Dnsmasq配合gfwlist实现自动穿墙

4

gfw

恶补了一下linux和python相关语法,码的马马虎虎

goagent目录中新建proxy.shgfwlist.py两个文件,然后在shell中执行/usr/lib/goagent/proxy.sh就可以自动配置好防火墙和dnsmasq,再次执行就只会更新gfwlist列表,可以把它加入到开机启动或者定时任务中去。

如果py执行过程报错说明gfwlist服务器不通畅,在/etc/hosts中追加autoproxy-gfwlist.googlecode.com的可用IP

proxy.sh

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
#!/bin/sh
#DeadWood 2014/7/7  
#https://xiumu.org  
 
DM_CONF=/etc/dnsmasq.conf
GFW_CONF=/etc/gfw.conf
FW="\n# GFW\niptables -t nat -N GFW\niptables -t nat -A GFW -p tcp -d 1.1.1.0/24 -j REDIRECT --to-ports 12345\niptables -t nat -A GFW -p tcp -j RETURN\niptables -t nat -A PREROUTING -p tcp -j GFW"
 
if ! grep -q "GFW" /etc/firewall.user ; then 
  echo -e "$FW" >> /etc/firewall.user
  echo "firewall reload"
  /etc/init.d/firewall reload
fi 
 
#Get gfwlist
echo "update gfwlist"
python /usr/lib/goagent/gfwlist.py > $GFW_CONF
 
#Add conf-file
if [ -f $DM_CONF -a -f $GFW_CONF ] && ! grep -q $GFW_CONF $DM_CONF; then 
  echo "add conf-file"
  echo -e "\nconf-file=$GFW_CONF" >> $DM_CONF
fi
 
#Restart dnsmasq
echo "restart dnsmasq"
/etc/init.d/dnsmasq restart

修改12345为自己的goagent的端口

gfwlist.py

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
#!/usr/bin/env python  
#   Aug 19 2011  
#   [email protected] Published Under BSD Lisense  
#           Ronald Liu  
#   [email protected]  
#   FYI  http://lzsblog.appspot.com/%3Fp%3D291001  
#     
 
#   Mod By D2o 2012/8/13  
#   http://conupefox.csdn.net  
 
#   Mod By DeadWood 2014/7/7  
#   https://xiumu.org  
 
import sys,re,base64,cStringIO,urllib2  
 
def splitList(txt):  
    arr = txt.split("\n")  
    pattern ='^([01]?\d\d?|2[0-4]\d|25[0-5])\.([01]?\d\d?|2[0-4]\d|25[0-5])\.([01]?\d\d?|2[0-4]\d|25[0-5])\.([01]?\d\d?|2[0-4]\d|25[0-5])$'  
    l = []  
    for line in arr:  
        if (not len(line)): #empty line  
            continue  
        if (line[0] == "!"): #Comment line  
            continue  
        elif(line[0:2] =="@@"):#Forbidding line  
            continue  
        elif(line.find("/")!=-1 or line.find("*")!=-1 or line.find("[")!=-1 or line.find("%")!=-1 or line.find(".")==-1 ): #URL is ignored, only domains left  
            continue  
        elif(re.search(pattern, line)):#IP address  
            continue  
 
        #In this case, domain name is irrelevant to protocol(http or https)  
        elif(line[0:2] =="||"):  
            l.append(line[2:])  
        elif(line[0] == "."):  
            l.append(line[1:])  
        else:  
            l.append(line)  
 
    return l  
 
 
#Decode and decorate the input string  
url = urllib2.urlopen('https://autoproxy-gfwlist.googlecode.com/svn/trunk/gfwlist.txt',timeout=10) 
f = cStringIO.StringIO(url.read()) 
txt = f.read()  
txt = base64.decodestring(txt)  
domains = splitList(txt)  
per_line=""  
print "#gfwlist"
for line in domains:  
    if (line!=per_line):  
        print "address=/" + line + "/1.1.1.2"  
    per_line=line

共 4 条评论

  1. 回复

    为什么把所有域名都解析成1.1.1.2了?DNSmasq怎么解析啊?

    • 回复

      1.1.1.2可以是任意用不到的ip,路由器会把所有通向1.1.1.2的包转发到goagent代理,实现“局部翻墙”

  2. 回复

    好详细,学习了。。

  3. 回复

    很给力啊

暴风影音进行回复 X

您的邮箱不会公开,当您的评论有新的回复时,会通过您填写的邮箱向您发送评论内容。 必填字段 *

为何看不到我发布的评论?

正在提交, 请稍候...