diff --git a/files/huawei/E8372/run-zapret-hostlist b/files/huawei/E8372/run-zapret-hostlist new file mode 100755 index 0000000..7f37d58 --- /dev/null +++ b/files/huawei/E8372/run-zapret-hostlist @@ -0,0 +1,35 @@ +#!/system/bin/busybox sh + +# download hostlist from http(s) (need curl, its absent by default), +# feed it to zapret. save flash write cycles + +u="https://your.host.com/censorship/hoslist.txt" + +SCRIPT=$(readlink -f "$0") +EXEDIR=$(dirname "$SCRIPT") + +d=/data/censorship +[ -d $d ] || mkdir $d +f=$d/hostlist.txt +t=/hostlist.txt + +curl -k --fail --max-time 10 -o "$t" "$u" && { + if [ -s "$t" ]; then + m1=$(md5sum "$t" | cut -d ' ' -f 1) + m2=$(md5sum "$f" | cut -d ' ' -f 1) + echo $m1 $m2 + if [ -z "$m2" ] || [ "$m1" != "$m2" ]; then + echo updating hostlist + cp -f "$t" "$f" + else + echo hostlist was not changed. keeping old copy + fi + else + echo downloaded hostlist is empty. disabling zapret + rm "$f" + fi +} + +rm -f "$t" +"$EXEDIR/unzapret" +[ -s "$f" ] && exec "$EXEDIR/zapret" "--hostlist=$f" diff --git a/files/huawei/E8372/run-zapret-ip b/files/huawei/E8372/run-zapret-ip new file mode 100755 index 0000000..803e984 --- /dev/null +++ b/files/huawei/E8372/run-zapret-ip @@ -0,0 +1,39 @@ +#!/system/bin/busybox sh + +# download hostlist from http(s) (need curl, its absent by default), +# resolve to ip list, feed to zapret-ip. save flash write cycles + +u="https://your.host.com/censorship/hoslist.txt" + +SCRIPT=$(readlink -f "$0") +EXEDIR=$(dirname "$SCRIPT") + +d=/data/censorship +[ -d $d ] || mkdir $d +f=$d/hostlist.txt +t=/hostlist.txt +i=/iplist.txt + +curl -k --fail --max-time 10 -o "$t" "$u" && { + if [ -s "$t" ]; then + m1=$(md5sum "$t" | cut -d ' ' -f 1) + m2=$(md5sum "$f" | cut -d ' ' -f 1) + echo $m1 $m2 + if [ -z "$m2" ] || [ "$m1" != "$m2" ]; then + echo updating hostlist + cp -f "$t" "$f" + else + echo hostlist was not changed. keeping old copy + fi + else + echo downloaded hostlist is empty. disabling zapret + rm "$f" + fi +} + +rm -f "$t" +"$EXEDIR/unzapret-ip" +[ -s "$f" ] && { + mdig --threads=10 --family=4 <"$f" >"$i" + [ -s "$i" ] && exec "$EXEDIR/zapret-ip" "$i" +} diff --git a/files/huawei/E8372/unzapret-ip b/files/huawei/E8372/unzapret-ip new file mode 100755 index 0000000..ccb7425 --- /dev/null +++ b/files/huawei/E8372/unzapret-ip @@ -0,0 +1,11 @@ +#!/system/bin/busybox sh + +rule="PREROUTING -t nat -i br0 -p tcp -m multiport --dports 80,443 -j tpws" +iptables -C $rule 2>/dev/null && iptables -D $rule +iptables -F tpws -t nat +iptables -X tpws -t nat +killall tpws + +rule="OUTPUT -t mangle -o wan0 -p tcp -m multiport --dports 80,443 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass" +iptables -C $rule 2>/dev/null && iptables -D $rule +killall nfqws diff --git a/files/huawei/E8372/zapret-ip b/files/huawei/E8372/zapret-ip new file mode 100755 index 0000000..9e70fac --- /dev/null +++ b/files/huawei/E8372/zapret-ip @@ -0,0 +1,34 @@ +#!/system/bin/busybox sh + +# $1 - ip list file. create individual rules for tpws redirection. ipset is not available + +[ -z "$1" ] && { + echo need iplist file as parameter + exit 1 +} + +insmod /online/modules/unfuck_nfqueue.ko 2>/dev/null + +tpws --maxconn=1024 --uid 1:3003 --port=1 --daemon + + +REDIR="-j REDIRECT --to-port 1" + +iptables -F tpws -t nat +iptables -X tpws -t nat +iptables -N tpws -t nat +iptables -A tpws -t nat -d 192.168.0.0/16 -j RETURN + +while read ip; do + echo redirecting $ip + iptables -A tpws -t nat -d $ip -p tcp $REDIR +done <"$1" + + +rule="PREROUTING -t nat -i br0 -p tcp -m multiport --dports 80,443 -j tpws" +iptables -C $rule 2>/dev/null || iptables -I $rule + +nfqws --uid 2 --qnum=200 --dpi-desync=disorder --dpi-desync-ttl=8 --dpi-desync-fooling=md5sig --daemon + +rule="OUTPUT -t mangle -o wan0 -p tcp -m multiport --dports 80,443 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass" +iptables -C $rule 2>/dev/null || iptables -I $rule