From b0e4c7057293f8b4e4024e75cf69332e37b54ced Mon Sep 17 00:00:00 2001
From: adminroot <gitea@nvme.cc>
Date: Sat, 25 Oct 2025 19:45:08 -0700
Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0=20setup.sh?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 setup.sh | 47 +++++++++++++++--------------------------------
 1 file changed, 15 insertions(+), 32 deletions(-)

diff --git a/setup.sh b/setup.sh
index a228ee3..fe28187 100644
--- a/setup.sh
+++ b/setup.sh
@@ -54,39 +54,22 @@ for choice in $choices; do
         ufw allow 13576
         ufw allow 24687
         echo "y" | ufw enable
-        bash -c 'cat >> /etc/ufw/after.rules << "EOF"
 
-# BEGIN UFW AND DOCKER
-*filter
-:ufw-user-forward - [0:0]
-:ufw-docker-logging-deny - [0:0]
-:DOCKER-USER - [0:0]
--A DOCKER-USER -j ufw-user-forward
-
--A DOCKER-USER -j RETURN -s 10.0.0.0/8
--A DOCKER-USER -j RETURN -s 172.16.0.0/12
--A DOCKER-USER -j RETURN -s 192.168.0.0/16
-
--A DOCKER-USER -p udp -m udp --sport 53 --dport 1024:65535 -j RETURN
-
--A DOCKER-USER -j ufw-docker-logging-deny -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d 192.168.0.0/16
--A DOCKER-USER -j ufw-docker-logging-deny -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d 10.0.0.0/8
--A DOCKER-USER -j ufw-docker-logging-deny -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d 172.16.0.0/12
--A DOCKER-USER -j ufw-docker-logging-deny -p udp -m udp --dport 0:32767 -d 192.168.0.0/16
--A DOCKER-USER -j ufw-docker-logging-deny -p udp -m udp --dport 0:32767 -d 10.0.0.0/8
--A DOCKER-USER -j ufw-docker-logging-deny -p udp -m udp --dport 0:32767 -d 172.16.0.0/12
-
--A DOCKER-USER -j RETURN
-
--A ufw-docker-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW DOCKER BLOCK] "
--A ufw-docker-logging-deny -j DROP
-
-COMMIT
-# END UFW AND DOCKER
-EOF
-ufw reload'
-        ufw status
-        ;;
+        # Check if Docker rules already exist
+        if grep -q "BEGIN UFW AND DOCKER" /etc/ufw/after.rules; then
+            echo "UFW Docker规则已存在, 跳过..."
+        else
+            echo "下载并追加UFW Docker配置规则..."
+            if curl -fsSL https://xx.com/ufw-docker.txt | tee -a /etc/ufw/after.rules > /dev/null; then
+                echo "UFW Docker规则已成功追加到文件末尾"
+            else
+                echo "错误: 无法下载UFW Docker规则"
+                exit 1
+            fi
+        fi
+      ufw reload
+      ufw status
+      ;;
     6)
         echo "安装公钥"
         mkdir -p ~/.ssh