openwrt 常用命令记录
为了方便重新刷机后快速手动恢复,记录一下。
#openssh替代dropbear
x86下 建议编译的时候就去掉dropbear 用openssh
用ttyd或者 启动脚本执行 下面命令 写入证书
plaintext
mkdir -p /root/.ssh/
cat > /root/.ssh/authorized_keys << \EOF
ssh-rsa XXXXXX
EOF
chmod -R 600 ~/.ssh/authorized_keys
/etc/init.d/sshd restart或者允许root密码登陆
plaintext
/bin/cp -n /etc/ssh/sshd_config /etc/ssh/sshd_config-bak
sed -i 's/#PermitRootLogin without-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
/etc/init.d/sshd restart#防火墙
#允许内网设备ip6v对外服务
sh
################################ 允许内网ipv6 ################################
uci add firewall rule
uci set firewall.@rule[-1].name='MY_Allow_IPv6_Services'
uci set firewall.@rule[-1].src='wan'
uci set firewall.@rule[-1].dest='*'
uci set firewall.@rule[-1].proto='tcp udp'
uci set firewall.@rule[-1].family='ipv6'
uci set firewall.@rule[-1].target='ACCEPT'
uci commit firewall#端口映射
sh
################################ nginx ################################
uci add firewall redirect
uci set firewall.@redirect[-1].name='nginx'
uci set firewall.@redirect[-1].family='ipv4'
uci set firewall.@redirect[-1].src='wan'
uci set firewall.@redirect[-1].dest='lan'
uci set firewall.@redirect[-1].target='DNAT'
uci set firewall.@redirect[-1].dest_ip='10.1.1.50'
uci set firewall.@redirect[-1].dest_port='50400-50443'
uci set firewall.@redirect[-1].src_dport='50400-50443'
uci commit firewall
################################ redis_tcp ################################
# 省略
################################ ipsec4500 ################################
uci add firewall redirect
uci set firewall.@redirect[-1].name='ipsec4500'
uci set firewall.@redirect[-1].family='ipv4'
uci set firewall.@redirect[-1].src='wan'
uci set firewall.@redirect[-1].dest='lan'
uci set firewall.@redirect[-1].target='DNAT'
uci set firewall.@redirect[-1].dest_ip='10.1.1.45'
uci set firewall.@redirect[-1].dest_port='4500'
uci set firewall.@redirect[-1].src_dport='4500'
uci commit firewall
uci add firewall redirect
uci set firewall.@redirect[-1].name='ipsec500'
uci set firewall.@redirect[-1].family='ipv4'
uci set firewall.@redirect[-1].src='wan'
uci set firewall.@redirect[-1].dest='lan'
uci set firewall.@redirect[-1].target='DNAT'
uci set firewall.@redirect[-1].dest_ip='10.1.1.45'
uci set firewall.@redirect[-1].dest_port='500'
uci set firewall.@redirect[-1].src_dport='500'
uci commit firewall
################################ RustDesk ################################
uci add firewall redirect
uci set firewall.@redirect[-1].name='RustDesk'
uci set firewall.@redirect[-1].family='ipv4'
uci set firewall.@redirect[-1].src='wan'
uci set firewall.@redirect[-1].dest='lan'
uci set firewall.@redirect[-1].target='DNAT'
uci set firewall.@redirect[-1].dest_ip='10.1.1.15'
uci set firewall.@redirect[-1].dest_port='21115-21119'
uci set firewall.@redirect[-1].src_dport='21115-21119'
uci commit firewall
################################ npc ################################
# # 省略
#更多...
/etc/init.d/firewall restart#dhcp静态绑定
sh
uci commit dhcp
uci add dhcp host
uci set dhcp.@host[-1].name='usbWifi' # 客户端名称
uci set dhcp.@host[-1].mac='xx:xx:xx:xx:xx:xx' # 客户端的MAC地址
uci set dhcp.@host[-1].ip='10.1.1.70' # 静态IP地址
uci commit dhcp
uci add dhcp host
uci set dhcp.@host[-1].name='iphoneL'
uci set dhcp.@host[-1].mac='xx:xx:xx:xx:xx:xx'
uci set dhcp.@host[-1].ip='10.1.1.71'
uci commit dhcp
#更多...
