fix ipv6 and manual switch and polish README.md

README.md

@@ -6,25 +6,17 @@
 ![Static Badge](https://img.shields.io/badge/arm--64-support-blue)
 ![Static Badge](https://img.shields.io/badge/arm--v7-support-blue)
 ![GitHub all releases](https://img.shields.io/github/downloads/twoone-3/AdguardHome/total)
+[![](https://img.shields.io/badge/Telegram-Join%20Channel-blue?logo=telegram)](https://t.me/adguardhome_for_magisk_release)
+[![](https://img.shields.io/badge/Telegram-Join%20Group-blue?logo=telegram)](https://t.me/+mdZL11mJjxhkYjdl)
 
-加入我们的 [Telegram](https://t.me/adguardhome_for_magisk_release) 频道获取新消息
+关注我们的频道以获取最新消息，或者加入我们的群组进行讨论！
 
 # 用法
 - 使用前需在设置里关闭 `私人/专用dns`，在 Magisk/KernelSU 刷入并按照操作提示配置完成后即可使用，AdGuardHome 后台管理地址为 http://127.0.0.1:3000，默认用户名/密码root
 
 # 特性
-- 主 DNS 为 腾讯 DNSPod 公共 DNS 以及 阿里云 DNS，备用 DNS 为 Cloudflare DNS 和 Google DNS，你可以在 AdGuardHome 的 DNS 设置里更改来满足你的需求
-- 仅内置[秋风广告规则](https://github.com/TG-Twilight/AWAvenue-Ads-Rule)，省电，少误杀
-- 可以手动执行脚本来应用 iptables 规则，以将本机的 DNS 请求重定向到 AdGuardHome
-```shell
-# 启动 iptables 规则
-su -c /data/adb/modules/AdGuardHome/bin/apply_iptables.sh
-```
-```shell
-# 停止 iptables 规则
-su -c /data/adb/modules/AdGuardHome/bin/flush_iptables.sh
-```
-- 在项目模块目录下创建 `manual` 文件可选择是否在每次启动时应用 iptables 规则，也就是说只运行 AdGuardHome 主程序
+- 主 DNS 为腾讯和阿里，备用 DNS 为 Cloudflare 和 Google，你可以在 AdGuardHome 的 DNS 设置里更改来满足你的需求
+- 仅内置[秋风广告规则](https://github.com/TG-Twilight/AWAvenue-Ads-Rule)，精准，轻量，少误杀
 
 # FAQ
 > Q: 为什么模块无法屏蔽某些广告?

README_en.md

@@ -6,25 +6,17 @@ A Magisk/KernelSU module to block ads by redirecting and filtering DNS requests.
 ! [Static Badge](https://img.shields.io/badge/arm--64-support-blue)
 ! [Static Badge](https://img.shields.io/badge/arm--v7-support-blue) !
 ! [GitHub all releases](https://img.shields.io/github/downloads/twoone-3/AdguardHome/total)
+[![](https://img.shields.io/badge/Telegram-Join%20Channel-blue?logo=telegram)](https://t.me/adguardhome_for_magisk_release)
+[![](https://img.shields.io/badge/Telegram-Join%20Group-blue?logo=telegram)](https://t.me/+mdZL11mJjxhkYjdl)
 
-Join our [Telegram](https://t.me/adguardhome_for_magisk_release) channel for new messages!
+Follow our channel for the latest news, or join our group for discussion!
 
 # Usage
 - Disable `private/specialized dns` in settings before use, then flush it in Magisk/KernelSU and follow the instructions to configure it, AdGuardHome admin address is http://127.0.0.1:3000, default username/password root.
 
 # Features
 - The primary DNS is Tencent DNSPod public DNS and AliCloud DNS, the backup DNS is Cloudflare DNS and Google DNS, you can change the DNS settings in AdGuardHome to meet your needs.
-- Only built-in [Autumn Breeze Ad Rule](https://github.com/TG-Twilight/AWAvenue-Ads-Rule), which saves power and reduces false positives.
-- You can manually execute a script to apply iptables rules to redirect local DNS requests to AdGuardHome.
-```shell.
-# Start the iptables rule
-su -c /data/adb/modules/AdGuardHome/bin/apply_iptables.sh
-```
-```shell
-# Stop the iptables rule
-su -c /data/adb/modules/AdGuardHome/bin/flush_iptables.sh
-```
-- Create a `manual` file in the project modules directory to choose whether or not to apply the iptables rules on each startup, i.e., only run the main AdGuardHome program.
+- Only built-in [Autumn Breeze Ad Rule](https://github.com/TG-Twilight/AWAvenue-Ads-Rule), accurate, lightweight, and low false positives.
 
 # FAQ
 > Q: Why can't the module block some ads?

agh_service.sh

@@ -1,7 +1,7 @@
 #!/system/bin/sh
 
 (
-  until [ $(getprop init.svc.bootanim) = "stopped" ]; do
+  until [ "$(getprop init.svc.bootanim)" = "stopped" ]; do
     sleep 5
   done
 

bin/AdGuardHome.yaml

@@ -38,10 +38,7 @@ dns:
   fastest_timeout: 1s
   allowed_clients: []
   disallowed_clients: []
-  blocked_hosts:
-    - version.bind
-    - id.server
-    - hostname.bind
+  blocked_hosts: []
   trusted_proxies:
     - 127.0.0.0/8
     - ::1/128
@@ -63,7 +60,7 @@ dns:
   bootstrap_prefer_ipv6: false
   upstream_timeout: 10s
   private_networks: []
-  use_private_ptr_resolvers: true
+  use_private_ptr_resolvers: false
   local_ptr_upstreams: []
   use_dns64: false
   dns64_prefixes: []
@@ -147,7 +144,7 @@ filtering:
   parental_cache_size: 1048576
   cache_time: 30
   filters_update_interval: 168
-  blocked_response_ttl: 30
+  blocked_response_ttl: 10
   filtering_enabled: true
   parental_enabled: false
   safebrowsing_enabled: false

scripts/apply_iptables.sh

@@ -5,30 +5,32 @@ exec >"$AGH_DIR/apply.log" 2>&1
 source "$AGH_DIR/scripts/config.sh"
 
 # find packages uid
-echo -n "" >"${uid_list}"
+uid_list=()
 for package in "${packages_list[@]}"; do
-  busybox awk -v p="${package}" '$1~p{print $2}' "${system_packages_file}" >>"${uid_list}"
+  uid_list+=$(
+    busybox awk -v p="${package}" '$1~p{print $2}' "${system_packages_file}"
+  )
 done
 
 $iptables_w -t nat -N ADGUARD
 # return requests from AdGuardHome
 $iptables_w -t nat -A ADGUARD -m owner --uid-owner $adg_user --gid-owner $adg_group -j RETURN
 # return requests from bypassed apps
 if [ "$use_blacklist" = true ]; then
-  if [ ! -z "$(cat "${uid_list}")" ]; then
-    while read -r appid; do
-      $iptables_w -t nat -A ADGUARD -m owner --uid-owner $appid -j RETURN
-    done <"${uid_list}"
+  if [ ${#uid_list[@]} -ne 0 ]; then
+    for uid in "${uid_list[@]}"; do
+      $iptables_w -t nat -A ADGUARD -m owner --uid-owner $uid -j RETURN
+    done
   fi
   # redirect DNS requests to AdGuardHome
   $iptables_w -t nat -A ADGUARD -p udp --dport 53 -j REDIRECT --to-ports $redir_port
   $iptables_w -t nat -A ADGUARD -p tcp --dport 53 -j REDIRECT --to-ports $redir_port
 else
-  if [ ! -z "$(cat "${uid_list}")" ]; then
-    while read -r appid; do
-      $iptables_w -t nat -A ADGUARD -p udp --dport 53 -m owner --uid-owner $appid -j REDIRECT --to-ports $redir_port
-      $iptables_w -t nat -A ADGUARD -p tcp --dport 53 -m owner --uid-owner $appid -j REDIRECT --to-ports $redir_port
-    done <"${uid_list}"
+  if [ ${#uid_list[@]} -ne 0 ]; then
+    for uid in "${uid_list[@]}"; do
+      $iptables_w -t nat -A ADGUARD -p udp --dport 53 -m owner --uid-owner $uid -j REDIRECT --to-ports $redir_port
+      $iptables_w -t nat -A ADGUARD -p tcp --dport 53 -m owner --uid-owner $uid -j REDIRECT --to-ports $redir_port
+    done
   fi
   $iptables_w -t nat -A ADGUARD -j RETURN
 fi
@@ -38,7 +40,8 @@ $iptables_w -t nat -I OUTPUT -j ADGUARD
 
 if [ "$ipv6" = false ]; then
   # DROP ipv6 DNS requests
-  # ip6tables -t filter -A OUTPUT -p udp --dport 53 -j DROP
+  ip6tables -t filter -A OUTPUT -p udp --dport 53 -j DROP
+  ip6tables -t filter -A OUTPUT -p tcp --dport 53 -j DROP
   # disable ipv6
   # sysctl -w net.ipv4.ip_forward=1
   # sysctl -w net.ipv6.conf.all.forwarding=0

scripts/config.sh

@@ -1,8 +1,15 @@
 #!/system/bin/sh
 
+# 添加busybox到PATH
 if ! command -v busybox &> /dev/null; then
   export PATH="/data/adb/magisk:/data/adb/ksu/bin:/data/adb/ap/bin:$PATH:/system/bin"
 fi
+
+# 是否手动模式，默认关闭，开启后不会自动应用iptables规则
+# true: 开启
+# false: 关闭
+manual=false
+
 # 是否开启 ipv6，默认关闭，开启可能导致某些应用走v6无法屏蔽广告
 # true: 开启
 # false: 关闭
@@ -13,15 +20,18 @@ ipv6=false
 # false: 白名单
 use_blacklist=true
 
+# 重定向端口
+redir_port=5591
+
+# 用户组和用户
+adg_user="root"
+adg_group="net_raw"
+
 # 应用包名列表
 # 例如: ("com.tencent.mm" "com.tencent.mobileqq")
 packages_list=()
 
 # 以下内容无需修改
 system_packages_file="/data/system/packages.list"
-uid_list="/data/adb/agh/bin/appuid.list"
-# 数据
-redir_port=5591
 iptables_w="iptables -w 64"
-adg_user="root"
-adg_group="net_raw"
+

scripts/flush_iptables.sh

@@ -9,7 +9,8 @@ $iptables_w -t nat -D OUTPUT -j ADGUARD
 $iptables_w -t nat -F ADGUARD
 $iptables_w -t nat -X ADGUARD
 
-# ip6tables -w 64 -t filter -D OUTPUT -p udp --dport 53 -j DROP
+ip6tables -w 64 -t filter -D OUTPUT -p udp --dport 53 -j DROP
+ip6tables -w 64 -t filter -D OUTPUT -p tcp --dport 53 -j DROP
 # sysctl -w net.ipv4.ip_forward=1
 # sysctl -w net.ipv6.conf.all.forwarding=0
 # sysctl -w net.ipv6.conf.all.accept_ra=0

scripts/start.sh

@@ -11,6 +11,6 @@ export SSL_CERT_DIR="/system/etc/security/cacerts/"
 busybox setuidgid "$adg_user:$adg_group" "$BIN_DIR/AdGuardHome" --logfile "$BIN_DIR/AdGuardHome.log" --no-check-update &
 
 sleep 3
-if [ ! -f "${MODDIR}/manual" ]; then
+if [ "$manual" = false ]; then
   "$SCRIPT_DIR/apply_iptables.sh"
 fi