#!/bin/sh /etc/rc.common
START=99
STOP=10
B=0
CRON_FILE=/etc/crontabs/root
D=/tmp/dnsmasq.dnsfilter
E="date +'%Y-%m-%d %H:%M:%S'"
L=/etc/dnsfilter
P=/usr/share/dnsfilter
T=/tmp/dnsfilter
STATUS=Y
	DEFAULT_DNSMASQ_CFGID="$(uci -q show "dhcp.@dnsmasq[0]" | awk 'NR==1 {split($0, conf, /[.=]/); print conf[2]}')"
	if [ -f "/tmp/etc/dnsmasq.conf.$DEFAULT_DNSMASQ_CFGID" ]; then
		DNSMASQ_CONF_DIR="$(awk -F '=' '/^conf-dir=/ {print $2}' "/tmp/etc/dnsmasq.conf.$DEFAULT_DNSMASQ_CFGID")"
		if [ -n "$DNSMASQ_CONF_DIR" ]; then
			DNSMASQ_CONF_DIR=${DNSMASQ_CONF_DIR%*/}
		else
			DNSMASQ_CONF_DIR="/tmp/dnsmasq.d"
		fi
	fi
TAG="_DNSFILTER_RULE_"
FWI=$(uci -q get firewall.dnsfilter.path)
enable=$(uci -q get dnsfilter.@dnsfilter[0].enable)
flash=$(uci -q get dnsfilter.@dnsfilter[0].flash)
url=$(uci -q get dnsfilter.@dnsfilter[0].url)

get_config(){
	config_get_bool cron_mode $1 cron_mode 1
	config_get_bool block_ios $1 block_ios 0
	config_get_bool block_cnshort $1 block_cnshort 0
	config_get_bool safe_search $1 safe_search 0
	config_get time_update $1 time_update 6
}

add_dns(){
	mkdir -p $DNSMASQ_CONF_DIR $D
	echo conf-dir=$D > $DNSMASQ_CONF_DIR/dnsfilter.conf
	if [ -n "$url" -a ! -s /tmp/dnsfilter/failed ];then
		mkdir -p $T
		if [ $flash = 1 ];then
			ln -sf $L/rules/rules.conf $T/rules.conf
			ln -sf $L/rules/url $T/url
		fi
		ln -sf $T/rules.conf $D/rules.conf
	fi
	[ $block_ios = 1 ] && echo 'mesu.apple.com' > $D/black.conf
	if [ $block_cnshort = 1 ];then
		cat <<-EOF >> $D/black.conf
amemv.com
tiktokv.com
snssdk.com
douyin.com
ixigua.com
pstatp.com
ixiguavideo.com
v.kandian.qq.com
yximgs.com
gifshow.com
ksapisrv.com
kuaishoupay.com
ksyun.com
live.xycdn.com
danuoyi.alicdn.com
v.weishi.qq.com
pearvideo.com
miaopai.com
kuaishou.com
qupai.me
meipai.com
huoshan.com
ergengtv.com
baijiahao.baidu.com
xiongzhang.baidu.com
EOF
	fi
	cat $L/black.list >> $D/black.conf
	if [ -s $D/black.conf ];then
		sed -i -e 's:^:address=/:' -e 's:$:/:' $D/black.conf
		echo "`sort -u $D/black.conf`" > $D/black.conf
		for i in $(cat $D/black.conf);do
			if grep -wq $i $D/rules.conf 2>/dev/null;then
				sed -i -e "s#$i##" -e '/^$/d' $D/black.conf
			fi
		done
		for i in $(cat $L/white.list);do sed -i -e "/\/$i\//d" -e "/\.$i\//d" $D/black.conf;done
	else
		rm -f $D/black.conf
	fi

