diff --git a/scripts/iptables-mihomo-setup.sh b/scripts/iptables-mihomo-setup.sh index 3205e6a..f593d92 100644 --- a/scripts/iptables-mihomo-setup.sh +++ b/scripts/iptables-mihomo-setup.sh @@ -18,21 +18,23 @@ EXCLUDE_IFACES=("tun0" "wg0") # ---------------------------- ipt() { iptables "$@"; } -# Функция для удаления правил по комментарию (чтобы не тереть чужое) -# Используем trick: добавляем комментарий ко всем правилам, чтобы потом их найти и удалить +# Функция для удаления правил по комментарию cleanup_rules() { local table="$1" local chain="$2" local comment="$3" - # List rules with line numbers, grep by comment, sort reverse order (to delete safely), delete + # Добавлено "|| true" к grep, чтобы скрипт не падал, если правил нет (пустой grep возвращает 1) iptables -t "$table" -nL "$chain" --line-numbers 2>/dev/null | \ - grep "$comment" | \ + grep "$comment" || true | \ sort -r | \ awk '{print $1}' | \ while read -r line; do - echo "Deleting rule $line from $table/$chain..." - iptables -t "$table" -D "$chain" "$line" + # Проверка на пустую строку, на случай если grep ничего не нашел + if [[ -n "$line" ]]; then + echo "Deleting rule $line from $table/$chain..." + iptables -t "$table" -D "$chain" "$line" + fi done } @@ -64,7 +66,6 @@ cleanup_rules nat OUTPUT "MIHOMO-EXCLUDE" cleanup_rules nat PREROUTING "MIHOMO-REDIRECT" # 3. Flush and Delete Chains -# Now that references are gone, we can safely kill the chains ipt -t mangle -F MIHOMO_TPROXY 2>/dev/null || true ipt -t mangle -X MIHOMO_TPROXY 2>/dev/null || true @@ -100,8 +101,6 @@ ipt -t nat -A OUTPUT -m owner --uid-owner "${MIHOMO_UID}" -m comment --comment " ipt -t nat -A OUTPUT -p tcp -m comment --comment "MIHOMO-JUMP" -j MIHOMO_REDIR # --- APPLY TO INGRESS (wt0) --- -# Exclude wt0 -> tun0/wg0 logic handled by routing mostly, but let's be safe if needed. -# For now, strictly redirect TCP incoming on wt0 ipt -t nat -A PREROUTING -i wt0 -p tcp -m comment --comment "MIHOMO-REDIRECT" -j REDIRECT --to-port "${REDIR_PORT}"