修复LF问题，更新广告规则，解耦合iptables脚本以配合第三方软件实现启停，修改上游DNS为DoT

twoone-3 · twoone-3 · commit a36588a794d4 · 2023-12-23T12:09:42.000+08:00
diff --git a/.gitignore b/.gitignore
@@ -1 +1 @@
-AdguardHome.zip
+*.zip
diff --git a/apply_iptables.sh b/apply_iptables.sh
@@ -0,0 +1,11 @@
+iptables -t nat -N ADGUARD
+# 返回所有 AdGuardHome 的请求
+iptables -t nat -A ADGUARD -m owner --uid-owner root --gid-owner net_raw -j RETURN
+# 将 53 端口所有 udp tcp 流量转发到 adguard home
+iptables -t nat -A ADGUARD -p udp --dport 53 -j REDIRECT --to-ports 5591
+iptables -t nat -A ADGUARD -p tcp --dport 53 -j REDIRECT --to-ports 5591
+# ip6 缺少nat表，待查问题
+# ip6tables -t nat -A ADGUARD -p udp --dport 53 -j REDIRECT --to-ports 5591
+# ip6tables -t nat -A ADGUARD -p tcp --dport 53 -j REDIRECT --to-ports 5591
+# 将 ADGUARD 规则添加到 OUTPUT
+iptables -t nat -I OUTPUT 1 -j ADGUARD
diff --git a/bin/AdGuardHome.yaml b/bin/AdGuardHome.yaml
@@ -23,16 +23,15 @@ dns:
   ratelimit_whitelist: []
   refuse_any: true
   upstream_dns:
-    - https://223.5.5.5/dns-query
-    - https://1.12.12.12/dns-query
+    - tls://dot.pub
+    - tls://dns.alidns.com
   upstream_dns_file: ""
   bootstrap_dns:
-    - 127.0.0.1
+    - 223.5.5.5
+    - 119.29.29.29
   fallback_dns:
-    - https://223.6.6.6/dns-query
-    - https://120.53.53.53/dns-query
-    - https://8.8.8.8/dns-query
-    - https://1.1.1.1/dns-query
+    - tls://dns.google
+    - tls://1dot1dot1dot1.cloudflare-dns.com
   all_servers: true
   fastest_addr: false
   fastest_timeout: 1s
@@ -46,8 +45,8 @@ dns:
     - 127.0.0.0/8
     - ::1/128
   cache_size: 33554432
-  cache_ttl_min: 300
-  cache_ttl_max: 3600
+  cache_ttl_min: 0
+  cache_ttl_max: 0
   cache_optimistic: true
   bogus_nxdomain: []
   aaaa_disabled: false
@@ -101,9 +100,7 @@ filters:
     name: 秋风广告规则
     id: 1700480708
 whitelist_filters: []
-user_rules:
-  - '@@||pglstatp-toutiao.com^$important'
-  - ""
+user_rules: []
 dhcp:
   enabled: false
   interface_name: ""
@@ -137,7 +134,7 @@ filtering:
     pixabay: true
     yandex: true
     youtube: true
-  blocking_mode: null_ip
+  blocking_mode: default
   parental_block_host: family-block.dns.adguard.com
   safebrowsing_block_host: standard-block.dns.adguard.com
   rewrites: []
@@ -146,7 +143,7 @@ filtering:
   parental_cache_size: 1048576
   cache_time: 30
   filters_update_interval: 72
-  blocked_response_ttl: 30
+  blocked_response_ttl: 10
   filtering_enabled: true
   parental_enabled: false
   safebrowsing_enabled: false
diff --git a/bin/data/filters/1700480708.txt b/bin/data/filters/1700480708.txt
@@ -95,6 +95,7 @@
 ||analytics.pinterest.com^
 ||analytics.rayjump.com^
 ||analytics.tiktok.com^
+||analytics.woozooo.com^
 ||analyze.lemurbrowser.com^
 ||api-access.pangolin-sdk-toutiao*.com^
 ||api-access.pangolin-sdk-toutiao.com3^
@@ -284,14 +285,17 @@
 ||mon.snssdk.com^
 ||monitor.music.qq.com^
 ||monitor.uu.qq.com^
+||mp.weixin.qq.com/mp/getappmsgad^
 ||mtj.baidu.com^
 ||nmetrics.samsung.com^
 ||notes-analytics-events.apple.com^
 ||nsclick.baidu.com^
 ||o2o.api.xiaomi.com^
-||offerwall.yandex.net^||open.e.kuaishou.cn^
+||offerwall.yandex.net^
+||open.e.kuaishou.cn^
 ||open.e.kuaishou.com^
 ||open.kuaishouzt.com^
+||open.kwaishouzt.com^
 ||open.kwaizt.com^
 ||optimus-ads.amap.com^
 ||oth.eve.mdt.qq.com^
@@ -375,7 +379,8 @@
 ||tdc.qq.com^
 ||tdid.m.qq.com^
 ||test.ad.xiaomi.com^
-||test.e.ad.xiaomi.com^||tj.b.qq.com^
+||test.e.ad.xiaomi.com^
+||tj.b.qq.com^
 ||tj.video.qq.com^
 ||tmead.y.qq.com^
 ||tmfsdk.m.qq.com^
diff --git a/customize.sh b/customize.sh
@@ -1,12 +1,11 @@
 if [ "$ARCH" != "arm64" ]; then
-  ui_print "仅支持arm64架构，安装失败"
-  exit 1
+  abort "仅支持 arm64 架构，安装失败"
 fi
 
