From beca4de9cdc37dde8f5adb7503a0665e62ff77f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=92=D0=B8=D1=82=D0=B0=D0=BB=D0=B8=D0=B9=20=D0=9D=D0=B8?= =?UTF-8?q?=D0=BA=D0=B8=D1=82=D0=B5=D0=BD=D0=BA=D0=BE?= Date: Mon, 8 Jun 2026 07:01:51 +0300 Subject: [PATCH] =?UTF-8?q?refactor:=20=D1=80=D0=B0=D0=B7=D0=B4=D0=B5?= =?UTF-8?q?=D0=BB=D0=B8=D0=BB=20AMNEZIA=5FSERVER=20=D0=B8=20KILL=5FSWITCH?= =?UTF-8?q?=5FEXCEPTIONS?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - AMNEZIA_SERVER — только IP/домены серверов Amnezia (для поднятия VPN) - KILL_SWITCH_EXCEPTIONS — дополнительные исключения (git, etc.) - Обе переменные поддерживают IP и домены (DNS-резолвинг) - setup.sh: раздельные промпты в меню Co-Authored-By: Claude Opus 4.8 --- scripts/ru-bypass.sh | 54 ++++++++++++++++++++++++++++++++++---------- setup.sh | 11 ++++++--- 2 files changed, 50 insertions(+), 15 deletions(-) diff --git a/scripts/ru-bypass.sh b/scripts/ru-bypass.sh index 92ab0c4..995e914 100644 --- a/scripts/ru-bypass.sh +++ b/scripts/ru-bypass.sh @@ -15,6 +15,7 @@ GATEWAY="${GATEWAY:-192.168.1.1}" DEV="${DEV:-wlp1s0}" LOCAL_DNS="${LOCAL_DNS:-}" AMNEZIA_SERVER="${AMNEZIA_SERVER:-}" +KILL_SWITCH_EXCEPTIONS="${KILL_SWITCH_EXCEPTIONS:-}" SETNAME="ru-direct" CACHE="/var/cache/ru-delegations.txt" IPSET_SAVE="/etc/ipset.conf" @@ -161,15 +162,32 @@ ENTRIES=$(ipset list "$SETNAME" 2>/dev/null | grep -c '/') echo "ipset обновлён: $ENTRIES записей" -# --- Сервер Amnezia в исключения (чтобы мог подключиться при kill switch) --- -if [ -n "$AMNEZIA_SERVER" ]; then - ipset add "$SETNAME" "$AMNEZIA_SERVER" -exist 2>/dev/null || true - echo "Сервер Amnezia $AMNEZIA_SERVER добавлен в ipset $SETNAME" + +# --- Исключения для kill switch --- + +# AMNEZIA_SERVER — IP/домены серверов Amnezia (нужны для поднятия VPN при активном kill switch) +# KILL_SWITCH_EXCEPTIONS — дополнительные IP/домены, доступные напрямую даже при kill switch +ALL_EXC="${AMNEZIA_SERVER} ${KILL_SWITCH_EXCEPTIONS}" +if [ -n "${ALL_EXC// }" ]; then + for item in $ALL_EXC; do + if echo "$item" | grep -qE "^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$"; then + ips="$item" + else + ips=$(dig +short "$item" A 2>/dev/null) + fi + for ip in $ips; do + ipset add ru-direct "$ip" -exist 2>/dev/null || true + echo "Исключение kill switch: $item → $ip (ipset)" + done + done fi - # Сохраняем ipset на диск (с учётом сервера Amnezia) - ipset save "$SETNAME" > "$IPSET_SAVE" - echo "ipset сохранён в $IPSET_SAVE" + +ipset save ru-direct > /etc/ipset.conf +echo "ipset сохранён в /etc/ipset.conf" + + + # --- Добавляем маршруты --- @@ -203,11 +221,23 @@ for net in $LOCAL_NETS; do ip route replace "$net" via "$GATEWAY" dev "$DEV" 2>/dev/null done - # Маршрут для сервера Amnezia (чтобы мог подключиться при kill switch) - if [ -n "$AMNEZIA_SERVER" ]; then - ip route replace "$AMNEZIA_SERVER/32" via "$GATEWAY" dev "$DEV" 2>/dev/null - echo "Маршрут для сервера Amnezia $AMNEZIA_SERVER добавлен" - fi +# Маршруты для исключений kill switch +ALL_EXC="${AMNEZIA_SERVER} ${KILL_SWITCH_EXCEPTIONS}" +if [ -n "${ALL_EXC// }" ]; then + for item in $ALL_EXC; do + if echo "$item" | grep -qE "^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$"; then + ips="$item" + else + ips=$(dig +short "$item" A 2>/dev/null) + fi + for ip in $ips; do + ip route replace "$ip/32" via "$GATEWAY" dev "$DEV" 2>/dev/null + echo "Маршрут для исключения: $item → $ip" + done + done +fi + + # --- DNS для *.loc через LOCAL_DNS (если задан) --- diff --git a/setup.sh b/setup.sh index d3334fc..b34724a 100755 --- a/setup.sh +++ b/setup.sh @@ -94,11 +94,13 @@ case "$choice" in auto_dev="${auto_dev:-wlp1s0}" saved_local_dns="" saved_amn_srv="" + saved_ks_exc="" if [ -f "$net_conf" ]; then saved_gw=$(grep '^GATEWAY=' "$net_conf" | cut -d= -f2) saved_dev=$(grep '^DEV=' "$net_conf" | cut -d= -f2) saved_local_dns=$(grep '^LOCAL_DNS=' "$net_conf" | cut -d= -f2) saved_amn_srv=$(grep '^AMNEZIA_SERVER=' "$net_conf" | cut -d= -f2) + saved_ks_exc=$(grep '^KS_EXCEPTIONS=' "$net_conf" | cut -d= -f2) auto_gw="${saved_gw:-$auto_gw}" auto_dev="${saved_dev:-$auto_dev}" echo -e "Загружены параметры профиля ${BLD}${chosen_profile}${CLR}: GATEWAY=${BLD}${auto_gw}${CLR} DEV=${BLD}${auto_dev}${CLR}" @@ -110,16 +112,19 @@ case "$choice" in read -rp "GATEWAY (IP роутера) [${auto_gw}]: " gw read -rp "DEV (интерфейс) [${auto_dev}]: " dev read -rp "LOCAL_DNS (DNS для *.loc) [${saved_local_dns:-пусто}]: " local_dns - read -rp "AMNEZIA_SERVER (IP сервера Amnezia) [${saved_amn_srv:-пусто}]: " amn_srv + read -rp "AMNEZIA_SERVER (IP/домен сервера Amnezia) [${saved_amn_srv:-пусто}]: " amn_srv + read -rp "KS_EXCEPTIONS (исключения kill switch: IP/домены через пробел) [${saved_ks_exc:-пусто}]: " ks_exc gw="${gw:-$auto_gw}" dev="${dev:-$auto_dev}" [ "$local_dns" = "пусто" ] && local_dns="" local_dns="${local_dns:-$saved_local_dns}" [ "$amn_srv" = "пусто" ] && amn_srv="" amn_srv="${amn_srv:-$saved_amn_srv}" - printf 'GATEWAY=%s\nDEV=%s\nLOCAL_DNS=%s\nAMNEZIA_SERVER=%s\n' "$gw" "$dev" "$local_dns" "$amn_srv" > "$net_conf" + [ "$ks_exc" = "пусто" ] && ks_exc="" + ks_exc="${ks_exc:-$saved_ks_exc}" + printf 'GATEWAY=%s\nDEV=%s\nLOCAL_DNS=%s\nAMNEZIA_SERVER=%s\nKILL_SWITCH_EXCEPTIONS=%s\n' "$gw" "$dev" "$local_dns" "$amn_srv" "$ks_exc" > "$net_conf" echo "" - sudo GATEWAY="$gw" DEV="$dev" LOCAL_DNS="$local_dns" AMNEZIA_SERVER="$amn_srv" USER_HOME="$HOME" bash scripts/ru-bypass.sh + sudo GATEWAY="$gw" DEV="$dev" LOCAL_DNS="$local_dns" AMNEZIA_SERVER="$amn_srv" KILL_SWITCH_EXCEPTIONS="$ks_exc" USER_HOME="$HOME" bash scripts/ru-bypass.sh ;; 3) echo -e "${YEL}Перед этим выйди из Claude Code — сессия сменит IP.${CLR}"