├── README.md
├── brook
├── gost
├── ip_control.sh
├── ip_table
└── iptables_gost


/README.md:
--------------------------------------------------------------------------------
 1 | # iptables-shield
 2 | 小伞IP盾构机 被控脚本修复
 3 | ## 1.转发机初始化：
 4 | ## 执行Shell：
 5 | ```
 6 | bash <(curl -sSL "https://cdn.jsdelivr.net/gh/xb0or/iptables-shield@master/ip_control.sh")
 7 | OR
 8 | bash <(curl -sSL "https://raw.githubusercontent.com/xb0or/iptables-shield/master/ip_control.sh")
 9 | ```
10 | 
11 | ## 2.手动加定时任务（请自行替换网址和key，注意不要丢掉空格）：
12 | 
13 | ```
14 | */5 * * * * . /etc/profile;ip_table -url http://baidu.com -key XXXXXXX
15 | ```
16 | ## 主控端部署完毕，您可以手动执行该命令查看执行是否有问题：
17 | ```
18 | ip_table -url http://baidu.com -key XXXXXXX
19 | ```
20 | 
21 | # Gost隧道转发
22 | ## 一部分是转发机（国内端），另一部分是落地机（国外端）。
23 | 
24 | ## 1.转发机初始化
25 | ## 执行Shell：
26 | ```
27 | bash <(curl -sSL "https://cdn.jsdelivr.net/gh/xb0or/iptables-shield@master/ip_control.sh")
28 | OR
29 | bash <(curl -sSL "https://raw.githubusercontent.com/xb0or/iptables-shield/master/ip_control.sh")
30 | ```
31 | ### 选择 执行选项 《1》。
32 | ## 2.手动加定时任务（请自行替换网址和key，注意不要丢掉空格）：
33 | 
34 | ```
35 | */5 * * * * . /etc/profile;ip_table -url http://baidu.com -key XXXXXXX
36 | ```
37 | 
38 | ## 3.落地机初始化(请注意开放防火墙哦)
39 | ```
40 | bash <(curl -sSL "https://cdn.jsdelivr.net/gh/xb0or/iptables-shield@master/ip_control.sh")
41 | OR
42 | bash <(curl -sSL "https://raw.githubusercontent.com/xb0or/iptables-shield/master/ip_control.sh")
43 | ```
44 | ### 选择 执行选项 《2》。
45 | 
46 | ## 3.添加定时任务（请自行替换网址和key，注意不要丢掉空格）
47 | ```
48 | */5 * * * * . /etc/profile;iptables_gost -url http://baidu.com -key XXXXXXX
49 | ```
50 | 


--------------------------------------------------------------------------------
/brook:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xb0or/iptables-shield/fb014e50e29c4f9a30b22f827c1c5e30306809ab/brook


--------------------------------------------------------------------------------
/gost:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xb0or/iptables-shield/fb014e50e29c4f9a30b22f827c1c5e30306809ab/gost


--------------------------------------------------------------------------------
/ip_control.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | add_crontab() {
  4 | crontab -l > conf && echo "$*" >> conf && crontab conf
  5 |     echo -e "添加crontab成功 !" && crontab -l
  6 | }
  7 | 
  8 | 
  9 | # Detect Debian users running the script with "sh" instead of bash
 10 | if readlink /proc/$$/exe | grep -q "dash"; then
 11 | 	echo "This script needs to be run with bash, not sh"
 12 | 	exit
 13 | fi
 14 | 
 15 | if [[ "$EUID" -ne 0 ]]; then
 16 | 	echo "Sorry, you need to run this as root"
 17 | 	exit
 18 | fi
 19 | 
 20 | if ! iptables -t nat -nL &>/dev/null; then
 21 | 	echo "您似乎未安装iptables."
 22 | 	exit
 23 | fi
 24 | 
 25 | 
 26 | 
 27 | beikong0_chushihua(){
 28 | 	if grep -qs "14.04" /etc/os-release; then
 29 | 	echo "Ubuntu 14.04 is not supported"
 30 | 	exit
 31 | fi
 32 | 
 33 | if grep -qs "jessie" /etc/os-release; then
 34 | 	echo "Debian 8 is not supported"
 35 | 	exit
 36 | fi
 37 | 
 38 | if grep -qs "CentOS release 6" /etc/redhat-release; then
 39 | 	echo "CentOS 6 is not supported"
 40 | 	exit
 41 | fi
 42 | 
 43 | 	echo "请输入当前机器主网卡名，例如eth0："
 44 | 	read -p "eth name: " eth_name
 45 | 	echo "请输入当前机器总带宽速率(单位Mbps)："
 46 | 	read -p "须为大于0的正整数: " port_speed
 47 | 	echo "开启iptables转发模块..."
 48 | 	echo -e "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
 49 | 	sysctl -p
 50 | 	echo "正在清空防火墙..."
 51 | 	iptables -F
 52 | 	iptables -t nat -F
 53 | 	echo "正在清空限速规则..."
 54 | 	iptables -t mangle -F
 55 | 	echo "正在初始化tc限速(无视报错即可)..."
 56 | 	tc qdisc del dev "$eth_name" root
 57 | 	echo "正在tc限速添加根节点..."
 58 | 	tc qdisc add dev "$eth_name" root handle 1: htb default 1
 59 | 	tc class add dev "$eth_name" parent 1: classid 1:1 htb rate "$port_speed"mbps
 60 | 	echo "保存防火墙..."
 61 | if ! type curl >/dev/null 2>&1; then
 62 |     echo 'curl 未安装 安装中'
 63 | 	apt-get update && apt-get install curl -y || yum install curl -y
 64 | else
 65 |     echo 'curl 已安装，继续'
 66 | fi
 67 | 
 68 | if ! type wget >/dev/null 2>&1; then
 69 |     echo 'wget 未安装 安装中';
 70 | 	apt-get update && apt-get install wget -y || yum install curl -y
 71 | else
 72 |     echo 'wget 已安装，继续'
 73 | fi
 74 | if [[ "${release}" == "centos" ]]; then
 75 | 		if (yum list installed ca-certificates | grep '202'); then
 76 | 			echo 'CA证书检查OK'
 77 | 		else
 78 | 			echo 'CA证书检查不通过，处理中'
 79 | 			yum install ca-certificates dmidecode -y
 80 | 			update-ca-trust force-enable
 81 | 			fi
 82 | 	elif [[ "${release}" == "debian" || "${release}" == "ubuntu" ]]; then
 83 | 		if (apt list --installed | grep 'ca-certificates' | grep '202');then
 84 | 			echo 'CA证书检查OK'
 85 | 		else
 86 | 			echo 'CA证书检查不通过，处理中'
 87 | 			apt-get install ca-certificates dmidecode -y
 88 | 			update-ca-certificates
 89 | 		fi	
 90 | 	fi
 91 | 	echo "初始化完毕！"
 92 | 	read -p "是否安装被控端文件(首次执行必须安装)[y/N]" down_files
 93 | 	if [[ "$down_files" =~ ^[yY]$ ]]; then
 94 | 		echo "正在下载gost2.11版本"
 95 | 		wget https://cdn.jsdelivr.net/gh/xb0or/iptables-shield@master/gost -O /usr/bin/gost
 96 | 		chmod +x /usr/bin/gost
 97 | 		echo "正在下载被控端"
 98 | 		wget https://cdn.jsdelivr.net/gh/xb0or/iptables-shield@master/ip_table -O /usr/bin/ip_table
 99 | 		chmod +x /usr/bin/ip_table
100 | 		echo "正在下载brook"
101 | 		wget https://cdn.jsdelivr.net/gh/xb0or/iptables-shield@master/brook -O /usr/bin/brook
102 | 		chmod +x /usr/bin/brook
103 | 	fi
104 |     
105 |     read -p "请输入主控网址，例如http://baidu.com :" URL
106 |     read -p "请输入中转机密钥 :" KEY
107 |     add_crontab "*/5 * * * * . /etc/profile;ip_table -url $URL -key $KEY"  
108 | }
109 | beikong1_chushihua(){
110 | 	echo "正在执行初始化，请提前手动放行防火墙！"
111 | 	if [[ "$release" == "centos" ]]; then
