| #!/usr/bin/env python | |
| #coding=utf-8 | |
| # | |
| # Generate a list of dnsmasq rules with ipset for gfwlist | |
| # | |
| # Copyright (C) 2014 http://www.shuyz.com | |
| # Ref https://code.google.com/p/autoproxy-gfwlist/wiki/Rules | |
| import urllib2 | |
| import re | |
| import os | |
| import datetime | |
| import base64 | |
| import shutil | |
| mydnsip = '127.0.0.1' | |
| mydnsport = '1053' | |
| # the url of gfwlist | |
| baseurl = 'https://raw.githubusercontent.com/gfwlist/gfwlist/master/gfwlist.txt' | |
| # match comments/title/whitelist/ip address | |
| comment_pattern = '^\!|\[|^@@|^\d+\.\d+\.\d+\.\d+' | |
| domain_pattern = '([\w\-\_]+\.[\w\.\-\_]+)[\/\*]*' | |
| tmpfile = '/tmp/gfwlisttmp' | |
| # do not write to router internal flash directly | |
| outfile = '/tmp/gfwlist.conf' | |
| rulesfile = '/etc/dnsmasq.d/gfwlist.conf' | |
| fs = file(outfile, 'w') | |
| fs.write('# gfw list ipset rules for dnsmasq\n') | |
| fs.write('# updated on ' + datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S") + '\n') | |
| fs.write('#\n') | |
| print 'fetching list...' | |
| content = urllib2.urlopen(baseurl, timeout=15).read().decode('base64') | |
| # write the decoded content to file then read line by line | |
| tfs = open(tmpfile, 'w') | |
| tfs.write(content) | |
| tfs.close() | |
| tfs = open(tmpfile, 'r') | |
| print 'page content fetched, analysis...' | |
| # remember all blocked domains, in case of duplicate records | |
| domainlist = [] | |
| for line in tfs.readlines(): | |
| if re.findall(comment_pattern, line): | |
| print 'this is a comment line: ' + line | |
| #fs.write('#' + line) | |
| else: | |
| domain = re.findall(domain_pattern, line) | |
| if domain: | |
| try: | |
| found = domainlist.index(domain[0]) | |
| print domain[0] + ' exists.' | |
| except ValueError: | |
| print 'saving ' + domain[0] | |
| domainlist.append(domain[0]) | |
| fs.write('server=/.%s/%s#%s\n'%(domain[0],mydnsip,mydnsport)) | |
| fs.write('ipset=/.%s/gfwlist\n'%domain[0]) | |
| else: | |
| print 'no valid domain in this line: ' + line | |
| tfs.close() | |
| fs.close(); | |
| print 'moving generated file to dnsmasg directory' | |
| shutil.move(outfile, rulesfile) | |
| print 'restart dnsmasq...' | |
| print os.popen('/etc/init.d/dnsmasq restart').read() | |
| print 'done!' |
| #!/bin/sh /etc/rc.common | |
| # Copyright (C) 2006-2011 OpenWrt.org | |
| # ref http://ipset.netfilter.org/ipset.man.html | |
| START=95 | |
| SERVICE_USE_PID=1 | |
| SERVICE_WRITE_PID=1 | |
| SERVICE_DAEMONIZE=1 | |
| start() { | |
| echo starting ss-redir... | |
| service_start /opt/bin/ss-redir -c /etc/shadowsocks.json | |
| echo loading firewall rules... | |
| ipset create gfwlist hash:ip counters timeout 1200 | |
| iptables -t nat -A zone_lan_prerouting -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 1081 | |
| echo done. | |
| } | |
| stop() { | |
| echo stopping ss-redir... | |
| service_stop /opt/bin/ss-redir | |
| echo restarting firewall... | |
| /etc/init.d/firewall restart | |
| echo done. | |
| } |
|
我的就是在路由器上更新的,使用http获取gfwlist失败,换成https就没问题。网上有gfwlist的镜像也可以用。 |
tanyewei
commented
Dec 27, 2014
•
!/usr/bin/env python-- coding: utf-8 --tanyewei@gmail.comimport re domain_regex = re.compile(r'[a-zA-Z\d-]{,63}(.[a-zA-Z\d-]{,63})*') with open('gfwlist', 'r') as f: domain_list = [] for i in data.decode('base64').splitlines(): domain_list = list(set(domain_list)) with open('gfw.conf', 'w') as f: |
Rabbit52
commented
May 12, 2016
|
楼主,最新的 gfwlist 文件换了 https://raw.githubusercontent.com/gfwlist/gfwlist/master/gfwlist.txt 可以改一发 |
@Rabbit52 谢谢提醒!已更改。 |
lsylsy2
commented
Jan 12, 2017
|
楼主,这个好像不能匹配 这一行,于是google.com.hk就用不了? |
Rabbit52 commentedOct 29, 2014
本来想在 openwrt 上做个 cron 自动更新的,但是下不动 gfwlist 怎么破~