# some DPIs monitor all requests in http keep-alive session
# so processing of every outgoing packet is necessary
# for https its enough to act on client hello packet. ignore others and save CPU time

# copy this file to custom
# check config :
#  MODE=custom
#  NFQWS_OPT_DESYNC=your choice of nfqws desync options
#  GETLIST=your choice of script in ipset/get_*.sh, or comment if list downloading is not needed
# if hostlist is needed then uncomment run_daemon with --hostlist and comment run_daemon without --hoslist
# restart zapret

zapret_custom_daemons()
{
	do_nfqws $1 1 "$NFQWS_OPT_DESYNC"
	#do_nfqws $1 1 "$NFQWS_OPT_DESYNC --hostlist=$HOSTLIST"
}
zapret_custom_firewall()
{
	local desync_http="--dport 80 -m mark ! --mark $DESYNC_MARK/$DESYNC_MARK"
	local desync_https="--dport 443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 2:4 -m mark ! --mark $DESYNC_MARK/$DESYNC_MARK"
	fw_nfqws_post $1 "$desync_http" "$desync_http" $QNUM
	fw_nfqws_post $1 "$desync_https" "$desync_https" $QNUM
}