mirror of
https://github.com/bol-van/zapret.git
synced 2024-11-30 05:50:53 +03:00
init,install_easy: socks mode
This commit is contained in:
parent
5228b91ea5
commit
ae9a72f5b0
@ -398,8 +398,12 @@ It needs to be viewed and edited if necessary.
|
|||||||
|
|
||||||
|
|
||||||
Main mode :
|
Main mode :
|
||||||
tpws - use tpws
|
tpws - tpws transparent mode
|
||||||
tpws - use nfqws
|
tpws-socks - tpws socks mode
|
||||||
|
binds to localhost and LAN interface (if IFACE_LAN is specified or the system is OpenWRT). port 988
|
||||||
|
nfqws - nfqws
|
||||||
|
nfqws - use nfqws
|
||||||
|
|
||||||
filter - only fill ipset or load hostlist
|
filter - only fill ipset or load hostlist
|
||||||
custom - use custom script for running daemons and establishing firewall rules
|
custom - use custom script for running daemons and establishing firewall rules
|
||||||
|
|
||||||
|
@ -619,8 +619,10 @@ tpws и nfqws решают нужно ли применять дурение в
|
|||||||
|
|
||||||
|
|
||||||
Основной режим :
|
Основной режим :
|
||||||
tpws - использовать tpws
|
tpws - tpws в режиме transparent
|
||||||
tpws - использовать nfqws
|
tpws-socks - tpws в режиме socks.
|
||||||
|
вешается на localhost и LAN интерфейс (если задан IFACE_LAN или если система - OpenWRT). порт 988
|
||||||
|
nfqws - nfqws
|
||||||
filter - только заполнить ipset или загрузить hostlist
|
filter - только заполнить ipset или загрузить hostlist
|
||||||
custom - нужно самому запрограммировать запуск демонов в init скрипте и правила iptables
|
custom - нужно самому запрограммировать запуск демонов в init скрипте и правила iptables
|
||||||
|
|
||||||
|
@ -9,6 +9,7 @@ HOSTLIST="$ZHOSTLIST.gz"
|
|||||||
|
|
||||||
PIDDIR=/var/run
|
PIDDIR=/var/run
|
||||||
TPPORT=988
|
TPPORT=988
|
||||||
|
TPWS_USER=daemon
|
||||||
TPWS_WAIT="--bind-wait-ip=60"
|
TPWS_WAIT="--bind-wait-ip=60"
|
||||||
TPWS="$ZAPRET_BASE/tpws/tpws"
|
TPWS="$ZAPRET_BASE/tpws/tpws"
|
||||||
|
|
||||||
@ -85,6 +86,7 @@ filter_apply_hostlist_target()
|
|||||||
# $1 - var name of tpws or nfqws params
|
# $1 - var name of tpws or nfqws params
|
||||||
[ "$MODE_FILTER" = "hostlist" ] && eval $1="\"\$$1 --hostlist=$HOSTLIST\""
|
[ "$MODE_FILTER" = "hostlist" ] && eval $1="\"\$$1 --hostlist=$HOSTLIST\""
|
||||||
}
|
}
|
||||||
|
|
||||||
tpws_apply_binds()
|
tpws_apply_binds()
|
||||||
{
|
{
|
||||||
local o
|
local o
|
||||||
@ -96,6 +98,20 @@ tpws_apply_binds()
|
|||||||
}
|
}
|
||||||
eval $1="\"\$$1 $o\""
|
eval $1="\"\$$1 $o\""
|
||||||
}
|
}
|
||||||
|
tpws_apply_socks_binds()
|
||||||
|
{
|
||||||
|
local o
|
||||||
|
|
||||||
|
[ "$DISABLE_IPV4" = "1" ] || {
|
||||||
|
o="--bind-addr=127.0.0.1"
|
||||||
|
[ -n "$IFACE_LAN" ] && o="$o --bind-iface4=$IFACE_LAN $TPWS_WAIT"
|
||||||
|
}
|
||||||
|
[ "$DISABLE_IPV6" = "1" ] || {
|
||||||
|
o="$o --bind-addr=::1"
|
||||||
|
[ -n "$IFACE_LAN" ] && o="$o --bind-iface6=$IFACE_LAN $TPWS_WAIT"
|
||||||
|
}
|
||||||
|
eval $1="\"\$$1 $o\""
|
||||||
|
}
|
||||||
|
|
||||||
wait_interface_ll()
|
wait_interface_ll()
|
||||||
{
|
{
|
||||||
@ -374,6 +390,8 @@ zapret_do_firewall()
|
|||||||
pf_anchors_clear
|
pf_anchors_clear
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
|
tpws-socks)
|
||||||
|
;;
|
||||||
*)
|
*)
|
||||||
echo "unsupported MODE=$MODE"
|
echo "unsupported MODE=$MODE"
|
||||||
return 1
|
return 1
|
||||||
@ -416,6 +434,16 @@ zapret_do_daemons()
|
|||||||
opt="$opt $TPWS_OPT"
|
opt="$opt $TPWS_OPT"
|
||||||
do_daemon $1 1 "$TPWS" "$opt"
|
do_daemon $1 1 "$TPWS" "$opt"
|
||||||
;;
|
;;
|
||||||
|
tpws-socks)
|
||||||
|
[ "$1" = "1" ] && [ "$DISABLE_IPV4" = "1" ] && [ "$DISABLE_IPV6" = "1" ] && {
|
||||||
|
echo "both ipv4 and ipv6 are disabled. nothing to do"
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
opt="--socks --user=$TPWS_USER --port=$TPPORT"
|
||||||
|
tpws_apply_socks_binds opt
|
||||||
|
filter_apply_hostlist_target opt
|
||||||
|
do_daemon $1 1 "$TPWS" "$opt"
|
||||||
|
;;
|
||||||
filter)
|
filter)
|
||||||
;;
|
;;
|
||||||
custom)
|
custom)
|
||||||
|
@ -34,8 +34,9 @@ HOSTLIST="$ZAPRET_BASE/ipset/zapret-hosts.txt.gz"
|
|||||||
TPWS_OPT_BASE="--user=$TPWS_USER --port=$TPPORT"
|
TPWS_OPT_BASE="--user=$TPWS_USER --port=$TPPORT"
|
||||||
TPWS_OPT_BASE4="--bind-addr=$TPWS_LOCALHOST4"
|
TPWS_OPT_BASE4="--bind-addr=$TPWS_LOCALHOST4"
|
||||||
TPWS_OPT_BASE6="--bind-addr=::1"
|
TPWS_OPT_BASE6="--bind-addr=::1"
|
||||||
|
TPWS_WAIT="--bind-wait-ifup=30 --bind-wait-ip=30"
|
||||||
# first wait for lan to ifup, then wait for bind-wait-ip-linklocal seconds for link local address and bind-wait-ip for any ipv6 as the worst case
|
# first wait for lan to ifup, then wait for bind-wait-ip-linklocal seconds for link local address and bind-wait-ip for any ipv6 as the worst case
|
||||||
TPWS_OPT_BASE6_PRE="--bind-linklocal=prefer --bind-wait-ifup=30 --bind-wait-ip=30 --bind-wait-ip-linklocal=3"
|
TPWS_OPT_BASE6_PRE="--bind-linklocal=prefer $TPWS_WAIT --bind-wait-ip-linklocal=3"
|
||||||
|
|
||||||
run_daemon()
|
run_daemon()
|
||||||
{
|
{
|
||||||
@ -64,11 +65,11 @@ run_tpws()
|
|||||||
network_get_device DEVICE lan
|
network_get_device DEVICE lan
|
||||||
[ -n "$DEVICE" ] && OPT="$OPT --bind-iface6=$DEVICE $TPWS_OPT_BASE6_PRE"
|
[ -n "$DEVICE" ] && OPT="$OPT --bind-iface6=$DEVICE $TPWS_OPT_BASE6_PRE"
|
||||||
}
|
}
|
||||||
run_daemon $1 $TPWS "$OPT $2"
|
run_daemon $1 "$TPWS" "$OPT $2"
|
||||||
}
|
}
|
||||||
stop_tpws()
|
stop_tpws()
|
||||||
{
|
{
|
||||||
stop_daemon $1 $TPWS
|
stop_daemon $1 "$TPWS"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -78,6 +79,23 @@ filter_apply_hostlist_target()
|
|||||||
[ "$MODE_FILTER" = "hostlist" ] && eval $1="\"\$$1 --hostlist=$HOSTLIST\""
|
[ "$MODE_FILTER" = "hostlist" ] && eval $1="\"\$$1 --hostlist=$HOSTLIST\""
|
||||||
}
|
}
|
||||||
|
|
||||||
|
tpws_apply_socks_binds()
|
||||||
|
{
|
||||||
|
local o
|
||||||
|
|
||||||
|
network_get_device DEVICE lan
|
||||||
|
|
||||||
|
[ "$DISABLE_IPV4" = "1" ] || {
|
||||||
|
o="--bind-addr=127.0.0.1"
|
||||||
|
[ -n "$DEVICE" ] && o="$o --bind-iface4=$DEVICE $TPWS_WAIT"
|
||||||
|
}
|
||||||
|
[ "$DISABLE_IPV6" = "1" ] || {
|
||||||
|
o="$o --bind-addr=::1"
|
||||||
|
[ -n "$DEVICE" ] && o="$o --bind-iface6=$DEVICE $TPWS_WAIT"
|
||||||
|
}
|
||||||
|
eval $1="\"\$$1 $o\""
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
start_service() {
|
start_service() {
|
||||||
local opt
|
local opt
|
||||||
@ -88,10 +106,16 @@ start_service() {
|
|||||||
filter_apply_hostlist_target opt
|
filter_apply_hostlist_target opt
|
||||||
run_tpws 1 "$opt"
|
run_tpws 1 "$opt"
|
||||||
;;
|
;;
|
||||||
|
tpws-socks)
|
||||||
|
opt="$TPWS_OPT_BASE --socks $TPWS_OPT"
|
||||||
|
tpws_apply_socks_binds opt
|
||||||
|
filter_apply_hostlist_target opt
|
||||||
|
run_daemon 1 "$TPWS" "$opt"
|
||||||
|
;;
|
||||||
nfqws)
|
nfqws)
|
||||||
opt="$NFQWS_OPT_BASE $NFQWS_OPT_DESYNC"
|
opt="$NFQWS_OPT_BASE $NFQWS_OPT_DESYNC"
|
||||||
filter_apply_hostlist_target opt
|
filter_apply_hostlist_target opt
|
||||||
run_daemon 1 $NFQWS "$opt"
|
run_daemon 1 "$NFQWS" "$opt"
|
||||||
;;
|
;;
|
||||||
custom)
|
custom)
|
||||||
existf zapret_custom_daemons && zapret_custom_daemons $1
|
existf zapret_custom_daemons && zapret_custom_daemons $1
|
||||||
|
@ -24,8 +24,9 @@ HOSTLIST="$ZAPRET_BASE/ipset/zapret-hosts.txt.gz"
|
|||||||
TPWS_OPT_BASE="--user=$WS_USER --port=$TPPORT"
|
TPWS_OPT_BASE="--user=$WS_USER --port=$TPPORT"
|
||||||
TPWS_OPT_BASE4="--bind-addr=$TPWS_LOCALHOST4"
|
TPWS_OPT_BASE4="--bind-addr=$TPWS_LOCALHOST4"
|
||||||
TPWS_OPT_BASE6="--bind-addr=::1"
|
TPWS_OPT_BASE6="--bind-addr=::1"
|
||||||
|
TPWS_WAIT="--bind-wait-ifup=30 --bind-wait-ip=30"
|
||||||
# first wait for lan to ifup, then wait for bind-wait-ip-linklocal seconds for link local address and bind-wait-ip for any ipv6 as the worst case
|
# first wait for lan to ifup, then wait for bind-wait-ip-linklocal seconds for link local address and bind-wait-ip for any ipv6 as the worst case
|
||||||
TPWS_OPT_BASE6_PRE="--bind-linklocal=prefer --bind-wait-ifup=30 --bind-wait-ip=30 --bind-wait-ip-linklocal=3"
|
TPWS_OPT_BASE6_PRE="--bind-linklocal=prefer $TPWS_WAIT --bind-wait-ip-linklocal=3"
|
||||||
|
|
||||||
[ -n "$IFACE_WAN" ] && IPT_OWAN="-o $IFACE_WAN"
|
[ -n "$IFACE_WAN" ] && IPT_OWAN="-o $IFACE_WAN"
|
||||||
[ -n "$IFACE_WAN" ] && IPT_IWAN="-i $IFACE_WAN"
|
[ -n "$IFACE_WAN" ] && IPT_IWAN="-i $IFACE_WAN"
|
||||||
@ -383,7 +384,7 @@ do_tpws()
|
|||||||
[ -n "$IFACE_LAN" ] && OPT="$OPT --bind-iface6=$IFACE_LAN $TPWS_OPT_BASE6_PRE"
|
[ -n "$IFACE_LAN" ] && OPT="$OPT --bind-iface6=$IFACE_LAN $TPWS_OPT_BASE6_PRE"
|
||||||
}
|
}
|
||||||
|
|
||||||
do_daemon $1 $2 $TPWS "$OPT $3"
|
do_daemon $1 $2 "$TPWS" "$OPT $3"
|
||||||
}
|
}
|
||||||
do_nfqws()
|
do_nfqws()
|
||||||
{
|
{
|
||||||
@ -392,7 +393,7 @@ do_nfqws()
|
|||||||
# $3 : daemon args
|
# $3 : daemon args
|
||||||
|
|
||||||
[ "$1" = "1" ] && prepare_user
|
[ "$1" = "1" ] && prepare_user
|
||||||
do_daemon $1 $2 $NFQWS "$NFQWS_OPT_BASE $3"
|
do_daemon $1 $2 "$NFQWS" "$NFQWS_OPT_BASE $3"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -425,6 +426,20 @@ filter_apply_hostlist_target()
|
|||||||
# $1 - var name of tpws or nfqws params
|
# $1 - var name of tpws or nfqws params
|
||||||
[ "$MODE_FILTER" = "hostlist" ] && eval $1="\"\$$1 --hostlist=$HOSTLIST\""
|
[ "$MODE_FILTER" = "hostlist" ] && eval $1="\"\$$1 --hostlist=$HOSTLIST\""
|
||||||
}
|
}
|
||||||
|
tpws_apply_socks_binds()
|
||||||
|
{
|
||||||
|
local o
|
||||||
|
|
||||||
|
[ "$DISABLE_IPV4" = "1" ] || {
|
||||||
|
o="--bind-addr=127.0.0.1"
|
||||||
|
[ -n "$IFACE_LAN" ] && o="$o --bind-iface4=$IFACE_LAN $TPWS_WAIT"
|
||||||
|
}
|
||||||
|
[ "$DISABLE_IPV6" = "1" ] || {
|
||||||
|
o="$o --bind-addr=::1"
|
||||||
|
[ -n "$IFACE_LAN" ] && o="$o --bind-iface6=$IFACE_LAN $TPWS_WAIT"
|
||||||
|
}
|
||||||
|
eval $1="\"\$$1 $o\""
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
create_ipset()
|
create_ipset()
|
||||||
@ -511,6 +526,12 @@ zapret_do_daemons()
|
|||||||
filter_apply_hostlist_target opt
|
filter_apply_hostlist_target opt
|
||||||
do_tpws $1 1 "$opt"
|
do_tpws $1 1 "$opt"
|
||||||
;;
|
;;
|
||||||
|
tpws-socks)
|
||||||
|
opt="$TPWS_OPT_BASE --socks $TPWS_OPT"
|
||||||
|
tpws_apply_socks_binds opt
|
||||||
|
filter_apply_hostlist_target opt
|
||||||
|
do_daemon $1 1 "$TPWS" "$opt"
|
||||||
|
;;
|
||||||
nfqws)
|
nfqws)
|
||||||
opt="$NFQWS_OPT_DESYNC"
|
opt="$NFQWS_OPT_DESYNC"
|
||||||
filter_apply_hostlist_target opt
|
filter_apply_hostlist_target opt
|
||||||
|
@ -291,8 +291,8 @@ write_config_var()
|
|||||||
|
|
||||||
select_mode_mode()
|
select_mode_mode()
|
||||||
{
|
{
|
||||||
local MODES="tpws nfqws filter custom"
|
local MODES="tpws tpws-socks nfqws filter custom"
|
||||||
[ "$SYSTEM" = "macos" ] && MODES="tpws filter custom"
|
[ "$SYSTEM" = "macos" ] && MODES="tpws tpws-socks filter custom"
|
||||||
echo
|
echo
|
||||||
echo select MODE :
|
echo select MODE :
|
||||||
ask_list MODE "$MODES" tpws && write_config_var MODE
|
ask_list MODE "$MODES" tpws && write_config_var MODE
|
||||||
@ -311,7 +311,7 @@ select_mode_mode()
|
|||||||
}
|
}
|
||||||
select_mode_http()
|
select_mode_http()
|
||||||
{
|
{
|
||||||
[ "$MODE" != "filter" ] && {
|
[ "$MODE" != "filter" ] && [ "$MODE" != "tpws-socks" ] && {
|
||||||
echo
|
echo
|
||||||
ask_yes_no_var MODE_HTTP "enable http support"
|
ask_yes_no_var MODE_HTTP "enable http support"
|
||||||
write_config_var MODE_HTTP
|
write_config_var MODE_HTTP
|
||||||
@ -329,7 +329,7 @@ select_mode_keepalive()
|
|||||||
}
|
}
|
||||||
select_mode_https()
|
select_mode_https()
|
||||||
{
|
{
|
||||||
[ "$MODE" != "filter" ] && {
|
[ "$MODE" != "filter" ] && [ "$MODE" != "tpws-socks" ] && {
|
||||||
echo
|
echo
|
||||||
ask_yes_no_var MODE_HTTPS "enable https support"
|
ask_yes_no_var MODE_HTTPS "enable https support"
|
||||||
write_config_var MODE_HTTPS
|
write_config_var MODE_HTTPS
|
||||||
@ -337,9 +337,11 @@ select_mode_https()
|
|||||||
}
|
}
|
||||||
select_mode_filter()
|
select_mode_filter()
|
||||||
{
|
{
|
||||||
|
local filter="none ipset hostlist"
|
||||||
|
[ "$MODE" = "tpws-socks" ] && filter="none hostlist"
|
||||||
echo
|
echo
|
||||||
echo select filtering :
|
echo select filtering :
|
||||||
ask_list MODE_FILTER "none ipset hostlist" none && write_config_var MODE_FILTER
|
ask_list MODE_FILTER "$filter" none && write_config_var MODE_FILTER
|
||||||
}
|
}
|
||||||
select_mode()
|
select_mode()
|
||||||
{
|
{
|
||||||
@ -1180,7 +1182,7 @@ service_stop_macos()
|
|||||||
macos_fw_reload_trigger_clear()
|
macos_fw_reload_trigger_clear()
|
||||||
{
|
{
|
||||||
case "$MODE" in
|
case "$MODE" in
|
||||||
tpws|custom)
|
tpws|tpws-socks|custom)
|
||||||
LISTS_RELOAD=
|
LISTS_RELOAD=
|
||||||
write_config_var LISTS_RELOAD
|
write_config_var LISTS_RELOAD
|
||||||
;;
|
;;
|
||||||
|
Loading…
Reference in New Issue
Block a user