drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2025-05-24 22:32:58 +03:00
Code Issues Packages Projects Releases Wiki Activity

autottl, datanoack, oob, postnat

Browse Source
This commit is contained in:
bol-van
2024-03-02 17:53:37 +03:00
parent 2157fed592
commit 8a161f1f49
48 changed files with 597 additions and 249 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
init.d/openwrt/custom-tpws4http-nfqws4https
View File

@@ -24,7 +24,7 @@ zapret_custom_firewall()
# $1 - 1 - run, 0 - stop
local f4 f6
local first_packet_only="-m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:4"
local first_packet_only="$ipt_connbytes 1:$(first_packets_for_mode)"
local desync="-m mark ! --mark $DESYNC_MARK/$DESYNC_MARK"
[ "$MODE_HTTP" = "1" ] && {
@@ -45,8 +45,10 @@ zapret_custom_firewall_nft()
{
# stop logic is not required
# do not use POSTNAT for udp first packet desync !
local POSTNAT=1
local f4 f6
local first_packet_only="ct original packets 1-4"
local first_packet_only="$nft_connbytes 1-$(first_packets_for_mode)"
local desync="mark and $DESYNC_MARK == 0"
[ "$MODE_HTTP" = "1" ] && {
@@ -61,5 +63,7 @@ zapret_custom_firewall_nft()
f6=$f4
nft_filter_apply_ipset_target f4 f6
nft_fw_nfqws_post "$f4 $desync" "$f6 $desync" $QNUM
# for modes that require incoming traffic
nft_fw_reverse_nfqws_rule "$f4" "$f6" $QNUM
}
}