Skip to content

Instantly share code, notes, and snippets.

@qxj

qxj/cron.sh

Last active Jun 4, 2016
Embed
What would you like to do?
墙认证的域名和IP收集,用来避免DNS污染和自定义路由规则。
#!/bin/sh
single_instance() {
LOCKFILE=$1
[ -f $LOCKFILE ] && echo "Another instance is running." && exit 1
trap "{ rm -f $LOCKFILE; exit 0; }" EXIT SIGTERM SIGINT
touch $LOCKFILE
}
single_instance /tmp/fix_vpn.lck
if ! test $(pidof obfsproxy);
then
echo "$(date) obfsproxy broken, restarting..."
eval $(grep obfsproxy /etc/rc.local)
fi
! test $(pidof obfsproxy) && exit 1
if ! test $(pidof openvpn);
then
echo "$(date) openvpn broken, restarting..."
/etc/init.d/openvpn start
fi
! test $(pidof openvpn) && exit 1
if test $(route -n |wc -l) -lt 20;
then
echo "$(date) gfw route reload..."
cd /root && ./gfw_route.sh load gfw_subnet.conf
fi
#!/bin/sh
## works under ash (busybox)
# get remote vpn's ip automatically, e.g.
#
# tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
# inet addr:10.8.0.10 P-t-P:10.8.0.9 Mask:255.255.255.255
# UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
#
_GWIP=$(/sbin/ifconfig tun0|grep "P-t-P"|tr -s ' '|cut -d' ' -f4|cut -d: -f2)
# one rough regex for subnet validation
#
# eg: 178.79.0.0, default netmask is 255.255.0.0
# or: 178.79.0.0/255.255.255.0, specified netmask is 255.255.255.0
#
_IP_REGEX="^[[:space:]]*[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}(/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})?$"
_route_add() {
local subnet=$1
local gwip=$2
if [ -z $gwip ]; then
gwip=$_GWIP;
fi
if [ -z $gwip ]; then
echo "Error gateway, failed to add route $subnet." >&2
return 255
fi
echo $subnet | grep -E $_IP_REGEX >/dev/null
if [ $? -eq 0 ]; then
local ip=
local netmask=
echo $subnet | tr -c '[0-9\.\n]' ' ' |
if read ip netmask; then
test -z $netmask && netmask="255.255.0.0"
# echo "[ADD] $ip/$netmask gw $gwip"
route add -net $ip netmask $netmask gw $gwip dev tun0
fi
return $?
else
return 255
fi
}
_route_del() {
local subnet=$1
echo $subnet | grep -E $_IP_REGEX >/dev/null
if [ $? -eq 0 ]; then
local ip=
local netmask=
echo $subnet | tr -c '[0-9\.\n]' ' ' |
if read ip netmask; then
test -z $netmask && netmask="255.255.0.0"
# echo "[DELETE] $ip/$netmask"
route del -net $ip netmask $netmask dev tun0
fi
return $?
else
return 255
fi
}
_route_existed() {
local subnet=$1
echo $subnet | tr -c '[0-9\.\n]' ' ' |
if read ip netmask; then
test -z $netmask && netmask="255.255.0.0"
route -n | grep -q -E "$ip.+$netmask"
fi
return $?
}
case $1 in
"load")
route_file=$2
if [ ! -f $route_file ]; then
echo "Please specify a route file formatted as blow:
# dropbox
199.47.0.0
205.251.0.0
108.160.166.0/255.255.255.0
"
else
cat $route_file | while read ip; do
_route_existed $ip || _route_add $ip
done
fi
;;
"check")
if _route_existed $2; then
echo "route $2 is already existed."
else
echo "route $2 is not existed."
fi
;;
"add")
if _route_existed $2; then
echo "route $2 is already existed."
else
if _route_add $2; then
echo "route $2 is added."
else
echo "failed to add route $2"
fi
fi
;;
"del*")
if _route_existed $2; then
if _route_del $2; then
echo "route $2 is deleted."
else
echo "failed to delete route $2"
fi
else
echo "route $2 isn't existed."
fi
;;
*)
echo "Usage:
1) $0 load <route file>
2) $0 add <subnet_ip/netmask>
3) $0 del <subnet_ip/netmask>
"
;;
esac
## blocked subnet list
178.79.0.0
76.74.0.0
210.163.0.0
66.155.0.0
68.180.0.0
98.139.0.0
199.59.0.0
184.154.0.0
72.233.0.0
69.58.0.0
68.142.0.0
#opendns
208.67.222.0/255.255.255.0
208.67.220.0/255.255.255.0
#google
64.233.0.0
66.102.0.0
66.249.0.0
209.85.0.0
216.239.0.0
216.58.0.0
173.194.0.0
74.125.0.0
72.14.0.0
203.208.0.0
# manually
199.16.0.0
184.50.0.0
178.18.0.0
199.96.0.0
67.228.0.0
# dropbox
199.47.0.0
174.129.0.0
205.251.0.0
108.160.166.0/255.255.255.0
#tor
38.229.0.0
82.195.0.0
86.59.0.0
93.95.0.0
46.4.0.0
#wikipedia
208.80.0.0
#tumblr
68.232.0.0
66.6.0.0
#github
192.30.0.0
54.230.0.0
54.182.2.0/255.255.255.0
#droplr
50.112.0.0
#dns
199.91.0.0
8.8.0.0
#btdigg
193.105.0.0
#digital ocean
23.235.0.0
129.250.6.0/255.255.255.0
103.245.222.0/255.255.255.0
#facebook
173.252.0.0
31.13.0.0
69.171.0.0
#slideshare
216.52.242.0/255.255.255.0
199.101.163.0/255.255.255.0
108.174.2.0/255.255.255.0
#simplecd
76.164.227.0/255.255.255.0
#sf.net
216.34.181.0/255.255.255.0
#wordpress
192.0.78.0/255.255.255.0
#scribd.com
199.27.79.0/255.255.255.0
## Usful tools:
# View cache: pdnsd-ctl dump
# Flush cache: pdnsd-ctl empty-cache
global {
# debug = on; # /var/pdnsd/pdnsd.debug
perm_cache=4096; # 1MB cache
cache_dir="/var/pdnsd";
run_as="nobody";
paranoid=on;
server_port = 53;
server_ip = any;
status_ctl = on;
#query_method=tcp_only; # gfw don't pollute TCP query now
query_method=udp_tcp;
min_ttl=8h;
max_ttl=1w;
timeout=10;
# https://wiki.archlinux.org/index.php/Pdnsd#Performance_Settings_For_Home_Broadband_Users
neg_rrs_pol=on;
par_queries=1;
}
server {
label="114 & V2EX DNS";
ip=114.114.114.114,114.114.115.115;
uptest=none;
# root_server = on;
proxy_only=on;
purge_cache=off;
edns_query=on;
exclude=
".android.com",
".appspot.com",
".bit.ly",
".bitly.com",
".blogger.com",
".blogspot.com",
".bloomberg.com",
".chromium.org",
".dropbox.com",
".dropboxusercontent.com",
".droplr.com",
".edgecastcdn.net",
".facebook.com",
".facebook.net",
".fb.me",
".fbcdn.net",
".fbsbx.com",
".feedburner.com",
".flickr.com",
".g.co",
".ggpht.com",
".ghconduit.com",
".github.com",
".gmail.com",
".goo.gl",
".google-analytics.com",
".google.com",
".googleapis.com",
".googlecode.com",
".googlelabs.com",
".googlepages.com",
".googlesource.com",
".googlesyndication.com",
".googleusercontent.com",
".googlevideo.com",
".gravatar.com",
".gstatic.com",
".igfw.net",
".img.ly",
".keyhole.com",
".mobile01.com",
".nytimes.com",
".openvpn.net",
".pandora.tv",
".panoramio.com",
".paper.li",
".pastebin.com",
".pastie.org",
".ptt.cc",
".sf.net",
".simplecd.org",
".slideshare.net",
".sourceforge.net",
".t.co",
".t66y.com",
".tfbnw.net",
".torproject.org",
".twimg.com",
".twitter.com",
".twitter4j.org",
".twttr.com",
".vimeo.com",
".w.org",
".wikipedia.org",
".wp.com",
".wordpress.com",
".w3schools.com",
".yimg.com",
".youtube.com",
".lithium.com",
".ytimg.com";
# ".dynect.net",".akamaihd.net"
}
server {
label="V2EX & Google DNS";
ip=208.67.222.222,208.67.220.220;
#ip=208.67.222.123,208.67.220.123;
# root_server = on;
# uptest = ping;
uptest = none;
proxy_only=on;
purge_cache=off;
}
source {
owner=localhost;
# serve_aliases=on;
file="/etc/hosts";
}
rr {
name=localhost;
reverse=on;
a=127.0.0.1;
owner=localhost;
soa=localhost,root.localhost,42,86400,900,86400,86400;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment