From 93812cf13002ad8e8457d766d4a14033c494174a Mon Sep 17 00:00:00 2001 From: Ata Niyazov Date: Tue, 15 Jun 2021 19:42:38 +0500 Subject: [PATCH] readme.eng.txt typo --- docs/readme.eng.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/readme.eng.txt b/docs/readme.eng.txt index d46cad8..4cdf0c5 100644 --- a/docs/readme.eng.txt +++ b/docs/readme.eng.txt @@ -89,7 +89,7 @@ iptables -t mangle -I POSTROUTING -o -p tcp --dport 80 -m s Some DPIs catch only the first http request, ignoring subsequent requests in a keep-alive session. Then we can reduce CPU load, refusing to process unnecessary packets. -iptables -t mangle -I POSTROUTING -o <внешний_интерфейс> -p tcp --dport 80 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:4 -m mark ! --mark 0x40000000/0x40000000 -m set --match-set zapret dst -j NFQUEUE --queue-num 200 --queue-bypass +iptables -t mangle -I POSTROUTING -o -p tcp --dport 80 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:4 -m mark ! --mark 0x40000000/0x40000000 -m set --match-set zapret dst -j NFQUEUE --queue-num 200 --queue-bypass Mark filter does not allow nfqws-generated packets to enter the queue again. Its necessary to use this filter when also using "connbytes 1:4". Without it packet ordering can be changed breaking the whole idea. @@ -393,9 +393,9 @@ split-pos works by default only on http and TLS ClientHello. use --split-any-pro tpws can bind to multiple interfaces and IP addresses (up to 32). Port number is always the same. -Parameters --bind-iface* и --bind-addr create new bind. +Parameters --bind-iface* and --bind-addr create new bind. Other parameters --bind-* are related to the last bind. -Выбор режима использования link local ipv6 адресов (fe80::/8) : +Selecting the mode of using link local ipv6 addresses (fe80::/8) : ipv6 link local usage modes : --bind-iface6 --bind-linklocal=no : first selects private address fd00::/8, then global address --bind-iface6 --bind-linklocal=unwanted : first selects private address fd00::/8, then global address, then LL