buddhazhou · November 14, 2015 06:53
diff --git a/shadowsocks.sh b/shadowsocks.sh
 #!/bin/sh /etc/rc.common
 # Copyright (C) 2006-2011 OpenWrt.org
 #
 # Shadowsocks startup script with iptables rules for OpenWrt 
 # 
 # This file is located in directory /etc/init.d/
 # rename this file to shadowsocks before using it
 #  
 #  By Lance http://www.shuyz.com   
 #    

 START=95

 SERVICE_USE_PID=1
 SERVICE_WRITE_PID=1
 SERVICE_DAEMONIZE=1

 start() {
 	echo starting ss-redir...
 	service_start /opt/bin/ss-redir -c /etc/shadowsocks.json
 	echo loading shadowsocks firewall rules for shadowsocks...
 	load_firewall
 	echo done.
 }

 stop() {
 	echo stopping ss-redir...
 	service_stop /opt/bin/ss-redir
 	echo flushing shadowsocks firewall rules for shadowsocks...
 	flush_firewall
 	echo done.
 }

 load_firewall() {
 	#create a new chain named SHADOWSOCKS
 	iptables -t nat -N SHADOWSOCKS

 	# Ignore your shadowsocks server's addresses
 	# It's very IMPORTANT, just be careful.
 	iptables -t nat -A SHADOWSOCKS -d 104.128.82.194 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 107.181.166.106 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 192.210.133.78 -j RETURN

 	# Ignore LANs IP address
 	iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN

 	# Ignore Asia IP address
 	iptables -t nat -A SHADOWSOCKS -d 1.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 14.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 27.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 36.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 39.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 42.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 49.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 58.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 59.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 60.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 61.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 101.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 103.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 106.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 110.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 111.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 112.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 113.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 114.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 115.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 116.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 117.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 118.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 119.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 120.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 121.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 122.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 123.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 124.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 125.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 126.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 169.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 175.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 180.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 182.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 183.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 202.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 203.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 210.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 211.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 218.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 219.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 220.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 221.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 222.0.0.0/8 -j RETURN
 	iptables -t nat -A SHADOWSOCKS -d 223.0.0.0/8 -j RETURN

 	# Anything else should be redirected to shadowsocks's local port
 	iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 1080

 	# Apply the rules
 	iptables -t nat -I zone_lan_prerouting -j SHADOWSOCKS
 }

 flush_firewall() {
 	iptables -t nat -F SHADOWSOCKS
 	sleep 1
 	iptables -t nat -D zone_lan_prerouting -j SHADOWSOCKS
 	iptables -t nat -X SHADOWSOCKS
 }
	#!/bin/sh /etc/rc.common
	# Copyright (C) 2006-2011 OpenWrt.org
	#
	# Shadowsocks startup script with iptables rules for OpenWrt
	#
	# This file is located in directory /etc/init.d/
	# rename this file to shadowsocks before using it
	#
	# By Lance http://www.shuyz.com
	#

	START=95

	SERVICE_USE_PID=1
	SERVICE_WRITE_PID=1
	SERVICE_DAEMONIZE=1

	start() {
	echo starting ss-redir...
	service_start /opt/bin/ss-redir -c /etc/shadowsocks.json
	echo loading shadowsocks firewall rules for shadowsocks...
	load_firewall
	echo done.
	}

	stop() {
	echo stopping ss-redir...
	service_stop /opt/bin/ss-redir
	echo flushing shadowsocks firewall rules for shadowsocks...
	flush_firewall
	echo done.
	}

	load_firewall() {
	#create a new chain named SHADOWSOCKS
	iptables -t nat -N SHADOWSOCKS

	# Ignore your shadowsocks server's addresses
	# It's very IMPORTANT, just be careful.
	iptables -t nat -A SHADOWSOCKS -d 104.128.82.194 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 107.181.166.106 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 192.210.133.78 -j RETURN

	# Ignore LANs IP address
	iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN

	# Ignore Asia IP address
	iptables -t nat -A SHADOWSOCKS -d 1.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 14.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 27.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 36.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 39.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 42.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 49.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 58.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 59.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 60.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 61.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 101.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 103.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 106.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 110.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 111.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 112.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 113.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 114.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 115.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 116.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 117.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 118.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 119.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 120.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 121.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 122.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 123.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 124.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 125.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 126.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 169.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 175.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 180.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 182.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 183.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 202.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 203.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 210.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 211.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 218.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 219.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 220.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 221.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 222.0.0.0/8 -j RETURN
	iptables -t nat -A SHADOWSOCKS -d 223.0.0.0/8 -j RETURN

	# Anything else should be redirected to shadowsocks's local port
	iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 1080

	# Apply the rules
	iptables -t nat -I zone_lan_prerouting -j SHADOWSOCKS
	}

	flush_firewall() {
	iptables -t nat -F SHADOWSOCKS
	sleep 1
	iptables -t nat -D zone_lan_prerouting -j SHADOWSOCKS
	iptables -t nat -X SHADOWSOCKS
	}