112 | 		yum install wget -y
113 | 		yum install curl -y
114 | 		yum install ca-certificates -y
115 | 	else
116 |                 apt-get install wget -y
117 | 		apt-get install curl -y
118 | 		apt-get install ca-certificates -y
119 | 	fi
120 | 	echo "初始化完毕！"
121 | 	read -p "是否下载被控端文件(首次执行必须安装)[y/N]" down_files_1
122 | 	if [[ "$down_files_1" =~ ^[yY]$ ]]; then
123 | 		echo "正在下载gost2.11版本"
124 | 		wget https://cdn.jsdelivr.net/gh/xb0or/iptables-shield@master/gost -O /usr/bin/gost
125 | 		chmod +x /usr/bin/gost
126 | 		echo "正在下载被控端"
127 | 		wget https://cdn.jsdelivr.net/gh/xb0or/iptables-shield@master/iptables_gost -O /usr/bin/iptables_gost
128 | 		chmod +x /usr/bin/iptables_gost
129 | 	fi
130 |     read -p "请输入主控网址，例如http://baidu.com :" URL
131 |     read -p "请输入落地机密钥 :" KEY
132 |     add_crontab "*/5 * * * * . /etc/profile;iptables_gost -url $URL -key $KEY"
133 | }
134 | 
135 | #开始菜单
136 | start_menu(){
137 | clear
138 | echo && echo -e " IP盾构机辅助脚本 V2.1.2 kedou修复版
139 | ————————————————————————————————————————————————————————————————————————————————————
140 |   --  https://github.com/xb0or/iptables-shield
141 |   -- 请注意，${Green_font_prefix}CENOS7系统请先升级iptables${Font_color_suffix}CENOS7系统请先升级iptables，参考：https://www.bnxb.com/linuxserver/27546.html --
142 | 
143 | ————————————————————————————————————————————————————————————————————————————————————
144 |  ${Green_font_prefix}1.${Font_color_suffix} 转发机-全局初始化
145 |  ${Green_font_prefix}2.${Font_color_suffix} 落地机-全局初始化" && echo
146 | stty erase '^H' && read -p " 请输入数字 [1-2]:" num
147 | case "$num" in
148 | 	1)
149 | 	beikong0_chushihua
150 | 	;;
151 | 	2)
152 | 	beikong1_chushihua
153 | 	;;
154 | 	*)
155 |         clear
156 | 	echo -e "${Error}:请输入正确数字"
157 | 	sleep 2s
158 | 	start_menu
159 | 	;;
160 | esac
161 | }
162 | 
163 | 
164 | #############系统检测组件#############
165 | 
166 | #检查系统
167 | check_sys(){
168 | 	if [[ -f /etc/redhat-release ]]; then
169 | 		release="centos"
170 | 	elif cat /etc/issue | grep -q -E -i "debian"; then
171 | 		release="debian"
172 | 	elif cat /etc/issue | grep -q -E -i "ubuntu"; then
173 | 		release="ubuntu"
174 | 	elif cat /etc/issue | grep -q -E -i "centos|red hat|redhat"; then
175 | 		release="centos"
176 | 	elif cat /proc/version | grep -q -E -i "debian"; then
177 | 		release="debian"
178 | 	elif cat /proc/version | grep -q -E -i "ubuntu"; then
179 | 		release="ubuntu"
180 | 	elif cat /proc/version | grep -q -E -i "centos|red hat|redhat"; then
181 | 		release="centos"
182 |     fi
183 | }
184 | 
185 | #检查Linux版本
186 | check_version(){
187 | 	if [[ -s /etc/redhat-release ]]; then
188 | 		version=`grep -oE  "[0-9.]+" /etc/redhat-release | cut -d . -f 1`
189 | 	else
190 | 		version=`grep -oE  "[0-9.]+" /etc/issue | cut -d . -f 1`
191 | 	fi
192 | 	bit=`uname -m`
193 | 	if [[ ${bit} = "x86_64" ]]; then
194 | 		bit="x64"
195 | 	else
196 | 		bit="x32"
197 | 	fi
198 | }
199 | 
200 | 
201 | 
202 | #############系统检测组件#############
203 | check_sys
204 | check_version
205 | [[ ${release} != "debian" ]] && [[ ${release} != "ubuntu" ]] && [[ ${release} != "centos" ]] && echo -e "${Error} 本脚本不支持当前系统 ${release} !" && exit 1
206 | start_menu
207 | 


--------------------------------------------------------------------------------
/ip_table:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xb0or/iptables-shield/fb014e50e29c4f9a30b22f827c1c5e30306809ab/ip_table


--------------------------------------------------------------------------------
/iptables_gost:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xb0or/iptables-shield/fb014e50e29c4f9a30b22f827c1c5e30306809ab/iptables_gost


--------------------------------------------------------------------------------