change: add custom fallback-filter

hudawei996 · Jul 11, 2021 · c75cf7c · c75cf7c
1 parent 527a5ce
commit c75cf7c
Show file tree

Hide file tree

Showing 7 changed files with 76 additions and 32 deletions.
diff --git a/luci-app-openclash/luasrc/model/cbi/openclash/client.lua b/luci-app-openclash/luasrc/model/cbi/openclash/client.lua
@@ -125,7 +125,7 @@ o.write = function()
 end
 
 d = Map("openclash")
-d.title = translate("Technical Support")
+d.title = translate("Credits")
 d.pageaction = false
 d:section(SimpleSection).template  = "openclash/developer"
 

diff --git a/luci-app-openclash/luasrc/model/cbi/openclash/settings.lua b/luci-app-openclash/luasrc/model/cbi/openclash/settings.lua
@@ -219,6 +219,29 @@ o = s:taboption("dns", Flag, "disable_masq_cache", translate("Disable Dnsmasq's
 o.description = translate("Recommended Enabled For Avoiding Some Connection Errors")..font_red..bold_on..translate("(Maybe Incompatible For Your Firmware)")..bold_off..font_off
 o.default=0
 
+o = s:taboption("dns", Flag, "custom_fallback_filter", translate("Custom Fallback-Filter"))
+o.description = translate("Take Effect If Fallback DNS Setted, Prevent DNS Pollution")
+o.default=0
+
+custom_fallback_filter = s:taboption("dns", Value, "custom_fallback_fil")
+custom_fallback_filter.template = "cbi/tvalue"
+custom_fallback_filter.rows = 20
+custom_fallback_filter.wrap = "off"
+custom_fallback_filter:depends("custom_fallback_filter", "1")
+
+function custom_fallback_filter.cfgvalue(self, section)
+	return NXFS.readfile("/etc/openclash/custom/openclash_custom_fallback_filter.yaml") or ""
+end
+function custom_fallback_filter.write(self, section, value)
+	if value then
+		value = value:gsub("\r\n?", "\n")
+		local old_value = NXFS.readfile("/etc/openclash/custom/openclash_custom_fallback_filter.yaml")
+	  if value ~= old_value then
+			NXFS.writefile("/etc/openclash/custom/openclash_custom_fallback_filter.yaml", value)
+		end
+	end
+end
+
 o = s:taboption("dns", Flag, "dns_advanced_setting", translate("Advanced Setting"))
 o.description = translate("DNS Advanced Settings")..font_red..bold_on..translate("(Please Don't Modify it at Will)")..bold_off..font_off
 o.default=0

diff --git a/luci-app-openclash/po/zh-cn/openclash.zh-cn.po b/luci-app-openclash/po/zh-cn/openclash.zh-cn.po
@@ -11,7 +11,7 @@ msgstr "一个运行在OpenWrt上的Clash客户端，兼容Shadowsocks、Shadows
 msgid "Global Settings(Will Modify The Config File Or Subscribe According To The Settings On This Page)"
 msgstr "全局设置（将按照本页设置自动修改配置文件和获取订阅）"
 
-msgid "Technical Support"
+msgid "Credits"
 msgstr "技术支持"
 
 msgid "Overviews"
@@ -2027,4 +2027,10 @@ msgid "If you have a recommended external configuration file (subscription conve
 msgstr "如您有值得推荐的外部配置文件(订阅转换模板)，可以按照 /usr/share/openclash/res/sub_ini.list 的文件格式修改后提交PR"
 
 msgid "To restore the default configuration, try accessing: "
-msgstr "如遇到配置丢失或者需要还原默认配置，请尝试访问地址: "
+msgstr "如遇到配置丢失或者需要还原默认配置，请尝试访问地址: "
+
+msgid "Take Effect If Fallback DNS Setted, Prevent DNS Pollution"
+msgstr "只有在配置文件设置了 Fallback 组的DNS时才会生效，正确设置可以有效防止DNS污染"
+
+msgid "Custom Fallback-Filter"
+msgstr "自定义Fallback-Filter"
diff --git a/luci-app-openclash/root/etc/config/openclash b/luci-app-openclash/root/etc/config/openclash
@@ -38,6 +38,7 @@ config openclash 'config'
 	option common_ports '0'
 	option log_size '1024'
 	option tolerance '0'
+	option custom_fallback_filter '0'
 	option geo_custom_url 'http://www.ideame.top/mmdb/Country.mmdb'
 	option chnr_custom_url 'https://ispip.clang.cn/all_cn.txt'
 

diff --git a/luci-app-openclash/root/etc/init.d/openclash b/luci-app-openclash/root/etc/init.d/openclash
@@ -20,7 +20,7 @@ CONFIG_FILE="/etc/openclash/$(uci -q get openclash.config.config_path |awk -F '/
 RULE_PROVIDER_FILE="/tmp/yaml_rule_provider.yaml"
 DNS_FILE="/tmp/yaml_dns.yaml"
 GAME_RULE_FILE="/tmp/yaml_game_rule.yaml"
-FALLBACK_FILTER_FILE="/tmp/yaml_fallback_filter_file.yaml"
+FALLBACK_FILTER_FILE="/etc/openclash/custom/openclash_custom_fallback_filter.yaml"
 LOCK_FILE=/tmp/lock/openclash.lock
 PROXY_FWMARK="0x162"
 PROXY_ROUTE_TABLE="0x162"
@@ -166,34 +166,10 @@ EOF
    fi
 
