From b8d96f28cd52ed751d2c597f2afde7c0410922a8 Mon Sep 17 00:00:00 2001
From: itdoginfo <koalav42@gmail.com>
Date: Tue, 29 Apr 2025 18:54:50 +0300
Subject: [PATCH] Added CF. Fixed https-dns-proxy warning. Masked for static
 wan

---
 README.md                                      |  1 +
 .../resources/view/podkop/podkop.js            |  5 +++--
 podkop/files/usr/bin/podkop                    | 18 ++++++++++++++----
 3 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 9c0a9f9..1e6b060 100644
--- a/README.md
+++ b/README.md
@@ -81,6 +81,7 @@ Luci: Services/podkop
 
 Диагностика
 - [x] Используется ли warp. Сравнивать endpoint с префиксами CF
+- [x] Маскировка wan если static
 
 Низкий приоритет
 - [ ] Галочка, которая режет доступ к doh серверам
diff --git a/luci-app-podkop/htdocs/luci-static/resources/view/podkop/podkop.js b/luci-app-podkop/htdocs/luci-static/resources/view/podkop/podkop.js
index 624c054..69fd6ac 100644
--- a/luci-app-podkop/htdocs/luci-static/resources/view/podkop/podkop.js
+++ b/luci-app-podkop/htdocs/luci-static/resources/view/podkop/podkop.js
@@ -306,6 +306,7 @@ function createConfigSection(section, map, network) {
     o.value('hdrezka', 'HDRezka');
     o.value('tiktok', 'Tik-Tok');
     o.value('telegram', 'Telegram');
+    o.value('cloudflare', 'Cloudflare');
     o.depends('domain_list_enabled', '1');
     o.rmempty = false;
     o.ucisection = s.section;
@@ -337,13 +338,13 @@ function createConfigSection(section, map, network) {
             }
 
             if (newValues.includes('russia_inside')) {
-                const allowedWithRussiaInside = ['russia_inside', 'meta', 'twitter', 'discord', 'telegram'];
+                const allowedWithRussiaInside = ['russia_inside', 'meta', 'twitter', 'discord', 'telegram', 'cloudflare'];
                 const removedServices = newValues.filter(v => !allowedWithRussiaInside.includes(v));
                 if (removedServices.length > 0) {
                     newValues = newValues.filter(v => allowedWithRussiaInside.includes(v));
                     notifications.push(E('p', { class: 'alert-message warning' }, [
                         E('strong', {}, _('Russia inside restrictions')), E('br'),
-                        _('Warning: Russia inside can only be used with Meta, Twitter, Discord, and Telegram. %s already in Russia inside and have been removed from selection.')
+                        _('Warning: Russia inside can only be used with Meta, Twitter, Discord, Cloudflare and Telegram. %s already in Russia inside and have been removed from selection.')
                             .format(removedServices.join(', '))
                     ]));
                 }
diff --git a/podkop/files/usr/bin/podkop b/podkop/files/usr/bin/podkop
index dcca147..52f2779 100755
--- a/podkop/files/usr/bin/podkop
+++ b/podkop/files/usr/bin/podkop
@@ -15,9 +15,10 @@ SUBNETS_TWITTER="${GITHUB_RAW_URL}/Subnets/IPv4/twitter.lst"
 SUBNETS_META="${GITHUB_RAW_URL}/Subnets/IPv4/meta.lst"
 SUBNETS_DISCORD="${GITHUB_RAW_URL}/Subnets/IPv4/discord.lst"
 SUBNETS_TELERAM="${GITHUB_RAW_URL}/Subnets/IPv4/telegram.lst"
+SUBNETS_CLOUDFLARE="${GITHUB_RAW_URL}/Subnets/IPv4/cloudflare.lst"
 SING_BOX_CONFIG="/etc/sing-box/config.json"
 FAKEIP="198.18.0.0/15"
-VALID_SERVICES="russia_inside russia_outside ukraine_inside geoblock block porn news anime youtube discord meta twitter hdrezka tiktok telegram"
+VALID_SERVICES="russia_inside russia_outside ukraine_inside geoblock block porn news anime youtube discord meta twitter hdrezka tiktok telegram cloudflare"
 DNS_RESOLVERS="1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 9.9.9.9 9.9.9.11 94.140.14.14 94.140.15.15 208.67.220.220 208.67.222.222 77.88.8.1 77.88.8.8"
 TEST_DOMAIN="fakeip.tech-domain.club"
 INTERFACES_LIST=""
@@ -62,7 +63,7 @@ start_main() {
     fi
 
     if grep -qE 'doh_backup_noresolv|doh_backup_server|doh_server' /etc/config/dhcp; then
-        log "[critical] Detected https-dns-proxy. Disable or uninstall it for correct functionality."
+        log "[critical] Detected https-dns-proxy in dhcp config. Edit /etc/config/dhcp"
     fi
 
     migration
@@ -1398,6 +1399,9 @@ list_subnets_download() {
         "telegram")
             URL=$SUBNETS_TELERAM
             ;;
+        "cloudflare")
+            URL=$SUBNETS_CLOUDFLARE
+            ;;
         "discord")
             URL=$SUBNETS_DISCORD
             nft add set inet $table podkop_discord_subnets { type ipv4_addr\; flags interval\; auto-merge\; }
@@ -2266,15 +2270,21 @@ global_check() {
         awk '
             /^config / {
                 p = ($2 == "interface" && $3 == "'\''wan'\''")
+                proto = ""
             }
             p {
-                if ($1 == "option" && ($2 == "username" || $2 == "password")) {
+                if ($1 == "option" && $2 == "proto") {
+                    proto = $3
+                    print
+                } else if (proto == "'\''static'\''" && $1 == "option" && ($2 == "ipaddr" || $2 == "netmask" || $2 == "gateway")) {
+                    print "        option", $2, "'\''******'\''"
+                } else if (proto == "'\''pppoe'\''" && $1 == "option" && ($2 == "username" || $2 == "password")) {
                     print "        option", $2, "'\''******'\''"
                 } else {
                     print
                 }
             }
-            ' /etc/config/network
+        ' /etc/config/network
     else
         nolog "WAN not exists"
     fi