bestroutetb for iptables on OpenWRT

custom_generate.sh

#!/bin/bash

# For Linix users, just iptables.shadow under root
# For OpenWRT users, copy iptables.shadow to /etc/firewall.user
# For OpenWRT users, remember to change OUTPUT to PREROUTING in iptables.footer

./generate.sh route_table > analysis_result

node minifier.js|node formatter.js --profile=custom --format="iptables -t nat -A SHADOWSOCKS -d %prefix/%mask -j %gw" --netgw RETURN  --vpngw ACCEPT > iptables.rules

echo "#!/bin/bash" > iptables.shadow && cat iptables.header >> iptables.shadow && cat iptables.rules | grep RETURN >> iptables.shadow && cat iptables.footer >> iptables.shadow

rm iptables.rules route_table analysis_result

chmod 0755 iptables.shadow

iptables.footer

############## FOOTER HERE
# Anything else should be redirected to shadowsocks's local port
iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 1080

# Apply the rules
iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS

iptables.header

############## HEADER HERE
# Create new chain
iptables -t nat -N SHADOWSOCKS

# Ignore your shadowsocks server's addresses
# It's very IMPORTANT, just be careful.
iptables -t nat -A SHADOWSOCKS -d REPLACE_YOUR_VPS_ADDRESS_HERE -j RETURN

# Ignore LANs and any other addresses you'd like to bypass the proxy
# See Wikipedia and RFC5735 for full list of reserved networks.
# See ashi009/bestroutetb for a highly optimized CHN route list.
iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN