.conf 79 | rm -rf /tmp/adblock.conf 80 | dnsmasq_restart=1 81 | fi 82 | 83 | if [ -L "/tmp/dnsmasq.d/dnsmasq.adblock" ]; then 84 | echo_date 移除Adblock Plus Host软连接... 85 | rm -rf /tmp/dnsmasq.d/dnsmasq.adblock 86 | dnsmasq_restart=1 87 | fi 88 | } 89 | 90 | 91 | restart_dnsmasq() { 92 | if [ "$dnsmasq_restart" == "1" ]; then 93 | echo_date 重启dnsmasq进程... 94 | /etc/init.d/dnsmasq restart > /dev/null 2>&1 95 | fi 96 | } 97 | 98 | creat_ipset() { 99 | echo_date 创建ipset名单 100 | # Load ipset netfilter kernel modules and kernel modules 101 | ipset -! create white_kp_list nethash 102 | ipset -! create black_koolproxy iphash 103 | cat $KP_DIR/data/rules/yhosts.txt $KP_DIR/data/rules/easylistchina.txt $KP_DIR/data/rules/fanboy.txt $KP_DIR/data/rules/koolproxy.txt $KP_DIR/data/rules/daily.txt $KP_DIR/data/rules/user.txt | grep -Eo "(.\w+\:[1-9][0-9]{1,4})/" | grep -Eo "([0-9]{1,5})" | sort -un | sed -e '$a\80' -e '$a\443' | sed -e "s/^/-A kp_full_port &/g" -e "1 i\-N kp_full_port bitmap:port range 0-65535 " | ipset -R -! 104 | } 105 | 106 | add_white_black_ip() { 107 | echo_date 添加ipset名单 108 | ip_lan="0.0.0.0/8 10.0.0.0/8 100.64.0.0/10 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16 224.0.0.0/4 240.0.0.0/4" 109 | for ip in $ip_lan 110 | do 111 | ipset -A white_kp_list $ip >/dev/null 2>&1 112 | 113 | done 114 | sed -e "s/^/add white_kp_list &/g" /etc/adblocklist/adbypassip | awk '{print $0} END{print "COMMIT"}' | ipset -R 2>/dev/null 115 | ipset -A black_koolproxy 110.110.110.110 >/dev/null 2>&1 116 | sed -e "s/^/add black_koolproxy &/g" /etc/adblocklist/adblockip | awk '{print $0} END{print "COMMIT"}' | ipset -R 2>/dev/null 117 | } 118 | 119 | load_config() { 120 | ENABLED=$(config_t_get global enabled 0) 121 | [ $ENABLED -ne 1 ] && return 0 122 | koolproxy_mode=$(config_t_get global koolproxy_mode 1) 123 | koolproxy_host=$(config_t_get global koolproxy_host 0) 124 | koolproxy_acl_default=$(config_t_get global koolproxy_acl_default 1) 125 | koolproxy_port=$(config_t_get global koolproxy_port 0) 126 | koolproxy_bp_port=$(config_t_get global koolproxy_bp_port) 127 | koolproxy_ipv6=$(config_t_get global koolproxy_ipv6 0) 128 | config_load $CONFIG 129 | return 1 130 | } 131 | 132 | __load_lan_acl() { 133 | local mac 134 | local ipaddr 135 | local proxy_mode 136 | config_get mac $1 mac 137 | config_get ipaddr $1 ipaddr 138 | config_get proxy_mode $1 proxy_mode 139 | [ -n "$ipaddr" ] && [ -z "$mac" ] && echo_date 加载ACL规则:【$ipaddr】模式为:$(get_mode_name $proxy_mode) 140 | [ -z "$ipaddr" ] && [ -n "$mac" ] && echo_date 加载ACL规则:【$mac】模式为:$(get_mode_name $proxy_mode) 141 | [ -n "$ipaddr" ] && [ -n "$mac" ] && echo_date 加载ACL规则:【$ipaddr】【$mac】模式为:$(get_mode_name $proxy_mode) 142 | #echo iptables -t nat -A KOOLPROXY $(factor $ipaddr "-s") $(factor $mac "-m mac --mac-source") -p tcp $(get_jump_mode $proxy_mode) $(get_action_chain $proxy_mode) 143 | iptables -t nat -A KOOLPROXY $(factor $ipaddr "-s") $(factor $mac "-m mac --mac-source") -p tcp $(get_jump_mode $proxy_mode) $(get_action_chain $proxy_mode) 144 | 145 | acl_nu=`expr $acl_nu + 1` 146 | } 147 | 148 | lan_acess_control() { 149 | acl_nu=0 150 | [ -z "$koolproxy_acl_default" ] && koolproxy_acl_default=1 151 | config_foreach __load_lan_acl acl_rule 152 | if [ $acl_nu -ne 0 ]; then 153 | echo_date 加载ACL规则:其余主机模式为:$(get_mode_name $koolproxy_acl_default) 154 | else 155 | echo_date 加载ACL规则:所有模式为:$(get_mode_name $koolproxy_acl_default) 156 | fi 157 | } 158 | 159 | __load_exrule() { 160 | local file 161 | local exrule 162 | local enable 163 | config_get file $1 file 164 | config_get exrule $1 url 165 | config_get enable $1 load 166 | if [ -n "$exrule" ]; then 167 | if [ $enable -ne 1 ]; then 168 | [ -n "$file" ] && [ -f $KP_DIR/data/rules/$file ] && rm -f $KP_DIR/data/rules/$file 169 | uci set koolproxy.$1.time="" 170 | uci commit koolproxy 171 | return 172 | fi 173 | 174 | if [ -z "$file" ]; then 175 | file=$(echo $exrule |awk -F "/" '{print $NF}') 176 | uci set koolproxy.$1.file="$file" 177 | uci commit koolproxy 178 | fi 179 | 180 | if [ ! -f $KP_DIR/data/rules/$file ]; then 181 | wget-ssl --quiet --timeout=5 --no-check-certificate $exrule -O $TMP_DIR/$file 182 | if [ "$?" == "0" ]; then 183 | uci set koolproxy.$1.time="`date +%Y-%m-%d" "%H:%M`" 184 | uci commit koolproxy 185 | mv $TMP_DIR/$file $KP_DIR/data/rules/$file 186 | else 187 | echo "koolproxy download rule $file failed!" 188 | [ -f $TMP_DIR/$file ] && rm -f $TMP_DIR/$file 189 | fi 190 | fi 191 | cat $KP_DIR/data/rules/$file >>$KP_DIR/data/rules/user.txt 192 | fi 193 | } 194 | 195 | load_user_rules() { 196 | cp $KP_DIR/data/user.txt $KP_DIR/data/rules/user.txt 197 | config_foreach __load_exrule rss_rule 198 | } 199 | 200 | load_rules() { 201 | sed -i '1,7s/1/0/g' $KP_DIR/data/source.list 202 | 203 | local rulelist="$(uci -q get koolproxy.@global[0].koolproxy_rules)" 204 | for rule in $rulelist 205 | do 206 | case "$rule" in 207 | yhosts.txt) 208 | sed -i '1s/0/1/g' $KP_DIR/data/source.list 209 | ;; 210 | kp.dat) 211 | sed -i '2s/0/1/g' $KP_DIR/data/source.list 212 | ;; 213 | daily.txt) 214 | sed -i '3s/0/1/g' $KP_DIR/data/source.list 215 | ;; 216 | koolproxy.txt) 217 | sed -i '4s/0/1/g' $KP_DIR/data/source.list 218 | ;; 219 | user.txt) 220 | sed -i '5s/0/1/g' $KP_DIR/data/source.list 221 | ;; 222 | easylistchina.txt) 223 | sed -i '6s/0/1/g' $KP_DIR/data/source.list 224 | ;; 225 | fanboy.txt) 226 | sed -i '7s/0/1/g' $KP_DIR/data/source.list 227 | ;; 228 | esac 229 | done 230 | 231 | local rulelist="$(uci -q get koolproxy.@global[0].thirdparty_rules)" 232 | for rule in $rulelist 233 | do 234 | case "$rule" in 235 | easylistchina.txt) 236 | sed -i '8s/0/1/g' $KP_DIR/data/source.list 237 | ;; 238 | chengfeng.txt) 239 | sed -i '9s/0/1/g' $KP_DIR/data/source.list 240 | ;; 241 | fanboy.txt) 242 | sed -i '10s/0/1/g' $KP_DIR/data/source.list 243 | ;; 244 | esac 245 | done 246 | } 247 | 248 | get_mode_name() { 249 | case "$1" in 250 | 0) 251 | echo "不过滤" 252 | ;; 253 | 1) 254 | echo "http模式" 255 | ;; 256 | 2) 257 | echo "http + https" 258 | ;; 259 | 3) 260 | echo "full port" 261 | ;; 262 | esac 263 | } 264 | 265 | get_jump_mode() { 266 | case "$1" in 267 | 0) 268 | echo "-j" 269 | ;; 270 | *) 271 | echo "-g" 272 | ;; 273 | esac 274 | } 275 | 276 | get_action_chain() { 277 | case "$1" in 278 | 0) 279 | echo "RETURN" 280 | ;; 281 | 1) 282 | echo "KP_HTTP" 283 | ;; 284 | 2) 285 | echo "KP_HTTPS" 286 | ;; 287 | 3) 288 | echo "KP_ALL_PORT" 289 | ;; 290 | esac 291 | } 292 | 293 | factor() { 294 | if [ -z "$1" ] || [ -z "$2" ]; then 295 | echo "" 296 | else 297 | echo "$2 $1" 298 | fi 299 | } 300 | 301 | load_nat() { 302 | echo_date 加载nat规则! 303 | #----------------------BASIC RULES--------------------- 304 | echo_date 写入iptables规则到nat表中... 305 | # 创建KOOLPROXY nat rule 306 | iptables -t nat -N KOOLPROXY 307 | # 局域网地址不走KP 308 | iptables -t nat -A KOOLPROXY -m set --match-set white_kp_list dst -j RETURN 309 | # 生成对应CHAIN 310 | iptables -t nat -N KP_HTTP 311 | iptables -t nat -A KP_HTTP -p tcp -m multiport --dport 80 -j REDIRECT --to-ports 3000 312 | iptables -t nat -N KP_HTTPS 313 | iptables -t nat -A KP_HTTPS -p tcp -m multiport --dport 80,443 -j REDIRECT --to-ports 3000 314 | iptables -t nat -N KP_ALL_PORT 315 | #iptables -t nat -A KP_ALL_PORT -p tcp -j REDIRECT --to-ports 3000 316 | # 端口控制 317 | if [ "$koolproxy_port" == "1" ]; then 318 | echo_date 开启端口控制:【$koolproxy_bp_port】 319 | if [ -n "$koolproxy_bp_port" ]; then 320 | iptables -t nat -A KP_ALL_PORT -p tcp -m multiport ! --dport $koolproxy_bp_port -m set --match-set kp_full_port dst -j REDIRECT --to-ports 3000 321 | else 322 | iptables -t nat -A KP_ALL_PORT -p tcp -m set --match-set kp_full_port dst -j REDIRECT --to-ports 3000 323 | fi 324 | else 325 | iptables -t nat -A KP_ALL_PORT -p tcp -m set --match-set kp_full_port dst -j REDIRECT --to-ports 3000 326 | fi 327 | [ "$koolproxy_ipv6" == "1" ] && ip6tables -t nat -I PREROUTING -p tcp -j REDIRECT --to-ports 3000 328 | # 局域网控制 329 | lan_acess_control 330 | # 剩余流量转发到缺省规则定义的链中 331 | iptables -t nat -A KOOLPROXY -p tcp -j $(get_action_chain $koolproxy_acl_default) 332 | # 重定所有流量到 KOOLPROXY 333 | # 全局模式和视频模式 334 | [ "$koolproxy_mode" == "1" ] || [ "$koolproxy_mode" == "3" ] && iptables -t nat -I PREROUTING 1 -p tcp -j KOOLPROXY 335 | # ipset 黑名单模式 336 | [ "$koolproxy_mode" == "2" ] && iptables -t nat -I PREROUTING 1 -p tcp -m set --match-set black_koolproxy dst -j KOOLPROXY 337 | } 338 | 339 | add_cru() { 340 | time=$(config_t_get global time_update) 341 | wirtecron=$(cat /etc/crontabs/root | grep "00 $time * * *" | grep kpupdate) 342 | if [ -z "$wirtecron" ];then 343 | sed -i '/kpupdate/d' /etc/crontabs/root >/dev/null 2>&1 344 | echo "0 $time * * * /usr/share/koolproxy/kpupdate" >> /etc/crontabs/root 345 | fi 346 | } 347 | 348 | del_cru() { 349 | sed -i '/kpupdate/d' /etc/crontabs/root >/dev/null 2>&1 350 | } 351 | 352 | detect_cert(){ 353 | if [ ! -f $KP_DIR/data/private/ca.key.pem -o ! -f $KP_DIR/data/cert/ca.crt ]; then 354 | echo_date 开始生成koolproxy证书,用于https过滤! 355 | cd $KP_DIR/data && sh gen_ca.sh 356 | fi 357 | } 358 | 359 | flush_nat() { 360 | echo_date 移除nat规则... 361 | cd $TMP_DIR 362 | iptables -t nat -S | grep -E "KOOLPROXY|KP_HTTP|KP_HTTPS|KP_ALL_PORT" | sed 's/-A/iptables -t nat -D/g'|sed 1,4d > clean.sh && chmod 777 clean.sh && ./clean.sh 363 | [ -f $TMP_DIR/clean.sh ] && rm -f $TMP_DIR/clean.sh 364 | iptables -t nat -X KOOLPROXY > /dev/null 2>&1 365 | iptables -t nat -X KP_HTTP > /dev/null 2>&1 366 | iptables -t nat -X KP_HTTPS > /dev/null 2>&1 367 | iptables -t nat -X KP_ALL_PORT > /dev/null 2>&1 368 | ipset -F black_koolproxy > /dev/null 2>&1 && ipset -X black_koolproxy > /dev/null 2>&1 369 | ipset -F white_kp_list > /dev/null 2>&1 && ipset -X white_kp_list > /dev/null 2>&1 370 | ip6tables -t nat -D PREROUTING -p tcp -j REDIRECT --to-ports 3000 > /dev/null 2>&1 371 | } 372 | 373 | export_ipt_rules() { 374 | FWI=$(uci get firewall.koolproxy.path 2>/dev/null) 375 | [ -n "$FWI" ] || return 0 376 | cat <<-CAT >>$FWI 377 | iptables-save -c | grep -v -E "KOOLPROXY|KP" | iptables-restore -c 378 | iptables-restore -n <<-EOF 379 | $(iptables-save | grep -E "KOOLPROXY|KP|^\*|^COMMIT" |\ 380 | sed -e "s/^-A \(PREROUTING\)/-I \1 1/") 381 | EOF 382 | CAT 383 | return $? 384 | } 385 | 386 | flush_ipt_rules() { 387 | FWI=$(uci get firewall.koolproxy.path 2>/dev/null) 388 | [ -n "$FWI" ] && echo '# firewall include file' >$FWI 389 | return 0 390 | } 391 | 392 | pre_start() { 393 | load_config 394 | [ $? -ne 1 ] && return 0 395 | iptables -t nat -C PREROUTING -p tcp -j KOOLPROXY 2>/dev/null && [ $? -eq 0 ] && return 0; 396 | detect_cert 397 | load_rules 398 | load_user_rules 399 | add_ipset_conf && restart_dnsmasq 400 | creat_ipset 401 | add_white_black_ip 402 | load_nat 403 | flush_ipt_rules && export_ipt_rules 404 | add_cru 405 | [ "$koolproxy_mode" == "1" ] && echo_date 选择【全局过滤模式】 406 | [ "$koolproxy_mode" == "2" ] && echo_date 选择【IPSET过滤模式】 407 | if [ "$koolproxy_mode" == "3" ]; then 408 | echo_date 选择【视频过滤模式】 409 | sed -i '1s/1/0/g;2s/1/0/g' $KP_DIR/data/source.list 410 | fi 411 | return 1 412 | } 413 | 414 | post_stop() { 415 | load_config 416 | [ $? -ne 1 ] && NO_RESTART_DNSMASQ=false 417 | if [ $NO_RESTART_DNSMASQ ]; then 418 | remove_ipset_conf 419 | else 420 | remove_ipset_conf && restart_dnsmasq 421 | fi 422 | flush_ipt_rules 423 | flush_nat 424 | del_cru 425 | return 0 426 | } 427 | 428 | start_service() { 429 | echo_date ================== koolproxy启用 ================ 430 | pre_start 431 | [ $? -ne 1 ] && return 0 432 | 433 | procd_open_instance 434 | procd_set_param command /usr/share/koolproxy/koolproxy 435 | procd_append_param command --mark 436 | procd_append_param command --ttl 160 437 | procd_append_param command --ipv6 438 | 439 | procd_set_param respawn 440 | 441 | procd_set_param file /etc/adblocklist/adblock 442 | procd_set_param file /etc/adblocklist/adblockip 443 | procd_set_param file /usr/share/koolproxy/data/user.txt 444 | procd_set_param stdout 1 445 | procd_set_param stderr 1 446 | procd_close_instance 447 | 448 | logger "koolproxy has started." 449 | echo_date ================================================= 450 | } 451 | 452 | stop_service() { 453 | echo_date ====================== 关闭 ===================== 454 | post_stop 455 | logger "koolproxy has stopped." 456 | echo_date ================================================= 457 | } 458 | 459 | reload_service() { 460 | logger "koolproxy reload service." 461 | NO_RESTART_DNSMASQ=true 462 | stop 463 | start 464 | } 465 | 466 | service_triggers() { 467 | procd_add_reload_trigger "koolproxy" 468 | } 469 | 470 | restart() { 471 | logger "koolproxy restart service." 472 | NO_RESTART_DNSMASQ=true 473 | stop 474 | start 475 | } 476 | 477 | boot() { 478 | local delay=$(config_t_get global startup_delay 0) 479 | (sleep $delay && start >/dev/null 2>&1) & 480 | return 0 481 | } 482 | -------------------------------------------------------------------------------- /files/etc/uci-defaults/luci-koolproxy: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | uci -q batch <<-EOF >/dev/null 4 | delete ucitrack.@koolproxy[-1] 5 | add ucitrack koolproxy 6 | set ucitrack.@koolproxy[-1].init=koolproxy 7 | commit ucitrack 8 | delete firewall.koolproxy 9 | set firewall.koolproxy=include 10 | set firewall.koolproxy.type=script 11 | set firewall.koolproxy.path=/var/etc/koolproxy.include 12 | set firewall.koolproxy.reload=1 13 | commit firewall 14 | EOF 15 | 16 | rm -f /tmp/luci-indexcache 17 | exit 0 18 | -------------------------------------------------------------------------------- /files/lib/upgrade/keep.d/koolproxy: -------------------------------------------------------------------------------- 1 | /usr/share/koolproxy/data/certs/ca.crt 2 | /usr/share/koolproxy/data/private/base.key.pem 3 | /usr/share/koolproxy/data/private/ca.key.pem 4 | -------------------------------------------------------------------------------- /files/usr/lib/lua/luci/controller/koolproxy.lua: -------------------------------------------------------------------------------- 1 | module("luci.controller.koolproxy",package.seeall) 2 | function index() 3 | if not nixio.fs.access("/etc/config/koolproxy")then 4 | return 5 | end 6 | entry({"admin","services","koolproxy"},cbi("koolproxy/global"),_("KoolProxyR plus+"),1).dependent=true 7 | entry({"admin","services","koolproxy","rss_rule"},cbi("koolproxy/rss_rule"), nil).leaf=true 8 | end 9 | -------------------------------------------------------------------------------- /files/usr/lib/lua/luci/i18n/koolproxy.zh-cn.lmo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/immortalwrt-collections/luci-app-koolproxyR/045e1395f86786fcc8f95294dd3534db46b92cca/files/usr/lib/lua/luci/i18n/koolproxy.zh-cn.lmo -------------------------------------------------------------------------------- /files/usr/lib/lua/luci/model/cbi/koolproxy/global.lua: -------------------------------------------------------------------------------- 1 | -- Copyright 2018 Nick Peng (pymumu@gmail.com) 2 | 3 | require ("nixio.fs") 4 | require ("luci.http") 5 | require ("luci.dispatcher") 6 | require ("nixio.fs") 7 | 8 | local fs = require "nixio.fs" 9 | local sys = require "luci.sys" 10 | local http = require "luci.http" 11 | 12 | 13 | local o,t,e 14 | local v=luci.sys.exec("/usr/share/koolproxy/koolproxy -v") 15 | local a=luci.sys.exec("head -3 /usr/share/koolproxy/data/rules/koolproxy.txt | grep rules | awk -F' ' '{print $3,$4}'") 16 | local b=luci.sys.exec("head -4 /usr/share/koolproxy/data/rules/koolproxy.txt | grep video | awk -F' ' '{print $3,$4}'") 17 | local c=luci.sys.exec("head -3 /usr/share/koolproxy/data/rules/daily.txt | grep rules | awk -F' ' '{print $3,$4}'") 18 | local s=luci.sys.exec("grep -v !x /usr/share/koolproxy/data/rules/easylistchina.txt | wc -l") 19 | local u=luci.sys.exec("grep -v !x /usr/share/koolproxy/data/rules/fanboy.txt | wc -l") 20 | local p=luci.sys.exec("grep -v !x /usr/share/koolproxy/data/rules/yhosts.txt | wc -l") 21 | local h=luci.sys.exec("grep -v '^!' /usr/share/koolproxy/data/rules/user.txt | wc -l") 22 | local l=luci.sys.exec("grep -v !x /usr/share/koolproxy/data/rules/koolproxy.txt | wc -l") 23 | local q=luci.sys.exec("grep -v !x /usr/share/koolproxy/data/rules/daily.txt | wc -l") 24 | local i=luci.sys.exec("cat /usr/share/koolproxy/dnsmasq.adblock | wc -l") 25 | 26 | 27 | if luci.sys.call("pidof koolproxy >/dev/null") == 0 then 28 | status = translate("KoolProxyR plus+ 运行中") 29 | else 30 | status = translate("KoolProxyR plus+ 已停止") 31 | end 32 | 33 | o = Map("koolproxy", translate("KoolProxyR plus+ "), translate("KoolProxyR plus+是能识别adblock规则的免费开源软件,追求体验更快、更清洁的网络,屏蔽烦人的广告

")) 34 | 35 | 36 | t = o:section(TypedSection, "global") 37 | t.anonymous = true 38 | t.description = translate(string.format("%s

", status)) 39 | 40 | t:tab("base",translate("Basic Settings")) 41 | 42 | e = t:taboption("base", Flag, "enabled", translate("Enable")) 43 | e.default = 0 44 | e.rmempty = false 45 | 46 | e = t:taboption("base", DummyValue, "koolproxy_status", translate("程序版本")) 47 | e.value = string.format("[ %s ]", v) 48 | 49 | e = t:taboption("base", Value, "startup_delay", translate("Startup Delay")) 50 | e:value(0, translate("Not enabled")) 51 | for _, v in ipairs({5, 10, 15, 25, 40}) do 52 | e:value(v, translate("%u seconds") %{v}) 53 | end 54 | e.datatype = "uinteger" 55 | e.default = 0 56 | e.rmempty = false 57 | 58 | e = t:taboption("base", ListValue, "koolproxy_mode", translate("Filter Mode")) 59 | e.default = 1 60 | e.rmempty = false 61 | e:value(1, translate("全局模式")) 62 | e:value(2, translate("IPSET模式")) 63 | e:value(3, translate("视频模式")) 64 | 65 | e = t:taboption("base", MultiValue, "koolproxy_rules", translate("内置规则")) 66 | e.optional = false 67 | e.rmempty = false 68 | e:value("easylistchina.txt", translate("ABP规则")) 69 | e:value("fanboy.txt", translate("fanboy规则")) 70 | e:value("yhosts.txt", translate("yhosts规则")) 71 | e:value("koolproxy.txt", translate("静态规则")) 72 | e:value("daily.txt", translate("每日规则")) 73 | e:value("kp.dat", translate("视频规则")) 74 | e:value("user.txt", translate("自定义规则")) 75 | 76 | e = t:taboption("base", ListValue, "koolproxy_port", translate("端口控制")) 77 | e.default = 0 78 | e.rmempty = false 79 | e:value(0, translate("关闭")) 80 | e:value(1, translate("开启")) 81 | 82 | e = t:taboption("base", ListValue, "koolproxy_ipv6", translate("IPv6支持")) 83 | e.default = 0 84 | e.rmempty = false 85 | e:value(0, translate("关闭")) 86 | e:value(1, translate("开启")) 87 | 88 | e = t:taboption("base", Value, "koolproxy_bp_port", translate("例外端口")) 89 | e:depends("koolproxy_port", "1") 90 | e.rmempty = false 91 | e.description = translate(string.format("单端口:80  多端口:80,443")) 92 | 93 | e=t:taboption("base",Flag,"koolproxy_host",translate("开启Adblock Plus Hosts")) 94 | e.default=0 95 | e:depends("koolproxy_mode","2") 96 | 97 | 98 | e = t:taboption("base", ListValue, "koolproxy_acl_default", translate("默认访问控制")) 99 | e.default = 1 100 | e.rmempty = false 101 | e:value(0, translate("不过滤")) 102 | e:value(1, translate("过滤HTTP协议")) 103 | e:value(2, translate("过滤HTTP(S)协议")) 104 | e:value(3, translate("全部过滤")) 105 | e.description = translate(string.format("访问控制设置中其他主机的默认规则")) 106 | 107 | e = t:taboption("base", ListValue, "time_update", translate("定时更新")) 108 | for t = 0,23 do 109 | e:value(t,translate("每天"..t.."点")) 110 | end 111 | e.default = 0 112 | e.rmempty = false 113 | e.description = translate(string.format("定时更新订阅规则与Adblock Plus Hosts")) 114 | 115 | e = t:taboption("base", Button, "restart", translate("规则状态")) 116 | e.inputtitle = translate("更新规则") 117 | e.inputstyle = "reload" 118 | e.write = function() 119 | luci.sys.call("/usr/share/koolproxy/kpupdate 2>&1 >/dev/null") 120 | luci.http.redirect(luci.dispatcher.build_url("admin","services","koolproxy")) 121 | end 122 | e.description = translate(string.format("更新订阅规则与Adblock Plus Hosts
ABP规则: %s条
fanboy规则: %s条
yhosts规则: %s条
静态规则: %s条
视频规则: %s
每日规则: %s条
自定义规则: %s条
Host: %s条
", s, u, p,l,b,q,h, i)) 123 | t:tab("cert",translate("Certificate Management")) 124 | 125 | e=t:taboption("cert",DummyValue,"c1status",translate("
Certificate Restore
")) 126 | e=t:taboption("cert",FileUpload,"") 127 | e.template="koolproxy/caupload" 128 | e=t:taboption("cert",DummyValue,"",nil) 129 | e.template="koolproxy/cadvalue" 130 | if nixio.fs.access("/usr/share/koolproxy/data/certs/ca.crt")then 131 | e=t:taboption("cert",DummyValue,"c2status",translate("
Certificate Backup
")) 132 | e=t:taboption("cert",Button,"certificate") 133 | e.inputtitle=translate("Backup Download") 134 | e.inputstyle="reload" 135 | e.write=function() 136 | luci.sys.call("/usr/share/koolproxy/camanagement backup 2>&1 >/dev/null") 137 | Download() 138 | luci.http.redirect(luci.dispatcher.build_url("admin","services","koolproxy")) 139 | end 140 | end 141 | 142 | 143 | t:tab("white_weblist",translate("网站白名单设置")) 144 | 145 | local i = "/etc/adblocklist/adbypass" 146 | e = t:taboption("white_weblist", TextValue, "adbypass_domain") 147 | e.description = translate("这些已经加入的网站将不会使用过滤器。请输入网站的域名,每行只能输入一个网站域名。例如google.com。") 148 | e.rows = 28 149 | e.wrap = "off" 150 | e.rmempty = false 151 | 152 | function e.cfgvalue() 153 | return fs.readfile(i) or "" 154 | end 155 | 156 | function e.write(self, section, value) 157 | if value then 158 | value = value:gsub("\r\n", "\n") 159 | else 160 | value = "" 161 | end 162 | fs.writefile("/tmp/adbypass", value) 163 | if (luci.sys.call("cmp -s /tmp/adbypass /etc/adblocklist/adbypass") == 1) then 164 | fs.writefile(i, value) 165 | end 166 | fs.remove("/tmp/adbypass") 167 | end 168 | 169 | t:tab("weblist",translate("Set Backlist Of Websites")) 170 | 171 | local i = "/etc/adblocklist/adblock" 172 | e = t:taboption("weblist", TextValue, "adblock_domain") 173 | e.description = translate("加入的网址将走广告过滤端口。只针对黑名单模式。只能输入WEB地址,如:google.com,每个地址一行。") 174 | e.rows = 28 175 | e.wrap = "off" 176 | e.rmempty = false 177 | 178 | function e.cfgvalue() 179 | return fs.readfile(i) or "" 180 | end 181 | 182 | function e.write(self, section, value) 183 | if value then 184 | value = value:gsub("\r\n", "\n") 185 | else 186 | value = "" 187 | end 188 | fs.writefile("/tmp/adblock", value) 189 | if (luci.sys.call("cmp -s /tmp/adblock /etc/adblocklist/adblock") == 1) then 190 | fs.writefile(i, value) 191 | end 192 | fs.remove("/tmp/adblock") 193 | end 194 | 195 | t:tab("white_iplist",translate("IP白名单设置")) 196 | 197 | local i = "/etc/adblocklist/adbypassip" 198 | e = t:taboption("white_iplist", TextValue, "adbypass_ip") 199 | e.description = translate("这些已加入的ip地址将使用代理,但只有GFW型号。请输入ip地址或ip地址段,每行只能输入一个ip地址。例如,112.123.134.145 / 24或112.123.134.145。") 200 | e.rows = 28 201 | e.wrap = "off" 202 | e.rmempty = false 203 | 204 | function e.cfgvalue() 205 | return fs.readfile(i) or "" 206 | end 207 | 208 | function e.write(self, section, value) 209 | if value then 210 | value = value:gsub("\r\n", "\n") 211 | else 212 | value = "" 213 | end 214 | fs.writefile("/tmp/adbypassip", value) 215 | if (luci.sys.call("cmp -s /tmp/adbypassip /etc/adblocklist/adbypassip") == 1) then 216 | fs.writefile(i, value) 217 | end 218 | fs.remove("/tmp/adbypassip") 219 | end 220 | 221 | t:tab("iplist",translate("IP黑名单设置")) 222 | 223 | local i = "/etc/adblocklist/adblockip" 224 | e = t:taboption("iplist", TextValue, "adblock_ip") 225 | e.description = translate("这些已经加入的ip地址不会使用过滤器.请输入ip地址或ip地址段,每行只能输入一个ip地址。例如,112.123.134.145 / 24或112.123.134.145。") 226 | e.rows = 28 227 | e.wrap = "off" 228 | e.rmempty = false 229 | 230 | function e.cfgvalue() 231 | return fs.readfile(i) or "" 232 | end 233 | 234 | function e.write(self, section, value) 235 | if value then 236 | value = value:gsub("\r\n", "\n") 237 | else 238 | value = "" 239 | end 240 | fs.writefile("/tmp/adblockip", value) 241 | if (luci.sys.call("cmp -s /tmp/adblockip /etc/adblocklist/adblockip") == 1) then 242 | fs.writefile(i, value) 243 | end 244 | fs.remove("/tmp/adblockip") 245 | end 246 | 247 | t:tab("customlist", translate("Set Backlist Of custom")) 248 | 249 | local i = "/usr/share/koolproxy/data/user.txt" 250 | e = t:taboption("customlist", TextValue, "user_rule") 251 | e.description = translate("Enter your custom rules, each row.") 252 | e.rows = 28 253 | e.wrap = "off" 254 | e.rmempty = false 255 | 256 | function e.cfgvalue() 257 | return fs.readfile(i) or "" 258 | end 259 | 260 | function e.write(self, section, value) 261 | if value then 262 | value = value:gsub("\r\n", "\n") 263 | else 264 | value = "" 265 | end 266 | fs.writefile("/tmp/user.txt", value) 267 | if (luci.sys.call("cmp -s /tmp/user.txt /usr/share/koolproxy/data/user.txt") == 1) then 268 | fs.writefile(i, value) 269 | end 270 | fs.remove("/tmp/user.txt") 271 | end 272 | 273 | t:tab("logs",translate("View the logs")) 274 | 275 | local i = "/var/log/koolproxy.log" 276 | e = t:taboption("logs", TextValue, "kpupdate_log") 277 | e.description = translate("Koolproxy Logs") 278 | e.rows = 28 279 | e.wrap = "off" 280 | e.rmempty = false 281 | 282 | function e.cfgvalue() 283 | return fs.readfile(i) or "" 284 | end 285 | 286 | function e.write(self, section, value) 287 | end 288 | 289 | t=o:section(TypedSection,"acl_rule",translate("KoolProxyR 访问控制"), 290 | translate("ACLs is a tools which used to designate specific IP filter mode,The MAC addresses added to the list will be filtered using https")) 291 | t.template="cbi/tblsection" 292 | t.sortable=true 293 | t.anonymous=true 294 | t.addremove=true 295 | e=t:option(Value,"remarks",translate("Client Remarks")) 296 | e.width="30%" 297 | e.rmempty=true 298 | e=t:option(Value,"ipaddr",translate("IP Address")) 299 | e.width="20%" 300 | e.datatype="ip4addr" 301 | luci.ip.neighbors({family = 4}, function(neighbor) 302 | if neighbor.reachable then 303 | e:value(neighbor.dest:string(), "%s (%s)" %{neighbor.dest:string(), neighbor.mac}) 304 | end 305 | end) 306 | e=t:option(Value,"mac",translate("MAC Address")) 307 | e.width="20%" 308 | e.rmempty=true 309 | e.datatype="macaddr" 310 | luci.ip.neighbors({family = 4}, function(neighbor) 311 | if neighbor.reachable then 312 | e:value(neighbor.mac, "%s (%s)" %{neighbor.mac, neighbor.dest:string()}) 313 | end 314 | end) 315 | e=t:option(ListValue,"proxy_mode",translate("访问控制")) 316 | e.width="20%" 317 | e.default=1 318 | e.rmempty=false 319 | e:value(0,translate("不过滤")) 320 | e:value(1,translate("http only")) 321 | e:value(2,translate("http + https")) 322 | e:value(3,translate("full port")) 323 | 324 | t=o:section(TypedSection,"rss_rule",translate("KoolProxyR 规则订阅"), translate("请确保订阅规则的兼容性")) 325 | t.anonymous=true 326 | t.addremove=true 327 | t.sortable=true 328 | t.template="cbi/tblsection" 329 | t.extedit=luci.dispatcher.build_url("admin/services/koolproxy/rss_rule/%s") 330 | 331 | t.create=function(...) 332 | local sid=TypedSection.create(...) 333 | if sid then 334 | luci.http.redirect(t.extedit % sid) 335 | return 336 | end 337 | end 338 | 339 | e=t:option(Flag,"load",translate("启用")) 340 | e.default=0 341 | e.rmempty=false 342 | 343 | e=t:option(DummyValue,"name",translate("规则名称")) 344 | function e.cfgvalue(...) 345 | return Value.cfgvalue(...) or translate("None") 346 | end 347 | 348 | e=t:option(DummyValue,"url",translate("规则地址")) 349 | function e.cfgvalue(...) 350 | return Value.cfgvalue(...) or translate("None") 351 | end 352 | 353 | e=t:option(DummyValue,"time",translate("更新时间")) 354 | 355 | function Download() 356 | local t,e 357 | t=nixio.open("/tmp/upload/koolproxyca.tar.gz","r") 358 | luci.http.header('Content-Disposition','attachment; filename="koolproxyCA.tar.gz"') 359 | luci.http.prepare_content("application/octet-stream") 360 | while true do 361 | e=t:read(nixio.const.buffersize) 362 | if(not e)or(#e==0)then 363 | break 364 | else 365 | luci.http.write(e) 366 | end 367 | end 368 | t:close() 369 | luci.http.close() 370 | end 371 | local t,e 372 | t="/tmp/upload/" 373 | nixio.fs.mkdir(t) 374 | luci.http.setfilehandler( 375 | function(o,a,i) 376 | if not e then 377 | if not o then return end 378 | e=nixio.open(t..o.file,"w") 379 | if not e then 380 | return 381 | end 382 | end 383 | if a and e then 384 | e:write(a) 385 | end 386 | if i and e then 387 | e:close() 388 | e=nil 389 | luci.sys.call("/usr/share/koolproxy/camanagement restore 2>&1 >/dev/null") 390 | end 391 | end 392 | ) 393 | 394 | return o 395 | -------------------------------------------------------------------------------- /files/usr/lib/lua/luci/model/cbi/koolproxy/rss_rule.lua: -------------------------------------------------------------------------------- 1 | local m, s, o 2 | local koolproxy = "koolproxy" 3 | local sid = arg[1] 4 | 5 | m = Map(koolproxy, "%s - %s" %{translate("koolproxy"), translate("编辑规则")}) 6 | m.redirect = luci.dispatcher.build_url("admin/services/koolproxy") 7 | 8 | if not arg[1] or m.uci:get(koolproxy, sid) ~= "rss_rule" then 9 | luci.http.redirect(m.redirect) 10 | return 11 | end 12 | 13 | -- [[ Edit Rule ]]-- 14 | s = m:section(NamedSection, sid, "rss_rule") 15 | s.anonymous = true 16 | s.addremove = true 17 | 18 | o=s:option(Flag,"load",translate("启用")) 19 | o.default=0 20 | o.rmempty=false 21 | 22 | o=s:option(Value,"name",translate("规则描述")) 23 | o.rmempty=true 24 | 25 | o=s:option(Value,"url",translate("规则地址")) 26 | o.rmempty=false 27 | o.placeholder="[https|http|ftp]://[Hostname]/[File]" 28 | function o.validate(self, value) 29 | if not value then 30 | return nil 31 | else 32 | return value 33 | end 34 | end 35 | 36 | return m 37 | -------------------------------------------------------------------------------- /files/usr/lib/lua/luci/view/koolproxy/cadvalue.htm: -------------------------------------------------------------------------------- 1 | <%+cbi/valueheader%> 2 | 3 | <% 4 | local val = self:cfgvalue(section) or self.default or "" 5 | write(pcdata(val)) 6 | %> 7 | 8 | <%+cbi/valuefooter%> 9 | -------------------------------------------------------------------------------- /files/usr/lib/lua/luci/view/koolproxy/caupload.htm: -------------------------------------------------------------------------------- 1 | <%+cbi/valueheader%> 2 |
3 | 4 | 5 | <%+cbi/valuefooter%> 6 | -------------------------------------------------------------------------------- /files/usr/lib/lua/luci/view/koolproxy/dvalue.htm: -------------------------------------------------------------------------------- 1 | <%+cbi/valueheader%> 2 | <%=pcdata(self:cfgvalue(section) or self.default or "")%> 3 | <%+cbi/valuefooter%> 4 | -------------------------------------------------------------------------------- /files/usr/lib/lua/luci/view/koolproxy/feedback.htm: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 |
5 | 6 |
7 | 8 |
9 |
10 | 11 |
12 | 13 |
14 | 15 |
16 |
17 | 18 | 19 | 20 | 21 | -------------------------------------------------------------------------------- /files/usr/lib/lua/luci/view/koolproxy/index.htm: -------------------------------------------------------------------------------- 1 | <%# 2 | Copyright 2016 Chen RuiWei 3 | Licensed to the public under the Apache License 2.0. 4 | -%> 5 | 6 | <% include("cbi/map") %> 7 | 17 | -------------------------------------------------------------------------------- /files/usr/sbin/adblockplus: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | echo "$(date "+%F %T"): 正在下载adblockplus规则..." 3 | wget-ssl --quiet --no-check-certificate https://easylist-downloads.adblockplus.org/easylistchina+easylist.txt -O /tmp/adlist.txt 4 | if [ "$?" == "0" ]; then 5 | grep ^\|\|[^\*]*\^$ /tmp/adlist.txt | sed -e 's:||:address\=\/:' -e 's:\^:/0\.0\.0\.0:' > /tmp/dnsmasq.adblock 6 | rm -f /tmp/adlist.txt 7 | diff /tmp/dnsmasq.adblock /usr/share/koolproxy/dnsmasq.adblock >/dev/null 8 | [ $? = 0 ] && echo "$(date "+%F %T"): adblockplus本地规则和服务器规则相同,无需更新!" && rm -f /tmp/dnsmasq.adblock && return 1 9 | echo "$(date "+%F %T"): 检测到adblockplus规则有更新,开始转换规则!" 10 | sed -i '/youku/d' /tmp/dnsmasq.adblock >/dev/null 2>&1 11 | sed -i '/[1-9]\{1,3\}\.[1-9]\{1,3\}\.[1-9]\{1,3\}\.[1-9]\{1,3\}/d' /tmp/dnsmasq.adblock >/dev/null 2>&1 12 | mv /tmp/dnsmasq.adblock /usr/share/koolproxy/dnsmasq.adblock 13 | echo "$(date "+%F %T"): adblockplus规则转换完成,应用新规则。" 14 | echo "" 15 | echo "$(date "+%F %T"): 重启dnsmasq进程" 16 | /etc/init.d/dnsmasq restart > /dev/null 2>&1 17 | 18 | return 0 19 | else 20 | echo "$(date "+%F %T"): 获取在线版本时出现错误! " 21 | [ -f /tmp/adlist.txt ] && rm -f /tmp/adlist.txt 22 | return 1 23 | fi 24 | -------------------------------------------------------------------------------- /files/usr/share/koolproxy/adblock.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/immortalwrt-collections/luci-app-koolproxyR/045e1395f86786fcc8f95294dd3534db46b92cca/files/usr/share/koolproxy/adblock.conf -------------------------------------------------------------------------------- /files/usr/share/koolproxy/camanagement: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | kpfolder="/usr/share/koolproxy/data" 3 | kplogfile="/var/log/koolproxy.log" 4 | readyfolder="/tmp/upload/koolproxy" 5 | 6 | backup() { 7 | if [ ! -f $kpfolder/private/ca.key.pem ]; then 8 | echo "未找到ca.key.pem,请先运行Koolproxy一次!" > $kplogfile 9 | exit 1 10 | fi 11 | if [ ! -f $kpfolder/private/base.key.pem ]; then 12 | echo "未找到base.key.pem,请先运行Koolproxy一次!" > $kplogfile 13 | exit 1 14 | fi 15 | if [ ! -f $kpfolder/certs/ca.crt ]; then 16 | echo "未找到ca.crt,请先运行Koolproxy一次!" > $kplogfile 17 | exit 1 18 | fi 19 | 20 | mkdir -p /tmp/upload 21 | cd $kpfolder 22 | tar czf /tmp/upload/koolproxyca.tar.gz private/ca.key.pem private/base.key.pem certs/ca.crt 23 | [ -f /tmp/upload/koolproxyca.tar.gz ] && echo "证书备份已成功生成。" > $kplogfile 24 | } 25 | 26 | restore() { 27 | if [ ! -f /tmp/upload/koolproxyCA.tar.gz ]; then 28 | echo "未找到备份文件,文件名必须为koolproxyCA.tar.gz或已损坏,请检查备份文件!" >> $kplogfile 29 | else 30 | mkdir -p $readyfolder 31 | cd $readyfolder 32 | tar xzf /tmp/upload/koolproxyCA.tar.gz 33 | fi 34 | if [ ! -f $readyfolder/private/ca.key.pem ]; then 35 | echo "未找到ca.key.pem,备份文件不正确或已损坏,请检查备份文件!" > $kplogfile 36 | exit 1 37 | fi 38 | if [ ! -f $readyfolder/private/base.key.pem ]; then 39 | echo "未找到base.key.pem,备份文件不正确或已损坏,请检查备份文件!" > $kplogfile 40 | exit 1 41 | fi 42 | if [ ! -f $readyfolder/certs/ca.crt ]; then 43 | echo "未找到ca.crt,备份文件不正确或已损坏,请检查备份文件!" > $kplogfile 44 | exit 1 45 | fi 46 | 47 | mv -f $readyfolder/private/ca.key.pem $kpfolder/private/ca.key.pem 48 | mv -f $readyfolder/private/base.key.pem $kpfolder/private/base.key.pem 49 | mv -f $readyfolder/certs/ca.crt $kpfolder/certs/ca.crt 50 | rm -rf $readyfolder 51 | rm -f /tmp/upload/koolproxyCA.tar.gz 52 | echo "证书成功还原,重启Koolproxy。" > $kplogfile 53 | /etc/init.d/koolproxy restart 54 | } 55 | 56 | case "$*" in 57 | "backup") 58 | backup 59 | ;; 60 | "restore") 61 | restore 62 | ;; 63 | "help") 64 | echo "use backup or restore" 65 | ;; 66 | esac 67 | -------------------------------------------------------------------------------- /files/usr/share/koolproxy/data/gen_ca.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | alias echo_date='echo $(date +%Y年%m月%d日\ %X):' 3 | 4 | if [ ! -f openssl.cnf ]; then 5 | echo_date "Cannot found openssl.cnf" 6 | exit 1 7 | fi 8 | if [ -f /usr/share/koolproxy/data/private/ca.key.pem ]; then 9 | echo_date "已经有证书了!" 10 | else 11 | echo_date "生成证书中..." 12 | 13 | #step 1, root ca 14 | mkdir -p certs private 15 | rm -f serial private/ca.key.pem 16 | chmod 700 private 17 | echo 1000 > serial 18 | openssl genrsa -aes256 -passout pass:koolshare -out private/ca.key.pem 2048 19 | chmod 400 private/ca.key.pem 20 | openssl req -config openssl.cnf -passin pass:koolshare \ 21 | -subj "/C=CN/ST=Beijing/L=KP/O=KoolProxy inc/CN=koolproxy.com" \ 22 | -key private/ca.key.pem \ 23 | -new -x509 -days 7300 -sha256 -extensions v3_ca \ 24 | -out certs/ca.crt 25 | 26 | #step 2, domain rsa key 27 | openssl genrsa -aes256 -passout pass:koolshare -out private/base.key.pem 2048 28 | echo_date "证书生成完毕..." 29 | fi 30 | -------------------------------------------------------------------------------- /files/usr/share/koolproxy/data/openssl.cnf: -------------------------------------------------------------------------------- 1 | # OpenSSL root CA configuration file. 2 | # Copy to `/root/ca/openssl.cnf`. 3 | 4 | [ ca ] 5 | # `man ca` 6 | default_ca = CA_default 7 | 8 | [ CA_default ] 9 | # Directory and file locations. 10 | dir = ./ca 11 | certs = $dir/certs 12 | crl_dir = $dir/crl 13 | new_certs_dir = $dir/newcerts 14 | database = $dir/index.txt 15 | serial = $dir/serial 16 | RANDFILE = $dir/private/.rand 17 | 18 | # The root key and root certificate. 19 | private_key = $dir/private/ca.key.pem 20 | certificate = $dir/certs/ca.cert.pem 21 | 22 | # For certificate revocation lists. 23 | crlnumber = $dir/crlnumber 24 | crl = $dir/crl/ca.crl.pem 25 | crl_extensions = crl_ext 26 | default_crl_days = 30 27 | 28 | # SHA-1 is deprecated, so use SHA-2 instead. 29 | default_md = sha256 30 | 31 | name_opt = ca_default 32 | cert_opt = ca_default 33 | default_days = 375 34 | preserve = no 35 | policy = policy_strict 36 | 37 | [ policy_strict ] 38 | # The root CA should only sign intermediate certificates that match. 39 | # See the POLICY FORMAT section of `man ca`. 40 | countryName = match 41 | stateOrProvinceName = match 42 | organizationName = match 43 | organizationalUnitName = optional 44 | commonName = supplied 45 | emailAddress = optional 46 | 47 | [ policy_loose ] 48 | # Allow the intermediate CA to sign a more diverse range of certificates. 49 | # See the POLICY FORMAT section of the `ca` man page. 50 | countryName = optional 51 | stateOrProvinceName = optional 52 | localityName = optional 53 | organizationName = optional 54 | organizationalUnitName = optional 55 | commonName = supplied 56 | emailAddress = optional 57 | 58 | [ req ] 59 | # Options for the `req` tool (`man req`). 60 | default_bits = 2048 61 | distinguished_name = req_distinguished_name 62 | string_mask = utf8only 63 | 64 | # SHA-1 is deprecated, so use SHA-2 instead. 65 | default_md = sha256 66 | 67 | # Extension to add when the -x509 option is used. 68 | x509_extensions = v3_ca 69 | 70 | [ req_distinguished_name ] 71 | # See . 72 | countryName = Country Name (2 letter code) 73 | stateOrProvinceName = State or Province Name 74 | localityName = Locality Name 75 | 0.organizationName = Organization Name 76 | organizationalUnitName = Organizational Unit Name 77 | commonName = Common Name 78 | emailAddress = Email Address 79 | 80 | # Optionally, specify some defaults. 81 | countryName_default = GB 82 | stateOrProvinceName_default = England 83 | localityName_default = 84 | 0.organizationName_default = Alice Ltd 85 | organizationalUnitName_default = 86 | emailAddress_default = 87 | 88 | [ v3_ca ] 89 | # Extensions for a typical CA (`man x509v3_config`). 90 | subjectKeyIdentifier = hash 91 | authorityKeyIdentifier = keyid:always,issuer 92 | basicConstraints = critical, CA:true 93 | keyUsage = critical, digitalSignature, cRLSign, keyCertSign 94 | 95 | [ v3_intermediate_ca ] 96 | # Extensions for a typical intermediate CA (`man x509v3_config`). 97 | subjectKeyIdentifier = hash 98 | authorityKeyIdentifier = keyid:always,issuer 99 | basicConstraints = critical, CA:true, pathlen:0 100 | keyUsage = critical, digitalSignature, cRLSign, keyCertSign 101 | 102 | [ usr_cert ] 103 | # Extensions for client certificates (`man x509v3_config`). 104 | basicConstraints = CA:FALSE 105 | nsCertType = client, email 106 | nsComment = "OpenSSL Generated Client Certificate" 107 | subjectKeyIdentifier = hash 108 | authorityKeyIdentifier = keyid,issuer 109 | keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment 110 | extendedKeyUsage = clientAuth, emailProtection 111 | 112 | [ server_cert ] 113 | # Extensions for server certificates (`man x509v3_config`). 114 | basicConstraints = CA:FALSE 115 | nsCertType = server 116 | nsComment = "OpenSSL Generated Server Certificate" 117 | subjectKeyIdentifier = hash 118 | authorityKeyIdentifier = keyid,issuer:always 119 | keyUsage = critical, digitalSignature, keyEncipherment 120 | extendedKeyUsage = serverAuth 121 | 122 | [ crl_ext ] 123 | # Extension for CRLs (`man x509v3_config`). 124 | authorityKeyIdentifier=keyid:always 125 | 126 | [ ocsp ] 127 | # Extension for OCSP signing certificates (`man ocsp`). 128 | basicConstraints = CA:FALSE 129 | subjectKeyIdentifier = hash 130 | authorityKeyIdentifier = keyid,issuer 131 | keyUsage = critical, digitalSignature 132 | extendedKeyUsage = critical, OCSPSigning 133 | -------------------------------------------------------------------------------- /files/usr/share/koolproxy/data/rules/user.txt: -------------------------------------------------------------------------------- 1 | ! ******************************* koolproxyR 自定义过滤语法简表 ******************************* 2 | ! ------------------------ 规则基于adblock规则,并进行了语法部分的扩展 ------------------------ 3 | ! ABP规则请参考https://adblockplus.org/zh_CN/filters,下面为大致摘要 4 | ! "!" 为行注释符,注释行以该符号起始作为一行注释语义,用于规则描述 5 | ! "@@" 为白名单符,白名单具有最高优先级,放行过滤的网站,例如:@@||taobao.com 6 | ! "@@@@" 超级白名单,比白名单符拥有更高的优先级,主要用于放行https网站,例如:@@@@||https://taobao.com 7 | ! ------------------------------------------------------------------------------------------ 8 | ! "*" 为字符通配符,能够匹配0长度或任意长度的字符串,该通配符不能与正则语法混用。 9 | ! "^" 为分隔符,可以是除了字母、数字或者 _ - . % 之外的任何字符。 10 | ! "~" 为排除标识符,通配符能过滤大多数广告,但同时存在误杀, 可以通过排除标识符修正误杀链接。 11 | ! 注:通配符仅在 url 规则中支持,html 规则中不支持 12 | ! ------------------------------------------------------------------------------------------ 13 | ! "|" 为管线符号,来表示地址的最前端或最末端 14 | ! "||" 为子域通配符,方便匹配主域名下的所有子域 15 | ! 用法及例子如下:(以下等号表示等价于) 16 | ! ||xx.com/ad = http://xx.com/ad* || http://*.xx.com/ad* 17 | ! ||http://xx.com/ad = http://xx.com/ad* || http://*.xx.com/ad* 18 | ! ||https://xx.com/ad = https://xx.com/ad* || https://*.xx.com/ad* 19 | ! |xx.com/ad = http://xx.com/ad* 20 | ! |http://xx.com/ad = http://xx.com/ad* 21 | ! |https://xx.com/ad = https://xx.com/ad* 22 | ! ad = http://*ad* 23 | ! http://ad = http://*ad* 24 | ! https://ad = 不支持,需要指定域名,如下例 25 | ! https://xx.com/ad = |https://xx.com/ad = https://xx.com/ad* 26 | ! [同时可以表示两个以及两个以上的域名]如下例子 27 | ! https://xx.ad.com 和 https://xxx.xx.ad.com = ||https://ad.com (注意! 由于https的原因使用要非常谨慎,不可以大范围使用) 28 | ! ------------------------------------------------------------------------------------------ 29 | ! 兼容adblock规则的html规则语法,例如: 30 | ! fulldls.com,torrentzap.com##.tp_reccomend_banner 31 | ! 但是推荐写成以下标准写法: 32 | ! ||fulldls.com##.tp_reccomend_banner 33 | ! ||torrentzap.com##.tp_reccomend_banner 34 | ! 如果一个网站html规则有多条,可以合并为这样: 35 | ! ||torrentzap.com##.tp_reccomend_banner,.ad_top,[class="ad_right"]...... 36 | ! ------------------------------------------------------------------------------------------ 37 | ! 文本替换语法:$s@匹配内容@替换内容@ 38 | ! 非标准端口过滤语法:||abc.com:8081/ad.html或者|http://adb.com:8081/ 39 | ! 文本替换例子:|http://cdn.pcbeta.js.inimc.com/data/cache/common.js?$s@old@new@ 40 | ! 重定向语法:$r@匹配内容@替换内容@ 41 | ! 重定向例子:|http://koolshare.cn$r@http://koolshare.cn/*@http://www.qq.com@ 42 | ! 注:文本替换语法及重定向语法中的匹配内容不仅支持通配符功能,而且额外支持以下功能 43 | ! 支持通配符 * 和 ? 表示单个字符 44 | ! 支持全正则匹配,/正则内容/ 表示应用正则匹配 45 | ! 正则替换:替换内容支持 $1 $2 这样的符号 46 | ! 普通替换:替换内容支持 * 这样的符号,表示把命中的内容复制到替换的内容。(类似 $1 $2,但是 * 号会自动计算数字) 47 | ! ------------------------------------------------------------------------------------------ 48 | ! 未来将逐步添加相关语法,兼容adblock puls的更多语法,敬请期待。 49 | ! ****************************************************************************************** 50 | -------------------------------------------------------------------------------- /files/usr/share/koolproxy/data/source.list: -------------------------------------------------------------------------------- 1 | 0|yhosts.txt|https://github.com/user1121114685/koolproxyR/raw/master/koolproxyR/koolproxyR/data/rules/yhosts.txt|yhosts规则 2 | 0|kp.dat|https://raw.githubusercontent.com/user1121114685/koolproxyR_rule_list/master/kp.dat|视频规则 3 | 0|user.txt||自定义规则 4 | 0|easylistchina.txt|https://github.com/user1121114685/koolproxyR/raw/master/koolproxyR/koolproxyR/data/rules/easylistchina.txt|ABP规则 5 | 0|fanboy.txt|https://github.com/user1121114685/koolproxyR/raw/master/koolproxyR/koolproxyR/data/rules/fanboy-annoyance.txt|Fanboy规则 6 | -------------------------------------------------------------------------------- /files/usr/share/koolproxy/data/user.txt: -------------------------------------------------------------------------------- 1 | ! ******************************* koolproxyR 自定义过滤语法简表 ******************************* 2 | ! ------------------------ 规则基于adblock规则,并进行了语法部分的扩展 ------------------------ 3 | ! ABP规则请参考https://adblockplus.org/zh_CN/filters,下面为大致摘要 4 | ! "!" 为行注释符,注释行以该符号起始作为一行注释语义,用于规则描述 5 | ! "@@" 为白名单符,白名单具有最高优先级,放行过滤的网站,例如:@@||taobao.com 6 | ! "@@@@" 超级白名单,比白名单符拥有更高的优先级,主要用于放行https网站,例如:@@@@||https://taobao.com 7 | ! ------------------------------------------------------------------------------------------ 8 | ! "*" 为字符通配符,能够匹配0长度或任意长度的字符串,该通配符不能与正则语法混用。 9 | ! "^" 为分隔符,可以是除了字母、数字或者 _ - . % 之外的任何字符。 10 | ! "~" 为排除标识符,通配符能过滤大多数广告,但同时存在误杀, 可以通过排除标识符修正误杀链接。 11 | ! 注:通配符仅在 url 规则中支持,html 规则中不支持 12 | ! ------------------------------------------------------------------------------------------ 13 | ! "|" 为管线符号,来表示地址的最前端或最末端 14 | ! "||" 为子域通配符,方便匹配主域名下的所有子域 15 | ! 用法及例子如下:(以下等号表示等价于) 16 | ! ||xx.com/ad = http://xx.com/ad* || http://*.xx.com/ad* 17 | ! ||http://xx.com/ad = http://xx.com/ad* || http://*.xx.com/ad* 18 | ! ||https://xx.com/ad = https://xx.com/ad* || https://*.xx.com/ad* 19 | ! |xx.com/ad = http://xx.com/ad* 20 | ! |http://xx.com/ad = http://xx.com/ad* 21 | ! |https://xx.com/ad = https://xx.com/ad* 22 | ! ad = http://*ad* 23 | ! http://ad = http://*ad* 24 | ! https://ad = 不支持,需要指定域名,如下例 25 | ! https://xx.com/ad = |https://xx.com/ad = https://xx.com/ad* 26 | ! [同时可以表示两个以及两个以上的域名]如下例子 27 | ! https://xx.ad.com 和 https://xxx.xx.ad.com = ||https://ad.com (注意! 由于https的原因使用要非常谨慎,不可以大范围使用) 28 | ! ------------------------------------------------------------------------------------------ 29 | ! 兼容adblock规则的html规则语法,例如: 30 | ! fulldls.com,torrentzap.com##.tp_reccomend_banner 31 | ! 但是推荐写成以下标准写法: 32 | ! ||fulldls.com##.tp_reccomend_banner 33 | ! ||torrentzap.com##.tp_reccomend_banner 34 | ! 如果一个网站html规则有多条,可以合并为这样: 35 | ! ||torrentzap.com##.tp_reccomend_banner,.ad_top,[class="ad_right"]...... 36 | ! ------------------------------------------------------------------------------------------ 37 | ! 文本替换语法:$s@匹配内容@替换内容@ 38 | ! 非标准端口过滤语法:||abc.com:8081/ad.html或者|http://adb.com:8081/ 39 | ! 文本替换例子:|http://cdn.pcbeta.js.inimc.com/data/cache/common.js?$s@old@new@ 40 | ! 重定向语法:$r@匹配内容@替换内容@ 41 | ! 重定向例子:|http://koolshare.cn$r@http://koolshare.cn/*@http://www.qq.com@ 42 | ! 注:文本替换语法及重定向语法中的匹配内容不仅支持通配符功能,而且额外支持以下功能 43 | ! 支持通配符 * 和 ? 表示单个字符 44 | ! 支持全正则匹配,/正则内容/ 表示应用正则匹配 45 | ! 正则替换:替换内容支持 $1 $2 这样的符号 46 | ! 普通替换:替换内容支持 * 这样的符号,表示把命中的内容复制到替换的内容。(类似 $1 $2,但是 * 号会自动计算数字) 47 | ! ------------------------------------------------------------------------------------------ 48 | ! 未来将逐步添加相关语法,兼容adblock puls的更多语法,敬请期待。 49 | ! ****************************************************************************************** 50 | -------------------------------------------------------------------------------- /files/usr/share/koolproxy/kpupdate: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # set -x 3 | 4 | . /lib/functions.sh 5 | 6 | CONFIG=koolproxy 7 | KP_DIR=/usr/share/koolproxy 8 | TMP_DIR=/tmp/koolproxy 9 | LOGFILE="/var/log/koolproxy.log" 10 | 11 | config_t_get() { 12 | local index=0 13 | [ -n "$4" ] && index=$4 14 | local ret=$(uci get $CONFIG.@$1[$index].$2 2>/dev/null) 15 | echo ${ret:=$3} 16 | } 17 | 18 | limit_log() { 19 | local log=$1 20 | [ ! -f "$log" ] && return 21 | local sc=100 22 | [ -n "$2" ] && sc=$2 23 | local count=$(grep -c "" $log) 24 | if [ $count -gt $sc ];then 25 | let count=count-$sc 26 | sed -i "1,$count d" $log 27 | fi 28 | } 29 | 30 | init_env() { 31 | rm -rf "$TMP_DIR" 32 | mkdir -p "$TMP_DIR" 33 | } 34 | 35 | restart_koolproxy() { 36 | /etc/init.d/koolproxy restart 37 | } 38 | 39 | __compare_file() { 40 | local descript=$1 41 | local localPath=$2 42 | local remoteUrl=$3 43 | 44 | echo $(date "+%F %T"): ------------------- $descript更新 ------------------- >>$LOGFILE 45 | local filename=`basename $localPath` 46 | local remotePath="$TMP_DIR/$filename" 47 | wget-ssl -qT5 --no-check-certificate "$remoteUrl" -O "$remotePath" 48 | if [ "$?" == "0" ]; then 49 | if [ -f "$localPath" ]; then 50 | localMD5=`md5sum "$localPath" | awk '{print $1}'` 51 | localNum=`cat "$localPath" | grep -v '^!' | wc -l` 52 | else 53 | localMD5="文件不存在" 54 | localNum="0" 55 | fi 56 | remoteMD5=`md5sum "$remotePath" | awk '{print $1}'` 57 | remoteNum=`cat "$remotePath" | grep -v '^!' | wc -l` 58 | 59 | echo $(date "+%F %T"): 本地版本MD5:$localMD5 >>$LOGFILE 60 | echo $(date "+%F %T"): 本地版本条数:$localNum >>$LOGFILE 61 | echo >>$LOGFILE 62 | echo $(date "+%F %T"): 在线版本MD5:$remoteMD5 >>$LOGFILE 63 | echo $(date "+%F %T"): 在线版本条数:$remoteNum >>$LOGFILE 64 | echo >>$LOGFILE 65 | 66 | if [ "$localMD5" != "$remoteMD5" ];then 67 | echo $(date "+%F %T"): 检测到更新,开始更新规则! >>$LOGFILE 68 | mv -f "$remotePath" "$localPath" 69 | echo $(date "+%F %T"): 更新成功! >>$LOGFILE 70 | echo >>$LOGFILE 71 | return 0 72 | fi 73 | else 74 | echo "$(date "+%F %T"): 获取在线版本时出现错误! " >>$LOGFILE 75 | echo >>$LOGFILE 76 | fi 77 | return 1 78 | } 79 | 80 | __update_rule() { 81 | local name 82 | local file 83 | local exrule 84 | local enable 85 | config_get name $1 name 86 | config_get file $1 file 87 | config_get exrule $1 url 88 | config_get enable $1 load 89 | if [ -n "$file" ] && [ -n "$exrule" ]; then 90 | if [ $enable -ne 1 ]; then 91 | return 92 | fi 93 | __compare_file "$name" "$KP_DIR/data/rules/$file" "$exrule" 94 | if [ "$?" == "0" ]; then 95 | uci set koolproxy.$1.time="`date +%Y-%m-%d" "%H:%M`" 96 | uci commit koolproxy 97 | RESTART_KOOLPROXY=true 98 | fi 99 | cat $KP_DIR/data/rules/$file >>$KP_DIR/data/rules/user.txt 100 | echo >>$LOGFILE 101 | fi 102 | } 103 | 104 | update_rss_rules() { 105 | cp $KP_DIR/data/user.txt $KP_DIR/data/rules/user.txt 106 | config_load $CONFIG 107 | config_foreach __update_rule rss_rule 108 | } 109 | 110 | 111 | 112 | update_rules() { 113 | echo $(date "+%F %T"): ------------------- 内置规则更新 ------------------- >>$LOGFILE 114 | wget 'https://raw.githubusercontent.com/user1121114685/koolproxyR_rule_list/master/kp.dat' -q -O $KP_DIR/data/rules/kp.dat 115 | wget 'https://houzi-.coding.net/p/my_dream/d/my_dream/git/raw/master/daily.txt' -q -O $KP_DIR/data/rules/daily.txt 116 | wget 'https://houzi-.coding.net/p/my_dream/d/my_dream/git/raw/master/koolproxy.txt' -q -O $KP_DIR/data/rules/koolproxy.txt 117 | wget 'https://raw.githubusercontent.com/user1121114685/koolproxyR/master/koolproxyR/koolproxyR/data/rules/yhosts.txt' -q -O $KP_DIR/data/rules/yhosts.txt 118 | wget 'https://raw.githubusercontent.com/user1121114685/koolproxyR/master/koolproxyR/koolproxyR/data/rules/fanboy-annoyance.txt' -q -O $KP_DIR/data/rules/fanboy.txt 119 | wget 'https://raw.githubusercontent.com/user1121114685/koolproxyR/master/koolproxyR/koolproxyR/data/rules/easylistchina.txt' -q -O $KP_DIR/data/rules/easylistchina.txt 120 | wget 'https://raw.githubusercontent.com/user1121114685/koolproxyR/master/koolproxyR/koolproxyR/data/koolproxyR_ipset.conf' -q -O $KP_DIR/koolproxy_ipset.conf 121 | easylist_rules_local=`cat /usr/share/koolproxy/data/rules/easylistchina.txt | sed -n '3p'|awk '{print $3,$4}'` 122 | fanboy_rules_local=`cat /usr/share/koolproxy/data/rules/fanboy.txt | sed -n '3p'|awk '{print $3,$4}'` 123 | replenish_rules_local=`cat /usr/share/koolproxy/data/rules/yhosts.txt | sed -n '2p' | cut -d "=" -f2` 124 | echo $(date "+%F %T"): -------------------easylist version $easylist_rules_local >>$LOGFILE 125 | echo $(date "+%F %T"): -------------------fanboy version $fanboy_rules_local >>$LOGFILE 126 | echo $(date "+%F %T"): -------------------yhosts version $replenish_rules_local >>$LOGFILE 127 | echo $(date "+%F %T"): ------------------- 内置规则更新成功! ------------------- >>$LOGFILE 128 | RESTART_KOOLPROXY=true 129 | 130 | } 131 | 132 | update_adb_host() { 133 | /usr/sbin/adblockplus >>$LOGFILE 2>&1 & 134 | if [ "$?" == "0" ]; then 135 | RESTART_DNSMASQ=true 136 | fi 137 | } 138 | 139 | # main process 140 | init_env 141 | limit_log $LOGFILE 142 | 143 | # update rules 144 | update_rules 145 | 146 | # update user rules 147 | update_rss_rules 148 | 149 | koolproxy_mode=$(config_t_get global koolproxy_mode 1) 150 | koolproxy_host=$(config_t_get global koolproxy_host 0) 151 | 152 | # update ADB Plus Host 153 | if [ "$koolproxy_mode" == "2" ] && [ "$koolproxy_host" == "1" ];then 154 | update_adb_host 155 | fi 156 | 157 | if [ $RESTART_KOOLPROXY ]; then 158 | restart_koolproxy 159 | echo $(date "+%F %T"): 重启koolproxy进程 >>$LOGFILE 160 | fi 161 | 162 | init_env 163 | -------------------------------------------------------------------------------- /koolproxy.txt: -------------------------------------------------------------------------------- 1 | koolproxy插件/固件开发文档1.3 2 | 更新日期:2017年7月7日(koolproxy 3.6.1) 3 | 4 | ================================================================================================ 5 | 声明: 6 | KoolProxy 是一个免费软件,著作权归属 KoolProxy.com,用户可以非商业性地复制和使用 KoolProxy,但禁止将 KoolProxy 用于商业用途。 7 | KoolProxy 可以对 https 网络数据进行识别代理,使用 https 功能的用户需要自己提供相关证书,本程序提供的证书生成脚本仅供用户参考,证书的保密工作由用户自行负责。 8 | 使用本软件的风险由用户自行承担,在适用法律允许的最大范围内,对因使用本产品所产生的损害及风险,包括但不限于直接或间接的个人损害、商业赢利的丧失、贸易中断、商业信息的丢失或任何其它经济损失,KoolProxy.com 不承担任何责任。 9 | 10 | ================================================================================================ 11 | KoolProxy By Xiaobao & Crwnet v3.6.1 12 | 13 | USAGE: 14 | koolproxy [options] [arguments...] 15 | 16 | OPTIONS: 17 | -p value listen port, default value is 3000 18 | -l value log level (0:DEBUG, 1:INFO, 2:AD, 3:WARNING, 4:ERROR), default value is ERROR 19 | -c value thread count, default value is the number of cpus 20 | -b value data path, default value is './data' 21 | -d run as daemon mode 22 | -v show version 23 | -h show help 24 | 25 | ADVANCED: 26 | --cert generate ssl cert 27 | --ipv6 enable ipv6, works for ipv6 nat mode 28 | --video | -e video mode, load video rules only 29 | --mark mark mode, set the socket mark(src ip) when connect to remote host. requires the CAP_NET_ADMIN capability 30 | --ttl value ttl mode, set the socket ttl when connect to remote host. default value is 0 (disable) 31 | 32 | ================================================================================================ 33 | 交流地址: 34 | 1 QQ群1: 595300867 35 | 2 QQ群2: 203726739 36 | 3 TG群: https://t.me/joinchat/AAAAAD-tO7GPvfOU131_vg 37 | 4 更新日志:http://koolshare.cn/thread-64086-1-1.html 38 | 39 | ================================================================================================ 40 | #koolproxy部署文件目录参考1(使用openssl生成证书) 41 | . 42 | ├── data 43 | │   ├── gen_ca.sh #证书生成脚本 44 | │   ├── koolproxy_ipset.conf #ipset名单 45 | │   ├── openssl.cnf #证书生成所用配置文件 46 | │   ├── rules #规则存放文件夹 47 | │   │   ├── kp.dat #视频规则 48 | │   │   ├── koolproxy.txt #静态规则 49 | │   │   ├── daily.txt #每日规则 50 | │   │   └── user.txt #自定义规则 51 | │   └── version #插件版本号(merlin) 52 | └── koolproxy #koolproxy二进制(为了保证二进制顺利更新,请保证目录可写) 53 | 54 | 1 证书生成使用命令 sh gen_ca.sh,该脚本会调用系统内的openssl来生成证书,运行成功后会自动创建data/private data/cert目录 55 | 私钥和公钥会分别存在data/private data/cert目录下,使用http://110.110.110.110会下载路由器内的证书 56 | 57 | ------------------------------------------------------------------------------------------------ 58 | #koolproxy部署文件目录参考2(使用koolproxy生成证书) 59 | . 