Skip to content

Instantly share code, notes, and snippets.

@sunlei

sunlei/custom_generate.sh

Forked from evianzhow/custom_generate.sh
Created June 23, 2014 08:39
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save sunlei/5f73a7f9b813307c6b22 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save sunlei/5f73a7f9b813307c6b22 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @evianzhow evianzhow revised this gist Jun 16, 2014. 2 changed files with 1 addition and 2 deletions.
    1 change: 0 additions & 1 deletion iptables.footer
    View file
    Original file line number Diff line number Diff line change
    @@ -1,4 +1,3 @@

    ############## FOOTER HERE
    # Anything else should be redirected to shadowsocks's local port
    iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 1080
    2 changes: 1 addition & 1 deletion iptables.header
    View file
    Original file line number Diff line number Diff line change
    @@ -5,7 +5,7 @@ iptables -t nat -N SHADOWSOCKS
    # Ignore your shadowsocks server's addresses
    # It's very IMPORTANT, just be careful.
    # 192.81.133.116 is FoOTOo Public shadowsocks server
    iptables -t nat -A SHADOWSOCKS -d 192.81.133.116 -j RETURN
    iptables -t nat -A SHADOWSOCKS -d REPLACE_YOUR_VPS_ADDRESS_HERE -j RETURN

    # Ignore LANs and any other addresses you'd like to bypass the proxy
    # See Wikipedia and RFC5735 for full list of reserved networks.
  2. @evianzhow evianzhow created this gist Jun 16, 2014.
    15 changes: 15 additions & 0 deletions custom_generate.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,15 @@
    #!/bin/bash

    # For *nix users, just run iptables.shadow
    # For OpenWRT users, copy iptables.shadow to /etc/firewall.user
    # For OpenWRT users, remember to change OUTPUT to PREROUTING in iptables.footer

    ./generate.sh route_table > analysis_result

    node minifier.js|node formatter.js --profile=custom --format="iptables -t nat -A SHADOWSOCKS -d %prefix/%mask -j %gw" --netgw RETURN --vpngw ACCEPT > iptables.rules

    echo "#!/bin/bash" > iptables.shadow && cat iptables.header >> iptables.shadow && cat iptables.rules | grep RETURN >> iptables.shadow && cat iptables.footer >> iptables.shadow

    rm iptables.rules route_table analysis_result

    chmod 0755 iptables.shadow
    7 changes: 7 additions & 0 deletions iptables.footer
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,7 @@

    ############## FOOTER HERE
    # Anything else should be redirected to shadowsocks's local port
    iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 1080

    # Apply the rules
    iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS
    20 changes: 20 additions & 0 deletions iptables.header
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,20 @@
    ############## HEADER HERE
    # Create new chain
    iptables -t nat -N SHADOWSOCKS

    # Ignore your shadowsocks server's addresses
    # It's very IMPORTANT, just be careful.
    # 192.81.133.116 is FoOTOo Public shadowsocks server
    iptables -t nat -A SHADOWSOCKS -d 192.81.133.116 -j RETURN

    # Ignore LANs and any other addresses you'd like to bypass the proxy
    # See Wikipedia and RFC5735 for full list of reserved networks.
    # See ashi009/bestroutetb for a highly optimized CHN route list.
    iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
    iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
    iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
    iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
    iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
    iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
    iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
    iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN