-
-
Save windbg/f53acde4d7626578bc0717b5ee865196 to your computer and use it in GitHub Desktop.
将gfwlist转换成带ipset的dnsmasq规则,适用于OpenWrt智能上网
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
#coding=utf-8 | |
# | |
# Generate a list of dnsmasq rules with ipset for gfwlist | |
# | |
# Copyright (C) 2014 http://www.shuyz.com | |
# Ref https://code.google.com/p/autoproxy-gfwlist/wiki/Rules | |
import urllib2 | |
import re | |
import os | |
import datetime | |
import base64 | |
import shutil | |
mydnsip = '127.0.0.1' | |
mydnsport = '1053' | |
# the url of gfwlist | |
baseurl = 'https://raw.githubusercontent.com/gfwlist/gfwlist/master/gfwlist.txt' | |
# match comments/title/whitelist/ip address | |
comment_pattern = '^\!|\[|^@@|^\d+\.\d+\.\d+\.\d+' | |
domain_pattern = '([\w\-\_]+\.[\w\.\-\_]+)[\/\*]*' | |
tmpfile = '/tmp/gfwlisttmp' | |
# do not write to router internal flash directly | |
outfile = '/tmp/gfwlist.conf' | |
rulesfile = '/etc/dnsmasq.d/gfwlist.conf' | |
fs = file(outfile, 'w') | |
fs.write('# gfw list ipset rules for dnsmasq\n') | |
fs.write('# updated on ' + datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S") + '\n') | |
fs.write('#\n') | |
print 'fetching list...' | |
content = urllib2.urlopen(baseurl, timeout=15).read().decode('base64') | |
# write the decoded content to file then read line by line | |
tfs = open(tmpfile, 'w') | |
tfs.write(content) | |
tfs.close() | |
tfs = open(tmpfile, 'r') | |
print 'page content fetched, analysis...' | |
# remember all blocked domains, in case of duplicate records | |
domainlist = [] | |
for line in tfs.readlines(): | |
if re.findall(comment_pattern, line): | |
print 'this is a comment line: ' + line | |
#fs.write('#' + line) | |
else: | |
domain = re.findall(domain_pattern, line) | |
if domain: | |
try: | |
found = domainlist.index(domain[0]) | |
print domain[0] + ' exists.' | |
except ValueError: | |
print 'saving ' + domain[0] | |
domainlist.append(domain[0]) | |
fs.write('server=/.%s/%s#%s\n'%(domain[0],mydnsip,mydnsport)) | |
fs.write('ipset=/.%s/gfwlist\n'%domain[0]) | |
else: | |
print 'no valid domain in this line: ' + line | |
tfs.close() | |
fs.close(); | |
print 'moving generated file to dnsmasg directory' | |
shutil.move(outfile, rulesfile) | |
print 'restart dnsmasq...' | |
print os.popen('/etc/init.d/dnsmasq restart').read() | |
print 'done!' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh /etc/rc.common | |
# Copyright (C) 2006-2011 OpenWrt.org | |
# ref http://ipset.netfilter.org/ipset.man.html | |
START=95 | |
SERVICE_USE_PID=1 | |
SERVICE_WRITE_PID=1 | |
SERVICE_DAEMONIZE=1 | |
start() { | |
echo starting ss-redir... | |
service_start /opt/bin/ss-redir -c /etc/shadowsocks.json | |
echo loading firewall rules... | |
ipset create gfwlist hash:ip counters timeout 1200 | |
iptables -t nat -A zone_lan_prerouting -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 1081 | |
echo done. | |
} | |
stop() { | |
echo stopping ss-redir... | |
service_stop /opt/bin/ss-redir | |
echo restarting firewall... | |
/etc/init.d/firewall restart | |
echo done. | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment