openwrt 常用命令记录

为了方便重新刷机后快速手动恢复，记录一下。

# openssh替代dropbear

x86下建议编译的时候就去掉dropbear 用openssh 用ttyd或者启动脚本执行下面命令写入证书

1
2
3
4
5
6
mkdir  -p /root/.ssh/
cat > /root/.ssh/authorized_keys << \EOF
ssh-rsa XXXXXX
EOF
chmod -R 600 ~/.ssh/authorized_keys 
/etc/init.d/sshd restart

或者允许root密码登陆

1
2
3
4
/bin/cp -n /etc/ssh/sshd_config  /etc/ssh/sshd_config-bak
sed -i 's/#PermitRootLogin without-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
/etc/init.d/sshd restart

# 防火墙

# 允许内网设备ip6v对外服务

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

################################ 允许内网ipv6 ################################
uci add firewall rule
uci set firewall.@rule[-1].name='MY_Allow_IPv6_Services'
uci set firewall.@rule[-1].src='wan'
uci set firewall.@rule[-1].dest='*'
uci set firewall.@rule[-1].proto='tcp udp'
uci set firewall.@rule[-1].family='ipv6'
uci set firewall.@rule[-1].target='ACCEPT'
uci commit firewall

# 端口映射

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

################################ nginx ################################
uci add firewall redirect
uci set firewall.@redirect[-1].name='nginx'
uci set firewall.@redirect[-1].family='ipv4'
uci set firewall.@redirect[-1].src='wan'
uci set firewall.@redirect[-1].dest='lan'
uci set firewall.@redirect[-1].target='DNAT'
uci set firewall.@redirect[-1].dest_ip='10.1.1.50'
uci set firewall.@redirect[-1].dest_port='50400-50443'
uci set firewall.@redirect[-1].src_dport='50400-50443'
uci commit firewall
################################ redis_tcp ################################
# 省略
################################ ipsec4500 ################################
uci add firewall redirect
uci set firewall.@redirect[-1].name='ipsec4500'
uci set firewall.@redirect[-1].family='ipv4'
uci set firewall.@redirect[-1].src='wan'
uci set firewall.@redirect[-1].dest='lan'
uci set firewall.@redirect[-1].target='DNAT'
uci set firewall.@redirect[-1].dest_ip='10.1.1.45'
uci set firewall.@redirect[-1].dest_port='4500'
uci set firewall.@redirect[-1].src_dport='4500'
uci commit firewall
uci add firewall redirect
uci set firewall.@redirect[-1].name='ipsec500'
uci set firewall.@redirect[-1].family='ipv4'
uci set firewall.@redirect[-1].src='wan'
uci set firewall.@redirect[-1].dest='lan'
uci set firewall.@redirect[-1].target='DNAT'
uci set firewall.@redirect[-1].dest_ip='10.1.1.45'
uci set firewall.@redirect[-1].dest_port='500'
uci set firewall.@redirect[-1].src_dport='500'
uci commit firewall
################################ RustDesk ################################
uci add firewall redirect
uci set firewall.@redirect[-1].name='RustDesk'
uci set firewall.@redirect[-1].family='ipv4'
uci set firewall.@redirect[-1].src='wan'
uci set firewall.@redirect[-1].dest='lan'
uci set firewall.@redirect[-1].target='DNAT'
uci set firewall.@redirect[-1].dest_ip='10.1.1.15'
uci set firewall.@redirect[-1].dest_port='21115-21119'
uci set firewall.@redirect[-1].src_dport='21115-21119'
uci commit firewall
################################ npc ################################
# # 省略

#更多...
/etc/init.d/firewall restart

# dhcp静态绑定

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
uci commit dhcp
uci add dhcp host
uci set dhcp.@host[-1].name='usbWifi'   # 客户端名称
uci set dhcp.@host[-1].mac='xx:xx:xx:xx:xx:xx'   # 客户端的MAC地址
uci set dhcp.@host[-1].ip='10.1.1.70'   # 静态IP地址
uci commit dhcp
uci add dhcp host
uci set dhcp.@host[-1].name='iphoneL'
uci set dhcp.@host[-1].mac='xx:xx:xx:xx:xx:xx'
uci set dhcp.@host[-1].ip='10.1.1.71'
uci commit dhcp
#更多...
/etc/init.d/dnsmasq restart

# openclash

# 自定义规则

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
##script:
##rules:
- DOMAIN-SUFFIX,gitea.io,🚀 节点选择
- DOMAIN-SUFFIX,mypikpak.com,🚀 节点选择
- DOMAIN-SUFFIX,dwz.date,🚀 节点选择
- DOMAIN-SUFFIX,chaojijichang.com,🚀 节点选择
- DOMAIN-SUFFIX,acme.sh,🚀 节点选择
- DOMAIN-SUFFIX,github.com,🚀 节点选择
- DOMAIN-SUFFIX,netlify.app,🚀 节点选择
- DOMAIN-SUFFIX,geekdocs.de,🚀 节点选择
- DOMAIN-SUFFIX,dmdy12.cc,🚀 节点选择
- DOMAIN-SUFFIX,restic.net,🚀 节点选择
- DOMAIN-SUFFIX,codigoparallevar.com,🚀 节点选择
- DOMAIN-SUFFIX,mypikpak.com,🚀 节点选择
- DOMAIN-SUFFIX,go.dev,🚀 节点选择
- DOMAIN-SUFFIX,v2ex.com,🚀 节点选择
- DOMAIN-SUFFIX,virtualhere.com,DIRECT
- DOMAIN-SUFFIX,shiftr.io,DIRECT
- DOMAIN-SUFFIX,nuaa.cf,DIRECT
- DOMAIN-SUFFIX,bitwarden.com,DIRECT
## linux
- DOMAIN,dl-cdn.alpinelinux.org,🚀 节点选择
- DOMAIN,gitlab.archlinux.org,🚀 节点选择
- DOMAIN-SUFFIX,alpinelinux.org,DIRECT
- DOMAIN-SUFFIX,archlinux.org,DIRECT
- DOMAIN-SUFFIX,archlinuxcn.org,DIRECT
- DOMAIN,deb.debian.org,🚀 节点选择
- DOMAIN,cn.archive.ubuntu.com,🚀 节点选择
## 安卓
- DOMAIN-SUFFIX,coloros.com,DIRECT
## github
- DOMAIN-SUFFIX,ghproxy.com,DIRECT
- DOMAIN-SUFFIX,ghproxy.com,DIRECT
## docker  
- DOMAIN-SUFFIX,docker.io,🚀 节点选择
## 淘宝 
- DOMAIN-SUFFIX,taobao.com,DIRECT
- DOMAIN-SUFFIX,tmall.com,DIRECT
- DOMAIN-SUFFIX,taobao.com.cn,DIRECT
- DOMAIN-SUFFIX,tmall.com.cn,DIRECT
- DOMAIN-SUFFIX,alibaba.com,DIRECT
- DOMAIN-SUFFIX,aliexpress.com,DIRECT
- DOMAIN-SUFFIX,alipay.com,DIRECT
- DOMAIN-SUFFIX,etao.com,DIRECT
- DOMAIN-SUFFIX,juhuasuan.com,DIRECT
- DOMAIN-SUFFIX,fliggy.com,DIRECT
- DOMAIN-SUFFIX,alimama.com,DIRECT
- DOMAIN-SUFFIX,alibaba-inc.com,DIRECT
- DOMAIN-SUFFIX,alibabacloud.com,DIRECT
- DOMAIN-SUFFIX,alicdn.com,DIRECT
- DOMAIN-SUFFIX,alibaba.net,DIRECT
- DOMAIN-SUFFIX,aliyuncs.com,DIRECT
## netdisk
- DOMAIN-SUFFIX,r2.cloudflarestorage.com,DIRECT
- DOMAIN-SUFFIX,koofr.net,DIRECT
- DOMAIN-SUFFIX,pcloud.com,DIRECT
## 微软 补充规则 
- DOMAIN-SUFFIX,bing.com,DIRECT
- DOMAIN-SUFFIX,ecosia.org,DIRECT
- DOMAIN-SUFFIX,microsoft.com,DIRECT
#- DOMAIN-SUFFIX,packages.microsoft.com,🚀 节点选择
- DOMAIN-SUFFIX,live.com,DIRECT
- DOMAIN-SUFFIX,microsoftonline.cn,DIRECT
- DOMAIN-SUFFIX,sharepoint.cn,DIRECT
# ipv6  用镜像站区分
- DOMAIN-SUFFIX,test-ipv6.com,🚀 节点选择
- DOMAIN-SUFFIX,ip.zxinc.org,DIRECT
## DDNS  https://ip.skk.moe/
- DOMAIN-SUFFIX,checkip.dyndns.org,DIRECT
- DOMAIN-SUFFIX,checkipv6.dyndns.org,DIRECT
- DOMAIN-SUFFIX,checkip.synology.com,DIRECT
- DOMAIN-SUFFIX,ifconfig.co,DIRECT
- DOMAIN-SUFFIX,api.myip.com,DIRECT
- DOMAIN-SUFFIX,ip-api.com,DIRECT
- DOMAIN-SUFFIX,ipapi.co,DIRECT
- DOMAIN-SUFFIX,ip6.seeip.org,DIRECT
- DOMAIN-SUFFIX,members.3322.org,DIRECT
## eu.org
- DOMAIN-SUFFIX,nic.eu.org,🚀 节点选择
- DOMAIN-SUFFIX,eu.org,DIRECT
## 天气相关
## poltbar
- DOMAIN-SUFFIX,openweathermap.org,DIRECT
## nextcloud
- DOMAIN-SUFFIX,openstreetmap.org,DIRECT
- DOMAIN-SUFFIX,opentopodata.org,DIRECT
- DOMAIN-SUFFIX,met.no,DIRECT
## cloudflare ipv4 ipv6
## https://www.cloudflare.com/ips-v4
- IP-CIDR,1.1.1.1/8,DIRECT
- IP-CIDR,173.245.48.0/20,DIRECT
- IP-CIDR,103.21.244.0/22,DIRECT
- IP-CIDR,103.22.200.0/22,DIRECT
- IP-CIDR,103.31.4.0/22,DIRECT
- IP-CIDR,141.101.64.0/18,DIRECT
- IP-CIDR,108.162.192.0/18,DIRECT
- IP-CIDR,190.93.240.0/20,DIRECT
- IP-CIDR,188.114.96.0/20,DIRECT
- IP-CIDR,197.234.240.0/22,DIRECT
- IP-CIDR,198.41.128.0/17,DIRECT
- IP-CIDR,162.158.0.0/15,DIRECT
- IP-CIDR,104.16.0.0/13,DIRECT
- IP-CIDR,104.24.0.0/14,DIRECT
- IP-CIDR,172.64.0.0/13,DIRECT
- IP-CIDR,131.0.72.0/22,DIRECT
## https://www.cloudflare.com/ips-v6
- IP-CIDR6,2400:cb00::/32,DIRECT
- IP-CIDR6,2606:4700::/32,DIRECT
- IP-CIDR6,2803:f800::/32,DIRECT
- IP-CIDR6,2405:b500::/32,DIRECT
- IP-CIDR6,2405:8100::/32,DIRECT
- IP-CIDR6,2a06:98c0::/29,DIRECT
- IP-CIDR6,2c0f:f248::/32,DIRECT
## dash.cloudflare.com /
- DOMAIN-SUFFIX,wwww.cloudflare.com,🚀 节点选择
- DOMAIN-SUFFIX,dash.cloudflare.com,🚀 节点选择
- DOMAIN-SUFFIX,static.dash.cloudflare.com,🚀 节点选择
## vod
- DOMAIN-SUFFIX,ffzy-play5.com,DIRECT
- DOMAIN-SUFFIX,ffzypic.com,DIRECT
## 强制直连 密码插件
- DOMAIN-SUFFIX,bitwarden.net,DIRECT
## 屏蔽清单
## 鼠标右键插件
- DOMAIN-SUFFIX,mousegesturesapi.com,REJECT
## 其他国内ip强制直连
- GEOIP,CN,DIRECT

# 基本配置文件

rm /etc/config/openclash && nano /etc/config/openclash

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288

config openclash 'config'
	option proxy_port '7892'
	option tproxy_port '7895'
	option mixed_port '7893'
	option socks_port '7891'
	option http_port '7890'
	option dns_port '7874'
	option enable '1'
	option update '0'
	option en_mode 'redir-host'
	option auto_update '1'
	option cn_port '9090'
	option dashboard_password '123456'
	option dashboard_forward_ssl '0'
	option rule_source '0'
	option enable_custom_dns '1'
	option ipv6_enable '0'
	option ipv6_dns '1'
	option enable_custom_clash_rules '0'
	option other_rule_auto_update '1'
	option core_version 'linux-amd64'
	option enable_redirect_dns '1'
	option servers_if_update '0'
	option disable_masq_cache '1'
	option servers_update '0'
	option log_level '0'
	option proxy_mode 'rule'
	option intranet_allowed '1'
	option enable_udp_proxy '1'
	option disable_udp_quic '1'
	option lan_ac_mode '0'
	option operation_mode 'redir-host'
	option enable_rule_proxy '0'
	option redirect_dns '1'
	option cachesize_dns '1'
	option filter_aaaa_dns '1'
	option small_flash_memory '0'
	option interface_name '0'
	option common_ports '0'
	option log_size '1024'
	option tolerance '0'
	option store_fakeip '0'
	option custom_fallback_filter '0'
	option custom_fakeip_filter '0'
	option custom_host '0'
	option custom_name_policy '0'
	option append_wan_dns '0'
	option stream_domains_prefetch '0'
	option stream_auto_select '0'
	option bypass_gateway_compatible '0'
	option github_address_mod 'https://ghproxy.com/'
	option urltest_address_mod '0'
	option urltest_interval_mod '0'
	option delay_start '0'
	option router_self_proxy '1'
	option release_branch 'master'
	option enable_meta_core '0'
	option dashboard_type 'Official'
	option yacd_type 'Official'
	option append_default_dns '0'
	option geo_custom_url 'https://testingcf.jsdelivr.net/gh/alecthw/mmdb_china_ip_list@release/lite/Country.mmdb'
	option chnr_custom_url 'https://ispip.clang.cn/all_cn.txt'
	option chnr6_custom_url 'https://ispip.clang.cn/all_cn_ipv6.txt'
	option cndomain_custom_url 'https://testingcf.jsdelivr.net/gh/felixonmars/dnsmasq-china-list@master/accelerated-domains.china.conf'
	option default_resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option config_auto_update_mode '1'
	option config_update_interval '45'
	option config_path '/etc/openclash/config/skyvpn.yaml'
	option restricted_mode '0'
	option config_reload '1'
	option dnsmasq_resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option enable_custom_domain_dns_server '0'
	option china_ip_route '0'
	option other_rule_update_week_time '*'
	option other_rule_update_day_time '22'
	option geo_auto_update '1'
	option geo_update_week_time '*'
	option geo_update_day_time '1'
	option geoip_auto_update '1'
	option geosite_auto_update '1'
	option chnr_auto_update '1'
	option chnr_update_week_time '*'
	option chnr_update_day_time '4'
	option auto_restart '0'
	option auto_restart_week_time '1'
	option auto_restart_day_time '0'
	option geoip_update_week_time '*'
	option geoip_update_day_time '2'
	option geoip_custom_url 'https://testingcf.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat'
	option geosite_update_week_time '*'
	option geosite_update_day_time '3'
	option geosite_custom_url 'https://testingcf.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat'
	option restart '0'
	option dnsmasq_noresolv '0'
	option find_process_mode '0'
	option global_client_fingerprint '0'
	option geodata_loader '0'
	option enable_geoip_dat '0'
	option enable_meta_sniffer '1'
	option enable_meta_sniffer_pure_ip '1'
	option enable_meta_sniffer_custom '0'
	option dnsmasq_cachesize '10000'

config dns_servers
	option type 'https'
	option ip 'doh.pub/dns-query'
	option group 'nameserver'
	option enabled '1'

config dns_servers
	option type 'https'
	option ip 'dns.alidns.com/dns-query'
	option group 'nameserver'
	option enabled '1'

