vrr/zapret4rocket
2
0
Fork 0
mirror of https://github.com/IndeecFOX/zapret4rocket.git synced 2026-04-28 11:29:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zapret4rocket/config.default
IndeecFOX 3b1dab6e84
фикс опечатки в конфиге
2026-02-15 13:34:24 +03:00

232 lines
31 KiB
Text
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Zeefeer update strats 15.02.26
#KDS and flowseal special thx
# this file is included from init scripts
# change values here
# can help in case /tmp has not enough space
#TMPDIR=/opt/zapret/tmp
# redefine user for zapret daemons. required on Keenetic
#WS_USER=nobody
# override firewall type : iptables,nftables,ipfw
FWTYPE=iptables
# nftables only : set this to 0 to use pre-nat mode. default is post-nat.
# pre-nat mode disables some bypass techniques for forwarded traffic but allows to see client IP addresses in debug log
#POSTNAT=0
# options for ipsets
# maximum number of elements in sets. also used for nft sets
SET_MAXELEM=522288
# too low hashsize can cause memory allocation errors on low RAM systems , even if RAM is enough
# too large hashsize will waste lots of RAM
IPSET_OPT="hashsize 262144 maxelem $SET_MAXELEM"
# dynamically generate additional ip. $1 = ipset/nfset/table name
#IPSET_HOOK="/etc/zapret.ipset.hook"
# options for ip2net. "-4" or "-6" auto added by ipset create script
IP2NET_OPT4="--prefix-length=22-30 --v4-threshold=3/4"
IP2NET_OPT6="--prefix-length=56-64 --v6-threshold=5"
# options for auto hostlist
AUTOHOSTLIST_RETRANS_THRESHOLD=3
AUTOHOSTLIST_FAIL_THRESHOLD=3
AUTOHOSTLIST_FAIL_TIME=30
# 1 = debug autohostlist positives to ipset/zapret-hosts-auto-debug.log
AUTOHOSTLIST_DEBUGLOG=0
# number of parallel threads for domain list resolves
MDIG_THREADS=30
# ipset/*.sh can compress large lists
GZIP_LISTS=1
# command to reload ip/host lists after update
# comment or leave empty for auto backend selection : ipset or ipfw if present
# on BSD systems with PF no auto reloading happens. you must provide your own command
# set to "-" to disable reload
#LISTS_RELOAD="pfctl -f /etc/pf.conf"
# mark bit used by nfqws to prevent loop
DESYNC_MARK=0x40000000
DESYNC_MARK_POSTNAT=0x20000000
TPWS_SOCKS_ENABLE=0
# tpws socks listens on this port on localhost and LAN interfaces
TPPORT_SOCKS=987
# use <HOSTLIST> and <HOSTLIST_NOAUTO> placeholders to engage standard hostlists and autohostlist in ipset dir
# hostlist markers are replaced to empty string if MODE_FILTER does not satisfy
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
TPWS_SOCKS_OPT="
--filter-tcp=80 --methodeol <HOSTLIST> --new
--filter-tcp=443 --split-pos=1,midsld --disorder <HOSTLIST>
"
TPWS_ENABLE=0
TPWS_PORTS=80,443
# use <HOSTLIST> and <HOSTLIST_NOAUTO> placeholders to engage standard hostlists and autohostlist in ipset dir
# hostlist markers are replaced to empty string if MODE_FILTER does not satisfy
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
TPWS_OPT="
--filter-tcp=80 --methodeol <HOSTLIST> --new
--filter-tcp=443 --split-pos=1,midsld --disorder <HOSTLIST>
"
