drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2024-11-26 20:20:53 +03:00
Code Issues Packages Projects Releases Wiki Activity

bsd docs: newer pfsense ipfw trick

Browse Source
This commit is contained in:
bol-van 2022-09-08 21:46:02 +03:00
parent 55563190e5
commit 717583c733
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/bsd.eng.md
View File

@ -192,14 +192,20 @@ Then it becomes possible to install all the required software including git to d
kldload ipfw kldload ipfw
kldload ipdivert kldload ipdivert
# for older pfsense versions. newer do not have these sysctls
sysctl net.inet.ip.pfil.outbound=ipfw,pf sysctl net.inet.ip.pfil.outbound=ipfw,pf
sysctl net.inet.ip.pfil.inbound=ipfw,pf sysctl net.inet.ip.pfil.inbound=ipfw,pf
sysctl net.inet6.ip6.pfil.outbound=ipfw,pf sysctl net.inet6.ip6.pfil.outbound=ipfw,pf
sysctl net.inet6.ip6.pfil.inbound=ipfw,pf sysctl net.inet6.ip6.pfil.inbound=ipfw,pf
ipfw delete 100 ipfw delete 100
ipfw add 100 divert 989 tcp from any to any 80,443 out not diverted not sockarg xmit em0 ipfw add 100 divert 989 tcp from any to any 80,443 out not diverted not sockarg xmit em0
pkill ^dvtws$ pkill ^dvtws$
dvtws --daemon --port 989 --dpi-desync=split2 dvtws --daemon --port 989 --dpi-desync=split2
# required for newer pfsense versions (2.6.0 tested) to return ipfw to functional state
pfctl -d ; pfctl -e
``` ```
I could not make tpws work from ipfw. Looks like there's some conflict between two firewalls. I could not make tpws work from ipfw. Looks like there's some conflict between two firewalls.

6
docs/bsd.txt
View File

@ -192,14 +192,20 @@ ipset скрипты работают, крон есть. Можно сдела
kldload ipfw kldload ipfw
kldload ipdivert kldload ipdivert
# for older pfsense versions. newer do not have these sysctls
sysctl net.inet.ip.pfil.outbound=ipfw,pf sysctl net.inet.ip.pfil.outbound=ipfw,pf
sysctl net.inet.ip.pfil.inbound=ipfw,pf sysctl net.inet.ip.pfil.inbound=ipfw,pf
sysctl net.inet6.ip6.pfil.outbound=ipfw,pf sysctl net.inet6.ip6.pfil.outbound=ipfw,pf
sysctl net.inet6.ip6.pfil.inbound=ipfw,pf sysctl net.inet6.ip6.pfil.inbound=ipfw,pf
ipfw delete 100 ipfw delete 100
ipfw add 100 divert 989 tcp from any to any 80,443 out not diverted not sockarg xmit em0 ipfw add 100 divert 989 tcp from any to any 80,443 out not diverted not sockarg xmit em0
pkill ^dvtws$ pkill ^dvtws$
dvtws --daemon --port 989 --dpi-desync=split2 dvtws --daemon --port 989 --dpi-desync=split2
# required for newer pfsense versions (2.6.0 tested) to return ipfw to functional state
pfctl -d ; pfctl -e
----------- -----------
Что касается tpws, то видимо имеется некоторый конфликт двух фаерволов, и правила fwd в ipfw не работают. Что касается tpws, то видимо имеется некоторый конфликт двух фаерволов, и правила fwd в ipfw не работают.