This repository has been archived by the owner on Sep 4, 2018. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 25
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
root
committed
Aug 25, 2017
1 parent
8c28322
commit cfd7145
Showing
4 changed files
with
324 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
! ------------------------------ 自定义过滤语法简表--------------------------------- | ||
! ABP规则请参考https://adblockplus.org/zh_CN/filters,下面为大致摘要 | ||
! [!] 为行注释符,注释行以该符号起始作为一行注释语义,用于规则描述 | ||
! [*] 为字符通配符,能够匹配0长度或任意长度的字符串,该通配符不能与正则语法混用。 | ||
! [^] 为分隔符,可以是除了字母、数字或者 _ - . % 之外的任何字符。 | ||
! [|] 为管线符号,来表示地址的最前端或最末端 | ||
! [||] 为子域通配符,方便匹配主域名下的所有子域。 | ||
! [~] 为排除标识符,通配符能过滤大多数广告,但同时存在误杀, 可以通过排除标识符修正误杀链接。 | ||
! [##]为元素选择器标识符,后面跟需要隐藏元素的CSS样式例如 #ad_id .ad_class | ||
!! 元素隐藏暂不支持全局规则和排除规则 | ||
!! 字符替换扩展 | ||
! 文本替换选择器标识符,后面跟需要替换的文本数据,格式:$s@模式字符串@替换后的文本@ | ||
! 支持通配符*和? | ||
! -------------------------------------------------------------------------------- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,149 @@ | ||
#!/bin/sh /etc/rc.common | ||
|
||
###################################################################### | ||
# | ||
# Function : Run adbyby in RAM | ||
# | ||
# Creater : ywb94@qq.com, 2017-02-13 | ||
# | ||
# Copyright : yushi studio | ||
# | ||
###################################################################### | ||
|
||
START=80 | ||
|
||
|
||
add_mac_rule() { | ||
local cfg="$1" | ||
local rules="$2" | ||
local prefix="$3" | ||
local suffix="$4" | ||
|
||
config_get srcmac $cfg mac | ||
config_get ienable $cfg internet_enable | ||
if [ -z "$srcmac" ]; then | ||
return 1 | ||
fi | ||
if [ "$ienable" == "1" ]; then | ||
return 1 | ||
fi | ||
|
||
append $rules "$prefix" "$N" | ||
|
||
append $rules "-m mac --mac-source $srcmac" | ||
append $rules "$suffix" | ||
|
||
} | ||
|
||
addp_mac_rule() { | ||
local cfg="$1" | ||
local rules="$2" | ||
local prefix="$3" | ||
local suffix="$4" | ||
local srcmac weekdays starttime stoptime range | ||
|
||
config_get srcmac $cfg src_mac | ||
config_get weekdays $cfg weekdays | ||
config_get starttime $cfg start_time | ||
config_get stoptime $cfg stop_time | ||
|
||
if [ -z "$srcmac" ]; then | ||
return 1 | ||
fi | ||
|
||
append $rules "$prefix" "$N" | ||
|
||
append $rules "-m mac --mac-source $srcmac" | ||
|
||
if [ -n "$weekdays" ]; then | ||
append range "--weekdays $weekdays" | ||
fi | ||
|
||
if [ -n "$starttime" ]; then | ||
append range "--timestart $starttime" | ||
fi | ||
|
||
if [ -n "$stoptime" ]; then | ||
append range "--timestop $stoptime" | ||
fi | ||
|
||
if [ -n "$range" ]; then | ||
append $rules "-m time --kerneltz" | ||
append $rules "$range" | ||
fi | ||
append $rules "$suffix" | ||
|
||
} | ||
|
||
adb_mod=`uci get adbyby.adbyby.mode 2>/dev/null` | ||
|
||
start() { | ||
#不重复启动 | ||
icount=`ps -w|grep adbyby.sh|grep -v grep|wc -l` | ||
if [ "$adb_mod" = "1" ] ;then | ||
icount2=`netstat -nautp|grep koolproxy|grep -v grep|wc -l` | ||
else | ||
icount2=`netstat -nautp|grep adbyby|grep -v grep|wc -l` | ||
fi | ||
|
||
if [ $icount = 0 -a $icount2 = 0 ] ;then | ||
#config_load device_manage | ||
#local mac_rules | ||
#local prefix="iptables -t nat -I adbyby_chain" | ||
#local suffix=" -j RETURN" | ||
#config_foreach add_mac_rule limit mac_rules "$prefix" "$suffix" | ||
|
||
#config_load parentctl | ||
#config_get_bool pctl_enable config enabled 0 | ||
#if [ "$pctl_enable" == "1" ]; then | ||
#config_foreach addp_mac_rule rule mac_rules "$prefix" "$suffix" | ||
#fi | ||
|
||
|
||
/root/adbyby.sh & #"$mac_rules" & | ||
|
||
#等待下载 | ||
sleep 2 | ||
fi | ||
|
||
} | ||
|
||
stop() { | ||
killall -9 adb_mon.sh 2>/dev/null | ||
|
||
rm -f /tmp/dnsmasq.d/adbyby_host.conf 2>/dev/null | ||
rm -f /tmp/dnsmasq.d/adblock.conf 2>/dev/null | ||
|
||
#清除防火墙规则 | ||
iptables -w -t nat -F adbyby_chain 2>/dev/null | ||
iptables -t nat -D PREROUTING -p tcp -j adbyby_chain 2>/dev/null | ||
iptables -t nat -X adbyby_chain 2>/dev/null | ||
ipset -X adbyby_list 2>/dev/null | ||
ipset -X adblock 2>/dev/null | ||
|
||
if [ -f /tmp/adbyby/bin/stopadbb ] ;then | ||
ps -w|grep \\./adbyby|grep -v grep |awk '{print $1}'|xargs kill 2>/dev/null | ||
rm -rf /tmp/adbyby | ||
fi | ||
|
||
if [ -f /tmp/koolproxy/koolproxy ] ;then | ||
ps -w|grep koolproxy|grep -v grep |awk '{print $1}'|xargs kill 2>/dev/null | ||
rm -rf /tmp/koolproxy | ||
fi | ||
|
||
|
||
icount=`ps -w|grep adbyby.sh|grep -v grep|wc -l` | ||
if [ $icount -gt 0 ] ;then | ||
mid=`ps -w|grep adbyby.sh|grep -v grep|awk '{print $1}'` | ||
kill -9 $mid 2>/dev/null | ||
fi | ||
|
||
} | ||
|
||
restart() { | ||
stop | ||
start | ||
} | ||
|
||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
#!/bin/sh | ||
alias echo_date='echo $(date +%Y年%m月%d日\ %X):' | ||
|
||
if [ ! -f openssl.cnf ]; then | ||
echo_date "Cannot found openssl.cnf" | ||
exit 1 | ||
fi | ||
if [ -f ./private/ca.key.pem ]; then | ||
echo_date "已经有证书了!" | ||
else | ||
echo_date "生成证书中..." | ||
|
||
#step 1, root ca | ||
mkdir -p certs private | ||
rm -f serial private/ca.key.pem | ||
chmod 700 private | ||
echo 1000 > serial | ||
openssl genrsa -aes256 -passout pass:koolshare -out private/ca.key.pem 2048 | ||
chmod 400 private/ca.key.pem | ||
openssl req -config openssl.cnf -passin pass:koolshare \ | ||
-subj "/C=CN/ST=Beijing/L=KP/O=KoolProxy inc/CN=koolproxy.com" \ | ||
-key private/ca.key.pem \ | ||
-new -x509 -days 7300 -sha256 -extensions v3_ca \ | ||
-out certs/ca.crt | ||
|
||
#step 2, domain rsa key | ||
openssl genrsa -aes256 -passout pass:koolshare -out private/base.key.pem 2048 | ||
echo_date "证书生成完毕..." | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,132 @@ | ||
# OpenSSL root CA configuration file. | ||
# Copy to `/root/ca/openssl.cnf`. | ||
|
||
[ ca ] | ||
# `man ca` | ||
default_ca = CA_default | ||
|
||
[ CA_default ] | ||
# Directory and file locations. | ||
dir = ./ca | ||
certs = $dir/certs | ||
crl_dir = $dir/crl | ||
new_certs_dir = $dir/newcerts | ||
database = $dir/index.txt | ||
serial = $dir/serial | ||
RANDFILE = $dir/private/.rand | ||
|
||
# The root key and root certificate. | ||
private_key = $dir/private/ca.key.pem | ||
certificate = $dir/certs/ca.cert.pem | ||
|
||
# For certificate revocation lists. | ||
crlnumber = $dir/crlnumber | ||
crl = $dir/crl/ca.crl.pem | ||
crl_extensions = crl_ext | ||
default_crl_days = 30 | ||
|
||
# SHA-1 is deprecated, so use SHA-2 instead. | ||
default_md = sha256 | ||
|
||
name_opt = ca_default | ||
cert_opt = ca_default | ||
default_days = 375 | ||
preserve = no | ||
policy = policy_strict | ||
|
||
[ policy_strict ] | ||
# The root CA should only sign intermediate certificates that match. | ||
# See the POLICY FORMAT section of `man ca`. | ||
countryName = match | ||
stateOrProvinceName = match | ||
organizationName = match | ||
organizationalUnitName = optional | ||
commonName = supplied | ||
emailAddress = optional | ||
|
||
[ policy_loose ] | ||
# Allow the intermediate CA to sign a more diverse range of certificates. | ||
# See the POLICY FORMAT section of the `ca` man page. | ||
countryName = optional | ||
stateOrProvinceName = optional | ||
localityName = optional | ||
organizationName = optional | ||
organizationalUnitName = optional | ||
commonName = supplied | ||
emailAddress = optional | ||
|
||
[ req ] | ||
# Options for the `req` tool (`man req`). | ||
default_bits = 2048 | ||
distinguished_name = req_distinguished_name | ||
string_mask = utf8only | ||
|
||
# SHA-1 is deprecated, so use SHA-2 instead. | ||
default_md = sha256 | ||
|
||
# Extension to add when the -x509 option is used. | ||
x509_extensions = v3_ca | ||
|
||
[ req_distinguished_name ] | ||
# See <https://en.wikipedia.org/wiki/Certificate_signing_request>. | ||
countryName = Country Name (2 letter code) | ||
stateOrProvinceName = State or Province Name | ||
localityName = Locality Name | ||
0.organizationName = Organization Name | ||
organizationalUnitName = Organizational Unit Name | ||
commonName = Common Name | ||
emailAddress = Email Address | ||
|
||
# Optionally, specify some defaults. | ||
countryName_default = GB | ||
stateOrProvinceName_default = England | ||
localityName_default = | ||
0.organizationName_default = Alice Ltd | ||
organizationalUnitName_default = | ||
emailAddress_default = | ||
|
||
[ v3_ca ] | ||
# Extensions for a typical CA (`man x509v3_config`). | ||
subjectKeyIdentifier = hash | ||
authorityKeyIdentifier = keyid:always,issuer | ||
basicConstraints = critical, CA:true | ||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign | ||
|
||
[ v3_intermediate_ca ] | ||
# Extensions for a typical intermediate CA (`man x509v3_config`). | ||
subjectKeyIdentifier = hash | ||
authorityKeyIdentifier = keyid:always,issuer | ||
basicConstraints = critical, CA:true, pathlen:0 | ||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign | ||
|
||
[ usr_cert ] | ||
# Extensions for client certificates (`man x509v3_config`). | ||
basicConstraints = CA:FALSE | ||
nsCertType = client, email | ||
nsComment = "OpenSSL Generated Client Certificate" | ||
subjectKeyIdentifier = hash | ||
authorityKeyIdentifier = keyid,issuer | ||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment | ||
extendedKeyUsage = clientAuth, emailProtection | ||
|
||
[ server_cert ] | ||
# Extensions for server certificates (`man x509v3_config`). | ||
basicConstraints = CA:FALSE | ||
nsCertType = server | ||
nsComment = "OpenSSL Generated Server Certificate" | ||
subjectKeyIdentifier = hash | ||
authorityKeyIdentifier = keyid,issuer:always | ||
keyUsage = critical, digitalSignature, keyEncipherment | ||
extendedKeyUsage = serverAuth | ||
|
||
[ crl_ext ] | ||
# Extension for CRLs (`man x509v3_config`). | ||
authorityKeyIdentifier=keyid:always | ||
|
||
[ ocsp ] | ||
# Extension for OCSP signing certificates (`man ocsp`). | ||
basicConstraints = CA:FALSE | ||
subjectKeyIdentifier = hash | ||
authorityKeyIdentifier = keyid,issuer | ||
keyUsage = critical, digitalSignature | ||
extendedKeyUsage = critical, OCSPSigning |