规则2:
#------------------------------------------------------------#
# 终极防跳6.1_By Jume #
#------------------------------------------------------------#
#-------------------全局代理设置--------------------#
#全局代理UID:
UID0="10458"
#全局/直连IP设置:
IP="127.0.0.1:60880"
#全局代理端口(直连填80)
GPORT="60880"
#-------------------定义本机设置--------------------#
#半免,多个uid用空格间隔
UID1=""
#不免,多个uid用空格间隔
UID2=""
#禁网,多个uid用空格间隔
UID3="1000"
#单放HTTPS,多个uid用空格间隔
UID4=""
#单放udp协议,多个uid用空格间隔
UID5=""
#定义DNS_IP,不填将使用默认DNS
DNSIP=""
#DNS放行&是否使用免流解释DNS
DNS="on"
MDNS="on"
#本机HTTPS放行,Samp全免版在设置里开关
HTTPS="off"
#定义WIFI网卡,改为本机网卡否则不放行WIFI
WIFIF="wlan0"
#禁止分片碎片造成的跳点(可能有影响建议关)
FP="off"
#指定tcp端口走回全局代理不走ProxyMator
#防止PM代理不上的端口致使APP不能联网
SDK=""
#-------------------定义应用放行--------------------#
#QQ语音/视频全免,可拨不能接,关可以但不免
#不接时别关否则拨都不免(能全免才使用此项)
QQML="on"
QUID="99999"
#指定YY.虎牙放行5002解决不能看直播
#放行5002只会跑极少的流量,具体自测
YUID="10035 66666"
YUDP="5002"
#-------------------定义共享设置--------------------#
#共享设备DNS放行,拖电脑必须开启
#必须连同本机DNS放行一起开启才有效
GDNS="on"
#共享HTTPS放行,全局可全免的无需开启
GHTTPS="off"
#共享设备免设代理,若要手动设置请关闭
GXMM="on"
#共享设备IP段,格式xx.xx.xx.0/24
#已集成192.168.43\42\1.*的IP段
GXIP=""
#共享设备端口放行,多个端口用空格间隔
#TCP端口:
GTCP=""
#UDP端口:
GUDP=""
#-------------------处理模块设置--------------------#
#是否开启此项&选择HTTPS/DNS处理模块
#(pdnsd/dnsp & redsocks/u2nl)
PM="on"
CDNS="pdnsd"
CHTTPS="redsocks"
echo "已启动防跳②"
echo "QQ:779956774"
#------------以下所有代码请勿修改-------------#
By="Jume"
#------------------------------------------------------------#
if [[ $PM == "on" ]]
then
killall -9 0u2nl
killall -9 0dnsp
killall -9 0pdnsd
killall -9 0redsocks
fi
if [[ $By == "Jume" ]] && [[ $PM == "on" ]] && [[ $CHTTPS == "redsocks" ]]
then
0redsocks -c system/xbin/0redsocks.conf >/dev/null 2>&1 &
elif [[ $PM == "on" ]] && [[ $CHTTPS == "u2nl" ]]
then
0u2nl 10.0.0.172 80 1256 >/dev/null 2>&1 &
fi
if [[ $By == "Jume" ]] && [[ $PM == "on" ]] && [[ $MDNS == "on" ]] && [[ $CDNS == "dnsp" ]]
then
0dnsp -p 54321 -l 127.0.0.1 -h 114.114.114.114 -r 80 -s
http://www.andreafabrizi.it/nslookup.php >/dev/null 2>&1 &
elif [[ $PM == "on" ]] && [[ $MDNS == "on" ]] && [[ $CDNS == "pdnsd" ]]
then
0pdnsd -c system/xbin/0pdnsd.conf >/dev/null 2>&1 &
fi
iptables -t nat -F
iptables -t mangle -F
iptables -t nat -N GOX
iptables -t nat -I OUTPUT -p sctp -j DNAT --to-destination $IP
iptables -t nat -I OUTPUT -p icmp -j DNAT --to-destination $IP
iptables -t nat -I OUTPUT -p udp -j DNAT --to-destination $IP
iptables -t nat -I OUTPUT -p tcp --dport 80 -j DNAT --to-destination $IP
iptables -t nat -I OUTPUT -p tcp --dport 8080 -j DNAT --to-destination $IP
iptables -t nat -A OUTPUT -p tcp -j DNAT --to-destination 127.0.0.1:1256
iptables -t nat -A OUTPUT -j DNAT --to-destination 127.0.0.1
iptables -t nat -I GOX -p sctp -j REDIRECT --to-ports $GPORT
iptables -t nat -I GOX -p icmp -j REDIRECT --to-ports $GPORT
iptables -t nat -I GOX -p udp -j REDIRECT --to-ports $GPORT
iptables -t nat -I GOX -p tcp --dport 80 -j REDIRECT --to-ports $GPORT
iptables -t nat -A GOX -p tcp -j REDIRECT --to-ports 1256
iptables -t nat -A GOX -j DNAT --to-destination 127.0.0.1
#-------------------定义放行规则--------------------#
FX="31637 9876 2999 55283 6789 35415 67 68"
for fx in $FX
do
if [[ $By == "Jume" ]]
then
iptables -t nat -I PREROUTING -p tcp --dport $fx -j ACCEPT
else
exit
fi
done
for quid in $QUID
do
if [[ $By == "Jume" ]] && [[ $QQML == "on" ]]
then
iptables -t nat -X ByJume
else
iptables -t nat -I OUTPUT -p udp --dport 8000 -m owner --uid-owner $quid -j ACCEPT
iptables -t nat -I OUTPUT -p udp --dport 16001 -m owner --uid-owner $quid -j ACCEPT
fi
done
if [[ $HTTPS == "on" ]]
then
iptables -t nat -I OUTPUT -p tcp --dport 443 -j ACCEPT
fi
if [[ $GHTTPS == "on" ]]
then
iptables -t nat -I GOX -p tcp --dport 443 -j ACCEPT
fi
if [[ $DNSIP != "" ]]
then
DDNS="DNAT --to-destination $DNSIP:53"
else
DDNS="ACCEPT"
fi
if [[ $MDNS == "on" ]]
then
DDNS="REDIRECT --to-ports 54321"
fi
if [[ $DNS == "on" ]]
then
iptables -t nat -I OUTPUT -p udp --dport 53 -j $DDNS
fi
if [[ $GDNS == "on" ]]
then
iptables -t nat -I GOX 2 -p udp --dport 53 -j ACCEPT
fi
for sdk in $SDK
do
if [ sdk != "" ]
then
iptables -t nat -I OUTPUT -p tcp --dport $sdk -j DNAT --to $IP
fi
done
for yuid in $YUID
do
if [[ $yuid != "" ]]
then
iptables -t nat -I OUTPUT -p udp --dport $YUDP -m owner --uid-owner $yuid -j ACCEPT
fi
done
echo "1" > /proc/sys/net/ipv4/ip_forward
for gxip in $GXIP
do
if [[ $GXIP != "" ]] && [[ $GXMM == "on" ]]
then
iptables -t nat -A PREROUTING -s $gxip -j GOX
iptables -t nat -A POSTROUTING -s $gxip -j MASQUERADE
fi
done
if [[ $GXMM == "on" ]]
then
iptables -t nat -A PREROUTING -s 192.168.1.0/24 -j GOX
iptables -t nat -A PREROUTING -s 192.168.42.0/24 -j GOX
iptables -t nat -A PREROUTING -s 192.168.43.0/24 -j GOX
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.42.0/24 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.43.0/24 -j MASQUERADE
iptables -t nat -I PREROUTING -d 1.2.3.4 -j DNAT --to-destination 123.125.96.11
fi
for gtcp in $GTCP
do
if [[ $gtcp != "" ]]
then
iptables -t nat -I PREROUTING -p tcp --dport $gtcp -j ACCEPT
fi
done
for gudp in $GUDP
do
if [[ $gudp != "" ]]
then
iptables -t nat -I PREROUTING -p udp --dport $gudp -j ACCEPT
fi
done
#-------------------定义应用规则--------------------#
for uid0 in $UID0
do
if [ uid0 != "" ]
then
iptables -t nat -I OUTPUT -p tcp --dport 80 -m owner --uid-owner $uid0 -j ACCEPT
fi
done
for bam in $UID1
do
if [ bam != "" ]
then
iptables -t nat -I OUTPUT -m owner --uid-owner $bam -j ACCEPT
iptables -t nat -I OUTPUT -p tcp --dport 80 -m owner --uid-owner $bam -j DNAT --to-destination $IP
iptables -t nat -I OUTPUT -p tcp --dport 8080 -m owner --uid-owner $bam -j DNAT --to-destination $IP
fi
done
for bum in $UID2
do
if [ bum != "" ]
then
iptables -t nat -I OUTPUT -m owner --uid-owner $bum -j ACCEPT
fi
done
for jiw in $UID3
do
if [ jiw != "" ]
then
iptables -t mangle -A OUTPUT -m owner --uid-owner $jiw -j DROP
fi
done
for daf in $UID4
do
if [ daf != "" ]
then
iptables -t nat -I OUTPUT -p tcp --dport 443 -m owner --uid-owner $daf -j ACCEPT
fi
done
for fudp in $UID5
do
if [ fudp != "" ]
then
iptables -t nat -I OUTPUT -p udp -m owner --uid-owner $fudp -j ACCEPT
fi
done
iptables -t mangle -A OUTPUT -m state --state INVALID -j DROP
iptables -t mangle -A FORWARD -m state --state INVALID -j DROP
iptables -A OUTPUT -p tcp ! --syn -m state --state NEW -j DROP
iptables -A FORWARD -p tcp ! --syn -m state --state NEW -j DROP
if [[ $FP == "on" ]]
then
iptables -t mangle -I OUTPUT -f -j DROP
iptables -t mangle -I PREROUTING -s 192.168.1.0/24 -f -j RETURN
iptables -t mangle -I PREROUTING -s 192.168.43.0/24 -f -j RETURN
iptables -t mangle -I PREROUTING -s 192.168.42.0/24 -f -j RETURN
fi
iptables -t mangle -I OUTPUT -s 192.168.0.0/16 -j ACCEPT
iptables -t nat -I OUTPUT -o lo -j ACCEPT
iptables -t nat -I OUTPUT -s 192.168.0.0/16 -j ACCEPT
for wifif in $WIFIF
do
if [[ $wifif != "" ]]
then
iptables -t mangle -I OUTPUT -o $wifif -j ACCEPT
iptables -t nat -I OUTPUT -o $wifif -j ACCEPT
fi
done
#--------------------------完毕---------------------------#