 ADG_DIR="$MODPATH/bin"
-chmod 777 "$ADG_DIR/AdGuardHome"
+chmod +x "$ADG_DIR/AdGuardHome" "$MODPATH/apply_iptables.sh" "$MODPATH/flush_iptables.sh"
 # TODO: 研究用户组对程序运行有什么影响
-chgrp net_raw "$ADG_DIR/AdGuardHome"
-chgrp net_raw "$ADG_DIR/AdGuardHome.yaml"
+# chgrp net_raw "$ADG_DIR/AdGuardHome"
+# chgrp net_raw "$ADG_DIR/AdGuardHome.yaml"
 
-ui_print "安装成功"
+ui_print "安装成功，请重启设备"
diff --git a/flush_iptables.sh b/flush_iptables.sh
@@ -0,0 +1,7 @@
+iptables -t nat -D OUTPUT 1
+iptables -t nat -F ADGUARD
+iptables -t nat -X ADGUARD
+
+# ip6tables -t nat -D ADGUARD 1
+# ip6tables -t nat -F ADGUARD
+# ip6tables -t nat -X ADGUARD
diff --git a/module.prop b/module.prop
@@ -1,6 +1,6 @@
 id=AdGuardHome
 name=AdGuardHome for Magisk
-version=20231219
-versionCode=7
+version=20231223
+versionCode=8
 author=twoone3
 description=通过DNS层面过滤广告、防DNS劫持，后台地址http://127.0.0.1:3000，用户名/密码root
diff --git a/service.sh b/service.sh
@@ -1,33 +1,12 @@
-until [ $(getprop sys.boot_completed) ]; do
-	sleep 1
-done
+# until [ $(getprop sys.boot_completed) ]; do
+# 	sleep 1
+# done
 MODDIR="${0%/*}"
 ADG_DIR="$MODDIR/bin"
-setuidgid root:net_raw "$ADG_DIR/AdGuardHome" >"$ADG_DIR/AdGuardHome.log" 2>&1 &
+# 输出重定向
+exec 1>"$ADG_DIR/stdout.log"
+exec 2>"$ADG_DIR/stderr.log"
 
-# 读取配置文件的端口
-adhome_port="$(cat "$ADG_DIR/AdGuardHome.yaml" | egrep '^  port: ' | sed -n 's/  port: //g;s/ //g;$p')"
+setuidgid root:net_raw "$ADG_DIR/AdGuardHome" 2>&1 &
 
-apply_rules() {
-	# 新建规则链
-	iptables -t nat -N ADGUARD
-	# 返回所有 AdGuardHome 的请求
-	iptables -t nat -A ADGUARD -m owner --uid-owner root --gid-owner net_raw -j RETURN
-	# 将 53 端口所有 udp tcp 流量转发到 adguard home
-	iptables -t nat -A ADGUARD -p udp --dport 53 -j REDIRECT --to-ports ${adhome_port}
-	iptables -t nat -A ADGUARD -p tcp --dport 53 -j REDIRECT --to-ports ${adhome_port}
-	ip6tables -t nat -A ADGUARD -p udp --dport 53 -j REDIRECT --to-ports ${adhome_port}
-	ip6tables -t nat -A ADGUARD -p tcp --dport 53 -j REDIRECT --to-ports ${adhome_port}
-	# 将 ADGUARD 规则添加到 OUTPUT
-	iptables -t nat -A OUTPUT -j ADGUARD
-}
-
-flush_rules() {
-	iptables -t mangle -F ADGUARD
-	iptables -t mangle -X ADGUARD
-
-	ip6tables -t mangle -F ADGUARD
-	ip6tables -t mangle -X ADGUARD
-}
-
-apply_rules
+"$MODDIR/apply_iptables.sh"
