Last active
October 14, 2019 08:35
-
-
Save kings-way/fbffc8f9963e65a8470e89e5a1b73f1f to your computer and use it in GitHub Desktop.
ShadowSocks Transparent Proxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
set -e | |
# The Config | |
server_addr ="x.x.x.x" | |
server_port="xxxxxx" | |
password="xxxxxx" | |
cipher="xxxxxx" | |
local_addr="0.0.0.0" | |
local_port="1081" | |
if [ ! -f /tmp/.My_Shadowsocks_Lock_File ]; then | |
touch /tmp/.My_Shadowsocks_Lock_File | |
else | |
exit | |
fi | |
# pgrep works better here, but it may not exists in some router system | |
set +e; killall ss-redir; set -e | |
nohup ss-redir -s $server_addr -p $server_port -b $local_addr -l $local_port -k $password -m $cipher& | |
## IPSET | |
modprobe xt_set | |
set +e | |
ipset create cnip hash:net | |
ipset flush cnip | |
## Skip the China IP ( we add [ -n "$line" ] to read the last line, which may not be ended with a newline mark(\n,\r, whatever) | |
wget https://raw.githubusercontent.com/17mon/china_ip_list/master/china_ip_list.txt -O - |while read line || [ -n "$line" ] | |
do | |
ip=$line | |
if [ -z "$ip" ];then | |
continue | |
fi | |
ipset add cnip $ip | |
done | |
## Create New Chain rules | |
set +e; iptables -t nat -N SHADOWSOCKS; set -e | |
iptables -t nat -F SHADOWSOCKS | |
## Skip the SS server IP | |
ipset add cnip $server_addr/32 #iptables -t nat -A SHADOWSOCKS -p tcp -d $server_addr/32 -j RETURN | |
## Skip LAN IP | |
ipset add cnip 0.0.0.0/8 #iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN | |
ipset add cnip 10.0.0.0/8 #iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN | |
ipset add cnip 127.0.0.0/8 #iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN | |
ipset add cnip 169.254.0.0/16 #iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN | |
ipset add cnip 172.16.0.0/12 #iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN | |
ipset add cnip 192.168.0.0/16 #iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN | |
ipset add cnip 224.0.0.0/4 #iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN | |
ipset add cnip 240.0.0.0/4 #iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN | |
iptables -t nat -A SHADOWSOCKS -m set --match-set cnip dst -p tcp -j RETURN | |
# Do the Redirect work | |
iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 1081 | |
# Add it to the PREROUTING Rule For NAT Traffic (for router... | |
iptables -t nat -A PREROUTING -p tcp -m multiport --dports 80,443 -j SHADOWSOCKS | |
# Or add it to the OUTPUT Rule For Local Traffic (for pc... | |
#iptables -t nat -A OUTPUT -p tcp -m multiport --dports 80,443 -j SHADOWSOCKS | |
rm /tmp/.My_Shadowsocks_Lock_File |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment