mega_venik/keenetic-auto-vpn
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

more scripts and configs

Browse Source
This commit is contained in:
Dmitry Chumak
2024-07-14 13:52:00 +03:00
parent 99263d1882
commit 0b8df0f42a
9 changed files with 138 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
scripts/opt_etc/crontab Normal file
View File

@@ -0,0 +1,12 @@
SHELL=/opt/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/opt/bin:/opt/sbin
MAILTO=""
HOME=/
# ---------- ---------- Default is Empty ---------- ---------- #
*/1 * * * * root /opt/bin/run-parts /opt/etc/cron.1min
*/5 * * * * root /opt/bin/run-parts /opt/etc/cron.5mins
01 * * * * root /opt/bin/run-parts /opt/etc/cron.hourly
02 4 * * * root /opt/bin/run-parts /opt/etc/cron.daily
22 4 * * 0 root /opt/bin/run-parts /opt/etc/cron.weekly
42 4 1 * * root /opt/bin/run-parts /opt/etc/cron.monthly
*/30 * * * * root /opt/bin/apply_unblock_rules.sh 2>&1 >> /opt/var/log/cron && date >> /opt/var/log/cron

20
scripts/opt_etc/dnsmasq.conf Normal file
View File

@@ -0,0 +1,20 @@
user=nobody
bogus-priv
no-negcache
clear-on-reload
bind-dynamic
listen-address=192.168.0.1
listen-address=127.0.0.1
min-port=4096
cache-size=1536
expand-hosts
log-async
#log-queries
#log-facility=/var/log/dnsmasq.log
#addn-hosts=/etc/hosts
conf-file=/opt/etc/unblock.dnsmasq
conf-file=/opt/etc/its-domains.conf
conf-file=/opt/etc/hl-domains.dnsmasq
conf-file=/opt/etc/dnsmasq.themoviedb.conf
server=8.8.8.8

9
scripts/opt_etc/hl-domains.dnsmasq Normal file
View File

@@ -0,0 +1,9 @@
address=/jf.venya.tech/192.168.0.104
address=/js.venya.tech/192.168.0.104
address=/h.venya.tech/192.168.0.104
address=/ci.venya.tech/192.168.0.104
address=/bt.venya.tech/192.168.0.104
address=/outline.venya.tech/192.168.0.104
address=/cockpit.venya.tech/192.168.0.104
address=/npm.venya.tech/192.168.0.104
address=/photo.venya.tech/192.168.0.104

10
scripts/opt_etc_init.d/S09dnscrypt-proxy Normal file
View File

@@ -0,0 +1,10 @@
#!/bin/sh
ENABLED=yes
PROCS=dnscrypt-proxy
ARGS="--local-address=127.0.0.1:53 --daemonize -R quad9-dnscrypt-ip4-nofilter-pri"
PREARGS=""
DESC=
PATH=/opt/sbin:/opt/bin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
. /opt/etc/init.d/rc.func

5
scripts/opt_etc_init.d/S99unblock Normal file
View File

@@ -0,0 +1,5 @@
#!/bin/sh
[ "$1" != "start" ] && exit 0
/opt/bin/unblock_ipset.sh &

8
scripts/opt_etc_ndm_fs.d/100-ipset.sh Normal file
View File

@@ -0,0 +1,8 @@
#!/bin/sh
[ "$1" != "start" ] && exit 0
ipset create unblock hash:net -exist
exit 0

31
scripts/opt_etc_ndm_ifstatechanged.d/100-unblock-vpn.sh Normal file
View File

@@ -0,0 +1,31 @@
#!/bin/sh
LOG=/opt/tmp/ndm-debug.log
echo "=====================" >> $LOG
echo "$1\n\n$change\n\n$id" >> $LOG
echo "${id}-${change}-${connected}-${link}-${up}" >> $LOG
#!/bin/sh
[ "$1" == "hook" ] || exit 0
#[ "$change" == "link" ] || exit 0
[ "$id" == "Wireguard0" ] || exit 0
IF_NAME=nwg0
IF_GW4=$(ip -4 addr show "$IF_NAME" | grep -Po "(?<=inet ).*(?=/)")
case ${id}-${change}-${connected}-${link}-${up} in
${id}-config-no-down-down)
ip -4 rule del fwmark 0xd1000 lookup 1001 priority 1778 2>/dev/null
ip -4 route flush table 1001
;;
${id}-connected-yes-up-up)
ip -4 route add table 1001 default via "$IF_GW4" dev "$IF_NAME" 2>/dev/null
ip -4 route show table main |grep -Ev ^default |while read ROUTE; do ip -4 route add table 1001 $ROUTE 2>/dev/null; done
ip -4 rule add fwmark 0xd1000 lookup 1001 priority 1778 2>/dev/null
ip -4 route flush cache
;;
esac
exit 0

20
scripts/opt_etc_ndm_netfilter.d/100-redirect.sh Normal file
View File

@@ -0,0 +1,20 @@
#!/bin/sh
[ "$type" == "ip6tables" ] && exit 0
if [ -z "$(iptables-save 2>/dev/null | grep unblock)" ]; then
ipset create unblock hash:net -exist
#iptables -w -t nat -A PREROUTING -i br0 -p tcp -m set --match-set unblock dst -j REDIRECT --to-port 9141
iptables -t nat -A POSTROUTING -o nwg0 -p tcp -m set --match-set unblock dst -j MASQUERADE
iptables -t nat -A OUTPUT -p tcp -m set --match-set unblock dst -j MASQUERADE -o nwg0
fi
if [ -z "$(iptables-save 2>/dev/null | grep "udp \-\-dport 53 \-j DNAT")" ]; then
iptables -w -t nat -I PREROUTING -i br0 -p udp --dport 53 -j DNAT --to 192.168.0.1
fi
if [ -z "$(iptables-save 2>/dev/null | grep "tcp \-\-dport 53 \-j DNAT")" ]; then
iptables -w -t nat -I PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to 192.168.0.1
fi
exit 0

23
scripts/opt_etc_ndm_netfilter.d/10m-mark4.sh Normal file
View File

@@ -0,0 +1,23 @@
#!/bin/sh
[ "$type" != "iptables" ] && exit 0
[ "$table" != "mangle" ] && exit 0
ip4t() {
if ! iptables -C "$@" &>/dev/null; then
iptables -A "$@"
fi
}
# VPN
ipset create unblock hash:net family inet -exist
# С отключением fastnat и ускорителей
#ip4t PREROUTING -t mangle -i br0 -p tcp -m set --match-set unblock dst -j MARK --set-mark 0xd1000
#ip4t PREROUTING -t mangle -i br0 -p udp -m set --match-set unblock dst -j MARK --set-mark 0xd1000
# Без отключения
ip4t PREROUTING -t mangle -m conntrack --ctstate NEW -m set --match-set unblock dst -j CONNMARK --set-mark 0xd1000
ip4t PREROUTING -t mangle -j CONNMARK --restore-mark
exit 0