-
Notifications
You must be signed in to change notification settings - Fork 3
/
ss.sh
220 lines (203 loc) · 5.86 KB
/
ss.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
#!/bin/bash
# author:annata
# url:https://github.com/annata/sssh
. /etc/profile
set -e
usage(){
echo -e '开始翻墙或者更新翻墙信息:ss.sh+create+ss服务器ip+ss服务器端口+加密方法+密码,示例:\nss.sh create 123.123.123.123 9001 aes-256-cfb sdhywfygb324234b\n取消翻墙,复原所有更改:\nss.sh remove';
}
sstunnel(){
sstunnelpid=`ps -ef|grep ss-tunnel|grep -v grep|awk '{print $2}'`
if [ ! -z $sstunnelpid ]
then
kill $sstunnelpid
fi
ss-tunnel -c /etc/shadowsocks-libev/udp.json -L "8.8.8.8:53" -u -f "/root/.sscnf/ss-tunnel.pid"
echo '创建udp包代理进程成功!'
}
ssredir(){
ssredirpid=`ps -ef|grep ss-redir|grep -v grep|awk '{print $2}'`
if [ ! -z $ssredirpid ]
then
kill $ssredirpid
fi
ss-redir -c /etc/shadowsocks-libev/tcp.json -f "/root/.sscnf/ss-redir.pid"
echo '创建tcp包透明代理进程成功!'
}
chinadns(){
if [ ! -e /root/.sscnf/chinadns-1.3.2/src/chinadns ]
then
if [ ! -e $DIR/chinadns-1.3.2.tar.gz ]
then
wget -O /root/.sscnf/chinadns-1.3.2.tar.gz --no-check-certificate https://github.com/shadowsocks/ChinaDNS/releases/download/1.3.2/chinadns-1.3.2.tar.gz
else
cp -f $DIR/chinadns-1.3.2.tar.gz /root/.sscnf/chinadns-1.3.2.tar.gz
fi
cd /root/.sscnf
tar zxvf chinadns-1.3.2.tar.gz
cd chinadns-1.3.2
./configure
make
fi
# curl 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' | grep ipv4 | grep CN | awk -F\| '{ printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > /root/.sscnf/chinadns-1.3.2/chnroute.txt
# echo '更新中国ip列表成功!'
cd /root/.sscnf/chinadns-1.3.2
chinadnspid=`ps -ef|grep chinadns|grep -v grep|awk '{print $2}'`
if [ ! -z $chinadnspid ]
then
kill $chinadnspid
fi
nohup /root/.sscnf/chinadns-1.3.2/src/chinadns -m -c chnroute.txt -s 223.5.5.5,127.0.0.1:1080 &
echo '启动chinadns成功!'
}
# may lead coredns crash when it using hosts' setting.
updateresolv(){
if [ ! -e /etc/resolv.conf.ss.bak ]
then
mv /etc/resolv.conf /etc/resolv.conf.ss.bak
fi
echo 'nameserver 127.0.0.1' > /etc/resolv.conf
}
createipsetandiptables(){
iptables -t nat -D OUTPUT -p tcp -j shadowsocks || true
iptables -t nat -F shadowsocks || true
iptables -t nat -X shadowsocks || true
ipset destroy shadowsocks || true
ipset create shadowsocks hash:net
ipset add shadowsocks 10.30.30.0/24
cat /root/.sscnf/chinadns-1.3.2/chnroute.txt | awk '{print "ipset add shadowsocks "$0}' | sh
iptables -t nat -N shadowsocks
iptables -t nat -A shadowsocks -d $ip/32 -j RETURN
iptables -t nat -A shadowsocks -d 0.0.0.0/8 -j RETURN
iptables -t nat -A shadowsocks -d 10.0.0.0/8 -j RETURN
iptables -t nat -A shadowsocks -d 127.0.0.0/8 -j RETURN
iptables -t nat -A shadowsocks -d 169.254.0.0/16 -j RETURN
iptables -t nat -A shadowsocks -d 172.16.0.0/12 -j RETURN
iptables -t nat -A shadowsocks -d 192.168.0.0/16 -j RETURN
iptables -t nat -A shadowsocks -d 224.0.0.0/4 -j RETURN
iptables -t nat -A shadowsocks -d 240.0.0.0/4 -j RETURN
iptables -t nat -A shadowsocks -m set --match-set shadowsocks dst -j RETURN
iptables -t nat -A shadowsocks -p tcp -j REDIRECT --to-ports 1090
iptables -t nat -A OUTPUT -p tcp -j shadowsocks
echo '创建iptables规则成功!'
}
create(){
if [[ -z $ip || -z $port || -z $method || -z $pass ]]
then
usage
exit 1
fi
if [ "$ID" == "ubuntu" ] || [ "$ID" == "debian" ]
then
ubuntuinstall
fi
if [ "$ID" == "centos" ]
then
centosinstall
fi
service shadowsocks-libev stop || true
systemctl disable shadowsocks-libev.service || true
echo -e "{\"server\":\"$ip\",\"server_port\":$port,\"local_port\":1080,\"password\":\"$pass\",\"timeout\":60,\"method\":\"$method\"}" > /etc/shadowsocks-libev/udp.json
echo -e "{\"server\":\"$ip\",\"server_port\":$port,\"local_port\":1090,\"password\":\"$pass\",\"timeout\":60,\"method\":\"$method\"}" > /etc/shadowsocks-libev/tcp.json
if [ ! -d /root/.sscnf ]
then
mkdir /root/.sscnf
fi
sstunnel
ssredir
chinadns
updateresolv
createipsetandiptables
echo '翻墙成功!'
}
ubuntuinstall(){
service systemd-resolved stop || true
apt install -y wget curl make gcc ipset
apt-get install software-properties-common -y
add-apt-repository ppa:max-c-lv/shadowsocks-libev -y || true
apt install -y shadowsocks-libev
}
centosinstall(){
yum install -y wget epel-release
wget https://copr.fedorainfracloud.org/coprs/librehat/shadowsocks/repo/epel-7/librehat-shadowsocks-epel-7.repo -O /etc/yum.repos.d/librehat-shadowsocks-epel-7.repo
yum install -y shadowsocks-libev
}
remove(){
iptables -t nat -D OUTPUT -p tcp -j shadowsocks || true
iptables -t nat -F shadowsocks || true
iptables -t nat -X shadowsocks || true
ipset destroy shadowsocks || true
if [ -e /etc/resolv.conf.ss.bak ]
then
rm -f /etc/resolv.conf || true
mv /etc/resolv.conf.ss.bak /etc/resolv.conf
fi
chinadnspid=`ps -ef|grep chinadns|grep -v grep|awk '{print $2}'`
if [ ! -z $chinadnspid ]
then
kill $chinadnspid
fi
ssredirpid=`ps -ef|grep ss-redir|grep -v grep|awk '{print $2}'`
if [ ! -z $ssredirpid ]
then
kill $ssredirpid
fi
sstunnelpid=`ps -ef|grep ss-tunnel|grep -v grep|awk '{print $2}'`
if [ ! -z $sstunnelpid ]
then
kill $sstunnelpid
fi
rm -rf /root/.sscnf || true
if [ "$ID" == "ubuntu" ] || [ "$ID" == "debian" ]
then
ubunturemove
fi
if [[ "$ID" == "centos" ]]
then
centosremove
fi
echo '取消翻墙,复原所有更改成功!'
}
ubunturemove(){
apt remove -y shadowsocks-libev
apt autoremove -y
}
centosremove(){
yum remove -y shadowsocks-libev
yum autoremove -y
}
if [ `id -u` != "0" ]
then
echo '必须是root权限'
exit 1
fi
source /etc/os-release
case $ID in
debian|ubuntu|devuan|centos)
echo $ID
;;
fedora|rhel)
echo '不支持该发行版'
exit 1
;;
*)
echo '不支持该发行版'
exit 1
;;
esac
if [ "$1" == "create" ]
then
ip="$2"
port="$3"
method="$4"
pass="$5"
DIR="$( cd "$( dirname "$0" )" && pwd )"
create
else
if [ "$1" == "remove" ]
then
remove
else
usage
fi
fi