config dns_servers
	option type 'https'
	option group 'fallback'
	option ip 'dns.cloudflare.com/dns-query'
	option enabled '1'

config dns_servers
	option group 'fallback'
	option ip 'dns.google'
	option port '853'
	option type 'tls'
	option enabled '1'

config dns_servers
	option group 'fallback'
	option type 'https'
	option ip '1.1.1.1/dns-query'
	option enabled '0'

config dns_servers
	option group 'fallback'
	option ip '1.1.1.1'
	option port '853'
	option type 'tls'
	option enabled '1'

config dns_servers
	option enabled '1'
	option group 'fallback'
	option ip '8.8.8.8'
	option port '853'
	option type 'tls'

config dns_servers
	option type 'udp'
	option group 'fallback'
	option ip '2001:4860:4860::8888'
	option port '53'
	option enabled '0'

config dns_servers
	option type 'udp'
	option group 'fallback'
	option ip '2001:4860:4860::8844'
	option port '53'
	option enabled '0'

config dns_servers
	option type 'udp'
	option group 'fallback'
	option ip '2001:da8::666'
	option port '53'
	option enabled '0'

config dns_servers
	option group 'fallback'
	option type 'https'
	option ip 'public.dns.iij.jp/dns-query'
	option enabled '1'

config dns_servers
	option group 'fallback'
	option type 'https'
	option ip 'jp.tiar.app/dns-query'
	option enabled '0'

config dns_servers
	option group 'fallback'
	option type 'https'
	option ip 'jp.tiarap.org/dns-query'
	option enabled '0'

config dns_servers
	option group 'fallback'
	option ip 'jp.tiar.app'
	option type 'tls'
	option enabled '0'

config dns_servers
	option group 'fallback'
	option ip 'dot.tiar.app'
	option type 'tls'
	option enabled '0'

config dns_servers
	option enabled '0'
	option group 'fallback'
	option type 'https'
	option ip 'doh.dnslify.com/dns-query'

config dns_servers
	option enabled '0'
	option group 'fallback'
	option ip 'dns.twnic.tw/dns-query'
	option type 'https'

config dns_servers
	option enabled '1'
	option group 'fallback'
	option ip 'dns.oszx.co/dns-query'
	option type 'https'

config dns_servers
	option enabled '0'
	option group 'fallback'
	option ip 'doh.applied-privacy.net/query'
	option type 'https'

config dns_servers
	option enabled '0'
	option group 'fallback'
	option ip 'dnsforge.de/dns-query'
	option type 'https'

config dns_servers
	option enabled '0'
	option group 'fallback'
	option ip 'doh.ffmuc.net/dns-query'
	option type 'https'

config dns_servers
	option enabled '0'
	option group 'fallback'
	option type 'https'
	option ip 'doh.mullvad.net/dns-query'

config authentication
	option enabled '1'
	option username 'Clash'
	option password 'PxWRaBiU'

config config_subscribe
	option enabled '1'
	option name 'skyvpn'
	option address '<订阅地址>'
	option sub_convert '1'
	option convert_address 'https://api.dler.io/sub'
	option template 'ACL4SSR 规则 Online Full'
	option emoji 'false'
	option udp 'false'
	option skip_cert_verify 'false'
	option sort 'false'
	option node_type 'false'
	option rule_provider 'false'

config config_subscribe
	option enabled '1'
	option name 'yiyuan'
	option address '<订阅地址>'
	option sub_convert '1'
	option convert_address 'https://api.dler.io/sub'
	option template 'ACL4SSR 规则 Online Full'
	option emoji 'false'
	option udp 'false'
	option skip_cert_verify 'false'
	option sort 'false'
	option node_type 'false'
	option rule_provider 'false'

config config_subscribe
	option enabled '1'
	option name 'feiniaoyun'
	option address '<订阅地址>'
	option sub_convert '1'
	option convert_address 'https://api.dler.io/sub'
	option template 'ACL4SSR 规则 Online Full'
	option emoji 'false'
	option udp 'false'
	option skip_cert_verify 'false'
	option sort 'false'
	option node_type 'false'
	option rule_provider 'false'