Skip to content

Instantly share code, notes, and snippets.

@qxj
Last active December 19, 2017 03:29
Show Gist options
  • Save qxj/5893809 to your computer and use it in GitHub Desktop.
Save qxj/5893809 to your computer and use it in GitHub Desktop.
这个脚本用来替代chnrountes,一是chnroutes生成的路由规则太多,二是所有的国外IP全部走VPN还是感觉资源浪费,心理不舒服,最理想的方式还是想翻哪个域名就翻哪个域名才是最合理的。不过该脚本很简陋,只是一次性找出当前待翻域名对应的IP,这些大网站为了负载均衡,很可能IP有变化,或者使用CDN,可能导致找不到被墙的IP,不过暂时看来还是凑合能用的。google, twitter没问题,其他的我也不咋上,没有仔细琢磨。如果发觉一段时间后再次被墙,就再运行一次该脚本重新生成路由即可。
#!/usr/bin/env python
# -*- coding: utf-8; tab-width: 4; -*-
# @(#) gen_route.py Time-stamp: <Julian Qian 2013-06-30 11:32:45>
# Copyright 2013 Julian Qian
# Author: Julian Qian <junist@gmail.com>
# Version: $Id: gen_route.py,v 0.1 2013-06-30 09:50:56 jqian Exp $
#
'''
这个脚本用来替代chrountes,一是chroutes生成的路由规则太多,二是所有的国外IP全部走VPN还是感觉资源浪费,心理不舒服,所以最理想的方式还是想翻哪个域名就翻哪个域名才是最合理的。不过该脚本很简陋,只是一次性找出当前待翻域名对应的IP,这些大网站为了负载均衡,很可能IP有变化,或者使用CDN,可能导致找不到被墙的IP,不过暂时看来还是凑合能用的。google, twitter没问题,其他的我也不咋上,没有仔细琢磨。如果发觉一段时间后再次被墙,就再运行一次该脚本重新生成路由即可。
该脚本依赖库pydns,使用之前先安装该库: pip install pydns
输入被墙的域名
输出路由规则
可配置的变量:
domains 我这里直接复制了pdnsd.conf里的域名列表
gw 你要路由出去的VPN地址作为网关,我这里默认就是10.8.0.5
使用办法:
$ ./gen_routes.py > route.sh
然后,在你需要添加该路由的机器上运行route.sh脚本即可。
'''
import sys, DNS
import socket, struct
def mask(n):
return (2L<<n-1) - 1
def ipstr2subnet(ip, n):
subnet = struct.unpack('I',socket.inet_aton(ip))[0] & mask(n)
return socket.inet_ntoa(struct.pack('I', subnet))
def main():
gw = "10.8.0.5"
domains = map(lambda x: x[1:], (".google.com",".gstatic.com",".googleusercontent.com",".googlesource.com",".ggpht.com",".appspot.com",".googlecode.com",".googleapis.com",".gmail.com",".google-analytics.com",".keyhole.com",".chromium.org",".googlesyndication.com",".googlelabs.com",".g.co",".goo.gl",".panoramio.com",".android.com",".youtube.com",".ytimg.com",".blogspot.com",".blogger.com",".twitter.com",".twimg.com",".t.co",".facebook.com",".facebook.net",".fbcdn.net",".fb.me",".tfbnw.net",".flickr.com",".yimg.com",".bit.ly",".bitly.com",".t66y.com",".wp.com"))
subnets = set()
DNS.ParseResolvConf()
for domain in domains:
r = DNS.Request(domain, qtype='A').req()
try:
for answer in r.answers:
if answer['typename'] == 'A':
ip = answer['data']
try:
subnets.add(ipstr2subnet(ip, 16))
except:
print >> sys.stderr, answer
except:
print >> sys.stderr, "failed to query %s" % domain
# print "#!/bin/sh\n"
for subnet in subnets:
print "route add -net %s netmask %s gw %s dev tun0" % (subnet, "255.255.0.0", gw)
if __name__ == "__main__":
main()
#!/bin/sh
# get remote vpn's ip automatically, e.g.
#
# tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
# inet addr:10.8.0.10 P-t-P:10.8.0.9 Mask:255.255.255.255
# UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
#
gwip=$(/sbin/ifconfig tun0|grep "P-t-P"|tr -s ' '|cut -d' ' -f4|cut -d: -f2)
blocked=(
178.79.0.0
76.74.0.0
210.163.0.0
66.155.0.0
68.180.0.0
98.139.0.0
199.59.0.0
173.252.0.0
184.154.0.0
72.233.0.0
69.58.0.0
68.142.0.0
#google
64.233.0.0
66.102.0.0
66.249.0.0
209.85.0.0
216.239.0.0
173.194.0.0
74.125.0.0
72.14.0.0
# manually
199.16.0.0
184.50.0.0
178.18.0.0
199.96.0.0
67.228.0.0
# dropbox
199.47.0.0
174.129.0.0
205.251.0.0
#tor
38.229.0.0
82.195.0.0
86.59.0.0
93.95.0.0
46.4.0.0
#wikipedia
208.80.0.0
#tumblr
68.232.0.0
66.6.0.0
#github
192.30.0.0
#droplr
50.112.0.0
#dns
199.91.0.0
8.8.0.0
)
for ip in ${blocked[@]}; do
route add -net $ip netmask 255.255.0.0 gw $gwip dev tun0
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment