zapret/config

91 lines
3.4 KiB
Plaintext
Raw Normal View History

2021-03-04 14:30:38 +03:00
# this file is included from init scripts
# change values here
# can help in case /tmp has not enough space
#TMPDIR=/opt/zapret/tmp
2022-02-15 17:15:36 +03:00
# override firewall type : iptables,nftables,ipfw
#FWTYPE=iptables
2021-03-04 14:30:38 +03:00
# options for ipsets
2022-02-15 17:15:36 +03:00
# maximum number of elements in sets. also used for nft sets
SET_MAXELEM=262144
2021-03-04 14:30:38 +03:00
# too low hashsize can cause memory allocation errors on low RAM systems , even if RAM is enough
# too large hashsize will waste lots of RAM
2022-02-15 17:15:36 +03:00
IPSET_OPT="hashsize 262144 maxelem $SET_MAXELEM"
2021-03-04 14:30:38 +03:00
# options for ip2net. "-4" or "-6" auto added by ipset create script
IP2NET_OPT4="--prefix-length=22-30 --v4-threshold=3/4"
IP2NET_OPT6="--prefix-length=56-64 --v6-threshold=5"
# number of parallel threads for domain list resolves
MDIG_THREADS=30
2021-03-04 14:30:38 +03:00
# ipset/*.sh can compress large lists
GZIP_LISTS=1
# command to reload ip/host lists after update
# comment or leave empty for auto backend selection : ipset or ipfw if present
# on BSD systems with PF no auto reloading happens. you must provide your own command
# set to "-" to disable reload
#LISTS_RELOAD="pfctl -f /etc/pf.conf"
# CHOOSE OPERATION MODE
2021-03-05 20:18:08 +03:00
# MODE : nfqws,tpws,tpws-socks,filter,custom
# nfqws : nfqws for dpi desync
# tpws : tpws transparent mode
# tpws-socks : tpws socks mode
2021-03-04 14:30:38 +03:00
# filter : no daemon, just create ipset or download hostlist
# custom : custom mode. should modify custom init script and add your own code
MODE=tpws
# apply fooling to http
MODE_HTTP=1
# for nfqws only. support http keep alives. enable only if DPI checks for http request in any outgoing packet
MODE_HTTP_KEEPALIVE=0
# apply fooling to https
MODE_HTTPS=1
# none,ipset,hostlist
MODE_FILTER=none
# CHOOSE NFQWS DAEMON OPTIONS for DPI desync mode. run "nfq/nfqws --help" for option list
DESYNC_MARK=0x40000000
2021-12-10 22:08:52 +03:00
NFQWS_OPT_DESYNC="--dpi-desync=fake --dpi-desync-ttl=0 --dpi-desync-ttl6=0 --dpi-desync-fooling=badsum"
#NFQWS_OPT_DESYNC_HTTP="--dpi-desync=split --dpi-desync-ttl=0 --dpi-desync-fooling=badsum"
#NFQWS_OPT_DESYNC_HTTPS="--wssize=1:6 --dpi-desync=split --dpi-desync-ttl=0 --dpi-desync-fooling=badsum"
2021-12-10 18:54:09 +03:00
#NFQWS_OPT_DESYNC_HTTP6="--dpi-desync=split --dpi-desync-ttl=5 --dpi-desync-fooling=none"
#NFQWS_OPT_DESYNC_HTTPS6="--wssize=1:6 --dpi-desync=split --dpi-desync-ttl=5 --dpi-desync-fooling=none"
2021-03-04 14:30:38 +03:00
# CHOOSE TPWS DAEMON OPTIONS. run "tpws/tpws --help" for option list
TPWS_OPT="--hostspell=HOST --split-http-req=method --split-pos=3"
# openwrt only : donttouch,none,software,hardware
FLOWOFFLOAD=donttouch
# openwrt: specify networks to be treated as LAN. default is "lan"
2021-09-28 22:44:33 +03:00
#OPENWRT_LAN="lan lan2 lan3"
2021-03-04 14:30:38 +03:00
# for routers based on desktop linux and macos. has no effect in openwrt.
# CHOOSE LAN and optinally WAN NETWORK INTERFACES
# or leave them commented if its not router
# it's possible to specify multiple interfaces like this : IFACE_LAN="eth0 eth1 eth2"
2021-03-04 14:30:38 +03:00
#IFACE_LAN=eth0
#IFACE_WAN=eth1
2022-02-15 17:15:36 +03:00
# should start/stop command of init scripts apply firewall rules ?
2022-02-18 12:38:48 +03:00
# not applicable to openwrt with firewall3+iptables
2021-03-04 14:30:38 +03:00
INIT_APPLY_FW=1
2022-02-18 12:35:06 +03:00
# firewall apply hooks
#INIT_FW_PRE_UP_HOOK="/etc/firewall.zapret.hook.pre_up"
#INIT_FW_POST_UP_HOOK="/etc/firewall.zapret.hook.post_up"
#INIT_FW_PRE_DOWN_HOOK="/etc/firewall.zapret.hook.pre_down"
#INIT_FW_POST_DOWN_HOOK="/etc/firewall.zapret.hook.post_down"
2021-03-04 14:30:38 +03:00
# do not work with ipv4
#DISABLE_IPV4=1
# do not work with ipv6
DISABLE_IPV6=1
# select which init script will be used to get ip or host list
# possible values : get_user.sh get_antizapret.sh get_combined.sh get_reestr.sh get_hostlist.sh
# comment if not required
GETLIST=get_antifilter_ipsmart.sh