mirror of
https://github.com/bol-van/zapret.git
synced 2025-04-19 05:22:58 +03:00
25 lines
1.0 KiB
Plaintext
25 lines
1.0 KiB
Plaintext
# some DPIs monitor all requests in http keep-alive session
|
|
# so processing of every outgoing packet is necessary
|
|
# for https its enough to act on client hello packet. ignore others and save CPU time
|
|
|
|
# copy this file to custom
|
|
# check config :
|
|
# MODE=custom
|
|
# NFQWS_OPT_DESYNC=your choice of nfqws desync options
|
|
# GETLIST=your choice of script in ipset/get_*.sh, or comment if list downloading is not needed
|
|
# if hostlist is needed then uncomment run_daemon with --hostlist and comment run_daemon without --hostlist
|
|
# restart zapret
|
|
|
|
zapret_custom_daemons()
|
|
{
|
|
do_nfqws $1 1 "$NFQWS_OPT_DESYNC"
|
|
#do_nfqws $1 1 "$NFQWS_OPT_DESYNC --hostlist=$HOSTLIST"
|
|
}
|
|
zapret_custom_firewall()
|
|
{
|
|
local desync_http="--dport 80 -m mark ! --mark $DESYNC_MARK/$DESYNC_MARK"
|
|
local desync_https="--dport 443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 2:4 -m mark ! --mark $DESYNC_MARK/$DESYNC_MARK"
|
|
fw_nfqws_post $1 "$desync_http" "$desync_http" $QNUM
|
|
fw_nfqws_post $1 "$desync_https" "$desync_https" $QNUM
|
|
}
|