mirror of
https://github.com/bol-van/zapret.git
synced 2025-04-19 21:42:59 +03:00
29 lines
1.3 KiB
Plaintext
29 lines
1.3 KiB
Plaintext
# some DPIs monitor all requests in http keep-alive session
|
|
# so processing of every outgoing packet is necessary
|
|
# for https its enough to act on client hello packet. ignore others and save CPU time
|
|
|
|
# copy this file to custom
|
|
# check config :
|
|
# MODE=custom
|
|
# NFQWS_OPT_DESYNC=your choice of nfqws desync options
|
|
# GETLIST=your choice of script in ipset/get_*.sh, or comment if list downloading is not needed
|
|
# if hostlist is needed then uncomment run_daemon with --hostlist and comment run_daemon without --hostlist
|
|
# if ipset filter is needed then uncomment lines starting with "ipset_zapret" and "ipset_zapret6"
|
|
# restart zapret
|
|
|
|
zapret_custom_daemons()
|
|
{
|
|
do_nfqws $1 1 "$NFQWS_OPT_DESYNC"
|
|
#do_nfqws $1 1 "$NFQWS_OPT_DESYNC --hostlist=$HOSTLIST"
|
|
}
|
|
zapret_custom_firewall()
|
|
{
|
|
local desync_http="--dport 80 -m mark ! --mark $DESYNC_MARK/$DESYNC_MARK"
|
|
local desync_https="--dport 443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 2:4 -m mark ! --mark $DESYNC_MARK/$DESYNC_MARK"
|
|
local ipset_zapret ipset_zapret6
|
|
#ipset_zapret="-m set --match-set zapret dst"
|
|
#ipset_zapret6="-m set --match-set zapret6 dst"
|
|
fw_nfqws_post $1 "$desync_http $ipset_zapret" "$desync_http $ipset_zapret6" $QNUM
|
|
fw_nfqws_post $1 "$desync_https $ipset_zapret" "$desync_https $ipset_zapret6" $QNUM
|
|
}
|