NFQWS_ENABLE=1
# redirect outgoing traffic with connbytes limiter applied in both directions.
NFQWS_PORTS_TCP=80,443,2053,2083,2087,2096,8443
NFQWS_PORTS_UDP=443
# PKT_OUT means connbytes dir original
# PKT_IN means connbytes dir reply
# this is --dpi-desync-cutoff=nX kernel mode implementation for linux. it saves a lot of CPU.
NFQWS_TCP_PKT_OUT=$((6+$AUTOHOSTLIST_RETRANS_THRESHOLD))
NFQWS_TCP_PKT_IN=3
NFQWS_UDP_PKT_OUT=$((6+$AUTOHOSTLIST_RETRANS_THRESHOLD))
NFQWS_UDP_PKT_IN=0
# redirect outgoing traffic without connbytes limiter and incoming with connbytes limiter
# normally it's needed only for stateless DPI that matches every packet in a single TCP session
# typical example are plain HTTP keep alives
# this mode can be very CPU consuming. enable with care !
#NFQWS_PORTS_TCP_KEEPALIVE=80
#NFQWS_PORTS_UDP_KEEPALIVE=
# use <HOSTLIST> and <HOSTLIST_NOAUTO> placeholders to engage standard hostlists and autohostlist in ipset dir
# hostlist markers are replaced to empty string if MODE_FILTER does not satisfy
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
# just notes: --debug=@/opt/zapret/debug.log
#Стратегия DISCORD вместо просто fake. Если закомментировать - будет использоваться просто fake
NFQWS_OPT_DESYNC_DISCORD_MEDIA="--dpi-desync=fake --dpi-desync-fake-discord=/opt/zapret/files/fake/quic_initial_www_google_com.bin --dpi-desync-fake-stun=/opt/zapret/files/fake/quic_initial_www_google_com.bin --dpi-desync-repeats=6"
#Стратегия войсов ТГ, ВА и т.п. вместо просто fake. Если закомментировать - будет использоваться просто fake
NFQWS_OPT_DESYNC_STUN="--dpi-desync=fake --dpi-desync-fake-discord=/opt/zapret/files/fake/quic_initial_www_google_com.bin --dpi-desync-fake-stun=/opt/zapret/files/fake/quic_initial_www_google_com.bin --dpi-desync-repeats=6"
NFQWS_OPT="
'Лист для исключения из фильтрации доменов по TCP.'
--filter-tcp=80,443,8443 --hostlist-domains=none.com --hostlist=/opt/zapret/lists/netrogat.txt --new
'Запасные стратегии UDP QUIC YouTube'
--filter-udp=443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/UDP/YT/1.txt --dpi-desync=fake,ipfrag2 --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_5.bin --dpi-desync-cutoff=n3 --dpi-desync-repeats=3 --new
--filter-udp=443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/UDP/YT/2.txt --dpi-desync=fake,udplen --dpi-desync-udplen-increment=4 --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_4.bin --dpi-desync-cutoff=n3 --dpi-desync-repeats=2 --new
--filter-udp=443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/UDP/YT/3.txt --dpi-desync=fake,udplen --dpi-desync-udplen-increment=8 --dpi-desync-udplen-pattern=0xFEA82025 --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_4.bin --dpi-desync-cutoff=n4 --dpi-desync-repeats=2 --new
--filter-udp=443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/UDP/YT/4.txt --dpi-desync=fake,udplen --dpi-desync-udplen-increment=25 --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_5.bin --dpi-desync-repeats=2 --dpi-desync-cutoff=n3 --new
--filter-udp=443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/UDP/YT/5.txt --dpi-desync=fake --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_1.bin --dpi-desync-cutoff=n3 --dpi-desync-repeats=6 --new
--filter-udp=443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/UDP/YT/6.txt --dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin --new
--filter-udp=443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/UDP/YT/7.txt --dpi-desync=fake --dpi-desync-repeats=8 --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin --new
--filter-udp=443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/UDP/YT/8.txt --dpi-desync=fake --dpi-desync-repeats=11 --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin --new
'Запасные стратегии только для TCP user domain листов имеющие приоритет над всеми другими, кроме ютубных'
