Add user IP gfwlist support

Acris · Mar 2, 2020 · c5849a5 · c5849a5
1 parent 294c88f
commit c5849a5
Showing 1 changed file with 18 additions and 11 deletions.
diff --git a/scripts/apply_iptables_rule.sh b/scripts/apply_iptables_rule.sh
@@ -27,6 +27,10 @@ modprobe ip_set_hash_net
 modprobe ip_set_hash_ip
 modprobe xt_set
 
+# Create ipset for user domain name whitelist and user domain name gfwlist
+ipset create userwhitelist hash:net 2>/dev/null
+ipset create usergfwlist hash:net 2>/dev/null
+
 if [[ ${mode} -eq 0 ]]; then
   # Add GFW list to gfwlist ipset for GFW list mode
   if ipset create gfwlist hash:ip 2>/dev/null; then
@@ -56,10 +60,6 @@ elif [[ ${mode} -eq 1 ]]; then
   fi
 fi
 
-# Create ipset for user domain name whitelist and user domain name gfwlist
-ipset create userwhitelist hash:ip 2>/dev/null
-ipset create usergfwlist hash:ip 2>/dev/null
-
 # Add intranet IP to localips ipset for Bypass LAN
 if ipset create localips hash:net 2>/dev/null; then
   OLDIFS="$IFS" && IFS=$'\n'
@@ -95,17 +95,24 @@ if ipset create whitelist hash:ip 2>/dev/null; then
     # Add rubyfush DNS server
     ipset add whitelist 118.89.110.78
     ipset add whitelist 47.96.179.163
-
-    # Add user_ip_whitelist.txt
-    if [[ -e ${SS_MERLIN_HOME}/rules/user_ip_whitelist.txt ]]; then
-      for ip in $(cat ${SS_MERLIN_HOME}/rules/user_ip_whitelist.txt | grep -v '^#'); do
-        ipset add whitelist ${ip}
-      done
-    fi
   fi
   IFS=${OLDIFS}
 fi
 
+# Add user_ip_whitelist.txt
+if [[ -e ${SS_MERLIN_HOME}/rules/user_ip_whitelist.txt ]]; then
+  for ip in $(cat ${SS_MERLIN_HOME}/rules/user_ip_whitelist.txt | grep -v '^#'); do
+    ipset add userwhitelist ${ip}
+  done
+fi
+
+# Add user_ip_gfwlist.txt
+if [[ -e ${SS_MERLIN_HOME}/rules/user_ip_gfwlist.txt ]]; then
+  for ip in $(cat ${SS_MERLIN_HOME}/rules/user_ip_gfwlist.txt | grep -v '^#'); do
+    ipset add usergfwlist ${ip}
+  done
+fi
+
 local_redir_port=$(cat ${SS_MERLIN_HOME}/etc/shadowsocks/config.json | grep 'local_port' | cut -d ':' -f 2 | grep -o '[0-9]*')
 
 if [[ ! ${lan_ips} || ${lan_ips} == '0.0.0.0/0' ]]; then