bird-lg-go

December 12, 2025 · 6 min read

一个用golang编写的bird-lg替代实现，包含前后端，兼容原始python或go实现

建议使用docker-compose构建前端页面，开箱即用。默认开放5000/TCP，nginx转发即可
低配服务器直接运行proxy二进制即可，默认开放8000/TCP，使用防火墙对源地址进行限制，写入服务实现开机启动、添加动态dns-iptables

前端部署#

前端docker-compose.yml部署示例：

version: '3'
services:  bird-lg:    image: xddxdd/bird-lg-go    container_name: bird-lg    restart: always    environment:      - BIRDLG_SERVERS=us,jp,sg # 节点列表，以逗号分隔      - BIRDLG_DOMAIN=cloudc.dev # 节点 endpiont 后缀      - BIRDLG_TITLE_BRAND=CLOUDC-DN42 # 标签栏上显示的名称      - BIRDLG_NAVBAR_BRAND=CLOUDC-DN42 # 页面上显示的名称      - BIRDLG_WHOIS=whois.lantian.dn42 # Whois 服务器地址      - BIRDLG_NET_SPECIFIC_MODE=DN42      - BIRDLG_PROTOCOL_FILTER=BGP      - BIRDLG_NAVBAR_BRAND_URL=https://dn42.cloudc.dev/    ports:      - '5000:5000'

proxy部署#

二进制路径：/root/bird-lg-proxy/bird-lgproxy-go
前后端分离，前端服务器没有静态IP，需要使用动态域名更新proxy中的防火墙白名单

动态添加防火墙白名单脚本#

创建脚本：vi /usr/local/bin/bird-lg-proxy-iptables.sh

#!/bin/bash
DOMAIN="xxx.com"PORT="8000"
# 获取IPv4地址IPV4_ADDR=$(dig +short A $DOMAIN | head -n1)IPV6_ADDR=$(dig +short AAAA $DOMAIN | head -n1)
# 清理旧的规则iptables -D INPUT -p tcp --dport $PORT -j DROP 2>/dev/null || trueip6tables -D INPUT -p tcp --dport $PORT -j DROP 2>/dev/null || true
# 删除旧的允许规则（通过匹配注释）iptables -L INPUT -n --line-numbers | grep "bird-lg-proxy" | awk '{print $1}' | tac | while read num; do iptables -D INPUT $num 2>/dev/null; doneip6tables -L INPUT -n --line-numbers | grep "bird-lg-proxy" | awk '{print $1}' | tac | while read num; do ip6tables -D INPUT $num 2>/dev/null; done
# 添加新的规则（带注释）if [ -n "$IPV4_ADDR" ]; then    iptables -A INPUT -p tcp --dport $PORT -s $IPV4_ADDR -m comment --comment "bird-lg-proxy: allow $DOMAIN" -j ACCEPT    echo "Allowed IPv4: $IPV4_ADDR for $DOMAIN"else    echo "Warning: Could not resolve IPv4 for $DOMAIN"fi
if [ -n "$IPV6_ADDR" ]; then    ip6tables -A INPUT -p tcp --dport $PORT -s $IPV6_ADDR -m comment --comment "bird-lg-proxy: allow $DOMAIN" -j ACCEPT    echo "Allowed IPv6: $IPV6_ADDR for $DOMAIN"else    echo "Warning: Could not resolve IPv6 for $DOMAIN"fi
# 添加拒绝规则iptables -A INPUT -p tcp --dport $PORT -j DROPip6tables -A INPUT -p tcp --dport $PORT -j DROP
echo "iptables rules updated for $DOMAIN"

创建后添加执行权限chmod +x /usr/local/bin/bird-lg-proxy-iptables.sh

清理脚本#

创建脚本vi /usr/local/bin/bird-lg-proxy-cleanup.sh

#!/bin/bash
# 删除所有bird-lg-proxy相关的iptables规则iptables -L INPUT -n --line-numbers | grep "bird-lg-proxy" | awk '{print $1}' | tac | while read num; do iptables -D INPUT $num 2>/dev/null; doneip6tables -L INPUT -n --line-numbers | grep "bird-lg-proxy" | awk '{print $1}' | tac | while read num; do ip6tables -D INPUT $num 2>/dev/null; done
# 删除DROP规则iptables -D INPUT -p tcp --dport 8000 -j DROP 2>/dev/null || trueip6tables -D INPUT -p tcp --dport 8000 -j DROP 2>/dev/null || true
echo "Cleaned up bird-lg-proxy iptables rules"

创建后添加执行权限chmod +x /usr/local/bin/bird-lg-proxy-cleanup.sh

systemd服务文件#

创建文件：vi /etc/systemd/system/bird-lg-proxy.service

[Unit]Description=Bird-lg-proxy ServiceAfter=network-online.targetWants=network-online.target
[Service]Type=simpleUser=rootWorkingDirectory=/root/bird-lg-proxy
# 启动前设置iptables规则ExecStartPre=/usr/local/bin/bird-lg-proxy-iptables.sh
# 停止后清理iptables规则ExecStopPost=/usr/local/bin/bird-lg-proxy-cleanup.sh
ExecStart=/root/bird-lg-proxy/bird-lgproxy-goStandardOutput=append:/var/log/bird-lg-proxy.logStandardError=append:/var/log/bird-lg-proxy.logRestart=on-failureRestartSec=5
# 可选：每小时更新一次IP（如果IP经常变化）# 添加计时器自动更新IPRestart=on-failureRestartSec=5RuntimeMaxSec=1h
[Install]WantedBy=multi-user.target

定时更新防火墙#

vi /etc/systemd/system/bird-lg-proxy-update-ip.timer

[Unit]Description=Update bird-lg-proxy iptables rules hourly
[Timer]OnCalendar=hourlyPersistent=true
[Install]WantedBy=timers.target

/etc/systemd/system/bird-lg-proxy-update-ip.service

[Unit]Description=Update bird-lg-proxy iptables rules
[Service]Type=oneshotUser=rootExecStart=/usr/local/bin/bird-lg-proxy-iptables.shStandardOutput=journal

启动定时器 systemctl enable --now bird-lg-proxy-update-ip.timer

开启和检查服务#

systemctl daemon-reload

测试iptables脚本

# 测试脚本是否能正确解析IP/usr/local/bin/bird-lg-proxy-iptables.sh
# 查看iptables规则sudo iptables -L INPUT -n --line-numberssudo ip6tables -L INPUT -n --line-numbers

正常输出：

Chain INPUT (policy ACCEPT)num  target     prot opt source               destination1    ACCEPT     tcp  --  123.45.67.89         0.0.0.0/0            tcp dpt:8000 /* bird-lg-proxy: allow xx.xxx.com */2    DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:8000

启动主服务：

# 启用开机启动sudo systemctl enable bird-lg-proxy.service
# 立即启动服务sudo systemctl start bird-lg-proxy.service
# 查看服务状态sudo systemctl status bird-lg-proxy.service

启用定时更新IP的服务:

# 启用定时器sudo systemctl enable bird-lg-proxy-update-ip.timer
# 启动定时器sudo systemctl start bird-lg-proxy-update-ip.timer
# 查看定时器状态sudo systemctl status bird-lg-proxy-update-ip.timer
# 查看所有定时器sudo systemctl list-timers --all

手动测试定时更新：

# 手动触发一次IP更新（不等待定时器）sudo systemctl start bird-lg-proxy-update-ip.service
# 查看更新日志sudo journalctl -u bird-lg-proxy-update-ip.service -f

验证整个系统是否正常工作：

# 查看服务是否运行sudo systemctl status bird-lg-proxy.service
# 查看服务日志sudo tail -f /var/log/bird-lg-proxy.log
# 检查进程是否在运行ps aux | grep bird-lgproxy-go
# 检查端口监听情况sudo netstat -tlnp | grep 8000# 或使用sudo ss -tlnp | grep 8000
# 再次确认iptables规则sudo iptables -L INPUT -n -v | grep 8000

测试重启后是否正常工作：

# 重启服务（测试规则清理和重新应用）sudo systemctl restart bird-lg-proxy.service
# 查看重启后的状态sudo systemctl status bird-lg-proxy.servicesudo iptables -L INPUT -n