Skip to content

Instantly share code, notes, and snippets.

@fgggid

fgggid/10-setup-glider.sh

Last active December 8, 2021 14:28
Show Gist options
  • Save fgggid/ba51ceceb4a192dbc852b381e8cadbf2 to your computer and use it in GitHub Desktop.
Save fgggid/ba51ceceb4a192dbc852b381e8cadbf2 to your computer and use it in GitHub Desktop.
Download ZIP
glider on edgerouter
Raw
10-setup-glider.sh
#!/usr/bin/env bash
GLIDER_TAR_BALL=/config/user-data/glider.tgz
DEST_FOLDER=/tmp/glider
BIN_FILE=/tmp/glider/glider
OLD_FILE=/tmp/glider/glider.old
PID_FILE=/tmp/glider/glider.pid
CFG_FILE=/tmp/glider/glider.conf
QUIET=
#VPS_IP=`getent ahostsv4 <your server domain> | head -1 | awk '{print $1}'`
VPS_IP=x.x.x.x
#echo VPS IP is $VPS_IP
#echo glider CFG is $CFG_FILE
# create target folder
mkdir -p $DEST_FOLDER
# generate config file
cat << EOF > $CFG_FILE
listen=redir://:1081
#listen=<your other listen>
dns=:1053
dnsserver=8.8.8.8:53
dnsserver=8.8.4.4:53
strategy=lha
checkinterval=300
checkdisabledonly
#forward=<your server schema>
#forward=smux://192.168.11.100:1080,socks5://
EOF
# replace vps IP
sed -i "s/VPS_IP/$VPS_IP/g" $CFG_FILE
# extract glider
if [ "$1" != "restart" ]; then
# echo "$1 - extract glider..."
[ -f $BIN_FILE ] && mv -f $BIN_FILE $OLD_FILE; tar -C $DEST_FOLDER -xf $GLIDER_TAR_BALL
fi
# start glider
killall -9 glider
sleep 5s
start-stop-daemon -c nobody -g nogroup $QUIET -oSbmp $PID_FILE -x $BIN_FILE
# dnsmasq, "10-gfwlist.conf" generated by https://github.com/cokebar/gfwlist2dnsmasq
NEED_RESTART_DNS=0
DNS_GFWLIST_DST=/etc/dnsmasq.d/10-gfwlist.conf
DNS_CUSTOM_DST=/etc/dnsmasq.d/20-my-custom-gfwlist.conf
DNS_GFWLIST_SRC=/config/user-data/dnsmasq.d/10-gfwlist.conf
DNS_CUSTOM_SRC=/config/user-data/dnsmasq.d/20-my-custom-gfwlist.conf
[ ! -f $DNS_GFWLIST_DST -o ! -f $DNS_CUSTOM_DST ] && NEED_RESTART_DNS=1
[ ! -f $DNS_GFWLIST_DST ] && [ -f $DNS_GFWLIST_SRC ] && ln -sf $DNS_GFWLIST_SRC $DNS_GFWLIST_DST
[ ! -f $DNS_CUSTOM_DST ] && [ -f $DNS_CUSTOM_SRC ] && ln -sf $DNS_CUSTOM_SRC $DNS_CUSTOM_DST
[ "$NEED_RESTART_DNS" == "1" ] && systemctl restart dnsmasq
Raw
20-sci-net.sh
#!/bin/sh
GFW_LIST=gfwlist
WHITE_LIST=wlist
CHAIN=GLIDER
LOCAL_MARKER=0x1234
IPT="iptables -t nat"
IPTA="$IPT -A $CHAIN"
### check and create ipset list ###
ipset -q -n -L $GFW_LIST > /dev/null 2>&1 || ipset -! create $GFW_LIST hash:net
ipset -q -n -L $WHITE_LIST > /dev/null 2>&1 || ipset -! create $WHITE_LIST hash:net hashsize 64 maxelem 100
### add telegram IP subnets
ipset -! add $GFW_LIST 149.154.164.0/22
ipset -! add $GFW_LIST 149.154.160.0/22
ipset -! add $GFW_LIST 91.108.56.0/22
ipset -! add $GFW_LIST 91.108.4.0/22
ipset -! add $GFW_LIST 91.108.8.0/22
### add white list IP subnets !!!!CHANGE ME!!!!
ipset -! add $WHITE_LIST 192.168.0.0/27
### clean up iptable rules
$IPT -F $CHAIN > /dev/null 2>&1
$IPT -D PREROUTING -p tcp -j $CHAIN > /dev/null 2>&1
$IPT -D OUTPUT -p tcp -j MARK --set-mark $LOCAL_MARKER > /dev/null 2>&1
$IPT -D OUTPUT -p tcp -j $CHAIN > /dev/null 2>&1
$IPT -X $CHAIN > /dev/null 2>&1
### create new chain
$IPT -N $CHAIN
### only allow specific range of sources and not from local ###
$IPTA -m set ! --match-set $WHITE_LIST src -m mark ! --mark $LOCAL_MARKER -j RETURN
### ignore not in gfwlist
$IPTA -m set ! --match-set $GFW_LIST dst -j RETURN
### redir ###
$IPTA -p tcp -j REDIRECT --to-ports 1081
### redirect NAT traffic ###
$IPT -I PREROUTING -p tcp -j $CHAIN
### redirect local traffic ###
$IPT -A OUTPUT -p tcp -j MARK --set-mark $LOCAL_MARKER
$IPT -A OUTPUT -p tcp -j $CHAIN
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment