From 6bc04ed138731a6ce3bb96114bfa9afab492721d Mon Sep 17 00:00:00 2001
From: gamesme <i@gamesme.me>
Date: Thu, 6 Feb 2025 01:52:27 +0800
Subject: [PATCH] Enhance port forwarding functionality in trojan.sh

- Add dynamic port forwarding configuration
- Implement port forward rule saving and persistence
- Add option to remove all port forwarding rules
- Improve error handling and user experience
- Update start menu to include port mapping removal option
---
 trojan.sh | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 72 insertions(+), 3 deletions(-)

diff --git a/trojan.sh b/trojan.sh
index 0dfc985..cc2b381 100644
--- a/trojan.sh
+++ b/trojan.sh
@@ -382,6 +382,10 @@ function remove_trojan(){
     rm -rf /usr/src/trojan-cert/
     rm -rf /usr/share/nginx/html/*
     rm -rf /etc/nginx/
+    
+    # 删除所有端口转发规则
+    remove_all_port_forwards
+    
     green "=============="
     green "trojan删除完毕"
     green "=============="
@@ -398,9 +402,54 @@ function check_port() {
     fi
 }
 function port_forward(){
-    iptables -t nat -A PREROUTING -p tcp --dport 49000:49010 -j REDIRECT --to-ports 443
+    # 检查是否为root用户
+    if [ $EUID -ne 0 ]; then
+        red "错误：请以root用户运行此脚本"
+        exit 1
+    fi
+    
+    # 检查iptables是否安装
+    if ! command -v iptables &> /dev/null; then
+        red "错误：iptables未安装"
+        green "正在安装iptables..."
+        $systemPackage install -y iptables
+    fi
+    
     green "=========================="
-    green "已将49000-50000端口转发至443"
+    green "请输入要转发的起始端口(默认49000):"
+    read -p "" start_port
+    start_port=${start_port:-49000}
+    
+    green "请输入要转发的结束端口(默认49010):"
+    read -p "" end_port
+    end_port=${end_port:-49010}
+    
+    # 添加端口转发规则
+    iptables -t nat -A PREROUTING -p tcp --dport ${start_port}:${end_port} -j REDIRECT --to-ports 443
+    
+    # 安装 iptables-persistent 来保存规则
+    if [ "$release" == "ubuntu" ] || [ "$release" == "debian" ]; then
+        $systemPackage install -y iptables-persistent
+        # 保存规则
+        netfilter-persistent save
+        # 设置开机自动加载
+        systemctl enable netfilter-persistent
+    elif [ "$release" == "centos" ]; then
+        # CentOS 保存规则
+        service iptables save
+        # 设置开机自动加载
+        systemctl enable iptables
+    fi
+    
+    # 验证规则是否添加成功
+    if ! iptables -t nat -C PREROUTING -p tcp --dport ${start_port}:${end_port} -j REDIRECT --to-ports 443 &>/dev/null; then
+        red "端口转发规则添加失败"
+        exit 1
+    fi
+    
+    green "=========================="
+    green "已将${start_port}-${end_port}端口转发至443"
+    green "规则已保存并设置开机自动加载"
     green "=========================="
 }
 function update_trojan(){
@@ -428,6 +477,22 @@ function update_trojan(){
    
 }
  
+function remove_all_port_forwards(){
+    # 获取所有 PREROUTING 规则
+    rules=$(iptables -t nat -L PREROUTING -n --line-numbers | grep REDIRECT | awk '{print $1}' | tac)
+    
+    for rule in $rules; do
+        iptables -t nat -D PREROUTING $rule
+    done
+    
+    # 保存更改
+    if [ "$release" == "ubuntu" ] || [ "$release" == "debian" ]; then
+        netfilter-persistent save
+    elif [ "$release" == "centos" ]; then
+        service iptables save
+    fi
+}
+
 start_menu(){
     clear
     green " ======================================="
@@ -442,7 +507,8 @@ start_menu(){
     green " 1. 安装trojan"
     red " 2. 卸载trojan"
     green " 3. 升级trojan"
-    green " 4. 端口映射"    
+    green " 4. 添加端口映射"    
+    red " 5. 删除端口映射"
     blue " 0. 退出脚本"
     echo
     read -p "请输入数字 :" num
@@ -459,6 +525,9 @@ start_menu(){
     4)
     port_forward
     ;;
+    5)
+    remove_all_port_forwards
+    ;;
     0)
     exit 1
     ;;