	if [ $safe_search = 1 ];then
		cat <<-EOF >> $D/safesearch.conf
address=/www.bing.com/204.79.197.220
address=/www.google.com/216.239.38.120
address=/google.com/216.239.38.120
address=/www.google.ad/216.239.38.120
address=/google.ad/216.239.38.120
address=/www.google.ae/216.239.38.120
address=/google.ae/216.239.38.120
address=/www.google.al/216.239.38.120
address=/google.al/216.239.38.120
address=/www.google.am/216.239.38.120
address=/google.am/216.239.38.120
address=/www.google.as/216.239.38.120
address=/google.as/216.239.38.120
address=/www.google.at/216.239.38.120
address=/google.at/216.239.38.120
address=/www.google.az/216.239.38.120
address=/google.az/216.239.38.120
address=/www.google.ba/216.239.38.120
address=/google.ba/216.239.38.120
address=/www.google.be/216.239.38.120
address=/google.be/216.239.38.120
address=/www.google.bf/216.239.38.120
address=/google.bf/216.239.38.120
address=/www.google.bg/216.239.38.120
address=/google.bg/216.239.38.120
address=/www.google.bi/216.239.38.120
address=/google.bi/216.239.38.120
address=/www.google.bj/216.239.38.120
address=/google.bj/216.239.38.120
address=/www.google.bs/216.239.38.120
address=/google.bs/216.239.38.120
address=/www.google.bt/216.239.38.120
address=/google.bt/216.239.38.120
address=/www.google.by/216.239.38.120
address=/google.by/216.239.38.120
address=/www.google.ca/216.239.38.120
address=/google.ca/216.239.38.120
address=/www.google.cd/216.239.38.120
address=/google.cd/216.239.38.120
address=/www.google.cf/216.239.38.120
address=/google.cf/216.239.38.120
address=/www.google.cg/216.239.38.120
address=/google.cg/216.239.38.120
address=/www.google.ch/216.239.38.120
address=/google.ch/216.239.38.120
address=/www.google.ci/216.239.38.120
address=/google.ci/216.239.38.120
address=/www.google.cl/216.239.38.120
address=/google.cl/216.239.38.120
address=/www.google.cm/216.239.38.120
address=/google.cm/216.239.38.120
address=/www.google.cn/216.239.38.120
address=/google.cn/216.239.38.120
address=/www.google.cv/216.239.38.120
address=/google.cv/216.239.38.120
address=/www.google.cz/216.239.38.120
address=/google.cz/216.239.38.120
address=/www.google.de/216.239.38.120
address=/google.de/216.239.38.120
address=/www.google.dj/216.239.38.120
address=/google.dj/216.239.38.120
address=/www.google.dk/216.239.38.120
address=/google.dk/216.239.38.120
address=/www.google.dm/216.239.38.120
address=/google.dm/216.239.38.120
address=/www.google.dz/216.239.38.120
address=/google.dz/216.239.38.120
address=/www.google.ee/216.239.38.120
address=/google.ee/216.239.38.120
address=/www.google.es/216.239.38.120
address=/google.es/216.239.38.120
address=/www.google.fi/216.239.38.120
address=/google.fi/216.239.38.120
address=/www.google.fm/216.239.38.120
address=/google.fm/216.239.38.120
address=/www.google.fr/216.239.38.120
address=/google.fr/216.239.38.120
address=/www.google.ga/216.239.38.120
address=/google.ga/216.239.38.120
address=/www.google.ge/216.239.38.120
address=/google.ge/216.239.38.120
address=/www.google.gg/216.239.38.120
address=/google.gg/216.239.38.120
address=/www.google.gl/216.239.38.120
address=/google.gl/216.239.38.120
address=/www.google.gm/216.239.38.120
address=/google.gm/216.239.38.120
address=/www.google.gr/216.239.38.120
address=/google.gr/216.239.38.120
address=/www.google.gy/216.239.38.120
address=/google.gy/216.239.38.120
address=/www.google.hn/216.239.38.120
address=/google.hn/216.239.38.120
address=/www.google.hr/216.239.38.120
address=/google.hr/216.239.38.120
address=/www.google.ht/216.239.38.120
address=/google.ht/216.239.38.120
address=/www.google.hu/216.239.38.120
address=/google.hu/216.239.38.120
address=/www.google.ie/216.239.38.120
address=/google.ie/216.239.38.120
address=/www.google.im/216.239.38.120
address=/google.im/216.239.38.120
address=/www.google.iq/216.239.38.120
address=/google.iq/216.239.38.120
address=/www.google.is/216.239.38.120
address=/google.is/216.239.38.120
address=/www.google.it/216.239.38.120
address=/google.it/216.239.38.120
address=/www.google.je/216.239.38.120
address=/google.je/216.239.38.120
address=/www.google.jo/216.239.38.120
address=/google.jo/216.239.38.120
address=/www.google.ki/216.239.38.120
address=/google.ki/216.239.38.120
address=/www.google.kg/216.239.38.120
address=/google.kg/216.239.38.120
address=/www.google.kz/216.239.38.120
address=/google.kz/216.239.38.120
address=/www.google.la/216.239.38.120
address=/google.la/216.239.38.120
address=/www.google.li/216.239.38.120
address=/google.li/216.239.38.120
address=/www.google.lk/216.239.38.120
address=/google.lk/216.239.38.120
address=/www.google.lt/216.239.38.120
address=/google.lt/216.239.38.120
address=/www.google.lu/216.239.38.120
address=/google.lu/216.239.38.120
address=/www.google.lv/216.239.38.120
address=/google.lv/216.239.38.120
address=/www.google.md/216.239.38.120
address=/google.md/216.239.38.120
address=/www.google.me/216.239.38.120
address=/google.me/216.239.38.120
address=/www.google.mg/216.239.38.120
address=/google.mg/216.239.38.120
address=/www.google.mk/216.239.38.120
address=/google.mk/216.239.38.120
address=/www.google.ml/216.239.38.120
address=/google.ml/216.239.38.120
address=/www.google.mn/216.239.38.120
address=/google.mn/216.239.38.120
address=/www.google.ms/216.239.38.120
address=/google.ms/216.239.38.120
address=/www.google.mu/216.239.38.120
address=/google.mu/216.239.38.120
address=/www.google.mv/216.239.38.120
address=/google.mv/216.239.38.120
address=/www.google.mw/216.239.38.120
address=/google.mw/216.239.38.120
address=/www.google.ne/216.239.38.120
address=/google.ne/216.239.38.120
address=/www.google.nl/216.239.38.120
address=/google.nl/216.239.38.120
address=/www.google.no/216.239.38.120
address=/google.no/216.239.38.120
address=/www.google.nr/216.239.38.120
address=/google.nr/216.239.38.120
address=/www.google.nu/216.239.38.120
address=/google.nu/216.239.38.120
address=/www.google.pl/216.239.38.120
address=/google.pl/216.239.38.120
address=/www.google.pn/216.239.38.120
address=/google.pn/216.239.38.120
address=/www.google.ps/216.239.38.120
address=/google.ps/216.239.38.120
address=/www.google.pt/216.239.38.120
address=/google.pt/216.239.38.120
address=/www.google.ro/216.239.38.120
address=/google.ro/216.239.38.120
address=/www.google.ru/216.239.38.120
address=/google.ru/216.239.38.120
address=/www.google.rw/216.239.38.120
address=/google.rw/216.239.38.120
address=/www.google.sc/216.239.38.120
address=/google.sc/216.239.38.120
address=/www.google.se/216.239.38.120
address=/google.se/216.239.38.120
address=/www.google.sh/216.239.38.120
address=/google.sh/216.239.38.120
address=/www.google.si/216.239.38.120
address=/google.si/216.239.38.120
address=/www.google.sk/216.239.38.120
address=/google.sk/216.239.38.120
address=/www.google.sn/216.239.38.120
address=/google.sn/216.239.38.120
address=/www.google.so/216.239.38.120
address=/google.so/216.239.38.120
address=/www.google.sm/216.239.38.120
address=/google.sm/216.239.38.120
address=/www.google.sr/216.239.38.120
address=/google.sr/216.239.38.120
address=/www.google.st/216.239.38.120
address=/google.st/216.239.38.120
address=/www.google.td/216.239.38.120
address=/google.td/216.239.38.120
address=/www.google.tg/216.239.38.120
address=/google.tg/216.239.38.120
address=/www.google.tl/216.239.38.120
address=/google.tl/216.239.38.120
address=/www.google.tm/216.239.38.120
address=/google.tm/216.239.38.120
address=/www.google.tn/216.239.38.120
address=/google.tn/216.239.38.120
address=/www.google.to/216.239.38.120
address=/google.to/216.239.38.120
address=/www.google.tt/216.239.38.120
address=/google.tt/216.239.38.120
address=/www.google.vg/216.239.38.120
address=/google.vg/216.239.38.120
address=/www.google.vu/216.239.38.120
address=/google.vu/216.239.38.120
address=/www.google.ws/216.239.38.120
address=/google.ws/216.239.38.120
address=/www.google.rs/216.239.38.120
address=/google.rs/216.239.38.120
address=/www.google.cat/216.239.38.120
address=/google.cat/216.239.38.120
address=/ya.ru/213.180.193.56
address=/yandex.ru/213.180.193.56
address=/yandex.com/213.180.193.56
address=/yandex.com.tr/213.180.193.56
address=/yandex.ua/213.180.193.56
address=/yandex.by/213.180.193.56
address=/yandex.ee/213.180.193.56
address=/yandex.lt/213.180.193.56
address=/yandex.lv/213.180.193.56
address=/yandex.md/213.180.193.56
address=/yandex.uz/213.180.193.56
address=/yandex.tm/213.180.193.56
address=/yandex.tj/213.180.193.56
address=/yandex.az/213.180.193.56
address=/www.youtube.com/216.239.38.119
address=/m.youtube.com/216.239.38.119
address=/youtubei.googleapis.com/216.239.38.119
address=/youtube.googleapis.com/216.239.38.119
address=/www.youtube-nocookie.com/216.239.38.119
EOF
	fi
}

gen(){
	echo '#!/bin/sh' > $FWI
}

add_rule(){
	ipset -N blockip hash:net 2>/dev/null
	for i in $(cat $L/ip.list);do ipset -! add blockip $i;done
	iptables -I FORWARD -m set --match-set blockip dst -m comment --comment "$TAG" -j DROP
	iptables -I OUTPUT -m set --match-set blockip dst -m comment --comment "$TAG" -j DROP
	gen
	extract_rules(){
		echo "*$1"
		iptables-save -t $1 | grep DNSFILTER |\
			sed -e "s/^-A \(OUTPUT\|FORWARD\)/-I \1 1/"
		echo 'COMMIT'
	}
	cat <<-EOF >> $FWI
	iptables-save -c | grep -v DNSFILTER | iptables-restore -c
	iptables-restore -n <<-EOT
	$(extract_rules filter)
	EOT
EOF
}

add_cron(){
	if [ $cron_mode = 1 ];then
		if ! grep -wq "$time_update \* \* \* .*dnsfilter" $CRON_FILE;then
			grep -q dnsfilter $CRON_FILE && sed -i '/dnsfilter/d' $CRON_FILE
			echo "0 $time_update * * * $P/dnsfilter > /tmp/adupdate.log 2>&1" >> $CRON_FILE
			/etc/init.d/cron restart
		fi
	else
		del_cron
	fi
}

del_cron(){
	if grep -q dnsfilter $CRON_FILE;then
		sed -i '/dnsfilter/d' $CRON_FILE
		/etc/init.d/cron restart
	fi
}

del_rule(){
	iptables -D FORWARD -m set --match-set blockip dst -m comment --comment "$TAG" -j DROP 2>/dev/null
	iptables -D OUTPUT -m set --match-set blockip dst -m comment --comment "$TAG" -j DROP 2>/dev/null
	ipset -X blockip 2>/dev/null
	gen
}

start(){
	config_load dnsfilter
	config_foreach get_config dnsfilter
	if [ $enable = 0 ];then
		echo "`eval $E` [DNSFilter is disabled]"
		exit 1
	fi
	if [ -s $D/rules.conf ];then
		echo "`eval $E` [DNSFilter is running]"
		exit 1
	fi
	if [ -n "$url" ];then
		[ $flash = 0 -a ! -s $T/rules.conf ] && B=1
		[ $flash = 1 -a ! -s $L/rules/rules.conf ] && B=1
	fi
	if [ $B = 1 ];then
		echo "`eval $E` [Download Subscribe Rules...]"
		$P/addown --down $B >/dev/null 2>&1 &
		exit 9
	fi
	echo "`eval $E` [Load DNSFilter Rules]"
	add_dns
	add_rule
	add_cron
	if [ $STATUS = Y ];then
		echo "`eval $E` [Dnsmasq Change]"
		/etc/init.d/dnsmasq restart >/dev/null 2>&1
	fi
}

stop(){
	del_rule
	kill -9 $(ps -w | grep grep $P/dnsfilter | grep -v grep | awk '{print$1}') 2>/dev/null
	kill -9 $(ps -w | grep grep $P/addown | grep -v grep | awk '{print$1}') 2>/dev/null
	kill -9 $(ps -w | grep ad_new.conf | grep -v grep | awk '{print$1}') 2>/dev/null
	echo "`eval $E` [Stop DNSFilter]"
	rm -rf $DNSMASQ_CONF_DIR/dnsfilter.conf $D /var/lock/dnsfilter.lock
	if [ "$(echo $url | sed 's/ /\n/g' | sort -u)" != "$(cat $T/url 2>/dev/null)" ];then
		rm -rf $T
		[ -d $L/rules ] && rm -rf $L/rules
	fi
	([ -h $T/url -a $flash = 0 ] || [ -z "$url" ]) && rm -rf $T
	[ $enable = 0 ] && del_cron
	if [ $STATUS = Y ];then
		rm -rf $T
		echo "`eval $E` [Revert Dnsmasq]"
		/etc/init.d/dnsmasq restart >/dev/null 2>&1
		rm -f /tmp/adupdate.log
	fi
}

restart(){
	if [ $enable = 1 ];then
		STATUS=N
		stop
		start
		echo "`eval $E` [Restart Dnsmasq]"
		/etc/init.d/dnsmasq restart >/dev/null 2>&1
	else
		stop
	fi
}

boot(){
	gen;start
}
