diff --git a/init.d/openwrt/functions b/init.d/openwrt/functions index e20ad69..c36ed25 100644 --- a/init.d/openwrt/functions +++ b/init.d/openwrt/functions @@ -329,7 +329,7 @@ get_nfqws_qnums() # $2 - var name for ipv4 https # $3 - var name for ipv6 http # $4 - var name for ipv6 https - local _qn=x _qns=x _qn6=x _qns6=x + local _qn _qns _qn6 _qns6 [ "$DISABLE_IPV4" = "1" ] || { _qn=$QNUM @@ -353,10 +353,14 @@ get_nfqws_qnums() } [ "$NFQWS_OPT_DESYNC_HTTPS6" = "$NFQWS_OPT_DESYNC_HTTP6" ] && _qns6=$_qn6; } - eval $1=$_qn - eval $2=$_qns - eval $3=$_qn6 - eval $4=$_qns6 + [ "$MODE_HTTP" = 1 ] && { + eval $1=$_qn + eval $3=$_qn6 + } + [ "$MODE_HTTPS" = 1 ] && { + eval $2=$_qns + eval $4=$_qns6 + } } create_ipset() @@ -461,45 +465,41 @@ zapret_apply_firewall() nfqws) # quite complex but we need to minimize nfqws processes to save RAM - if [ ! "$MODE_HTTP" = "1" ] && [ ! "$MODE_HTTPS" = "1" ]; then - echo both http and https are disabled. not applying redirection. + get_nfqws_qnums qn qns qn6 qns6 + if [ "$MODE_HTTP_KEEPALIVE" != "1" ] && [ -n "$qn" ] && [ "$qn" = "$qns" ]; then + filter_apply_port_target f4 + f4="$f4 $first_packet_only" + filter_apply_ipset_target4 f4 + fw_nfqws_post4 "$f4 $desync" $qn else - get_nfqws_qnums qn qns qn6 qns6 - if [ "$MODE_HTTP_KEEPALIVE" != "1" ] && [ $qn = $qns ]; then - filter_apply_port_target f4 - f4="$f4 $first_packet_only" + if [ -n "$qn" ]; then + f4="--dport 80" + [ "$MODE_HTTP_KEEPALIVE" = "1" ] || f4="$f4 $first_packet_only" filter_apply_ipset_target4 f4 fw_nfqws_post4 "$f4 $desync" $qn - else - if [ "$MODE_HTTP" = "1" ]; then - f4="--dport 80" - [ "$MODE_HTTP_KEEPALIVE" = "1" ] || f4="$f4 $first_packet_only" - filter_apply_ipset_target4 f4 - fw_nfqws_post4 "$f4 $desync" $qn - fi - if [ "$MODE_HTTPS" = "1" ]; then - f4="--dport 443 $first_packet_only" - filter_apply_ipset_target4 f4 - fw_nfqws_post4 "$f4 $desync" $qns - fi fi - if [ "$MODE_HTTP_KEEPALIVE" != "1" ] && [ $qn6 = $qns6 ]; then - filter_apply_port_target f6 - f6="$f6 $first_packet_only" + if [ -n "$qns" ]; then + f4="--dport 443 $first_packet_only" + filter_apply_ipset_target4 f4 + fw_nfqws_post4 "$f4 $desync" $qns + fi + fi + if [ "$MODE_HTTP_KEEPALIVE" != "1" ] && [ -n "$qn6" ] && [ "$qn6" = "$qns6" ]; then + filter_apply_port_target f6 + f6="$f6 $first_packet_only" + filter_apply_ipset_target6 f6 + fw_nfqws_post6 "$f6 $desync" $qn6 + else + if [ -n "$qn6" ]; then + f6="--dport 80" + [ "$MODE_HTTP_KEEPALIVE" = "1" ] || f6="$f6 $first_packet_only" filter_apply_ipset_target6 f6 fw_nfqws_post6 "$f6 $desync" $qn6 - else - if [ "$MODE_HTTP" = "1" ]; then - f6="--dport 80" - [ "$MODE_HTTP_KEEPALIVE" = "1" ] || f6="$f6 $first_packet_only" - filter_apply_ipset_target6 f6 - fw_nfqws_post6 "$f6 $desync" $qn6 - fi - if [ "$MODE_HTTPS" = "1" ]; then - f6="--dport 443 $first_packet_only" - filter_apply_ipset_target6 f6 - fw_nfqws_post6 "$f6 $desync" $qns6 - fi + fi + if [ -n "$qns6" ]; then + f6="--dport 443 $first_packet_only" + filter_apply_ipset_target6 f6 + fw_nfqws_post6 "$f6 $desync" $qns6 fi fi ;; diff --git a/init.d/openwrt/zapret b/init.d/openwrt/zapret index ffda5b1..232ee59 100755 --- a/init.d/openwrt/zapret +++ b/init.d/openwrt/zapret @@ -121,27 +121,25 @@ start_service() { nfqws) # quite complex but we need to minimize nfqws processes to save RAM get_nfqws_qnums qn qns qn6 qns6 - [ "$DISABLE_IPV4" = "1" ] || { + [ -z "$qn" ] || { opt="--qnum=$qn $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTP" filter_apply_hostlist_target opt run_daemon 1 "$NFQWS" "$opt" - [ "$qns" = "$qn" ] || { - opt="--qnum=$qns $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTPS" - filter_apply_hostlist_target opt - run_daemon 2 "$NFQWS" "$opt" - } } - [ "$DISABLE_IPV6" = "1" ] || { - [ "$qn6" = "$qn" ] || [ "$qn6" = "$qns" ] || { - opt="--qnum=$qn6 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTP6" - filter_apply_hostlist_target opt - run_daemon 3 "$NFQWS" "$opt" - } - [ "$qns6" = "$qn" ] || [ "$qns6" = "$qns" ] || [ "$qns6" = "$qn6" ] || { - opt="--qnum=$qns6 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTPS6" - filter_apply_hostlist_target opt - run_daemon 4 "$NFQWS" "$opt" - } + [ -z "$qns" ] || [ "$qns" = "$qn" ] || { + opt="--qnum=$qns $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTPS" + filter_apply_hostlist_target opt + run_daemon 2 "$NFQWS" "$opt" + } + [ -z "$qn6" ] || [ "$qn6" = "$qn" ] || [ "$qn6" = "$qns" ] || { + opt="--qnum=$qn6 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTP6" + filter_apply_hostlist_target opt + run_daemon 3 "$NFQWS" "$opt" + } + [ -z "$qns6" ] || [ "$qns6" = "$qn" ] || [ "$qns6" = "$qns" ] || [ "$qns6" = "$qn6" ] || { + opt="--qnum=$qns6 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTPS6" + filter_apply_hostlist_target opt + run_daemon 4 "$NFQWS" "$opt" } ;; custom) diff --git a/init.d/sysv/functions b/init.d/sysv/functions index a848499..d3f46e2 100644 --- a/init.d/sysv/functions +++ b/init.d/sysv/functions @@ -556,7 +556,7 @@ get_nfqws_qnums() # $2 - var name for ipv4 https # $3 - var name for ipv6 http # $4 - var name for ipv6 https - local _qn=x _qns=x _qn6=x _qns6=x + local _qn _qns _qn6 _qns6 [ "$DISABLE_IPV4" = "1" ] || { _qn=$QNUM @@ -580,10 +580,14 @@ get_nfqws_qnums() } [ "$NFQWS_OPT_DESYNC_HTTPS6" = "$NFQWS_OPT_DESYNC_HTTP6" ] && _qns6=$_qn6; } - eval $1=$_qn - eval $2=$_qns - eval $3=$_qn6 - eval $4=$_qns6 + [ "$MODE_HTTP" = 1 ] && { + eval $1=$_qn + eval $3=$_qn6 + } + [ "$MODE_HTTPS" = 1 ] && { + eval $2=$_qns + eval $4=$_qns6 + } } tpws_apply_socks_binds() @@ -637,37 +641,37 @@ zapret_do_firewall() echo both http and https are disabled. not applying redirection. else get_nfqws_qnums qn qns qn6 qns6 - if [ "$MODE_HTTP_KEEPALIVE" != "1" ] && [ $qn = $qns ]; then + if [ "$MODE_HTTP_KEEPALIVE" != "1" ] && [ -n "$qn" ] && [ "$qn" = "$qns" ]; then filter_apply_port_target f4 f4="$f4 $first_packet_only" filter_apply_ipset_target4 f4 fw_nfqws_post4 $1 "$f4 $desync" $qn else - if [ "$MODE_HTTP" = "1" ]; then + if [ -n "$qn" ]; then f4="--dport 80" [ "$MODE_HTTP_KEEPALIVE" = "1" ] || f4="$f4 $first_packet_only" filter_apply_ipset_target4 f4 fw_nfqws_post4 $1 "$f4 $desync" $qn fi - if [ "$MODE_HTTPS" = "1" ]; then + if [ -n "$qns" ]; then f4="--dport 443 $first_packet_only" filter_apply_ipset_target4 f4 fw_nfqws_post4 $1 "$f4 $desync" $qns fi fi - if [ "$MODE_HTTP_KEEPALIVE" != "1" ] && [ $qn6 = $qns6 ]; then + if [ "$MODE_HTTP_KEEPALIVE" != "1" ] && [ -n "$qn6" ] && [ "$qn6" = "$qns6" ]; then filter_apply_port_target f6 f6="$f6 $first_packet_only" filter_apply_ipset_target6 f6 fw_nfqws_post6 $1 "$f6 $desync" $qn6 else - if [ "$MODE_HTTP" = "1" ]; then + if [ -n "$qn6" ]; then f6="--dport 80" [ "$MODE_HTTP_KEEPALIVE" = "1" ] || f6="$f6 $first_packet_only" filter_apply_ipset_target6 f6 fw_nfqws_post6 $1 "$f6 $desync" $qn6 fi - if [ "$MODE_HTTPS" = "1" ]; then + if [ -n "$qns6" ]; then f6="--dport 443 $first_packet_only" filter_apply_ipset_target6 f6 fw_nfqws_post6 $1 "$f6 $desync" $qns6 @@ -711,27 +715,25 @@ zapret_do_daemons() ;; nfqws) get_nfqws_qnums qn qns qn6 qns6 - [ "$DISABLE_IPV4" = "1" ] || { + [ -z "$qn" ] || { opt="--qnum=$qn $NFQWS_OPT_DESYNC_HTTP" filter_apply_hostlist_target opt do_nfqws $1 1 "$opt" - [ "$qns" = "$qn" ] || { - opt="--qnum=$qns $NFQWS_OPT_DESYNC_HTTPS" - filter_apply_hostlist_target opt - do_nfqws $1 2 "$opt" - } } - [ "$DISABLE_IPV6" = "1" ] || { - [ "$qn6" = "$qn" ] || [ "$qn6" = "$qns" ] || { - opt="--qnum=$qn6 $NFQWS_OPT_DESYNC_HTTP6" - filter_apply_hostlist_target opt - do_nfqws $1 3 "$opt" - } - [ "$qns6" = "$qn" ] || [ "$qns6" = "$qns" ] || [ "$qns6" = "$qn6" ] || { - opt="--qnum=$qns6 $NFQWS_OPT_DESYNC_HTTPS6" - filter_apply_hostlist_target opt - do_nfqws $1 4 "$opt" - } + [ -z "$qns" ] || [ "$qns" = "$qn" ] || { + opt="--qnum=$qns $NFQWS_OPT_DESYNC_HTTPS" + filter_apply_hostlist_target opt + do_nfqws $1 2 "$opt" + } + [ -z "$qn6" ] || [ "$qn6" = "$qn" ] || [ "$qn6" = "$qns" ] || { + opt="--qnum=$qn6 $NFQWS_OPT_DESYNC_HTTP6" + filter_apply_hostlist_target opt + do_nfqws $1 3 "$opt" + } + [ -z "$qns6" ] || [ "$qns6" = "$qn" ] || [ "$qns6" = "$qns" ] || [ "$qns6" = "$qn6" ] || { + opt="--qnum=$qns6 $NFQWS_OPT_DESYNC_HTTPS6" + filter_apply_hostlist_target opt + do_nfqws $1 4 "$opt" } ;; custom)