/etc/init.d/dnsmasq restart#openclash
#自定义规则
yaml
##script:
##rules:
- DOMAIN-SUFFIX,gitea.io,🚀 节点选择
- DOMAIN-SUFFIX,mypikpak.com,🚀 节点选择
- DOMAIN-SUFFIX,dwz.date,🚀 节点选择
- DOMAIN-SUFFIX,chaojijichang.com,🚀 节点选择
- DOMAIN-SUFFIX,acme.sh,🚀 节点选择
- DOMAIN-SUFFIX,github.com,🚀 节点选择
- DOMAIN-SUFFIX,netlify.app,🚀 节点选择
- DOMAIN-SUFFIX,geekdocs.de,🚀 节点选择
- DOMAIN-SUFFIX,dmdy12.cc,🚀 节点选择
- DOMAIN-SUFFIX,restic.net,🚀 节点选择
- DOMAIN-SUFFIX,codigoparallevar.com,🚀 节点选择
- DOMAIN-SUFFIX,mypikpak.com,🚀 节点选择
- DOMAIN-SUFFIX,go.dev,🚀 节点选择
- DOMAIN-SUFFIX,v2ex.com,🚀 节点选择
- DOMAIN-SUFFIX,virtualhere.com,DIRECT
- DOMAIN-SUFFIX,shiftr.io,DIRECT
- DOMAIN-SUFFIX,nuaa.cf,DIRECT
- DOMAIN-SUFFIX,bitwarden.com,DIRECT
## linux
- DOMAIN,dl-cdn.alpinelinux.org,🚀 节点选择
- DOMAIN,gitlab.archlinux.org,🚀 节点选择
- DOMAIN-SUFFIX,alpinelinux.org,DIRECT
- DOMAIN-SUFFIX,archlinux.org,DIRECT
- DOMAIN-SUFFIX,archlinuxcn.org,DIRECT
- DOMAIN,deb.debian.org,🚀 节点选择
- DOMAIN,cn.archive.ubuntu.com,🚀 节点选择
## 安卓
- DOMAIN-SUFFIX,coloros.com,DIRECT
## github
- DOMAIN-SUFFIX,ghproxy.com,DIRECT
- DOMAIN-SUFFIX,ghproxy.com,DIRECT
## docker
- DOMAIN-SUFFIX,docker.io,🚀 节点选择
## 淘宝
- DOMAIN-SUFFIX,taobao.com,DIRECT
- DOMAIN-SUFFIX,tmall.com,DIRECT
- DOMAIN-SUFFIX,taobao.com.cn,DIRECT
- DOMAIN-SUFFIX,tmall.com.cn,DIRECT
- DOMAIN-SUFFIX,alibaba.com,DIRECT
- DOMAIN-SUFFIX,aliexpress.com,DIRECT
- DOMAIN-SUFFIX,alipay.com,DIRECT
- DOMAIN-SUFFIX,etao.com,DIRECT
- DOMAIN-SUFFIX,juhuasuan.com,DIRECT
- DOMAIN-SUFFIX,fliggy.com,DIRECT
- DOMAIN-SUFFIX,alimama.com,DIRECT
- DOMAIN-SUFFIX,alibaba-inc.com,DIRECT
- DOMAIN-SUFFIX,alibabacloud.com,DIRECT
- DOMAIN-SUFFIX,alicdn.com,DIRECT
- DOMAIN-SUFFIX,alibaba.net,DIRECT
- DOMAIN-SUFFIX,aliyuncs.com,DIRECT
## netdisk
- DOMAIN-SUFFIX,r2.cloudflarestorage.com,DIRECT
- DOMAIN-SUFFIX,koofr.net,DIRECT
- DOMAIN-SUFFIX,pcloud.com,DIRECT
## 微软 补充规则
- DOMAIN-SUFFIX,bing.com,DIRECT
- DOMAIN-SUFFIX,ecosia.org,DIRECT
- DOMAIN-SUFFIX,microsoft.com,DIRECT
#- DOMAIN-SUFFIX,packages.microsoft.com,🚀 节点选择
- DOMAIN-SUFFIX,live.com,DIRECT
- DOMAIN-SUFFIX,microsoftonline.cn,DIRECT
- DOMAIN-SUFFIX,sharepoint.cn,DIRECT
# ipv6 用镜像站区分
- DOMAIN-SUFFIX,test-ipv6.com,🚀 节点选择
- DOMAIN-SUFFIX,ip.zxinc.org,DIRECT
## DDNS https://ip.skk.moe/
- DOMAIN-SUFFIX,checkip.dyndns.org,DIRECT
- DOMAIN-SUFFIX,checkipv6.dyndns.org,DIRECT
- DOMAIN-SUFFIX,checkip.synology.com,DIRECT
- DOMAIN-SUFFIX,ifconfig.co,DIRECT
- DOMAIN-SUFFIX,api.myip.com,DIRECT
- DOMAIN-SUFFIX,ip-api.com,DIRECT
- DOMAIN-SUFFIX,ipapi.co,DIRECT
- DOMAIN-SUFFIX,ip6.seeip.org,DIRECT
- DOMAIN-SUFFIX,members.3322.org,DIRECT
## eu.org
- DOMAIN-SUFFIX,nic.eu.org,🚀 节点选择
- DOMAIN-SUFFIX,eu.org,DIRECT
## 天气相关
## poltbar
- DOMAIN-SUFFIX,openweathermap.org,DIRECT
## nextcloud
- DOMAIN-SUFFIX,openstreetmap.org,DIRECT
- DOMAIN-SUFFIX,opentopodata.org,DIRECT
- DOMAIN-SUFFIX,met.no,DIRECT
