-
Notifications
You must be signed in to change notification settings - Fork 20
/
ss-firewall-asia
61 lines (49 loc) · 2.03 KB
/
ss-firewall-asia
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
#!/bin/sh
# Author: https://github.com/softwaredownload/openwrt-fanqiang
# phoeagon tefiszx idonknown
# Last Update: 2018-10
#create new chains
iptables -t nat -N SHADOWSOCKS
iptables -t nat -N SHADOWSOCKS_WHITELIST
# Ignore your shadowsocks server-s's addresses
# It's very IMPORTANT, just be careful
# you'd better add them in an individual file
for white_ip in `cat /etc/shadowsocks-libev/ip_server.txt`;
do
iptables -t nat -A SHADOWSOCKS -d "${white_ip}" -j RETURN
done
# Ignore Custom IP list
for white_ip in `cat /etc/shadowsocks-libev/ip_custom.txt`;
do
iptables -t nat -A SHADOWSOCKS -d "${white_ip}" -j RETURN
done
# for Chrome youtube
iptables -t nat -A SHADOWSOCKS -p udp --dport 443 -j REDIRECT --to-ports 7654
# Ignore LANs to bypass the proxy
# See Wikipedia and RFC5735 for full list of reserved networks.
iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
# Check whitelist
iptables -t nat -A SHADOWSOCKS -j SHADOWSOCKS_WHITELIST
iptables -t nat -A SHADOWSOCKS -m mark --mark 1 -j RETURN
# Anything else TCP request should be redirected to shadowsocks's local port
iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 7654
# Apply the rules
iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS
# Or ignore Asia IP address
for white_ip in `cat /etc/shadowsocks-libev/ip_asia.txt`;
do
iptables -t nat -A SHADOWSOCKS_WHITELIST -d "${white_ip}" -j MARK --set-mark 1
done
# Ignore China IP address
# See ashi009/bestroutetb for a highly optimized CHN route list.
#for white_ip in `cat /etc/shadowsocks-libev/ip_china.txt`;
#do
# iptables -t nat -A SHADOWSOCKS_WHITELIST -d "${white_ip}" -j MARK --set-mark 1
#done