From f360a8be3d6d10988e17fdaa0ec7dbfc4e093d8b Mon Sep 17 00:00:00 2001
From: bol-van <k@vodka.home.kg>
Date: Tue, 4 Feb 2020 15:19:48 +0300
Subject: [PATCH] custom-desync-keepalive add ipset templates

---
 init.d/openwrt/custom-desync-keepalive |  8 ++++++--
 init.d/sysv/custom-desync-keepalive    | 10 +++++++---
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/init.d/openwrt/custom-desync-keepalive b/init.d/openwrt/custom-desync-keepalive
index 18d3d71..b9d638d 100644
--- a/init.d/openwrt/custom-desync-keepalive
+++ b/init.d/openwrt/custom-desync-keepalive
@@ -8,6 +8,7 @@
 #  NFQWS_OPT_DESYNC=your choice of nfqws desync options
 #  GETLIST=your choice of script in ipset/get_*.sh, or comment if list downloading is not needed
 # if hostlist is needed then uncomment run_daemon with --hostlist and comment run_daemon without --hostlist
+# if ipset filter is needed then uncomment lines starting with "ipset_zapret" and "ipset_zapret6"
 # restart zapret
 
 zapret_custom_daemons()
@@ -19,6 +20,9 @@ zapret_custom_firewall()
 {
 	local desync_http="--dport 80 -m mark ! --mark $DESYNC_MARK/$DESYNC_MARK"
 	local desync_https="--dport 443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 2:4 -m mark ! --mark $DESYNC_MARK/$DESYNC_MARK"
-	fw_nfqws_post "$desync_http" "$desync_http" $QNUM
-	fw_nfqws_post "$desync_https" "$desync_https" $QNUM
+	local ipset_zapret ipset_zapret6
+	#ipset_zapret="-m set --match-set zapret dst"
+	#ipset_zapret6="-m set --match-set zapret6 dst"
+	fw_nfqws_post "$desync_http $ipset_zapret" "$desync_http $ipset_zapret6" $QNUM
+	fw_nfqws_post "$desync_https $ipset_zapret" "$desync_https $ipset_zapret6" $QNUM
 }
diff --git a/init.d/sysv/custom-desync-keepalive b/init.d/sysv/custom-desync-keepalive
index e0a53c6..828e7b1 100644
--- a/init.d/sysv/custom-desync-keepalive
+++ b/init.d/sysv/custom-desync-keepalive
@@ -7,7 +7,8 @@
 #  MODE=custom
 #  NFQWS_OPT_DESYNC=your choice of nfqws desync options
 #  GETLIST=your choice of script in ipset/get_*.sh, or comment if list downloading is not needed
-# if hostlist is needed then uncomment do_nfqws with --hostlist and comment do_nfqws without --hostlist
+# if hostlist is needed then uncomment run_daemon with --hostlist and comment run_daemon without --hostlist
+# if ipset filter is needed then uncomment lines starting with "ipset_zapret" and "ipset_zapret6"
 # restart zapret
 
 zapret_custom_daemons()
@@ -19,6 +20,9 @@ zapret_custom_firewall()
 {
 	local desync_http="--dport 80 -m mark ! --mark $DESYNC_MARK/$DESYNC_MARK"
 	local desync_https="--dport 443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 2:4 -m mark ! --mark $DESYNC_MARK/$DESYNC_MARK"
-	fw_nfqws_post $1 "$desync_http" "$desync_http" $QNUM
-	fw_nfqws_post $1 "$desync_https" "$desync_https" $QNUM
+	local ipset_zapret ipset_zapret6
+	#ipset_zapret="-m set --match-set zapret dst"
+	#ipset_zapret6="-m set --match-set zapret6 dst"
+	fw_nfqws_post $1 "$desync_http $ipset_zapret" "$desync_http $ipset_zapret6" $QNUM
+	fw_nfqws_post $1 "$desync_https $ipset_zapret" "$desync_https $ipset_zapret6" $QNUM
 }