drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2025-04-19 13:32:58 +03:00
Code Issues Packages Projects Releases Wiki Activity

huawei: more scripts

Browse Source
This commit is contained in:
bol-van 2020-01-25 13:48:09 +03:00
parent 7e2902bdb9
commit 4b11a6fb3f
4 changed files with 119 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
files/huawei/E8372/run-zapret-hostlist Executable file
View File

@ -0,0 +1,35 @@
#!/system/bin/busybox sh
# download hostlist from http(s) (need curl, its absent by default),
# feed it to zapret. save flash write cycles
u="https://your.host.com/censorship/hoslist.txt"
SCRIPT=$(readlink -f "$0")
EXEDIR=$(dirname "$SCRIPT")
d=/data/censorship
[ -d $d ] || mkdir $d
f=$d/hostlist.txt
t=/hostlist.txt
curl -k --fail --max-time 10 -o "$t" "$u" && {
if [ -s "$t" ]; then
m1=$(md5sum "$t" | cut -d ' ' -f 1)
m2=$(md5sum "$f" | cut -d ' ' -f 1)
echo $m1 $m2
if [ -z "$m2" ] || [ "$m1" != "$m2" ]; then
echo updating hostlist
cp -f "$t" "$f"
else
echo hostlist was not changed. keeping old copy
fi
else
echo downloaded hostlist is empty. disabling zapret
rm "$f"
fi
}
rm -f "$t"
"$EXEDIR/unzapret"
[ -s "$f" ] && exec "$EXEDIR/zapret" "--hostlist=$f"

39
files/huawei/E8372/run-zapret-ip Executable file
View File

@ -0,0 +1,39 @@
#!/system/bin/busybox sh
# download hostlist from http(s) (need curl, its absent by default),
# resolve to ip list, feed to zapret-ip. save flash write cycles
u="https://your.host.com/censorship/hoslist.txt"
SCRIPT=$(readlink -f "$0")
EXEDIR=$(dirname "$SCRIPT")
d=/data/censorship
[ -d $d ] || mkdir $d
f=$d/hostlist.txt
t=/hostlist.txt
i=/iplist.txt
curl -k --fail --max-time 10 -o "$t" "$u" && {
if [ -s "$t" ]; then
m1=$(md5sum "$t" | cut -d ' ' -f 1)
m2=$(md5sum "$f" | cut -d ' ' -f 1)
echo $m1 $m2
if [ -z "$m2" ] || [ "$m1" != "$m2" ]; then
echo updating hostlist
cp -f "$t" "$f"
else
echo hostlist was not changed. keeping old copy
fi
else
echo downloaded hostlist is empty. disabling zapret
rm "$f"
fi
}
rm -f "$t"
"$EXEDIR/unzapret-ip"
[ -s "$f" ] && {
mdig --threads=10 --family=4 <"$f" >"$i"
[ -s "$i" ] && exec "$EXEDIR/zapret-ip" "$i"
}

11
files/huawei/E8372/unzapret-ip Executable file
View File

@ -0,0 +1,11 @@
#!/system/bin/busybox sh
rule="PREROUTING -t nat -i br0 -p tcp -m multiport --dports 80,443 -j tpws"
iptables -C $rule 2>/dev/null && iptables -D $rule
iptables -F tpws -t nat
iptables -X tpws -t nat
killall tpws
rule="OUTPUT -t mangle -o wan0 -p tcp -m multiport --dports 80,443 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass"
iptables -C $rule 2>/dev/null && iptables -D $rule
killall nfqws

34
files/huawei/E8372/zapret-ip Executable file
View File

@ -0,0 +1,34 @@
#!/system/bin/busybox sh
# $1 - ip list file. create individual rules for tpws redirection. ipset is not available
[ -z "$1" ] && {
echo need iplist file as parameter
exit 1
}
insmod /online/modules/unfuck_nfqueue.ko 2>/dev/null
tpws --maxconn=1024 --uid 1:3003 --port=1 --daemon
REDIR="-j REDIRECT --to-port 1"
iptables -F tpws -t nat
iptables -X tpws -t nat
iptables -N tpws -t nat
iptables -A tpws -t nat -d 192.168.0.0/16 -j RETURN
while read ip; do
echo redirecting $ip
iptables -A tpws -t nat -d $ip -p tcp $REDIR
done <"$1"
rule="PREROUTING -t nat -i br0 -p tcp -m multiport --dports 80,443 -j tpws"
iptables -C $rule 2>/dev/null || iptables -I $rule
nfqws --uid 2 --qnum=200 --dpi-desync=disorder --dpi-desync-ttl=8 --dpi-desync-fooling=md5sig --daemon
rule="OUTPUT -t mangle -o wan0 -p tcp -m multiport --dports 80,443 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass"
iptables -C $rule 2>/dev/null || iptables -I $rule