60 | └── koolproxy #koolproxy二进制(为了保证二进制顺利更新,请保证目录可写) 61 | 1 因为规则文件会由koolproxy自动下载,下载后会自动创建data/rules目录 62 | 2 使用koolproxy --cert命令可以生成证书,运行成功后会自动创建data/private data/cert目录 63 | 私钥和公钥会分别存在data/private data/cert目录下,使用http://110.110.110.110会下载路由器内的证书 64 | 因为mbedtls性能原因,在非软路由机器上用koolproxy --cert生成证书需要时间较长,请耐心等待 65 | 66 | ================================================================================================ 67 | 说明: 68 | 1 koolproxy启动会自动检测规则更新,如果没有./data/rules文件夹,会自己创建并下载规则到此处 69 | 2 koolproxy启动后会检测二进制文件更新,如果有更新,会替换./koolproxy,并且由父进程重启koolproxy,以后每20分钟检测一次更新 70 | 3 现在不支持规则订阅了,只能识别kp.dat, koolproxy.txt, user.txt,daily.txt,需要自定义规则的可以修改user.txt 71 | 72 | # 二进制下载固定地址 73 | https://koolproxy.com/downloads/i386 74 | https://koolproxy.com/downloads/x86_64 75 | https://koolproxy.com/downloads/arm 76 | https://koolproxy.com/downloads/mips 77 | https://koolproxy.com/downloads/mipsel 78 | 79 | # 规则下载固定地址 80 | https://kprule.com/koolproxy.txt 81 | https://kprule.com/daily.txt 82 | https://kprule.com/kp.dat 83 | https://kprule.com/user.txt 84 | 85 | # 规则下载对应的CDN地址 86 | https://kprules.b0.upaiyun.com/koolproxy.txt 87 | https://kprules.b0.upaiyun.com/daily.txt 88 | https://kprules.b0.upaiyun.com/kp.dat 89 | https://kprules.b0.upaiyun.com/user.txt 90 | 91 | # 二进制文件和规则 github备份地址: 92 | 二进制:https://github.com/koolproxy/koolproxy-bin (已作废) 93 | 规则:https://github.com/koolproxy/koolproxy_rules (已作废) 94 | 95 | 96 | 1 建议从上面的链接获取最新的二进制和基本的规则文件,然后按照上面的目录结构来部署 97 | 2 如果不需要https过滤,只需要一个koolproxy程序就足够了,data文件夹和rules文件夹都会自己创建。 98 | 3 koolproxy.txt内有视频规则、静态规则、每日规则的更新日期,可以用于提取并显示到界面 99 | 100 | ================================================================================================ 101 | koolproxy运行: 102 | 103 | 1 在koolproxy主程序目录运行,例如merlin固件下运行:cd /koolshare/koolproxy && koolproxy -d 104 | 2 不在koolproxy主程序目录运行(例如将koolproxy放在环境变量中),例如merlin固件下运行:koolproxy -b /koolshare/koolproxy -d -b为data路径 105 | 其它运行方式可能会造成koolproxy识别不到data目录而无法加载规则 106 | koolproxy运行后默认会使用端口3000作为透明代理端口,需要利用iptables将数据导到端口3000才能发挥作用。 107 | 108 | 视频模式: 109 | 1 使用命令koolproxy -e 即可开启 110 | 2 开启后只会加载视频规则kp.dat和user.txt 111 | 112 | 调试模式: 113 | 1 使用命令koolproxy -l0 即可开启,l后面的数字代表不同的日志详细程度 114 | 2 需要检查规则命中行数可以需要使用-l2 115 | 116 | ttl功能: 117 | 1 使用命令koolproxy --ttl 160 即可开启ttl功能,后面的数值代表ttl大小 118 | 2 ttl功能开启后,koolproxy会对经过它的所有数据ttl进行调整,可以利用iptables的match ttl功能数据进行匹配 119 | 120 | mark功能: 121 | 1 使用命令koolproxy --mark 即可开启mark功能 122 | 2 mark功能开启后,koolproxy会对经过它的所有数据打上标记,mark值等于该数据的源ip转换为十六进制的值 123 | 3 例如局域网内192.168.1.100的数据,将会被打上0xc0a80164的mark(192 = c0, 168 = a8, 1 = 01, 100 = 64 ) 124 | 4 开发者可以用此功和SS配合,达到既科学上网,又能过滤这些科学上网的流量,还不影响科学上网访问控制的功能 125 | 5 ip转换为mark值参考命令:echo 192.168.1.100 | awk -F "." '{printf ("0x%02x", $1)} {printf ("%02x", $2)} {printf ("%02x", $3)} {printf ("%02x\n", $4)}' 126 | 127 | ================================================================================================ 128 | ss + kp过滤方案(2017年7月7日): 129 | 130 | 方案1(优先SS,其次KP,不推荐): 131 | 1 在NAT PREROUTING链内,SS在前,KP在后,流量将先走SS,经过SS分流后,国外流量走ss-redir,实现翻墙; 132 | 2 而剩下国内流量在PREROUTING链内继续往下匹配到koolrpxy规则,流量最终走koolproxy,实现过滤。 133 | 结果:koolproxy只能过滤国内流量(SS剩下的)。 134 | 135 | 方案2(优先KP,其次SS,不推荐); 136 | 1 在NAT PREROUTING链内,KP在前,SS在后,流量将先走KP,实现过滤; 137 | 2 为了SS能拿到KP过滤后的数据,使用match ttl匹配,在OUTPUT链内将流量全部给SS,实现翻墙; 138 | 结果:因为在OUTPUT链内没有源ip信息,流量给SS后无法匹配到源ip,因此SS失去了acl(访问控制)功能。 139 | 140 | 方案3 (优先kp,其次SS,推荐); 141 | 为便于理解,以下iptables配置只展示流量经过顺序,不是iptables的创建顺序,PREROUTING内规则的创建实际上应该在最后 142 | 0 koolproxy默认开启ttl和mark功能 KoolProxy --ttl 160 --mark -d(固件不支持ttl的仅开启mark也行: KoolProxy --mark -d) 143 | 1 在NAT PREROUTING链内,KP在前,SS在后,KP开启--mark,流量将先走KP(80,443),实现过滤,过滤后每个主机会被打上不同的mark; 144 | #KP在前,所有tcp流量全部交给KOOLPROXY链 145 | -A PREROUTING -p tcp -j KOOLPROXY 146 | #SS在后,在kp开启的时候,只能拿到非80,443的流量,在kp关闭后,可以拿到所有端口的流量 147 | -A PREROUTING -p tcp -j SHADOWSOCKS 148 | 149 | 2 例如局域网内192.168.1.100主机的数据经过kp过滤后,将会被打上0xc0a80164的mark(192 = c0, 168 = a8, 1 = 01, 100 = 64 ); 150 | #创建KOOLPROXY链,用于白名单和访问控制 151 | -N KOOLPROXY 152 | #创建KOOLPROXY_HTTP链,用于过滤http流量 153 | -N KOOLPROXY_HTTP 154 | #创建KOOLPROXY_HTTPS链,用于过滤https流量 155 | -N KOOLPROXY_HTTPS 156 | #局域网和保留地址不走kp 157 | -A KOOLPROXY -m set --match-set white_kp_list dst -j RETURN 158 | #主机192.168.1.100需要https过滤 159 | -A KOOLPROXY -s 192.168.1.100/32 -p tcp -g KOOLPROXY_HTTPS 160 | #其它主机过滤http流量 161 | -A KOOLPROXY -p tcp -j KOOLPROXY_HTTP 162 | 163 | 3 为了SS能拿到数据,在NAT OUTPUT链中,使用match ttl匹配,在OUTPUT链内将流量全部给SHADOWSOCKS_EXT链; 164 | #创建SHADOWSOCKS_EXT链,用于开启kp情况下ss的访问控制实现 165 | -N SHADOWSOCKS_EXT 166 | #使用ttl匹配将KP过滤后的数据转到SHADOWSOCKS_EXT链(如果固件不支持ttl匹配,使用下面的命令) 167 | -A OUTPUT -p tcp -m ttl --ttl-eq 160 -j SHADOWSOCKS_EXT 168 | #如果固件不支持ttl match,可以用mark匹配ip地址的前三位(用0xffffff00作为掩码的形式),来将KP过滤后的数据转到SHADOWSOCKS_EXT链 169 | # echo 192.168.1 | awk -F "." '{printf ("0x%02x", $1)} {printf ("%02x", $2)} {printf ("%02x", $3)} {printf ("00/0xffffff00\n")}' = 0xc0a80100/0xffffff00 170 | -A OUTPUT -p tcp -m mark --mark 0xc0a80100/0xffffff00 -j SHADOWSOCKS_EXT 171 | 172 | 4 如果开启了acl,比如需要192.168.1.75不走SS(全端口),192.168.1.246走gfwlist模式(80,443端口),192.168.1.214走大陆白名单模式(22,80,443端口),剩余主机全部走大陆白名单模式(全端口): 173 | #主机192.168.1.75(0xc0a8014b),流量经过KP过滤后并打上mark后,通过OUTPUT链进入SHADOWSOCKS_EXT链,而未能翻墙(RETURN) 174 | -A SHADOWSOCKS_EXT -p tcp -m mark --mark 0xc0a8014b -j RETURN 175 | #主机192.168.1.246(0xc0a801f6),流量经过KP过滤后并打上mark后,通过OUTPUT链进入SHADOWSOCKS_EXT链,在此流量被导向了SHADOWSOCKS_GFW链,实现gfwlist模式翻墙(80,443端口) 176 | -A SHADOWSOCKS_EXT -p tcp -m multiport --dports 80,443 -m mark --mark 0xc0a801f6 -g SHADOWSOCKS_GFW 177 | #主机192.168.1.214(0xc0a801f6),流量经过KP过滤后并打上mark后,通过OUTPUT链进入SHADOWSOCKS_EXT链,在此流量被导向了SHADOWSOCKS_CHN链,实现大陆白名单模式翻墙(22,80,443端口) 178 | -A SHADOWSOCKS_EXT -p tcp -m multiport --dports 22,,80,443 -m mark --mark 0xc0a801d6 -g SHADOWSOCKS_CHN 179 | #剩余的主机,流量经过KP过滤后并打上mark后,通过OUTPUT链进入SHADOWSOCKS_EXT链,在此流量被导向了SHADOWSOCKS_CHN链,实现大陆白名单模式翻墙(全端口) 180 | -A SHADOWSOCKS_EXT -p tcp -j SHADOWSOCKS_CHN 181 | 182 | 情形: 183 | 1 当SS开启,kp未开启:所有流量走ss PREROUTING过,经过分流后,国内的流量在经过OUTPUT的时候,因为KP没开,数据不会匹配到ttl值(或者没匹配到mark值),所以不会过滤广告,翻墙正常 184 | 2 当KP开启,SS未开启,所有流量走kp PREROUTING过,广告过滤正常 185 | 3 当SS开启,翻墙和acl工作正常的时候,开启KP:KP在PREROUTING内插入到SS前面,会先得到流量,广告过滤正常 186 | 4 当KP开启,过滤广告正常的时候,开启SS:SS从原来的从PREROUTING拿流量变成从OUTPUT内拿流量,翻墙和acl会同样正常 187 | 5 当KP和SS都开启,此时关闭SS,kp过滤广告正常 188 | 6 当KP和SS都开启,此时关闭KP,ss翻墙和acl正常 189 | 190 | 总结: 191 | 使用 ttl + mark (或者纯mark)的方式,可以实现原先很难实现的过滤经过SS流量的广告 192 | 主要的改动在于给SS预置好OUTPUT和SHADOWSOCKS_EXT规则链,当kp启用时,它们就会工作,kp关闭时,不会影响正常数据 193 | 次要的改动就是给koolproxy默认开启ttl + mark(或者纯mark)功能 194 | ================================================================================================ 195 | -------------------------------------------------------------------------------- /koolproxyupdate.sh: -------------------------------------------------------------------------------- 1 | wget 'https://raw.githubusercontent.com/user1121114685/koolproxyR_rule_list/master/kp.dat' -O files/usr/share/koolproxy/data/rules/kp.dat 2 | wget 'https://raw.githubusercontent.com/user1121114685/koolproxyR/master/koolproxyR/koolproxyR/data/rules/yhosts.txt' -O files/usr/share/koolproxy/data/rules/yhosts.txt 3 | wget 'https://raw.githubusercontent.com/user1121114685/koolproxyR/master/koolproxyR/koolproxyR/data/rules/fanboy-annoyance.txt' -O files/usr/share/koolproxy/data/rules/fanboy.txt 4 | wget 'https://raw.githubusercontent.com/user1121114685/koolproxyR/master/koolproxyR/koolproxyR/data/rules/easylistchina.txt' -O files/usr/share/koolproxy/data/rules/easylistchina.txt 5 | 6 | wget 'https://raw.githubusercontent.com/user1121114685/koolproxyR/master/koolproxyR/koolproxyR/data/rules/user.txt' -O files/usr/share/koolproxy/data/user.txt 7 | cp files/usr/share/koolproxy/data/user.txt files/usr/share/koolproxy/data/rules/user.txt 8 | wget 'https://raw.githubusercontent.com/user1121114685/koolproxyR/master/koolproxyR/koolproxyR/data/koolproxyR_ipset.conf' -O files/usr/share/koolproxy/koolproxy_ipset.conf 9 | 10 | wget https://easylist-downloads.adblockplus.org/easylistchina+easylist.txt -O- | grep ^\|\|[^\*]*\^$ | sed -e 's:||:address\=\/:' -e 's:\^:/0\.0\.0\.0:' > files/usr/share/koolproxy/dnsmasq.adblock 11 | sed -i '/youku/d' files/usr/share/koolproxy/dnsmasq.adblock 12 | sed -i '/[1-9]\{1,3\}\.[1-9]\{1,3\}\.[1-9]\{1,3\}\.[1-9]\{1,3\}/d' files/usr/share/koolproxy/dnsmasq.adblock 13 | 14 | --------------------------------------------------------------------------------