0.2.4

Added install rus translate
Fix value #6
2025-12-06 19:46:52 +03:00 · 2024-11-13 15:43:16 +03:00 · 2024-11-13 15:41:57 +03:00 · 2024-11-13 15:41:21 +03:00 · 2024-11-13 00:47:34 +03:00 · 2024-11-13 00:44:26 +03:00
13 changed files with 1441 additions and 215 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,5 +1,4 @@
 name: Build packages
 on:
  push:
    tags:
@@ -9,7 +8,6 @@ jobs:
  build:
    name: Build podkop and luci-app-podkop
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4.2.1
@@ -27,10 +25,20 @@ jobs:
          docker cp podkop:/builder/bin/packages/x86_64/utilites/. ./bin/
          docker cp podkop:/builder/bin/packages/x86_64/luci/. ./bin/
      - name: Filter IPK files
        run: |
          # Извлекаем версию из тега, убирая префикс 'v'
          VERSION=${GITHUB_REF#refs/tags/v}
          mkdir -p ./filtered-bin
          cp ./bin/luci-i18n-podkop-ru_*.ipk "./filtered-bin/luci-i18n-podkop-ru_${VERSION}.ipk"
          cp ./bin/podkop_*.ipk ./filtered-bin/
          cp ./bin/luci-app-podkop_*.ipk ./filtered-bin/
      - name: Remove Docker container
        run: docker rm podkop
      - name: Release
        uses: softprops/action-gh-release@v2.0.8
        with:
-          files: ./bin/*.ipk
+          files: ./filtered-bin/*.ipk
--- a/2
+++ b/2
@@ -1,6 +1,6 @@
 FROM openwrt/sdk:x86_64-v23.05.5
-RUN ./scripts/feeds update -a && mkdir -p /builder/package/feeds/utilites/ && mkdir -p /builder/package/feeds/luci/
+RUN ./scripts/feeds update -a && ./scripts/feeds install luci-base && mkdir -p /builder/package/feeds/utilites/ && mkdir -p /builder/package/feeds/luci/
 COPY ./podkop /builder/package/feeds/utilites/podkop
 COPY ./luci-app-podkop /builder/package/feeds/luci/luci-app-podkop
--- a/README.md
+++ b/README.md
@@ -1,42 +1,43 @@
 Это альфа версия, может не работать. Обсуждение https://t.me/itdogchat - топик Podkop dev
-# Выпил getdomains
+Если у вас установлен Getdomains, то его следует удалить.
-По минимуму
+
 # Удаление GetDomains скриптом
 ```
-rm /etc/hotplug.d/iface/30-vpnroute
+sh <(wget -O - https://raw.githubusercontent.com/itdoginfo/domain-routing-openwrt/refs/heads/master/getdomains-uninstall.sh)
 sed -i '/getdomains start/d' /etc/crontabs/root
 rm /tmp/dnsmasq.d/domains.lst
 service getdomains disable
 rm /etc/init.d/getdomains
 ip route del default scope link table vpn
 ```
-Может потребоваться удалить правила фаервола касающиеся vpn_subnet, internal итд.
+Оставляет туннели, зоны, forwarding. А также stubby и dnscrypt. Они не помешают. Конфиг sing-box будет перезаписан в podkop.
-# Установка
+# Установка Podkop
 Пакет работает на всех архитектурах.
 Будет точно работать только на OpenWrt 23.05.
 Нужен dnsmasq-full. В автоматическом режиме ставится сам. Вручную надо поставить [самостоятельно](https://github.com/itdoginfo/podkop/blob/952dd6215a2a83d65937cf9e33534c42809091ed/install.sh#L20).
 ## Вручную
 Сделать `opkg update`, чтоб установились зависимости.
 Скачать пакеты `podkop_*.ipk` и `luci-app-podkop_*.ipk` из релиза. `opkg install` сначала первый, потом второй.
 ```
 /etc/init.d/ucitrack restart
 ```
 ## Автоматическая
 ```
 sh <(wget -O - https://raw.githubusercontent.com/itdoginfo/podkop/refs/heads/main/install.sh)
 ```
 Скрипт также предложит выбрать, какой туннель будет использоваться. Для выбранного туннеля будут установлены нужные пакеты, а для Wireguard и AmneziaWG также будет предложена автоматическая настройка - прямо в консоли скрипт запросит данные конфига. Для AmneziaWG можно также выбрать вариант с использованием конфига обычного Wireguard и автоматической обфускацией до AmneziaWG.
 Для AmneziaWG скрипт проверяет наличие пакетов под вашу платформу в [стороннем репозитории](https://github.com/Slava-Shchipunov/awg-openwrt/releases), так как в официальном репозитории OpenWRT они отсутствуют, и автоматически их устанавливает.
 ## Вручную
 Сделать `opkg update`, чтоб установились зависимости.
 Скачать пакеты `podkop_*.ipk` и `luci-app-podkop_*.ipk` из релиза. `opkg install` сначала первый, потом второй.
 # Удаление
 ```
 opkg remove luci-app-podkop podkop
 ```
 Если был установлен русский язык
 ```
 opkg remove luci-i18n-podkop-ru
 ```
 # Использование
 Конфиг: /etc/config/podkop
@@ -70,31 +71,71 @@ opkg update && opkg install sing-box
 **Custom subnets enable** - Добавить подсети или IP-адреса. Для подсетей задать маску.
 # Известные баги
-1. Не работает proxy при режимах main vpn, second proxy
+- [x] Не работает proxy при режимах main vpn, second proxy
-2. Не всегда отрабатывает ucitrack (применение настроек из luci)
+- [x] Не всегда отрабатывает ucitrack (применение настроек из luci). Не удаётся повторить
 - [x] All traffic for IP ломает инет на клиенте. Proxy mode
 - [x] Не отрабатывает рестарт, при awg и не применяются изменения при awg
 - [x] awg работает не стабильно
 - [ ] Сеть рестартится при любом раскладе
 - [ ] Выкл-вкл wg через luci не отрабатывает поднятие маршрута
 # ToDo
 Сделано
 - [x] Скрипт для автоматической установки.
 - [x] Подсети дискорда.
- [ ] Удаление getdomains через скрипт. Кроме туннеля и sing-box.
+- [x] Удаление getdomains через скрипт. Кроме туннеля и sing-box.
- [х] Дополнительная вкладка для ещё одного туннеля. Домены, подсети.
+- [x] Дополнительная вкладка для ещё одного туннеля. Домены, подсети.
- [ ] Зависимость от dnsmasq-full
+- [x] Улучшение скрипта автоматической установки. Спрашивать про туннели.
- [ ] Wiki
+- [x] Зависимость от dnsmasq-full
- [ ] IPv6
+- [x] Весь трафик для устойства пускать в туннель\прокси
- [ ] Весь трафик для устойства пускать в туннель\прокси
+- [x] Исключение для IP, не ходить в туннель\прокси совсем 0x0
- [ ] Исключение для IP, не ходить в туннель\прокси совсем 0x0
+- [x] Врубать галочкой yacd в sing-box
- [ ] Придумать автонастройку DNS через stubby итд. Как лучше это реализовать.
+- [x] Свои списки. Просто список доменов с переносом строки 
 - [x] Свои списки ipv4
 - [x] В nft разделить правило tproxy на маркировку и tproxy
 - [x] Вернуть две цепочки nft
 - [x] Ntp (порт 123) делать маркировку 0x0. По галке
 - [x] Открытый прокси порт на роутере для браузеров
 - [x] Автонастройка wireguard по примеру getdomains
 - [x] Автонастройка awg по примеру getdomains
 - [x] RU перевод
 - [x] Переделать на PROCD и выкинуть ucitrack.
 - [x] Нужен дебаг. Restart ucitrack в отдельный скрипт postinst, не отрабатывает.
 - [x] Закомментировать дефолтные значения у list. interface поставить в пустое.
 - [x] Скрипт установки: проверка установлен ли уже podkop. Если да, то просто предлагать обновится без установки тунелей и прокси.
 Приоритет 1
 - [x] Изменить название "Alternative Config"
 - [x] "domain_service_enabled" Добавить _second
 - [ ] Установка Ru пакета в install.sh
 - [x] Правка nft mark, tproxy
 - [x] Правка перевода минимальная
 Приоритет 2
 - [ ] Списки доменов и подсетей с роутера
 - [ ] Кнопка обновления списка доменов и подсетей
 - [ ] IPv6
 - [ ] Придумать автонастройку DNS через stubby итд. Как лучше это реализовать.
 - [ ] Удаление подсетей CF из domain sets раз в N часов
 Wiki
 - [x] Тема
 - [x] Изначальное наполнение
 Низкий приоритет
 - [x] Переменная, раз во сколько часов обновлять списки
 - [ ] Галочка, которая режет доступ к doh серверам
 - [ ] Свой конфиг sing-box
 Рефактор
 - [ ] Handle для sing-box
 - [ ] Handle для dnsmasq
 - [ ] Формирование json для sing-box на уровне jq, а не шаблонов
 - [ ] Unit тесты (BATS)
 - [ ] Интеграционые тесты бекенда (OpenWrt rootfs + BATS)
- [ ] Добавить label от конфига vless\ss\etc в luci. Хз как
+
- [ ] Удаление подсетей CF из domain sets раз в N часов
+Хз как сделать
- [ ] Врубать галочкой yacd в sing-box
+- [ ] Добавить label от конфига vless\ss\etc в luci.
 - [ ] Свои списки. Вопрос форматирования
 - [ ] В скрипт автоустановки добавить установку AWG по примеру getdomains
 - [ ] Галочка, которая режет доступ к doh серверам
 - [ ] Рефактор dnsmasq restart
 - [ ] Открытый прокси порт на роутере для браузеров
 # Разработка
 Есть два варианта:
--- a/install.sh
+++ b/install.sh
@@ -2,9 +2,11 @@
 REPO="https://api.github.com/repos/itdoginfo/podkop/releases/latest"
 IS_SHOULD_RESTART_NETWORK=
 DOWNLOAD_DIR="/tmp/podkop"
 mkdir -p "$DOWNLOAD_DIR"
 main() {
 wget -qO- "$REPO" | grep -o 'https://[^"]*\.ipk' | while read -r url; do
    filename=$(basename "$url")
    echo "Download $filename..."
@@ -24,12 +26,344 @@ else
    [ -f /etc/config/dhcp-opkg ] && cp /etc/config/dhcp /etc/config/dhcp-old && mv /etc/config/dhcp-opkg /etc/config/dhcp
 fi
-echo "Installed..."
+if [ -f "/etc/init.d/podkop" ]; then
    printf "\033[32;1mPodkop is already installed. Just upgrade it? (y/n)\033[0m\n"
    printf "\033[32;1my - Only upgrade podkop\033[0m\n"
    printf "\033[32;1mn - Upgrade and install proxy or tunnels\033[0m\n"
    while true; do
        read -r -p '' UPDATE
        case $UPDATE in
        y)
            echo "Upgraded podkop..."
            break
            ;;
        n)
            add_tunnel
            break
            ;;
    esac
    done
 else
    echo "Installed podkop..."
    add_tunnel
 fi
 opkg install $DOWNLOAD_DIR/podkop*.ipk
 opkg install $DOWNLOAD_DIR/luci-app-podkop*.ipk
-rm -f $DOWNLOAD_DIR/podkop*.ipk $DOWNLOAD_DIR/luci-app-podkop*.ipk
+echo "Русский язык интерфейса ставим? y/n (Need a Russian translation?)
 while true; do
    read -r -p '' RUS
    case $RUS in
-#/etc/init.d/ucitrack restart
+    y)
        opkg install $DOWNLOAD_DIR/luci-i18n-podkop-ru*.ipk
-echo "Install sing-box for proxy, or install and configure WG/OpenVPN/AWG/etc for VPN mode"
+        break
        ;;
    esac
 done
 rm -f $DOWNLOAD_DIR/podkop*.ipk $DOWNLOAD_DIR/luci-app-podkop*.ipk $DOWNLOAD_DIR/luci-i18n-podkop-ru*.ipk
 if [ "$IS_SHOULD_RESTART_NETWORK" ]; then
    printf "\033[32;1mRestart network\033[0m\n"
    /etc/init.d/network restart
 fi
 }
 add_tunnel() {
    echo "What type of VPN or proxy will be used? We also can automatically configure Wireguard and Amnezia WireGuard."
    echo "1) VLESS, Shadowsocks (A sing-box will be installed)"
    echo "2) Wireguard"
    echo "3) AmneziaWG"
    echo "4) OpenVPN"
    echo "5) OpenConnect"
    echo "6) Skip this step"
    while true; do
        read -r -p '' TUNNEL
        case $TUNNEL in
        1)
            opkg install sing-box
            break
            ;;
        2)
            opkg install wireguard-tools luci-proto-wireguard luci-app-wireguard
            printf "\033[32;1mDo you want to configure the wireguard interface? (y/n): \033[0m\n"
            read IS_SHOULD_CONFIGURE_WG_INTERFACE
            if [ "$IS_SHOULD_CONFIGURE_WG_INTERFACE" = "y" ] || [ "$IS_SHOULD_CONFIGURE_WG_INTERFACE" = "Y" ]; then
                wg_awg_setup Wireguard
            else
            printf "\e[1;32mUse these instructions to manual configure https://itdog.info/nastrojka-klienta-wireguard-na-openwrt/\e[0m\n"
            fi
            break
            ;;
        3)
            install_awg_packages
            printf "\033[32;1mThere are no instructions for manual configure yet. Do you want to configure the amneziawg interface? (y/n): \033[0m\n"
            read IS_SHOULD_CONFIGURE_WG_INTERFACE
            if [ "$IS_SHOULD_CONFIGURE_WG_INTERFACE" = "y" ] || [ "$IS_SHOULD_CONFIGURE_WG_INTERFACE" = "Y" ]; then
                wg_awg_setup AmneziaWG
            fi
            break
            ;;
        4)
            opkg install opkg install openvpn-openssl luci-app-openvpn
            printf "\e[1;32mUse these instructions to configure https://itdog.info/nastrojka-klienta-openvpn-na-openwrt/\e[0m\n"
            break
            ;;
        5)
            opkg install opkg install openconnect luci-proto-openconnect
            printf "\e[1;32mUse these instructions to configure https://itdog.info/nastrojka-klienta-openconnect-na-openwrt/\e[0m\n"
            break
            ;;
        6)
            echo "Skip. Use this if you're installing an upgrade."
            break
            ;;
        *)
            echo "Choose from the following options"
            ;;
        esac
    done
 }
 handler_network_restart() {
    IS_SHOULD_RESTART_NETWORK=true
 }
 install_awg_packages() {
    # Получение pkgarch с наибольшим приоритетом
    PKGARCH=$(opkg print-architecture | awk 'BEGIN {max=0} {if ($3 > max) {max = $3; arch = $2}} END {print arch}')
    TARGET=$(ubus call system board | jsonfilter -e '@.release.target' | cut -d '/' -f 1)
    SUBTARGET=$(ubus call system board | jsonfilter -e '@.release.target' | cut -d '/' -f 2)
    VERSION=$(ubus call system board | jsonfilter -e '@.release.version')
    PKGPOSTFIX="_v${VERSION}_${PKGARCH}_${TARGET}_${SUBTARGET}.ipk"
    BASE_URL="https://github.com/Slava-Shchipunov/awg-openwrt/releases/download/"
    AWG_DIR="/tmp/amneziawg"
    mkdir -p "$AWG_DIR"
    if opkg list-installed | grep -q kmod-amneziawg; then
        echo "kmod-amneziawg already installed"
    else
        KMOD_AMNEZIAWG_FILENAME="kmod-amneziawg${PKGPOSTFIX}"
        DOWNLOAD_URL="${BASE_URL}v${VERSION}/${KMOD_AMNEZIAWG_FILENAME}"
        wget -O "$AWG_DIR/$KMOD_AMNEZIAWG_FILENAME" "$DOWNLOAD_URL"
        if [ $? -eq 0 ]; then
            echo "kmod-amneziawg file downloaded successfully"
        else
            echo "Error downloading kmod-amneziawg. Please, install kmod-amneziawg manually and run the script again"
            exit 1
        fi
        opkg install "$AWG_DIR/$KMOD_AMNEZIAWG_FILENAME"
        if [ $? -eq 0 ]; then
            echo "kmod-amneziawg file downloaded successfully"
        else
            echo "Error installing kmod-amneziawg. Please, install kmod-amneziawg manually and run the script again"
            exit 1
        fi
    fi
    if opkg list-installed | grep -q amneziawg-tools; then
        echo "amneziawg-tools already installed"
    else
        AMNEZIAWG_TOOLS_FILENAME="amneziawg-tools${PKGPOSTFIX}"
        DOWNLOAD_URL="${BASE_URL}v${VERSION}/${AMNEZIAWG_TOOLS_FILENAME}"
        wget -O "$AWG_DIR/$AMNEZIAWG_TOOLS_FILENAME" "$DOWNLOAD_URL"
        if [ $? -eq 0 ]; then
            echo "amneziawg-tools file downloaded successfully"
        else
            echo "Error downloading amneziawg-tools. Please, install amneziawg-tools manually and run the script again"
            exit 1
        fi
        opkg install "$AWG_DIR/$AMNEZIAWG_TOOLS_FILENAME"
        if [ $? -eq 0 ]; then
            echo "amneziawg-tools file downloaded successfully"
        else
            echo "Error installing amneziawg-tools. Please, install amneziawg-tools manually and run the script again"
            exit 1
        fi
    fi
    if opkg list-installed | grep -q luci-app-amneziawg; then
        echo "luci-app-amneziawg already installed"
    else
        LUCI_APP_AMNEZIAWG_FILENAME="luci-app-amneziawg${PKGPOSTFIX}"
        DOWNLOAD_URL="${BASE_URL}v${VERSION}/${LUCI_APP_AMNEZIAWG_FILENAME}"
        wget -O "$AWG_DIR/$LUCI_APP_AMNEZIAWG_FILENAME" "$DOWNLOAD_URL"
        if [ $? -eq 0 ]; then
            echo "luci-app-amneziawg file downloaded successfully"
        else
            echo "Error downloading luci-app-amneziawg. Please, install luci-app-amneziawg manually and run the script again"
            exit 1
        fi
        opkg install "$AWG_DIR/$LUCI_APP_AMNEZIAWG_FILENAME"
        if [ $? -eq 0 ]; then
            echo "luci-app-amneziawg file downloaded successfully"
        else
            echo "Error installing luci-app-amneziawg. Please, install luci-app-amneziawg manually and run the script again"
            exit 1
        fi
    fi
    rm -rf "$AWG_DIR"
 }
 wg_awg_setup() {
    PROTOCOL_NAME=$1
    printf "\033[32;1mConfigure ${PROTOCOL_NAME}\033[0m\n"
    if [ "$PROTOCOL_NAME" = 'Wireguard' ]; then
        INTERFACE_NAME="wg0"
        CONFIG_NAME="wireguard_wg0"
        PROTO="wireguard"
        ZONE_NAME="wg"
    fi
    if [ "$PROTOCOL_NAME" = 'AmneziaWG' ]; then
        INTERFACE_NAME="awg0"
        CONFIG_NAME="amneziawg_awg0"
        PROTO="amneziawg"
        ZONE_NAME="awg"
        echo "Do you want to use AmneziaWG config or basic Wireguard config + automatic obfuscation?"
        echo "1) AmneziaWG"
        echo "2) Wireguard + automatic obfuscation"
        read CONFIG_TYPE
    fi
    read -r -p "Enter the private key (from [Interface]):"$'\n' WG_PRIVATE_KEY_INT
    while true; do
        read -r -p "Enter internal IP address with subnet, example 192.168.100.5/24 (from [Interface]):"$'\n' WG_IP
        if echo "$WG_IP" | egrep -oq '^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]+$'; then
            break
        else
            echo "This IP is not valid. Please repeat"
        fi
    done
    read -r -p "Enter the public key (from [Peer]):"$'\n' WG_PUBLIC_KEY_INT
    read -r -p "If use PresharedKey, Enter this (from [Peer]). If your don't use leave blank:"$'\n' WG_PRESHARED_KEY_INT
    read -r -p "Enter Endpoint host without port (Domain or IP) (from [Peer]):"$'\n' WG_ENDPOINT_INT
    read -r -p "Enter Endpoint host port (from [Peer]) [51820]:"$'\n' WG_ENDPOINT_PORT_INT
    WG_ENDPOINT_PORT_INT=${WG_ENDPOINT_PORT_INT:-51820}
    if [ "$WG_ENDPOINT_PORT_INT" = '51820' ]; then
        echo $WG_ENDPOINT_PORT_INT
    fi
    if [ "$PROTOCOL_NAME" = 'AmneziaWG' ]; then
        if [ "$CONFIG_TYPE" = '1' ]; then
            read -r -p "Enter Jc value (from [Interface]):"$'\n' AWG_JC
            read -r -p "Enter Jmin value (from [Interface]):"$'\n' AWG_JMIN
            read -r -p "Enter Jmax value (from [Interface]):"$'\n' AWG_JMAX
            read -r -p "Enter S1 value (from [Interface]):"$'\n' AWG_S1
            read -r -p "Enter S2 value (from [Interface]):"$'\n' AWG_S2
            read -r -p "Enter H1 value (from [Interface]):"$'\n' AWG_H1
            read -r -p "Enter H2 value (from [Interface]):"$'\n' AWG_H2
            read -r -p "Enter H3 value (from [Interface]):"$'\n' AWG_H3
            read -r -p "Enter H4 value (from [Interface]):"$'\n' AWG_H4
        elif [ "$CONFIG_TYPE" = '2' ]; then
            #Default values to wg automatic obfuscation
            AWG_JC=4
            AWG_JMIN=40
            AWG_JMAX=70
            AWG_S1=0
            AWG_S2=0
            AWG_H1=1
            AWG_H2=2
            AWG_H3=3
            AWG_H4=4
        fi
    fi
    uci set network.${INTERFACE_NAME}=interface
    uci set network.${INTERFACE_NAME}.proto=$PROTO
    uci set network.${INTERFACE_NAME}.private_key=$WG_PRIVATE_KEY_INT
    uci set network.${INTERFACE_NAME}.listen_port='51821'
    uci set network.${INTERFACE_NAME}.addresses=$WG_IP
    if [ "$PROTOCOL_NAME" = 'AmneziaWG' ]; then
        uci set network.${INTERFACE_NAME}.awg_jc=$AWG_JC
        uci set network.${INTERFACE_NAME}.awg_jmin=$AWG_JMIN
        uci set network.${INTERFACE_NAME}.awg_jmax=$AWG_JMAX
        uci set network.${INTERFACE_NAME}.awg_s1=$AWG_S1
        uci set network.${INTERFACE_NAME}.awg_s2=$AWG_S2
        uci set network.${INTERFACE_NAME}.awg_h1=$AWG_H1
        uci set network.${INTERFACE_NAME}.awg_h2=$AWG_H2
        uci set network.${INTERFACE_NAME}.awg_h3=$AWG_H3
        uci set network.${INTERFACE_NAME}.awg_h4=$AWG_H4
    fi
    if ! uci show network | grep -q ${CONFIG_NAME}; then
        uci add network ${CONFIG_NAME}
    fi
    uci set network.@${CONFIG_NAME}[0]=$CONFIG_NAME
    uci set network.@${CONFIG_NAME}[0].name="${INTERFACE_NAME}_client"
    uci set network.@${CONFIG_NAME}[0].public_key=$WG_PUBLIC_KEY_INT
    uci set network.@${CONFIG_NAME}[0].preshared_key=$WG_PRESHARED_KEY_INT
    uci set network.@${CONFIG_NAME}[0].route_allowed_ips='0'
    uci set network.@${CONFIG_NAME}[0].persistent_keepalive='25'
    uci set network.@${CONFIG_NAME}[0].endpoint_host=$WG_ENDPOINT_INT
    uci set network.@${CONFIG_NAME}[0].allowed_ips='0.0.0.0/0'
    uci set network.@${CONFIG_NAME}[0].endpoint_port=$WG_ENDPOINT_PORT_INT
    uci commit network
    if ! uci show firewall | grep -q "@zone.*name='${ZONE_NAME}'"; then
        printf "\033[32;1mZone Create\033[0m\n"
        uci add firewall zone
        uci set firewall.@zone[-1].name=$ZONE_NAME
        uci set firewall.@zone[-1].network=$INTERFACE_NAME
        uci set firewall.@zone[-1].forward='REJECT'
        uci set firewall.@zone[-1].output='ACCEPT'
        uci set firewall.@zone[-1].input='REJECT'
        uci set firewall.@zone[-1].masq='1'
        uci set firewall.@zone[-1].mtu_fix='1'
        uci set firewall.@zone[-1].family='ipv4'
        uci commit firewall
    fi
    if ! uci show firewall | grep -q "@forwarding.*name='${ZONE_NAME}'"; then
        printf "\033[32;1mConfigured forwarding\033[0m\n"
        uci add firewall forwarding
        uci set firewall.@forwarding[-1]=forwarding
        uci set firewall.@forwarding[-1].name="${ZONE_NAME}-lan"
        uci set firewall.@forwarding[-1].dest=${ZONE_NAME}
        uci set firewall.@forwarding[-1].src='lan'
        uci set firewall.@forwarding[-1].family='ipv4'
        uci commit firewall
    fi
    handler_network_restart
 }
 main
--- a/luci-app-podkop/Makefile
+++ b/luci-app-podkop/Makefile
@@ -1,19 +1,20 @@
 # See /LICENSE for more information.
 # This is free software, licensed under the GNU General Public License v2.
 include $(TOPDIR)/rules.mk
 PKG_NAME:=luci-app-podkop
-PKG_VERSION:=0.1.7
+PKG_VERSION:=0.2.4
 PKG_RELEASE:=1
 LUCI_TITLE:=LuCI podkop app
 LUCI_DEPENDS:=+luci-base +podkop
 LUCI_PKGARCH:=all
 LUCI_LANG.ru:=Русский (Russian)
 LUCI_LANG.en:=English
 PKG_LICENSE:=GPL-2.0-or-later
 PKG_MAINTAINER:=ITDog <podkop@itdog.info>
 LUCI_LANGUAGES:=en ru
 include $(TOPDIR)/feeds/luci/luci.mk
 # call BuildPackage - OpenWrt buildroot signature
--- a/luci-app-podkop/htdocs/luci-static/resources/view/podkop/podkop.js
+++ b/luci-app-podkop/htdocs/luci-static/resources/view/podkop/podkop.js
@@ -8,28 +8,30 @@ return view.extend({
    async render() {
        var m, s, o;
-        m = new form.Map('podkop', _('Podkop configuration'));
+        m = new form.Map('podkop', _('Podkop configuration'), null, ['main', 'second']);
        s = m.section(form.TypedSection, 'main');
        s.anonymous = true;
-        o = s.tab('main', _('Main'));
+        // Basic Settings Tab
        o = s.tab('basic', _('Basic Settings'));
-        o = s.taboption('main', form.ListValue, 'mode', _('Mode'), _('Select VPN or Proxy'));
+        o = s.taboption('basic', form.ListValue, 'mode', _('Connection Type'), _('Select between VPN and Proxy connection methods for traffic routing'));
        o.value('vpn', ('VPN'));
        o.value('proxy', ('Proxy'));
        o.ucisection = 'main';
-        o = s.taboption('main', form.Value, 'proxy_string', _('Proxy String'), _('String vless:// or ss://'));
+        o = s.taboption('basic', form.TextValue, 'proxy_string', _('Proxy Configuration URL'), _('Enter connection string starting with vless:// or ss:// for proxy configuration'));
        o.depends('mode', 'proxy');
        o.rows = 5;
        o.ucisection = 'main';
-        // Get all interface
+        o = s.taboption('basic', form.ListValue, 'interface', _('Network Interface'), _('Select network interface for VPN connection'));
        o = s.taboption('main', form.ListValue, 'interface', _('Interface'), _('Specify the interface'));
        o.depends('mode', 'vpn');
        o.ucisection = 'main';
        try {
            const devices = await network.getDevices();
            const excludeInterfaces = ['br-lan', 'eth0', 'eth1', 'wan', 'phy0-ap0', 'phy1-ap0'];
            devices.forEach(function (device) {
@@ -40,89 +42,289 @@ return view.extend({
                    if (!isExcluded) {
                        o.value(deviceName, deviceName);
                    }
                } else {
                    console.warn('Device name is undefined or empty');
                }
            });
        } catch (error) {
            console.error('Error fetching devices:', error);
        }
-        o = s.taboption('main', form.Flag, 'domain_list_enabled', _('Domain list enable'), _('<a href="https://github.com/itdoginfo/allow-domains" target="_blank">github.com/itdoginfo/allow-domains</a>'));
+        o = s.taboption('basic', form.Flag, 'domain_list_enabled', _('Community Domain Lists'));
        o.default = '0';
        o.rmempty = false;
        o.ucisection = 'main';
-        o = s.taboption('main', form.ListValue, 'domain_list', _('Domain list'), _('Select a list'));
+        o = s.taboption('basic', form.ListValue, 'domain_list', _('Domain List'), _('Select a list') + ' <a href="https://github.com/itdoginfo/allow-domains" target="_blank">github.com/itdoginfo/allow-domains</a>');
        o.placeholder = 'placeholder';
        o.value('ru_inside', 'Russia inside');
        o.value('ru_outside', 'Russia outside');
        o.value('ua', 'Ukraine');
        o.depends('domain_list_enabled', '1');
        o.rmempty = false;
        o.ucisection = 'main';
-        o = s.taboption('main', form.Flag, 'delist_domains_enabled', _('Delist domains from main list enable'));
+        o = s.taboption('basic', form.Flag, 'delist_domains_enabled', _('Domain Exclusions'), _('Exclude specific domains from routing rules'));
        o.default = '0';
        o.rmempty = false;
        o.ucisection = 'main';
        o.depends('domain_list_enabled', '1');
-        o = s.taboption('main', form.DynamicList, 'delist_domains', _('Delist domains'), _('Domains to be excluded'));
+        o = s.taboption('basic', form.DynamicList, 'delist_domains', _('Excluded Domains'), _('Domains to be excluded from routing'));
        o.placeholder = 'Delist domains';
        o.depends('delist_domains_enabled', '1');
        o.rmempty = false;
        o.ucisection = 'main';
-        o = s.taboption('main', form.Flag, 'subnets_list_enabled', _('Subnets list enable'));
+        o = s.taboption('basic', form.Flag, 'subnets_list_enabled', _('Community Subnet Lists'), _('Enable routing for popular services like Twitter, Meta, and Discord'));
        o.default = '0';
        o.rmempty = false;
        o.ucisection = 'main';
-        o = s.taboption('main', form.DynamicList, 'subnets', _('Subnets specify option'));
+        o = s.taboption('basic', form.DynamicList, 'subnets', _('Service Networks'), _('Select predefined service networks for routing'));
-        o.placeholder = 'Subnet list';
+        o.placeholder = 'Service network list';
        o.value('twitter', 'Twitter(x.com)');
        o.value('meta', 'Meta');
        o.value('discord', 'Discord(voice)');
        o.depends('subnets_list_enabled', '1');
        o.rmempty = false;
        o.ucisection = 'main';
-        o = s.taboption('main', form.Flag, 'custom_domains_list_enabled', _('Custom domains enable'));
+        o = s.taboption('basic', form.Flag, 'custom_domains_list_enabled', _('User Domain List'), _('Enable and manage your custom list of domains for selective routing'));
        o.default = '0';
        o.rmempty = false;
        o.ucisection = 'main';
-        o = s.taboption('main', form.DynamicList, 'custom_domains', _('Your domains'));
+        o = s.taboption('basic', form.DynamicList, 'custom_domains', _('User Domains'), _('Enter domain names without protocols (example: sub.example.com or example.com)'));
        o.placeholder = 'Domains list';
        o.depends('custom_domains_list_enabled', '1');
        o.rmempty = false;
        o.ucisection = 'main';
        o.validate = function (section_id, value) {
            if (!value || value.length === 0) {
                return true;
            }
-        o = s.taboption('main', form.Flag, 'custom_subnets_list_enabled', _('Custom subnets enable'));
+            const domainRegex = /^(?!-)[A-Za-z0-9-]+([-.][A-Za-z0-9-]+)*\.[A-Za-z]{2,}$/;
            if (!domainRegex.test(value)) {
                return _('Invalid domain format. Enter domain without protocol (example: sub.example.com)');
            }
            return true;
        };
        o = s.taboption('basic', form.Flag, 'custom_download_domains_list_enabled', _('Remote Domain Lists'), _('Download and use domain lists from remote URLs'));
        o.default = '0';
        o.rmempty = false;
        o.ucisection = 'main';
-        o = s.taboption('main', form.DynamicList, 'custom_subnets', _('Your subnet'));
+        o = s.taboption('basic', form.DynamicList, 'custom_download_domains', _('Remote Domain URLs'), _('Enter full URLs starting with http:// or https://'));
        o.placeholder = 'URL';
        o.depends('custom_download_domains_list_enabled', '1');
        o.rmempty = false;
        o.ucisection = 'main';
        o.validate = function (section_id, value) {
            if (!value || value.length === 0) {
                return true;
            }
            try {
                const url = new URL(value);
                if (!['http:', 'https:'].includes(url.protocol)) {
                    return _('URL must use http:// or https:// protocol');
                }
                return true;
            } catch (e) {
                return _('Invalid URL format. URL must start with http:// or https://');
            }
        };
        o = s.taboption('basic', form.Flag, 'custom_subnets_list_enabled', _('User Subnet List'), _('Enable and manage your custom list of IP subnets for selective routing'));
        o.default = '0';
        o.rmempty = false;
        o.ucisection = 'main';
        o = s.taboption('basic', form.DynamicList, 'custom_subnets', _('User Subnets'), _('Enter subnet in CIDR notation (example: 103.21.244.0/22)'));
        o.placeholder = 'Subnets list';
        o.depends('custom_subnets_list_enabled', '1');
        o.rmempty = false;
        o.ucisection = 'main';
        o.validate = function (section_id, value) {
            if (!value || value.length === 0) {
                return true;
            }
-        s = m.section(form.TypedSection, 'second');
+            const subnetRegex = /^(\d{1,3}\.){3}\d{1,3}\/\d{1,2}$/;
        s.anonymous = true;
-        o = s.tab('second', _('Second'));
+            if (!subnetRegex.test(value)) {
                return _('Invalid subnet format. Use format: X.X.X.X/Y (like 103.21.244.0/22)');
            }
-        o = s.taboption('second', form.Flag, 'second_enable', _('Second enable'));
+            const [ip, cidr] = value.split('/');
            const ipParts = ip.split('.');
            const cidrNum = parseInt(cidr);
            for (const part of ipParts) {
                const num = parseInt(part);
                if (num < 0 || num > 255) {
                    return _('IP address parts must be between 0 and 255');
                }
            }
            if (cidrNum < 0 || cidrNum > 32) {
                return _('CIDR must be between 0 and 32');
            }
            return true;
        };
        o = s.taboption('basic', form.Flag, 'custom_download_subnets_list_enabled', _('Remote Subnet Lists'), _('Download and use subnet lists from remote URLs'));
        o.default = '0';
        o.rmempty = false;
        o.ucisection = 'main';
-        o = s.taboption('second', form.ListValue, 'mode', _('Mode'), _('Select VPN or Proxy'));
+        o = s.taboption('basic', form.DynamicList, 'custom_download_subnets', _('Remote Subnet URLs'), _('Enter full URLs starting with http:// or https://'));
        o.placeholder = 'URL';
        o.depends('custom_download_subnets_list_enabled', '1');
        o.rmempty = false;
        o.ucisection = 'main';
        o.validate = function (section_id, value) {
            if (!value || value.length === 0) {
                return true;
            }
            try {
                const url = new URL(value);
                if (!['http:', 'https:'].includes(url.protocol)) {
                    return _('URL must use http:// or https:// protocol');
                }
                return true;
            } catch (e) {
                return _('Invalid URL format. URL must start with http:// or https://');
            }
        };
        o = s.taboption('basic', form.Flag, 'all_traffic_from_ip_enabled', _('IP for full redirection'), _('Specify local IP addresses whose traffic will always use the configured route'));
        o.default = '0';
        o.rmempty = false;
        o.ucisection = 'main';
        o = s.taboption('basic', form.DynamicList, 'all_traffic_ip', _('Local IPs'), _('Enter valid IPv4 addresses'));
        o.placeholder = 'IP';
        o.depends('all_traffic_from_ip_enabled', '1');
        o.rmempty = false;
        o.ucisection = 'main';
        o.validate = function (section_id, value) {
            if (!value || value.length === 0) {
                return true;
            }
            const ipRegex = /^(\d{1,3}\.){3}\d{1,3}$/;
            if (!ipRegex.test(value)) {
                return _('Invalid IP format. Use format: X.X.X.X (like 192.168.1.1)');
            }
            const ipParts = value.split('.');
            for (const part of ipParts) {
                const num = parseInt(part);
                if (num < 0 || num > 255) {
                    return _('IP address parts must be between 0 and 255');
                }
            }
            return true;
        };
        o = s.taboption('basic', form.Flag, 'exclude_from_ip_enabled', _('IP for exclusion'), _('Specify local IP addresses that will never use the configured route'));
        o.default = '0';
        o.rmempty = false;
        o.ucisection = 'main';
        o = s.taboption('basic', form.DynamicList, 'exclude_traffic_ip', _('Local IPs'), _('Enter valid IPv4 addresses'));
        o.placeholder = 'IP';
        o.depends('exclude_from_ip_enabled', '1');
        o.rmempty = false;
        o.ucisection = 'main';
        o.validate = function (section_id, value) {
            if (!value || value.length === 0) {
                return true;
            }
            const ipRegex = /^(\d{1,3}\.){3}\d{1,3}$/;
            if (!ipRegex.test(value)) {
                return _('Invalid IP format. Use format: X.X.X.X (like 192.168.1.1)');
            }
            const ipParts = value.split('.');
            for (const part of ipParts) {
                const num = parseInt(part);
                if (num < 0 || num > 255) {
                    return _('IP address parts must be between 0 and 255');
                }
            }
            return true;
        };
        // Additional Settings Tab
        o = s.tab('additional', _('Additional Settings'));
        o = s.taboption('additional', form.Flag, 'yacd', _('Yacd enable'), _('http://openwrt.lan:9090/ui'));
        o.default = '0';
        o.depends('mode', 'proxy');
        o.rmempty = false;
        o.ucisection = 'main';
        o = s.taboption('additional', form.Flag, 'socks5', _('Mixed enable'), _('Browser port: 2080'));
        o.default = '0';
        o.depends('mode', 'proxy');
        o.rmempty = false;
        o.ucisection = 'main';
        o = s.taboption('additional', form.Flag, 'exclude_ntp', _('Exclude NTP'), _('For issues with open connections sing-box'));
        o.default = '0';
        o.depends('mode', 'proxy');
        o.rmempty = false;
        o.ucisection = 'main';
        o = s.taboption('additional', form.ListValue, 'update_interval', _('List Update Frequency'), _('Select how often the lists will be updated'));
        o.value('0 */1 * * *', _('Every hour'));
        o.value('0 */2 * * *', _('Every 2 hours'));
        o.value('0 */4 * * *', _('Every 4 hours'));
        o.value('0 */6 * * *', _('Every 6 hours'));
        o.value('0 */12 * * *', _('Every 12 hours'));
        o.value('0 4 * * *', _('Once a day at 04:00'));
        o.value('0 4 * * 0', _('Once a week on Sunday at 04:00'));
        o.default = '0 4 * * *';
        o.rmempty = false;
        o.ucisection = 'main';
        // Secondary Settings Tab
        o = s.tab('secondary_config', _('Secondary Config'));
        o = s.taboption('secondary_config', form.Flag, 'second_enable', _('Secondary VPN/Proxy Enable'), _('Enable secondary VPN/Proxy configuration'));
        o.default = '0';
        o.rmempty = false;
        o.ucisection = 'second';
        o = s.taboption('secondary_config', form.ListValue, 'second_mode', _('Connection Type'), _('Select between VPN and Proxy connection methods for traffic routing'));
        o.value('vpn', ('VPN'));
        o.value('proxy', ('Proxy'));
        o.depends('second_enable', '1');
        o.ucisection = 'second';
-        o = s.taboption('second', form.Value, 'proxy_string', _('Proxy String'), _('String vless:// or ss://'));
+        o = s.taboption('secondary_config', form.TextValue, 'second_proxy_string', _('Proxy Configuration URL'), _('Enter connection string starting with vless:// or ss:// for proxy configuration'));
-        o.depends('mode', 'proxy');
+        o.depends('second_mode', 'proxy');
        o.ucisection = 'second';
-        // Get all interface
+        o = s.taboption('secondary_config', form.ListValue, 'second_interface', _('Network Interface'), _('Select network interface for VPN connection'));
-        o = s.taboption('second', form.ListValue, 'interface', _('Interface'), _('Specify the interface'));
+        o.depends('second_mode', 'vpn');
-        o.depends('mode', 'vpn');
+        o.ucisection = 'second';
        try {
            const devices = await network.getDevices();
            const excludeInterfaces = ['br-lan', 'eth0', 'eth1', 'wan', 'phy0-ap0', 'phy1-ap0'];
            devices.forEach(function (device) {
@@ -133,44 +335,88 @@ return view.extend({
                    if (!isExcluded) {
                        o.value(deviceName, deviceName);
                    }
                } else {
                    console.warn('Device name is undefined or empty');
                }
            });
        } catch (error) {
            console.error('Error fetching devices:', error);
        }
-        o = s.taboption('second', form.Flag, 'domain_service_enabled', _('Domain service enable'));
+        o = s.taboption('secondary_config', form.Flag, 'second_domain_service_enabled', _('Service Domain List Enable'), _('Enable predefined service domain lists for routing'));
        o.default = '0';
        o.rmempty = false;
        o.depends('second_enable', '1');
        o.ucisection = 'second';
-        o = s.taboption('second', form.ListValue, 'service_list', _('Service list'), _('Select a list'));
+        o = s.taboption('secondary_config', form.ListValue, 'second_service_list', _('Service List'), _('Select predefined services for routing'));
        o.placeholder = 'placeholder';
        o.value('youtube', 'Youtube');
-        o.depends('domain_service_enabled', '1');
+        o.depends('second_domain_service_enabled', '1');
        o.rmempty = false;
        o.ucisection = 'second';
-        o = s.taboption('second', form.Flag, 'custom_domains_list_enabled', _('Custom domains enable'));
+        o = s.taboption('secondary_config', form.Flag, 'second_custom_domains_list_enabled', _('User Domain List'), _('Enable and manage your custom list of domains for selective routing'));
        o.default = '0';
        o.rmempty = false;
        o.depends('second_enable', '1');
        o.ucisection = 'second';
-        o = s.taboption('second', form.DynamicList, 'custom_domains', _('Your domains'));
+        o = s.taboption('secondary_config', form.DynamicList, 'second_custom_domains', _('User Domains'), _('Enter domain names without protocols (example: sub.example.com or example.com)'));
        o.placeholder = 'Domains list';
-        o.depends('custom_domains_list_enabled', '1');
+        o.depends('second_custom_domains_list_enabled', '1');
        o.rmempty = false;
        o.ucisection = 'second';
        o.validate = function (section_id, value) {
            if (!value || value.length === 0) {
                return true;
            }
-        o = s.taboption('second', form.Flag, 'custom_subnets_list_enabled', _('Custom subnets enable'));
+            const domainRegex = /^(?!-)[A-Za-z0-9-]+([-.][A-Za-z0-9-]+)*\.[A-Za-z]{2,}$/;
            if (!domainRegex.test(value)) {
                return _('Invalid domain format. Enter domain without protocol (example: sub.example.com)');
            }
            return true;
        };
        o = s.taboption('secondary_config', form.Flag, 'second_custom_subnets_list_enabled', _('User Subnet List'), _('Enable and manage your custom list of IP subnets for selective routing'));
        o.default = '0';
        o.rmempty = false;
        o.depends('second_enable', '1');
        o.ucisection = 'second';
-        o = s.taboption('second', form.DynamicList, 'custom_subnets', _('Your subnet'));
+        o = s.taboption('secondary_config', form.DynamicList, 'second_custom_subnets', _('User Subnets'), _('Enter subnet in CIDR notation (example: 103.21.244.0/22)'));
        o.placeholder = 'Subnets list';
-        o.depends('custom_subnets_list_enabled', '1');
+        o.depends('second_custom_subnets_list_enabled', '1');
        o.rmempty = false;
        o.ucisection = 'second';
        o.validate = function (section_id, value) {
            if (!value || value.length === 0) {
                return true;
            }
            const subnetRegex = /^(\d{1,3}\.){3}\d{1,3}\/\d{1,2}$/;
            if (!subnetRegex.test(value)) {
                return _('Invalid subnet format. Use format: X.X.X.X/Y (like 103.21.244.0/22)');
            }
            const [ip, cidr] = value.split('/');
            const ipParts = ip.split('.');
            const cidrNum = parseInt(cidr);
            for (const part of ipParts) {
                const num = parseInt(part);
                if (num < 0 || num > 255) {
                    return _('IP address parts must be between 0 and 255');
                }
            }
            if (cidrNum < 0 || cidrNum > 32) {
                return _('CIDR must be between 0 and 32');
            }
            return true;
        };
        return m.render();
    }
--- a/luci-app-podkop/po/ru/podkop.po
+++ b/luci-app-podkop/po/ru/podkop.po
@@ -0,0 +1,221 @@
 msgid ""
 msgstr "Content-Type: text/plain; charset=UTF-8"
 msgid "Podkop configuration"
 msgstr "Настройка Podkop"
 msgid "Basic Settings"
 msgstr "Основные настройки"
 msgid "Additional Settings"
 msgstr "Дополнительные настройки"
 msgid "Secondary Config"
 msgstr "Второй маршрут"
 msgid "Secondary VPN/Proxy Enable"
 msgstr "Включить второй VPN/Proxy"
 msgid "Enable secondary VPN/Proxy configuration"
 msgstr "Включить конфигурацию второго VPN/Proxy"
 msgid "Connection Type"
 msgstr "Тип подключения"
 msgid "Select between VPN and Proxy connection methods for traffic routing"
 msgstr "Выберите между VPN и Proxy методами для маршрутизации трафика"
 msgid "Proxy Configuration URL"
 msgstr "URL конфигурации прокси"
 msgid "Enter connection string starting with vless:// or ss:// for proxy configuration"
 msgstr "Введите строку подключения, начинающуюся с vless:// или ss:// для настройки прокси"
 msgid "Network Interface"
 msgstr "Сетевой интерфейс"
 msgid "Select network interface for VPN connection"
 msgstr "Выберите сетевой интерфейс для VPN подключения"
 msgid "Community Domain Lists"
 msgstr "Предустановленные списки доменов"
 msgid "Domain List"
 msgstr "Список доменов"
 msgid "Select a list"
 msgstr "Выберите список доменов"
 msgid "Community Subnet Lists"
 msgstr "Предустановленные сети сервисов"
 msgid "Enable routing for popular services like Twitter, Meta, and Discord"
 msgstr "Включить маршрутизацию для популярных сервисов, таких как Twitter, Meta и Discord"
 msgid "Service Networks"
 msgstr "Сети сервисов"
 msgid "Select predefined service networks for routing"
 msgstr "Выберите предустановленные сети сервисов для маршрутизации"
 msgid "User Domain List"
 msgstr "Пользовательский список доменов"
 msgid "Enable and manage your custom list of domains for selective routing"
 msgstr "Включить и управлять пользовательским списком доменов для выборочной маршрутизации"
 msgid "User Domains"
 msgstr "Пользовательские домены"
 msgid "Enter domain names without protocols (example: sub.example.com or example.com)"
 msgstr "Введите имена доменов без протоколов (пример: sub.example.com или example.com)"
 msgid "Remote Domain Lists"
 msgstr "Удаленные списки доменов"
 msgid "Download and use domain lists from remote URLs"
 msgstr "Загрузка и использование списков доменов с удаленных URL"
 msgid "Remote Domain URLs"
 msgstr "URL удаленных доменов"
 msgid "Enter full URLs starting with http:// or https://"
 msgstr "Введите полные URL, начинающиеся с http:// или https://"
 msgid "User Subnet List"
 msgstr "Пользовательский список подсетей"
 msgid "Enable and manage your custom list of IP subnets for selective routing"
 msgstr "Включить и управлять пользовательским списком IP-подсетей для выборочной маршрутизации"
 msgid "User Subnets"
 msgstr "Пользовательские подсети"
 msgid "Enter subnet in CIDR notation (example: 103.21.244.0/22)"
 msgstr "Введите подсеть в нотации CIDR (пример: 103.21.244.0/22)"
 msgid "Remote Subnet Lists"
 msgstr "Удаленные списки подсетей"
 msgid "Download and use subnet lists from remote URLs"
 msgstr "Загрузка и использование списков подсетей с удаленных URL"
 msgid "Remote Subnet URLs"
 msgstr "URL удаленных подсетей"
 msgid "Domain Exclusions"
 msgstr "Исключения доменов"
 msgid "Exclude specific domains from routing rules"
 msgstr "Исключить определенные домены из правил маршрутизации"
 msgid "Excluded Domains"
 msgstr "Исключенные домены"
 msgid "Domains to be excluded from routing"
 msgstr "Домены, которые будут исключены из маршрутизации"
 msgid "IP for full redirection"
 msgstr "Принудительные прокси IP"
 msgid "Specify local IP addresses whose traffic will always use the configured route"
 msgstr "Укажите локальные IP-адреса, трафик которых всегда будет использовать настроенный маршрут"
 msgid "Local IPs"
 msgstr "Локальные IP"
 msgid "Enter valid IPv4 addresses"
 msgstr "Введите действительные IPv4 адреса"
 msgid "IP for exclusion"
 msgstr "Исключения прокси IP"
 msgid "Specify local IP addresses that will never use the configured route"
 msgstr "Укажите локальные IP-адреса, которые никогда не будут использовать настроенный маршрут"
 msgid "List Update Frequency"
 msgstr "Частота обновления списков"
 msgid "Select how often the lists will be updated"
 msgstr "Выберите, как часто будут обновляться списки"
 msgid "Every hour"
 msgstr "Каждый час"
 msgid "Every 2 hours"
 msgstr "Каждые 2 часа"
 msgid "Every 4 hours"
 msgstr "Каждые 4 часа"
 msgid "Every 6 hours"
 msgstr "Каждые 6 часов"
 msgid "Every 12 hours"
 msgstr "Каждые 12 часов"
 msgid "Once a day at 04:00"
 msgstr "Раз в день в 04:00"
 msgid "Once a week on Sunday at 04:00"
 msgstr "Раз в неделю в воскресенье в 04:00"
 msgid "Yacd enable"
 msgstr "Включить Yacd"
 msgid "Mixed enable"
 msgstr "Включить смешанный режим"
 msgid "Browser port: 2080"
 msgstr "Порт браузера: 2080"
 msgid "Exclude NTP"
 msgstr "Исключить NTP"
 msgid "For issues with open connections sing-box"
 msgstr "Для проблем с открытыми соединениями sing-box"
 msgid "Service Domain List Enable"
 msgstr "Включить список доменов сервисов"
 msgid "Enable predefined service domain lists for routing"
 msgstr "Включить предустановленные списки доменов для маршрутизации"
 msgid "Service List"
 msgstr "Список сервисов"
 msgid "Select predefined services for routing"
 msgstr "Выберите предустановленные сервисы для маршрутизации"
 msgid "Domains"
 msgstr "Домены"
 msgid "Subnet List"
 msgstr "Список подсетей"
 msgid "Configure custom subnets for routing"
 msgstr "Настройка пользовательских подсетей для маршрутизации"
 msgid "Subnets"
 msgstr "Подсети"
 msgid "Invalid domain format. Enter domain without protocol (example: sub.example.com)"
 msgstr "Неверный формат домена. Введите домен без протокола (пример: sub.example.com)"
 msgid "URL must use http:// or https:// protocol"
 msgstr "URL должен использовать протокол http:// или https://"
 msgid "Invalid URL format. URL must start with http:// or https://"
 msgstr "Неверный формат URL. URL должен начинаться с http:// или https://"
 msgid "Invalid subnet format. Use format: X.X.X.X/Y (like 192.168.1.0/24)"
 msgstr "Неверный формат подсети. Используйте формат: X.X.X.X/Y (например: 192.168.1.0/24)"
 msgid "IP address parts must be between 0 and 255"
 msgstr "Части IP-адреса должны быть между 0 и 255"
 msgid "CIDR must be between 0 and 32"
 msgstr "CIDR должен быть между 0 и 32"
 msgid "Invalid IP format. Use format: X.X.X.X (like 192.168.1.1)"
 msgstr "Неверный формат IP. Используйте формат: X.X.X.X (например: 192.168.1.1)"
--- a/luci-app-podkop/po/templates/podkop.pot
+++ b/luci-app-podkop/po/templates/podkop.pot
@@ -0,0 +1,221 @@
 msgid ""
 msgstr "Content-Type: text/plain; charset=UTF-8"
 msgid "Podkop configuration"
 msgstr ""
 msgid "Basic Settings"
 msgstr ""
 msgid "Additional Settings"
 msgstr ""
 msgid "Secondary Config"
 msgstr ""
 msgid "Secondary VPN/Proxy Enable"
 msgstr ""
 msgid "Enable secondary VPN/Proxy configuration"
 msgstr ""
 msgid "Connection Type"
 msgstr ""
 msgid "Select between VPN and Proxy connection methods for traffic routing"
 msgstr ""
 msgid "Proxy Configuration URL"
 msgstr ""
 msgid "Enter connection string starting with vless:// or ss:// for proxy configuration"
 msgstr ""
 msgid "Network Interface"
 msgstr ""
 msgid "Select network interface for VPN connection"
 msgstr ""
 msgid "Community Domain Lists"
 msgstr ""
 msgid "Domain List"
 msgstr ""
 msgid "Select a list"
 msgstr ""
 msgid "Community Subnet Lists"
 msgstr ""
 msgid "Enable routing for popular services like Twitter, Meta, and Discord"
 msgstr ""
 msgid "Service Networks"
 msgstr ""
 msgid "Select predefined service networks for routing"
 msgstr ""
 msgid "User Domain List"
 msgstr ""
 msgid "Enable and manage your custom list of domains for selective routing"
 msgstr ""
 msgid "User Domains"
 msgstr ""
 msgid "Enter domain names without protocols (example: sub.example.com or example.com)"
 msgstr ""
 msgid "Remote Domain Lists"
 msgstr ""
 msgid "Download and use domain lists from remote URLs"
 msgstr ""
 msgid "Remote Domain URLs"
 msgstr ""
 msgid "Enter full URLs starting with http:// or https://"
 msgstr ""
 msgid "User Subnet List"
 msgstr ""
 msgid "Enable and manage your custom list of IP subnets for selective routing"
 msgstr ""
 msgid "User Subnets"
 msgstr ""
 msgid "Enter subnet in CIDR notation (example: 103.21.244.0/22)"
 msgstr ""
 msgid "Remote Subnet Lists"
 msgstr ""
 msgid "Download and use subnet lists from remote URLs"
 msgstr ""
 msgid "Remote Subnet URLs"
 msgstr ""
 msgid "Domain Exclusions"
 msgstr ""
 msgid "Exclude specific domains from routing rules"
 msgstr ""
 msgid "Excluded Domains"
 msgstr ""
 msgid "Domains to be excluded from routing"
 msgstr ""
 msgid "IP for full redirection"
 msgstr ""
 msgid "Specify local IP addresses whose traffic will always use the configured route"
 msgstr ""
 msgid "Local IPs"
 msgstr ""
 msgid "Enter valid IPv4 addresses"
 msgstr ""
 msgid "IP for exclusion"
 msgstr ""
 msgid "Specify local IP addresses that will never use the configured route"
 msgstr ""
 msgid "List Update Frequency"
 msgstr ""
 msgid "Select how often the lists will be updated"
 msgstr ""
 msgid "Every hour"
 msgstr ""
 msgid "Every 2 hours"
 msgstr ""
 msgid "Every 4 hours"
 msgstr ""
 msgid "Every 6 hours"
 msgstr ""
 msgid "Every 12 hours"
 msgstr ""
 msgid "Once a day at 04:00"
 msgstr ""
 msgid "Once a week on Sunday at 04:00"
 msgstr ""
 msgid "Yacd enable"
 msgstr ""
 msgid "Mixed enable"
 msgstr ""
 msgid "Browser port: 2080"
 msgstr ""
 msgid "Exclude NTP"
 msgstr ""
 msgid "For issues with open connections sing-box"
 msgstr ""
 msgid "Service Domain List Enable"
 msgstr ""
 msgid "Enable predefined service domain lists for routing"
 msgstr ""
 msgid "Service List"
 msgstr ""
 msgid "Select predefined services for routing"
 msgstr ""
 msgid "Domains"
 msgstr ""
 msgid "Subnet List"
 msgstr ""
 msgid "Configure custom subnets for routing"
 msgstr ""
 msgid "Subnets"
 msgstr ""
 msgid "Invalid domain format. Enter domain without protocol (example: sub.example.com)"
 msgstr ""
 msgid "URL must use http:// or https:// protocol"
 msgstr ""
 msgid "Invalid URL format. URL must start with http:// or https://"
 msgstr ""
 msgid "Invalid subnet format. Use format: X.X.X.X/Y (like 103.21.244.0/22)"
 msgstr ""
 msgid "IP address parts must be between 0 and 255"
 msgstr ""
 msgid "CIDR must be between 0 and 32"
 msgstr ""
 msgid "Invalid IP format. Use format: X.X.X.X (like 192.168.1.1)"
 msgstr ""
--- a/luci-app-podkop/root/etc/uci-defaults/50_luci-podkop
+++ b/luci-app-podkop/root/etc/uci-defaults/50_luci-podkop
@@ -0,0 +1,10 @@
 #!/bin/sh
 rm -f /var/luci-indexcache*
 rm -f /tmp/luci-indexcache*
 [ -x /etc/init.d/rpcd ] && /etc/init.d/rpcd reload
 logger -t "podkop" "$timestamp uci-defaults script executed"
 exit 0
--- a/podkop/Makefile
+++ b/podkop/Makefile
@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=podkop
-PKG_VERSION:=0.1.7
+PKG_VERSION:=0.2.4
 PKG_RELEASE:=1
 PKG_MAINTAINER:=ITDog <podkop@itdog.info>
@@ -12,7 +12,7 @@ include $(INCLUDE_DIR)/package.mk
 define Package/podkop
 	SECTION:=net
 	CATEGORY:=Network
-	DEPENDS:=+curl +jq +kmod-nft-tproxy +coreutils-base64
+	DEPENDS:=+dnsmasq-full +curl +jq +kmod-nft-tproxy +coreutils-base64
 	TITLE:=Domain routing app
 	URL:=https://itdog.info
 	PKGARCH:=all
@@ -28,25 +28,13 @@ endef
 define Build/Compile
 endef
 define Package/podkop/postinst
 #!/bin/sh
 if ! uci show ucitrack | grep -q 'podkop'; then
    uci add ucitrack podkop
    uci set ucitrack.@podkop[-1].init=podkop
    uci commit ucitrack
 	/etc/init.d/ucitrack restart
 fi
 exit 0
 endef
 define Package/podkop/prerm
 #!/bin/sh
 grep -q "105 podkop" /etc/iproute2/rt_tables && sed -i "/105 podkop/d" /etc/iproute2/rt_tables
 rm -f /etc/hotplug.d/iface/50-podkop
 exit 0
 endef
@@ -57,6 +45,7 @@ endef
 define Package/podkop/install
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) ./files/etc/init.d/podkop $(1)/etc/init.d/podkop
 	sed -i "s/VERSION_FROM_MAKEFILE/$(PKG_VERSION)/g" $(1)/etc/init.d/podkop
 	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_CONF) ./files/etc/config/podkop $(1)/etc/config/podkop
--- a/podkop/files/etc/config/podkop
+++ b/podkop/files/etc/config/podkop
@@ -1,28 +1,38 @@
 config main 'main'
-	option mode 'proxy'
+	option mode ''
-	option interface 'wg0'
+	option interface ''
-	option proxy_string 'vless://60e7a3b2-5edb-4c0e-aa96-16702e4e0501@test.test:443/?type=tcp&encryption=none&flow=xtls-rprx-vision&sni=www.microsoft.com&fp=chrome&security=reality&pbk=O-IOLOcpVuzn9Eo3htHi0lxJ4YmeToNb6BhqUC7f7TQ&sid=4283c431d5a2263d#VLESS-podkop'
+	option proxy_string ''
 	option domain_list_enabled '1'
 	option domain_list 'ru_inside'
 	option subnets_list_enabled '0'
-	list subnets 'twitter'
+	#list subnets 'twitter'
 	option custom_domains_list_enabled '0'
-	list custom_domains 'ifconfig.co'
+	#list custom_domains ''
 	option custom_download_domains_list_enabled '0'
 	#list custom_download_domains ''
 	option custom_subnets_list_enabled '0'
-	list custom_subnets '188.114.96.0/20'
+	#list custom_subnets ''
 	option custom_download_subnets_list_enabled '0'
 	#list custom_download_subnets ''
 	option all_traffic_from_ip_enabled '0'
-	list all_traffic_ip '192.168.56.226'
+	#list all_traffic_ip ''
 	option delist_domains_enabled '0'
-	list delist_domains 'zerossl.com'
+	#list delist_domains ''
 	option exclude_from_ip_enabled '0'
 	#list exclude_traffic_ip ''
 	option yacd '0'
 	option socks5 '0'
 	option exclude_ntp '0'
 	option update_interval ''
 config second 'second'
 	option second_enable '0'
-	option mode 'proxy'
+	option second_mode 'proxy'
-	option interface 'wg1'
+	option second_interface ''
-	option proxy_string ''
+	option second_proxy_string ''
-	option domain_list_enabled '0'
+	option second_domain_service_enabled '0'
-	list domains 'youtube'
+	#list second_service_list 'youtube'
-	option custom_domains_list_enabled '0'
+	option second_custom_domains_list_enabled '0'
-	list custom_domains 'ifconfig.io'
+	#list second_custom_domains 'ifconfig.io'
-	option custom_subnets_list_enabled '0'
+	option second_custom_subnets_list_enabled '0'
-	list custom_subnets '-'
+	#list second_custom_subnets ''
--- a/podkop/files/etc/hotplug.d/iface/50-podkop
+++ b/podkop/files/etc/hotplug.d/iface/50-podkop
@@ -1,3 +1,28 @@
 #!/bin/sh
-/etc/init.d/podkop add_route_interface
+. /lib/functions.sh
 config_load "/etc/config/podkop"
 . /etc/init.d/podkop
 config_get "interface" "main" "interface" "0"
 config_get "mode" "main" "mode" "0"
 if [ "$mode" = "vpn" ] && [ -n "$interface" ]; then
    add_route_interface "$interface" "podkop"
 fi
 if [ "$mode" = "proxy" ]; then
    echo "Add route for main tproxy"
    add_route_tproxy podkop
 fi
 config_get second_enable "second" "second_enable" "0"
 config_get second_interface "second" "second_interface" "0"
 config_get "second_mode" "second" "second_mode" "0"
 if [ "$second_enable" -eq "1" ] && [ "$second_mode" = "vpn" ] && [ -n "$second_interface" ]; then
    add_route_interface "$second_interface" "podkop2"
 fi
 if [ "$second_enable" -eq "1" ] && [ "$second_mode" = "proxy" ]; then
    echo "Add route for second tproxy"
    add_route_tproxy podkop2
 fi
--- a/podkop/files/etc/init.d/podkop
+++ b/podkop/files/etc/init.d/podkop
@@ -1,6 +1,7 @@
 #!/bin/sh /etc/rc.common
 START=99
 USE_PROCD=1
 script=$(readlink "$initscript")
 NAME="$(basename ${script:-$initscript})"
@@ -11,13 +12,13 @@ EXTRA_HELP="        list_update    Updating domain and subnet lists
        add_route_interface  Adding route for interface
        sing_box_config_vless For test vless string"
-cron_job="0 4 * * * /etc/init.d/podkop list_update"
+config_get update_interval "main" "update_interval" "0 4 * * *"
 cron_job="${update_interval} /etc/init.d/podkop list_update"
-start() {
+start_service() {
    log "Start podkop"
    dnsmasqfull
    ucitrack
    routing_table_create
    add_mark
@@ -34,23 +35,27 @@ start() {
        fi
        config_get_bool second_enable "second" "second_enable" "0"
-        config_get mode "second" "mode" "0"
+        config_get second_mode "second" "second_mode" "0"
-        if [ "$second_enable" -eq "1" ] && [ "$mode" = "proxy" ]; then
+        if [ "$second_enable" -eq "1" ] && [ "$second_mode" = "proxy" ]; then
-            config_get proxy_string second "proxy_string"
+            config_get proxy_string "second" "second_proxy_string"
            if [[ "$proxy_string" =~ ^ss:// ]]; then
                sing_box_config_shadowsocks "$proxy_string" "1603"
            elif [[ "$proxy_string" =~ ^vless:// ]]; then
                sing_box_config_vless "$proxy_string" "1603"
            else
                log "Unsupported proxy type: $proxy_string"
-                exit 1
+                return
            fi
            add_route_tproxy podkop2
            sing_box_config_check
            sing_box_uci
            /etc/init.d/sing-box restart
            /etc/init.d/sing-box enable
        fi
-        if [ "$second_enable" -eq "1" ] && [ "$mode" = "vpn" ]; then
+        if [ "$second_enable" -eq "1" ] && [ "$second_mode" = "vpn" ]; then
            log "VPN mode for second"
-            config_get interface "second" "interface" "0"
+            config_get interface "second" "second_interface" "0"
            if [ -n "$interface" ]; then
                add_route_interface "$interface" "podkop2"
            else
@@ -62,13 +67,13 @@ start() {
        log "Proxy mode"
        if ! command -v sing-box >/dev/null 2>&1; then
            log "Sing-box isn't installed. Proxy mode works with sing-box"
-            exit 1
+            return
        fi
        # Main - proxy, Second - proxy
        config_get_bool second_enable "second" "second_enable" "0"
-        config_get mode "second" "mode" "0"
+        config_get second_mode "second" "second_mode" "0"
-        if [ "$second_enable" -eq "1" ] && [ "$mode" = "proxy" ]; then
+        if [ "$second_enable" -eq "1" ] && [ "$second_mode" = "proxy" ]; then
            log "Two proxy enable"
            outbound_main=$(mktemp)
            outbound_second=$(mktemp)
@@ -80,17 +85,17 @@ start() {
                sing_box_config_outbound_vless "$proxy_string" "$outbound_main" main
            else
                log "Unsupported proxy type: $proxy_string"
-                exit 1
+                return
            fi
-            config_get proxy_string second "proxy_string"
+            config_get proxy_string "second" "second_proxy_string"
            if [[ "$proxy_string" =~ ^ss:// ]]; then
                sing_box_config_outbound_shadowsocks "$proxy_string" "$outbound_second" second
            elif [[ "$proxy_string" =~ ^vless:// ]]; then
                sing_box_config_outbound_vless "$proxy_string" "$outbound_second" second
            else
                log "Unsupported proxy type: $proxy_string"
-                exit 1
+                return
            fi
            jq --argjson outbounds "$(jq -s '{"outbounds": (.[0].outbounds + .[1].outbounds)}' "$outbound_main" "$outbound_second")" \
@@ -104,8 +109,8 @@ start() {
        # Main proxy, second disable/vpn
        config_get_bool second_enable "second" "second_enable" "0"
-        config_get mode "second" "mode" "0"
+        config_get second_mode "second" "second_mode" "0"
-        if [ "$second_enable" -eq "0" ] || [ "$mode" = "vpn" ]; then
+        if [ "$second_enable" -eq "0" ] || [ "$second_mode" = "vpn" ]; then
            config_get proxy_string main "proxy_string"
            if [[ "$proxy_string" =~ ^ss:// ]]; then
                sing_box_config_shadowsocks "$proxy_string" "1602"
@@ -113,7 +118,7 @@ start() {
                sing_box_config_vless "$proxy_string" "1602"
            else
                log "Unsupported proxy type: $proxy_string"
-                exit 1
+                return
            fi
            add_route_tproxy podkop
        fi
@@ -125,11 +130,11 @@ start() {
        # Main proxy, Second VPN
        config_get_bool second_enable "second" "second_enable" "0"
-        config_get mode "second" "mode" "0"
+        config_get second_mode "second" "second_mode" "0"
-        if [ "$second_enable" -eq "1" ] && [ "$mode" = "vpn" ]; then
+        if [ "$second_enable" -eq "1" ] && [ "$second_mode" = "vpn" ]; then
            log "VPN mode for seconds"
            log "You are using VPN mode, make sure you have installed all the necessary packages, configured, created the zone and forwarding."
-            config_get interface "second" "interface" "0"
+            config_get interface "second" "second_interface" "0"
            if [ -n "$interface" ]; then
                add_route_interface "$interface" "podkop2"
            else
@@ -139,7 +144,7 @@ start() {
        ;;
    *)
        log "Requires *vpn* or *proxy* value"
-        exit 1
+        return
        ;;
    esac
@@ -154,9 +159,43 @@ start() {
        log "Adding an IP to redirect all traffic"
        config_list_foreach main all_traffic_ip list_all_traffic_from_ip
    fi
    config_get_bool exclude_from_ip_enabled "main" "exclude_from_ip_enabled" "0"
    if [ "$exclude_from_ip_enabled" -eq 1 ]; then
        log "Adding an IP for exclusion"
        config_list_foreach main exclude_traffic_ip list_exclude_traffic_from_ip
    fi
    config_get_bool yacd "main" "yacd" "0"
    if [ "$yacd" -eq 1 ]; then
        log "Yacd enable"
        jq '.experimental.clash_api = {
            "external_ui": "ui",
            "external_controller": "0.0.0.0:9090"
        }' /etc/sing-box/config.json >/tmp/sing-box-config-tmp.json && mv /tmp/sing-box-config-tmp.json /etc/sing-box/config.json
        /etc/init.d/sing-box restart
    fi
    config_get_bool socks5 "main" "socks5" "0"
    if [ "$socks5" -eq 1 ]; then
        log "Socks5 local enable port 2080"
        jq '.inbounds += [{
            "type": "mixed",
            "listen": "0.0.0.0",
            "listen_port": 2080,
            "set_system_proxy": false
        }]' /etc/sing-box/config.json >/tmp/sing-box-config-tmp.json && mv /tmp/sing-box-config-tmp.json /etc/sing-box/config.json
        /etc/init.d/sing-box restart
    fi
    config_get_bool exclude_ntp "main" "exclude_ntp" "0"
    if [ "$exclude_ntp" -eq 1 ]; then
        log "NTP traffic exclude for proxy"
        nft insert rule inet PodkopTable mangle udp dport 123 return
    fi
 }
-stop() {
+stop_service() {
    log "Stopping the podkop"
    rm -f /tmp/dnsmasq.d/podkop*
    remove_cron_job
@@ -186,7 +225,7 @@ stop() {
    log "Stop sing-box"
    config_get mode_main "main" "mode" "0"
-    config_get mode_second "second" "mode" "0"
+    config_get mode_second "second" "second_mode" "0"
    if [ "$mode_main" = "proxy" ] || [ "$mode_second" = "proxy" ]; then
        /etc/init.d/sing-box stop
@@ -194,16 +233,21 @@ stop() {
    fi
 }
-restart() {
+restart_service() {
    stop
    start
 }
-reload() {
+reload_service() {
    stop
    start
 }
 service_triggers() {
    log "service_triggers start"
    procd_add_config_trigger "config.change" "$NAME" "$initscript" reload 'on_config_change'
 }
 log() {
    local message="$1"
    local timestamp=$(date +"%Y-%m-%d %H:%M:%S")
@@ -212,21 +256,20 @@ log() {
    local RESET="\033[0m"
    echo -e "${CYAN}[$timestamp]${RESET} ${GREEN}$message${RESET}"
    logger -t "podkop" "$timestamp $message"
 }
 add_cron_job() {
-    if ! crontab -l | grep -q "podkop"; then
+    remove_cron_job
        #echo "$cron_job" >>/etc/crontabs/root
    crontab -l | {
        cat
        echo "$cron_job"
    } | crontab -
-        log "The cron job has been created"
+    log "The cron job has been created: $cron_job"
    fi
 }
 remove_cron_job() {
-    sed -i "\|podkop|d" /etc/crontabs/root
+    (crontab -l | grep -v "/etc/init.d/podkop list_update") | crontab -
    log "The cron job removed"
 }
@@ -249,6 +292,13 @@ list_update() {
        dnsmasq_config_check podkop-custom-domains.lst
    fi
    config_get_bool custom_download_domains_list_enabled "main" "custom_download_domains_list_enabled" "0"
    if [ "$custom_download_domains_list_enabled" -eq 1 ]; then
        log "Adding a custom domains list from URL"
        add_set "podkop_domains" "main"
        config_list_foreach main custom_download_domains "list_custom_download_domains_create" "podkop"
    fi
    config_get_bool delist_domains_enabled "main" "delist_domains_enabled" "0"
    if [ "$delist_domains_enabled" -eq 1 ] && [ "$domain_list_enabled" -eq 1 ]; then
        log "Exclude domains from the common list"
@@ -260,27 +310,27 @@ list_update() {
        /etc/init.d/dnsmasq restart
    fi
-    config_get_bool custom_domains_list_enabled "second" "custom_domains_list_enabled" "0"
+    config_get_bool second_custom_domains_list_enabled "second" "second_custom_domains_list_enabled" "0"
-    if [ "$custom_domains_list_enabled" -eq 1 ]; then
+    if [ "$second_custom_domains_list_enabled" -eq 1 ]; then
        log "Adding a custom domains list. Second podkop"
        add_set "podkop2_domains" "second"
        rm -f /tmp/dnsmasq.d/podkop2-custom-domains.lst
-        config_list_foreach second custom_domains "list_delist_domains"
+        config_list_foreach second second_custom_domains "list_delist_domains"
-        config_list_foreach second custom_domains "list_custom_domains_create" "podkop2"
+        config_list_foreach second second_custom_domains "list_custom_domains_create" "podkop2"
        dnsmasq_config_check podkop2-custom-domains.lst
    fi
-    config_get_bool domain_service_enabled "second" "domain_service_enabled" "0"
+    config_get_bool second_domain_service_enabled "second" "second_domain_service_enabled" "0"
-    if [ "$domain_service_enabled" -eq 1 ]; then
+    if [ "$second_domain_service_enabled" -eq 1 ]; then
        log "Adding a service for podkop2"
        add_set "podkop2_domains" "second"
-        config_get service_list second "service_list"
+        config_get second_service_list second "second_service_list"
-        lists_services_download "$service_list"
+        lists_services_download "$second_service_list"
-        config_list_foreach second custom_domains "list_delist_domains"
+        config_list_foreach second second_custom_domains "list_delist_domains"
        dnsmasq_config_check podkop2-domains.lst
    fi
-    if [ "$custom_domains_list_enabled" -eq 1 ] || [ "$domain_service_enabled" -eq 1 ]; then
+    if [ "$second_custom_domains_list_enabled" -eq 1 ] || [ "$second_domain_service_enabled" -eq 1 ]; then
        /etc/init.d/dnsmasq restart
    fi
@@ -292,6 +342,14 @@ list_update() {
        config_list_foreach main subnets "list_subnets_download"
    fi
    config_get_bool custom_download_subnets_list_enabled "main" "custom_download_subnets_list_enabled" "0"
    if [ "$custom_download_subnets_list_enabled" -eq 1 ]; then
        log "Adding a subnets from URL"
        mkdir -p /tmp/podkop
        add_set "podkop_subnets" "main"
        config_list_foreach main custom_download_subnets "list_subnets_download"
    fi
    config_get_bool custom_subnets_list_enabled "main" "custom_subnets_list_enabled" "0"
    if [ "$custom_subnets_list_enabled" -eq 1 ]; then
        log "Adding a custom subnets list"
@@ -299,11 +357,11 @@ list_update() {
        config_list_foreach main custom_subnets "list_custom_subnets_create" "podkop"
    fi
-    config_get_bool custom_subnets_list_enabled "second" "custom_subnets_list_enabled" "0"
+    config_get_bool second_custom_subnets_list_enabled "second" "second_custom_subnets_list_enabled" "0"
-    if [ "$custom_subnets_list_enabled" -eq 1 ]; then
+    if [ "$second_custom_subnets_list_enabled" -eq 1 ]; then
        log "Adding a custom subnets list. Second"
        add_set "podkop2_subnets" "second"
-        config_list_foreach second custom_subnets "list_custom_subnets_create" "podkop2"
+        config_list_foreach second second_custom_subnets "list_custom_subnets_create" "podkop2"
    fi
 }
@@ -312,15 +370,7 @@ dnsmasqfull() {
        log "Dnsmasq-full is not installed. Future: link only"
        log "Use script or:"
        log "cd /tmp/ && /bin/opkg download dnsmasq-full && /bin/opkg remove dnsmasq && /bin/opkg install dnsmasq-full --cache /tmp/ && cp /etc/config/dhcp /etc/config/dhcp-old && mv /etc/config/dhcp-opkg /etc/config/dhcp"
-        exit 1
+        return
    fi
 }
 ucitrack() {
    if grep -q "podkop" /etc/config/ucitrack; then
        log "ucitrack config ok"
    else
        log "ucitrack config not found"
    fi
 }
@@ -338,43 +388,51 @@ add_set() {
    nft add table inet PodkopTable
    log "Create set $set_name"
-    nft add chain inet PodkopTable mangle_podkop { type filter hook prerouting priority mangle \; policy accept \;}
+    nft add chain inet PodkopTable mangle { type filter hook prerouting priority -150 \; policy accept \;}
    nft add set inet PodkopTable "$set_name" { type ipv4_addr\; flags interval\; auto-merge\; }
    if [ "$connect" = "main" ]; then
        config_get mode "$connect" "mode"
    else
        config_get mode "$connect" "second_mode"
    fi
    case "$mode" in
    "vpn")
-        # if nft list table inet PodkopTable | grep -q "chain prerouting"; then
+        if ! nft list chain inet PodkopTable mangle | grep -q "ip daddr @"$set_name" meta mark set"; then
        #     nft delete chain inet PodkopTable prerouting
        # fi
        if ! nft list chain inet PodkopTable mangle_podkop | grep -q "ip daddr @"$set_name" meta mark set"; then
            if [ "$connect" = "main" ]; then
-                nft add rule inet PodkopTable mangle_podkop ip daddr @"$set_name" meta mark set 0x105 counter
+                nft add rule inet PodkopTable mangle iifname "br-lan" ip daddr @"$set_name" meta mark set 0x105 counter
            elif [ "$connect" = "second" ]; then
-                nft add rule inet PodkopTable mangle_podkop ip daddr @"$set_name" meta mark set 0x106 counter
+                nft add rule inet PodkopTable mangle iifname "br-lan" ip daddr @"$set_name" meta mark set 0x106 counter
            fi
        fi
        ;;
    "proxy")
-        nft add chain inet PodkopTable prerouting { type filter hook prerouting priority mangle \; }
+        nft add chain inet PodkopTable proxy { type filter hook prerouting priority -100 \; }
        if nft list table inet PodkopTable | grep -q "ip daddr @"$set_name" meta l4proto"; then
            log "Nft rule tproxy exists"
        else
            log "Added nft rule tproxy"
            if [ "$connect" = "main" ]; then
-                nft add rule inet PodkopTable prerouting iifname "br-lan" ip daddr @"$set_name" meta l4proto tcp meta mark set 0x105 tproxy ip to :1602 counter
+                nft add rule inet PodkopTable mangle iifname "br-lan" ip daddr @"$set_name" meta l4proto tcp meta mark set 0x105 counter
-                nft add rule inet PodkopTable prerouting iifname "br-lan" ip daddr @"$set_name" meta l4proto udp meta mark set 0x105 tproxy ip to :1602 counter
+                nft add rule inet PodkopTable mangle iifname "br-lan" ip daddr @"$set_name" meta l4proto udp meta mark set 0x105 counter
                if ! ( nft list table inet PodkopTable | grep -q "meta mark 0x00000105 meta l4proto tcp tproxy" ); then
                    nft add rule inet PodkopTable proxy meta mark 0x105 meta l4proto tcp tproxy ip to :1602 counter
                    nft add rule inet PodkopTable proxy meta mark 0x105 meta l4proto udp tproxy ip to :1602 counter
                fi
            elif [ "$connect" = "second" ]; then
-                nft add rule inet PodkopTable prerouting iifname "br-lan" ip daddr @"$set_name" meta l4proto tcp meta mark set 0x106 tproxy ip to :1603 counter
+                nft add rule inet PodkopTable mangle iifname "br-lan" ip daddr @"$set_name" meta l4proto tcp meta mark set 0x106 counter
-                nft add rule inet PodkopTable prerouting iifname "br-lan" ip daddr @"$set_name" meta l4proto udp meta mark set 0x106 tproxy ip to :1603 counter
+                nft add rule inet PodkopTable mangle iifname "br-lan" ip daddr @"$set_name" meta l4proto udp meta mark set 0x106 counter
                if ! ( nft list table inet PodkopTable | grep -q "meta mark 0x00000106 meta l4proto tcp tproxy" ); then
                    nft add rule inet PodkopTable proxy meta mark 0x106 meta l4proto tcp tproxy ip to :1603 counter
                    nft add rule inet PodkopTable proxy meta mark 0x106 meta l4proto udp tproxy ip to :1603 counter
                fi
            fi
        fi
        ;;
    *)
        log "Requires *vpn* or *proxy* value"
-        exit 1
+        return
        ;;
    esac
 }
@@ -382,12 +440,22 @@ add_set() {
 add_route_interface() {
    local interface="$1"
    local table="$2"
-    local retry_count=0
+    local retry_count_route=0
-    local max_retries=20
+    local max_retries=10
    if ! ip link show "$interface" >/dev/null 2>&1; then
    log "Interface "$interface" undetected, wait 10 sec..."
    sleep 10
        if ! ip link show "$interface" >/dev/null 2>&1; then
            log "Interface "$interface" undetected. exit"
            return
        fi
    fi
    if ! ip link show "$interface" >/dev/null 2>&1; then
        log "Interface "$interface" does not exist, not possible to create a route"
-        exit 1
+        return
    fi
    if ip route show table $table | grep -q "^default dev"; then
@@ -396,11 +464,11 @@ add_route_interface() {
    fi
    log "Added route for "$interface""
-    while [ $retry_count -lt $max_retries ]; do
+    while [ $retry_count_route -lt $max_retries ]; do
        if ip route add table $table default dev "$interface" 2>&1 | grep -q "Network is down"; then
-            log "Error: Network is down. Let's try again in 3 seconds"
+            log "Attempt $retry_count_route: Interface "$interface" is down, retrying in 3 seconds..."
            sleep 3
-            retry_count=$((retry_count + 1))
+            retry_count_route=$((retry_count_route + 1))
        else
            log "Route for "$interface" added"
            return 0
@@ -408,7 +476,7 @@ add_route_interface() {
    done
    log "The maximum number of attempts has been exceeded. Failed to add a route."
-    exit 1
+    return
 }
 add_route_tproxy() {
@@ -459,7 +527,7 @@ lists_domains_download() {
        ;;
    *)
        log "Unidentified list of domains"
-        exit 1
+        return
        ;;
    esac
@@ -499,7 +567,7 @@ lists_services_download() {
        ;;
    *)
        log "Unidentified list of domains"
-        exit 1
+        return
        ;;
    esac
@@ -546,8 +614,12 @@ list_subnets_download() {
        URL=$DISCORD_SUBNETS
        ;;
    *)
-        log "Unidentified list of subnets"
+        log "Custom URL for subnet"
-        exit 1
+        if curl --output /dev/null --silent --head --fail "$URL"; then
            log "URL is valid"
        else
            log "URL $URL is not valid"
        fi
        ;;
    esac
@@ -565,6 +637,20 @@ list_custom_domains_create() {
    log "$domain added to the list"
 }
 list_custom_download_domains_create() {
    local URL="$1"
    local name="$2"
    local filename=$(basename "$URL")
    local config="/tmp/dnsmasq.d/${name}-${filename}.lst"
    rm -f $config
    curl -f "$URL" --output "/tmp/podkop/${filename}"
    while IFS= read -r domain; do
        echo "nftset=/$domain/4#inet#PodkopTable#${name}_domains" >>$config
    done <"/tmp/podkop/$filename"
    dnsmasq_config_check ${name}-${filename}.lst
 }
 list_custom_subnets_create() {
    local subnet="$1"
    local name="$2"
@@ -573,8 +659,37 @@ list_custom_subnets_create() {
 list_all_traffic_from_ip() {
    local ip="$1"
-    if ! nft list chain inet PodkopTable mangle_podkop | grep -q "ip saddr $ip"; then
+    if ! nft list chain inet PodkopTable mangle | grep -q "ip saddr $ip"; then
-        nft add rule inet PodkopTable mangle_podkop ip saddr $ip meta mark set 0x105
+        config_get mode "main" "mode" "0"
        if [ "$mode" = "vpn" ]; then
            nft insert rule inet PodkopTable mangle iifname "br-lan" ip saddr $ip meta mark set 0x105 counter
        elif [ "$mode" = "proxy" ]; then
            nft add set inet PodkopTable localv4 { type ipv4_addr\; flags interval\; }
            nft add element inet PodkopTable localv4 { \
                0.0.0.0/8, \
                10.0.0.0/8, \
                127.0.0.0/8, \
                169.254.0.0/16, \
                172.16.0.0/12, \
                192.0.0.0/24, \
                192.0.2.0/24, \
                192.88.99.0/24, \
                192.168.0.0/16, \
                198.18.0.0/15, \
                198.51.100.0/24, \
                203.0.113.0/24, \
                224.0.0.0/4, \
                240.0.0.0-255.255.255.255 }
            nft insert rule inet PodkopTable mangle iifname "br-lan" ip saddr $ip meta l4proto { tcp, udp } meta mark set 0x105 counter
            nft insert rule inet PodkopTable mangle ip saddr $ip ip daddr @localv4 return
        fi
    fi
 }
 list_exclude_traffic_from_ip() {
    local ip="$1"
    if ! nft list chain inet PodkopTable mangle | grep -q "ip saddr $ip"; then
        nft insert rule inet PodkopTable mangle ip saddr $ip return
    fi
 }
@@ -606,7 +721,7 @@ dnsmasq_config_check() {
    local config="$1"
    if ! /usr/sbin/dnsmasq --conf-file=/tmp/dnsmasq.d/$config --test 2>&1 | grep -q "syntax check OK"; then
        log "Dnsmasq config $config contains errors. Break"
-        exit 1
+        return
    fi
 }
@@ -678,6 +793,7 @@ sing_box_config_vless() {
    security=$(get_param "security")
    pbk=$(get_param "pbk")
    sid=$(get_param "sid")
    encoding=$(get_param "packetEncoding")
    alpn=$(echo "$(get_param "alpn" | sed 's/%2C/,/g; s/%2F/\//g')" | jq -R -s -c 'split(",")' | sed 's/\\n//g')
    label=$(echo "$STRING" | cut -d'#' -f2)
@@ -694,6 +810,7 @@ sing_box_config_vless() {
        --arg pbk "$pbk" \
        --arg sid "$sid" \
        --argjson alpn "$alpn" \
        --arg encoding "$encoding" \
        --arg listen_port "$listen_port" \
        '.inbounds[] |=
        if .type == "tproxy" then
@@ -707,6 +824,7 @@ sing_box_config_vless() {
            .uuid = $uuid |
            if $security == "reality" then 
                if $flow == "" then del(.flow) else .flow = $flow end |
                if $encoding == "" then del(.packet_encoding) else .packet_encoding = $encoding end |
                .tls.server_name = $sni |
                .tls.utls.fingerprint = $fp |
                .tls.reality.public_key = $pbk |
@@ -725,7 +843,6 @@ sing_box_config_vless() {
        end)' "$template_config" >/etc/sing-box/config.json
 }
 # make one function for full and outbound only
 sing_box_config_outbound_shadowsocks() {
    local STRING="$1"
    local outbound="$2"
@@ -779,6 +896,7 @@ sing_box_config_outbound_vless() {
    pbk=$(get_param "pbk")
    sid=$(get_param "sid")
    alpn=$(echo "$(get_param "alpn" | sed 's/%2C/,/g; s/%2F/\//g')" | jq -R -s -c 'split(",")' | sed 's/\\n//g')
    encoding=$(get_param "packetEncoding")
    label=$(echo "$STRING" | cut -d'#' -f2)
    template_config="/etc/podkop/sing-box-vless-outbound-template.json"
@@ -794,6 +912,7 @@ sing_box_config_outbound_vless() {
        --arg pbk "$pbk" \
        --arg sid "$sid" \
        --argjson alpn "$alpn" \
        --arg encoding "$encoding" \
        --arg tag "$name" \
        '.outbounds[] |= 
           (.server = $server |
@@ -801,6 +920,7 @@ sing_box_config_outbound_vless() {
            .uuid = $uuid |
            if $security == "reality" then 
                if $flow == "" then del(.flow) else .flow = $flow end |
                if $encoding == "" then del(.packet_encoding) else .packet_encoding = $encoding end |
                .tls.server_name = $sni |
                .tls.utls.fingerprint = $fp |
                .tls.reality.public_key = $pbk |
@@ -825,6 +945,6 @@ sing_box_config_outbound_vless() {
 sing_box_config_check() {
    if ! sing-box -c /etc/sing-box/config.json check >/dev/null 2>&1; then
        log "Sing-box configuration is invalid"
-        exit 1
+        return
    fi
 }
Author	SHA1	Message	Date
itdoginfo	c46984b1e1	0.2.4	2024-11-13 15:43:16 +03:00
itdoginfo	fcb03ff51e	Added install rus translate	2024-11-13 15:41:57 +03:00
itdoginfo	34ef7e074b	Fix value #6	2024-11-13 15:41:21 +03:00
itdoginfo	be1db9626d	Fixed alternative	2024-11-13 00:47:34 +03:00
itdoginfo	d232023140	Nft move br-lan to mark, renamed secondary, fixed po template	2024-11-13 00:44:26 +03:00
itdoginfo	a5d6b202a9	Update todo	2024-11-12 18:31:35 +03:00
itdoginfo	6cf88e319b	Some fixes for #6	2024-11-12 18:11:44 +03:00
itdoginfo	f82503de0e	Merge pull request #6 from VizzleTF/main Вкладки + cron + перевод + ci	2024-11-12 16:09:15 +03:00
Ivan Kvashonkin	f520270864	refactor: Extract version from tag and add to translate ipk file	2024-11-11 21:23:25 +03:00
Ivan Kvashonkin	66c7eb0ccb	feat: Improve custom routing options	2024-11-11 19:59:04 +03:00
Ivan Kvashonkin	52483887f4	fix: Rollout podkop init.d configuration	2024-11-11 19:08:06 +03:00
Ivan Kvashonkin	5195dfa715	feat: Add language translation package correct version	2024-11-11 18:51:34 +03:00
Ivan Kvashonkin	47699ee0d6	refactor: Optimize VPN/Proxy configuration messages	2024-11-11 18:46:52 +03:00
Ivan Kvashonkin	b6f1c4e747	refactor: Rename and update settings tab	2024-11-11 18:38:05 +03:00
Ivan Kvashonkin	b3678323ca	feat: Consolidate settings into basic tab	2024-11-11 18:28:58 +03:00
Ivan Kvashonkin	d8a860fb2f	fix: second proxy configuration fixing	2024-11-10 18:39:14 +03:00
Ivan Kvashonkin	56e93a3d5f	refactor: Add ucisection attribute to taboptions	2024-11-10 17:40:23 +03:00
Ivan Kvashonkin	1ac1aa8f74	ci: Update CI build configuration	2024-11-10 16:11:03 +03:00
Ivan Kvashonkin	79761d9ba7	Merge branch 'main' of github.com:VizzleTF/podkop	2024-11-10 16:08:30 +03:00
Ivan Kvashonkin	6179306da9	fix: Fix secondary route configuration	2024-11-10 16:07:59 +03:00
Ivan K	8794fc72ed	Update README.md	2024-11-09 20:29:13 +03:00
Ivan Kvashonkin	20d0d00620	docs: Remove GitHub link from description	2024-11-09 00:41:44 +03:00
Ivan K	9f5e99ab52	Streamline build (#1 ) feat: Добавлена группировка по вкладкам feat: Выбор частоты обновления списков по cron на вкладке Дополнительные настройки feat: Перевод на русский язык cicd: Добавлена поддержка пакета luci-i18n-podkop-ru	2024-11-09 00:04:17 +03:00
itdoginfo	f4485ba0b5	Merge pull request #3 from Slava-Shchipunov/main Заменил инпут proxy string на textarea	2024-11-08 11:26:40 +03:00
Slava-Shchipunov	795ea2e384	feat: replace proxy string input to textarea	2024-11-08 02:10:33 +07:00
itdoginfo	4ba30ea117	Merge pull request #2 from Slava-Shchipunov/main Добавил валидацию поля для ввода домена	2024-11-07 11:32:55 +03:00
Slava-Shchipunov	853af95404	feat: add domain input validation	2024-11-07 11:33:32 +07:00
itdoginfo	cc427cbd8a	correct processing of procd	2024-11-06 18:19:29 +03:00
itdoginfo	96ea424498	0.2.2	2024-11-06 14:00:25 +03:00
itdoginfo	0ad4133202	Fix hotplug, added logger, fix add_route	2024-11-06 13:59:15 +03:00
itdoginfo	b29a187d46	0.2.1	2024-11-05 18:31:04 +03:00
itdoginfo	adecd707cd	Update	2024-11-05 18:27:44 +03:00
itdoginfo	eba1cbef64	Added interface up waiting	2024-11-05 18:27:36 +03:00
itdoginfo	ad21de83a9	Comment all list values	2024-11-05 18:26:48 +03:00
itdoginfo	fae0e42722	Uprade only mode, small refactor	2024-11-05 18:26:23 +03:00
itdoginfo	50f702aef9	Update	2024-11-05 14:05:11 +03:00
itdoginfo	d9c1f2a95c	Merge pull request #1 from Slava-Shchipunov/main Добавил автоматическую настройку туннелей awmneziawg и wg	2024-11-05 11:43:13 +03:00
Slava-Shchipunov	ee8bef67ee	refactor: add handler_network_restart	2024-11-05 10:27:57 +07:00
Slava-Shchipunov	dcc0733b89	docs: update readme	2024-11-03 22:38:55 +07:00
Slava-Shchipunov	e154718e90	refactor: move wg-awg setup to install.sh	2024-11-03 22:19:36 +07:00
Slava-Shchipunov	a53adb2df1	refactor: move install awg packages to install.sh	2024-11-03 22:16:34 +07:00
Slava-Shchipunov	fe245c31c3	refactor: move add tunnel to function	2024-11-03 22:13:16 +07:00
Slava-Shchipunov	ee6bbe3f13	Merge remote-tracking branch 'upstream/main'	2024-11-03 22:06:52 +07:00
itdoginfo	f48670018f	0.2.0	2024-11-01 22:30:32 +03:00
itdoginfo	8870a56885	Move to PROCD	2024-11-01 22:02:58 +03:00
Slava-Shchipunov	8cf9f4b61b	fix: add lost quotation mark	2024-11-01 21:22:40 +07:00
Slava-Shchipunov	fea3ae8606	Merge pull request #1 from Slava-Shchipunov/feat/add-amneziawg-auto-install Feat/add amneziawg auto install	2024-11-01 20:42:43 +07:00
Slava-Shchipunov	2524e08096	feat: update obfuscation Jc	2024-11-01 20:33:27 +07:00
Slava-Shchipunov	9754708fc1	refactor: add raw base url	2024-11-01 20:25:37 +07:00
Slava-Shchipunov	afe96ff295	fix: fix syntax error	2024-11-01 18:07:56 +07:00
Slava-Shchipunov	708cbe5a97	feat: add wg obfuscation	2024-11-01 17:54:33 +07:00
Slava-Shchipunov	65efe20fd2	feat: add wg auto setup	2024-11-01 17:26:31 +07:00
itdoginfo	16f737914b	Update	2024-10-30 16:56:25 +03:00
itdoginfo	6b19fbf7d9	Fix all traffic to trpoxy for IP, two chains, exclude NTP	2024-10-30 16:54:58 +03:00
Slava-Shchipunov	7b9f7ba605	fix: move network restart run	2024-10-30 10:23:52 +07:00
Slava-Shchipunov	415b5df621	fix: fix run wg-awg-setup	2024-10-30 10:13:57 +07:00
Slava-Shchipunov	0c8896bb6f	feat: add wg_awg_setup script	2024-10-30 10:00:38 +07:00
Slava-Shchipunov	bdcbba1376	feat: add awg install script	2024-10-30 09:29:11 +07:00
Slava-Shchipunov	d070ba5c4e	feat: add awg install to install.sh	2024-10-30 09:23:08 +07:00
itdoginfo	c8051bbbc8	Update	2024-10-29 18:50:28 +03:00
itdoginfo	50ba18d7ab	Update todo	2024-10-29 18:39:18 +03:00
itdoginfo	c159baa283	Remove alpn for reality	2024-10-29 18:38:42 +03:00
itdoginfo	74d3ee5374	Added: exclude for IP, URL lists, yacd, socks for browser and other	2024-10-29 17:47:38 +03:00
itdoginfo	62c9afaaff	Update todo	2024-10-29 17:44:27 +03:00
itdoginfo	a641b5e040	Update versions	2024-10-29 17:44:17 +03:00
itdoginfo	00305a0762	Fix tproxy for second	2024-10-28 20:56:56 +03:00
itdoginfo	5fca5840dd	Update	2024-10-26 17:28:04 +03:00
itdoginfo	832bab3bca	dnsmaqs-full dep	2024-10-26 17:27:48 +03:00
itdoginfo	34c8e69d6a	fix	2024-10-26 12:28:14 +03:00
itdoginfo	0ca37d38d3	uninstall getdomains	2024-10-26 01:02:51 +03:00