    #fallback-filter
-   if [ -n "$(ruby_read "$CONFIG_FILE" "['dns']['fallback']")" ] && [ -z "$(ruby_read "$CONFIG_FILE" "['dns']['fallback-filter']")" ]; then
-cat >> "$2" <<-EOF
-  fallback-filter:
-    geoip: false
-    ipcidr:
-      - 0.0.0.0/8
-      - 10.0.0.0/8
-      - 100.64.0.0/10
-      - 127.0.0.0/8
-      - 169.254.0.0/16
-      - 172.16.0.0/12
-      - 192.0.0.0/24
-      - 192.0.2.0/24
-      - 192.88.99.0/24
-      - 192.168.0.0/16
-      - 198.18.0.0/15
-      - 198.51.100.0/24
-      - 203.0.113.0/24
-      - 224.0.0.0/4
-      - 240.0.0.0/4
-      - 255.255.255.255/32
-    domain:
-      - '+.google.com'
-      - '+.facebook.com'
-      - '+.youtube.com'
-      - '+.githubusercontent.com'
-EOF
-   ruby_merge "$CONFIG_FILE" "['dns']" "$2"
+   if [ "$custom_fallback_filter" = "1" ]; then
+      if [ -n "$(ruby_read "$CONFIG_FILE" "['dns']['fallback']")" ] && [ -n "$(ruby_read "$2" "['fallback-filter']")" ]; then
+         ruby_merge "$CONFIG_FILE" "['dns']" "$2"
+      fi
    fi
 }
 
@@ -1749,6 +1725,7 @@ get_config()
    common_ports=$(uci -q get openclash.config.common_ports)
    dns_port=$(uci -q get openclash.config.dns_port)
    tolerance=$(uci -q get openclash.config.tolerance)
+   custom_fallback_filter=$(uci -q get openclash.config.custom_fallback_filter)
    _koolshare=$(cat /usr/lib/os-release 2>/dev/null |grep OPENWRT_RELEASE 2>/dev/null |grep -i koolshare 2>/dev/null)
    [ -z "$dns_port" ] && dns_port=7874 && uci -q set openclash.config.dns_port=7874
    uci -q set openclash.config.restricted_mode=0 && uci -q commit openclash

diff --git a/luci-app-openclash/root/etc/openclash/custom/openclash_custom_fallback_filter.yaml b/luci-app-openclash/root/etc/openclash/custom/openclash_custom_fallback_filter.yaml
@@ -0,0 +1,36 @@
+# If IP addresses resolved with servers in `nameservers` are in the specified
+# subnets below, they are considered invalid and results from `fallback`
+# servers are used instead.
+#
+# IP address resolved with servers in `nameserver` is used when
+# `fallback-filter.geoip` is true and when GEOIP of the IP address is `CN`.
+#
+# If `fallback-filter.geoip` is false, results from `fallback` nameservers
+# are always used, and answers from `nameservers` are discarded.
+#
+# This is a countermeasure against DNS pollution attacks.
+
+fallback-filter:
+  geoip: false
+  ipcidr:
+    - 0.0.0.0/8
+    - 10.0.0.0/8
+    - 100.64.0.0/10
+    - 127.0.0.0/8
+    - 169.254.0.0/16
+    - 172.16.0.0/12
+    - 192.0.0.0/24
+    - 192.0.2.0/24
+    - 192.88.99.0/24
+    - 192.168.0.0/16
+    - 198.18.0.0/15
+    - 198.51.100.0/24
+    - 203.0.113.0/24
+    - 224.0.0.0/4
+    - 240.0.0.0/4
+    - 255.255.255.255/32
+  domain:
+    - "+.google.com"
+    - "+.facebook.com"
+    - "+.youtube.com"
+    - "+.githubusercontent.com"
diff --git a/luci-app-openclash/root/etc/uci-defaults/luci-openclash b/luci-app-openclash/root/etc/uci-defaults/luci-openclash
@@ -25,6 +25,7 @@ cp -f "/etc/openclash/custom/openclash_custom_hosts.list" "/usr/share/openclash/
 cp -f "/etc/openclash/custom/openclash_custom_fake_filter.list" "/usr/share/openclash/backup/openclash_custom_fake_filter.list" >/dev/null 2>&1
 cp -f "/etc/openclash/custom/openclash_custom_domain_dns.list" "/usr/share/openclash/backup/openclash_custom_domain_dns.list" >/dev/null 2>&1
 cp -f "/etc/openclash/custom/openclash_custom_domain_dns_policy.list" "/usr/share/openclash/backup/openclash_custom_domain_dns_policy.list" >/dev/null 2>&1
+cp -f "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "/usr/share/openclash/backup/openclash_custom_fallback_filter.yaml" >/dev/null 2>&1
 
 mkdir -p /lib/upgrade/keep.d
 cat > "/lib/upgrade/keep.d/luci-app-openclash" <<-EOF