## cloudflare ipv4 ipv6
## https://www.cloudflare.com/ips-v4
- IP-CIDR,1.1.1.1/8,DIRECT
- IP-CIDR,173.245.48.0/20,DIRECT
- IP-CIDR,103.21.244.0/22,DIRECT
- IP-CIDR,103.22.200.0/22,DIRECT
- IP-CIDR,103.31.4.0/22,DIRECT
- IP-CIDR,141.101.64.0/18,DIRECT
- IP-CIDR,108.162.192.0/18,DIRECT
- IP-CIDR,190.93.240.0/20,DIRECT
- IP-CIDR,188.114.96.0/20,DIRECT
- IP-CIDR,197.234.240.0/22,DIRECT
- IP-CIDR,198.41.128.0/17,DIRECT
- IP-CIDR,162.158.0.0/15,DIRECT
- IP-CIDR,104.16.0.0/13,DIRECT
- IP-CIDR,104.24.0.0/14,DIRECT
- IP-CIDR,172.64.0.0/13,DIRECT
- IP-CIDR,131.0.72.0/22,DIRECT
## https://www.cloudflare.com/ips-v6
- IP-CIDR6,2400:cb00::/32,DIRECT
- IP-CIDR6,2606:4700::/32,DIRECT
- IP-CIDR6,2803:f800::/32,DIRECT
- IP-CIDR6,2405:b500::/32,DIRECT
- IP-CIDR6,2405:8100::/32,DIRECT
- IP-CIDR6,2a06:98c0::/29,DIRECT
- IP-CIDR6,2c0f:f248::/32,DIRECT
## dash.cloudflare.com /
- DOMAIN-SUFFIX,wwww.cloudflare.com,🚀 节点选择
- DOMAIN-SUFFIX,dash.cloudflare.com,🚀 节点选择
- DOMAIN-SUFFIX,static.dash.cloudflare.com,🚀 节点选择
## vod
- DOMAIN-SUFFIX,ffzy-play5.com,DIRECT
- DOMAIN-SUFFIX,ffzypic.com,DIRECT
## 强制直连 密码插件
- DOMAIN-SUFFIX,bitwarden.net,DIRECT
## 屏蔽清单
## 鼠标右键插件
- DOMAIN-SUFFIX,mousegesturesapi.com,REJECT
## 其他国内ip强制直连
- GEOIP,CN,DIRECT#基本配置文件
rm /etc/config/openclash && nano /etc/config/openclash
conf
config openclash 'config'
option proxy_port '7892'
option tproxy_port '7895'
option mixed_port '7893'
option socks_port '7891'
option http_port '7890'
option dns_port '7874'
option enable '1'
option update '0'
option en_mode 'redir-host'
option auto_update '1'
option cn_port '9090'
option dashboard_password '123456'
option dashboard_forward_ssl '0'
option rule_source '0'
option enable_custom_dns '1'
option ipv6_enable '0'
option ipv6_dns '1'
option enable_custom_clash_rules '0'
option other_rule_auto_update '1'
option core_version 'linux-amd64'
option enable_redirect_dns '1'
option servers_if_update '0'
option disable_masq_cache '1'
option servers_update '0'
option log_level '0'
option proxy_mode 'rule'
option intranet_allowed '1'
option enable_udp_proxy '1'
option disable_udp_quic '1'
option lan_ac_mode '0'
option operation_mode 'redir-host'
option enable_rule_proxy '0'
option redirect_dns '1'
option cachesize_dns '1'
option filter_aaaa_dns '1'
option small_flash_memory '0'
option interface_name '0'
option common_ports '0'
option log_size '1024'
option tolerance '0'
option store_fakeip '0'
option custom_fallback_filter '0'
option custom_fakeip_filter '0'
option custom_host '0'
option custom_name_policy '0'
option append_wan_dns '0'
option stream_domains_prefetch '0'
option stream_auto_select '0'
option bypass_gateway_compatible '0'
option github_address_mod 'https://ghproxy.com/'
option urltest_address_mod '0'
option urltest_interval_mod '0'
option delay_start '0'
option router_self_proxy '1'
option release_branch 'master'
option enable_meta_core '0'
option dashboard_type 'Official'
option yacd_type 'Official'
option append_default_dns '0'
option geo_custom_url 'https://testingcf.jsdelivr.net/gh/alecthw/mmdb_china_ip_list@release/lite/Country.mmdb'
option chnr_custom_url 'https://ispip.clang.cn/all_cn.txt'
option chnr6_custom_url 'https://ispip.clang.cn/all_cn_ipv6.txt'
option cndomain_custom_url 'https://testingcf.jsdelivr.net/gh/felixonmars/dnsmasq-china-list@master/accelerated-domains.china.conf'
option default_resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option config_auto_update_mode '1'
option config_update_interval '45'
option config_path '/etc/openclash/config/skyvpn.yaml'
option restricted_mode '0'
option config_reload '1'
option dnsmasq_resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option enable_custom_domain_dns_server '0'
option china_ip_route '0'
option other_rule_update_week_time '*'
option other_rule_update_day_time '22'
option geo_auto_update '1'
option geo_update_week_time '*'
option geo_update_day_time '1'
option geoip_auto_update '1'
option geosite_auto_update '1'
option chnr_auto_update '1'
option chnr_update_week_time '*'
option chnr_update_day_time '4'
option auto_restart '0'
option auto_restart_week_time '1'
option auto_restart_day_time '0'
option geoip_update_week_time '*'
option geoip_update_day_time '2'
option geoip_custom_url 'https://testingcf.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat'
option geosite_update_week_time '*'
option geosite_update_day_time '3'
option geosite_custom_url 'https://testingcf.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat'
option restart '0'
option dnsmasq_noresolv '0'
option find_process_mode '0'
option global_client_fingerprint '0'
option geodata_loader '0'
option enable_geoip_dat '0'
option enable_meta_sniffer '1'
option enable_meta_sniffer_pure_ip '1'
option enable_meta_sniffer_custom '0'
option dnsmasq_cachesize '10000'
config dns_servers
option type 'https'
option ip 'doh.pub/dns-query'
option group 'nameserver'
option enabled '1'
config dns_servers
option type 'https'
option ip 'dns.alidns.com/dns-query'
option group 'nameserver'
option enabled '1'
config dns_servers
option type 'https'
option group 'fallback'
option ip 'dns.cloudflare.com/dns-query'
option enabled '1'
config dns_servers
option group 'fallback'
option ip 'dns.google'
option port '853'
option type 'tls'
option enabled '1'
config dns_servers
option group 'fallback'
option type 'https'
option ip '1.1.1.1/dns-query'
option enabled '0'
config dns_servers
option group 'fallback'
option ip '1.1.1.1'
option port '853'
option type 'tls'
option enabled '1'
config dns_servers
option enabled '1'
option group 'fallback'
option ip '8.8.8.8'
option port '853'
option type 'tls'
config dns_servers
option type 'udp'
option group 'fallback'
option ip '2001:4860:4860::8888'
option port '53'
option enabled '0'
config dns_servers
option type 'udp'
option group 'fallback'
option ip '2001:4860:4860::8844'
option port '53'
option enabled '0'
config dns_servers
option type 'udp'
option group 'fallback'
option ip '2001:da8::666'
option port '53'
option enabled '0'
config dns_servers
option group 'fallback'
option type 'https'
option ip 'public.dns.iij.jp/dns-query'
option enabled '1'
config dns_servers
option group 'fallback'
option type 'https'
option ip 'jp.tiar.app/dns-query'
option enabled '0'
config dns_servers
option group 'fallback'
option type 'https'
option ip 'jp.tiarap.org/dns-query'
option enabled '0'
config dns_servers
option group 'fallback'
option ip 'jp.tiar.app'
option type 'tls'
option enabled '0'
config dns_servers
option group 'fallback'
option ip 'dot.tiar.app'
option type 'tls'
option enabled '0'
config dns_servers
option enabled '0'
option group 'fallback'
option type 'https'
option ip 'doh.dnslify.com/dns-query'
config dns_servers
option enabled '0'
option group 'fallback'
option ip 'dns.twnic.tw/dns-query'
option type 'https'
config dns_servers
option enabled '1'
option group 'fallback'
option ip 'dns.oszx.co/dns-query'
option type 'https'
config dns_servers
option enabled '0'
option group 'fallback'
option ip 'doh.applied-privacy.net/query'
option type 'https'
config dns_servers
option enabled '0'
option group 'fallback'
option ip 'dnsforge.de/dns-query'
option type 'https'
config dns_servers
option enabled '0'
option group 'fallback'
option ip 'doh.ffmuc.net/dns-query'
option type 'https'
config dns_servers
option enabled '0'
option group 'fallback'
option type 'https'
option ip 'doh.mullvad.net/dns-query'
config authentication
option enabled '1'
option username 'Clash'
option password 'PxWRaBiU'
config config_subscribe
option enabled '1'
option name 'skyvpn'
option address '<订阅地址>'
option sub_convert '1'
option convert_address 'https://api.dler.io/sub'
option template 'ACL4SSR 规则 Online Full'
option emoji 'false'
option udp 'false'
option skip_cert_verify 'false'
option sort 'false'
option node_type 'false'
option rule_provider 'false'
config config_subscribe
option enabled '1'
option name 'yiyuan'
option address '<订阅地址>'
option sub_convert '1'
option convert_address 'https://api.dler.io/sub'
option template 'ACL4SSR 规则 Online Full'
option emoji 'false'
option udp 'false'
option skip_cert_verify 'false'
option sort 'false'
option node_type 'false'
option rule_provider 'false'
config config_subscribe
option enabled '1'
option name 'feiniaoyun'
option address '<订阅地址>'
option sub_convert '1'
option convert_address 'https://api.dler.io/sub'
option template 'ACL4SSR 规则 Online Full'
option emoji 'false'
option udp 'false'
option skip_cert_verify 'false'
option sort 'false'
option node_type 'false'
option rule_provider 'false'