--filter-tcp=443,8443 --hostlist-domains=none.dom --hostlist-exclude-domains=googlevideo.com --hostlist-exclude=/opt/zapret/extra_strats/TCP/YT/List.txt --hostlist=/opt/zapret/extra_strats/TCP/temp/1.txt --hostlist=/opt/zapret/extra_strats/TCP/User/1.txt --dpi-desync=fake,multidisorder --dpi-desync-split-pos=7,sld+1 --dpi-desync-fake-tls=0x0F0F0F0F --dpi-desync-fake-tls=! --dpi-desync-fake-tls-mod=rnd,dupsid,sni=fonts.google.com --dpi-desync-fooling=badseq --new
--filter-tcp=443,8443 --hostlist-domains=none.dom --hostlist-exclude-domains=googlevideo.com --hostlist-exclude=/opt/zapret/extra_strats/TCP/YT/List.txt --hostlist=/opt/zapret/extra_strats/TCP/temp/2.txt --hostlist=/opt/zapret/extra_strats/TCP/User/2.txt --dpi-desync=fake --dpi-desync-fooling=ts,badsum --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_max_ru.bin --dpi-desync-fake-tls-mod=sni=msn.com --new
--filter-tcp=443,8443 --hostlist-domains=none.dom --hostlist-exclude-domains=googlevideo.com --hostlist-exclude=/opt/zapret/extra_strats/TCP/YT/List.txt --hostlist=/opt/zapret/extra_strats/TCP/temp/3.txt --hostlist=/opt/zapret/extra_strats/TCP/User/3.txt --dpi-desync=fake,multisplit --dpi-desync-split-pos=sld+1 --dpi-desync-fake-tls=0x0F0F0E0F --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_14.bin --dpi-desync-fake-tls-mod=rnd,dupsid --dpi-desync-fooling=md5sig --dup=2 --dup-fooling=md5sig --dup-cutoff=n3 --new
--filter-tcp=443,8443 --hostlist-domains=none.dom --hostlist-exclude-domains=googlevideo.com --hostlist-exclude=/opt/zapret/extra_strats/TCP/YT/List.txt --hostlist=/opt/zapret/extra_strats/TCP/temp/4.txt --hostlist=/opt/zapret/extra_strats/TCP/User/4.txt --dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-fooling=ts,badsum --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_max_ru.bin --dpi-desync-fake-tls-mod=sni=msn.com --new
--filter-tcp=443,8443 --hostlist-domains=none.dom --hostlist-exclude-domains=googlevideo.com --hostlist-exclude=/opt/zapret/extra_strats/TCP/YT/List.txt --hostlist=/opt/zapret/extra_strats/TCP/temp/5.txt --hostlist=/opt/zapret/extra_strats/TCP/User/5.txt --dpi-desync=hostfakesplit --dpi-desync-hostfakesplit-mod=host=rzd.ru --dpi-desync-hostfakesplit-midhost=host-2 --dpi-desync-split-seqovl=726 --dpi-desync-fooling=badsum,badseq --dpi-desync-badseq-increment=0 --new
--filter-tcp=443,8443 --hostlist-domains=none.dom --hostlist-exclude-domains=googlevideo.com --hostlist-exclude=/opt/zapret/extra_strats/TCP/YT/List.txt --hostlist=/opt/zapret/extra_strats/TCP/temp/6.txt --hostlist=/opt/zapret/extra_strats/TCP/User/6.txt --ipcache-hostname --dpi-desync=syndata,multisplit --dpi-desync-split-seqovl=1 --dpi-desync-split-pos=1,sld+1,endsld-2 --dpi-desync-fake-syndata=/opt/zapret/files/fake/syn_packet.bin --dup=2 --dup-cutoff=n3 --new
--filter-tcp=443,8443 --hostlist-domains=none.dom --hostlist-exclude-domains=googlevideo.com --hostlist-exclude=/opt/zapret/extra_strats/TCP/YT/List.txt --hostlist=/opt/zapret/extra_strats/TCP/temp/7.txt --hostlist=/opt/zapret/extra_strats/TCP/User/7.txt --dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-fooling=ts,badsum --dpi-desync-badseq-increment=10000000 --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin --new
--filter-tcp=443,8443 --hostlist-domains=none.dom --hostlist-exclude-domains=googlevideo.com --hostlist-exclude=/opt/zapret/extra_strats/TCP/YT/List.txt --hostlist=/opt/zapret/extra_strats/TCP/temp/8.txt --hostlist=/opt/zapret/extra_strats/TCP/User/8.txt --dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-fooling=ts,badsum --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin --new
--filter-tcp=443,8443 --hostlist-domains=none.dom --hostlist-exclude-domains=googlevideo.com --hostlist-exclude=/opt/zapret/extra_strats/TCP/YT/List.txt --hostlist=/opt/zapret/extra_strats/TCP/temp/9.txt --hostlist=/opt/zapret/extra_strats/TCP/User/9.txt --dpi-desync=hostfakesplit --dpi-desync-repeats=4 --dpi-desync-fooling=ts,badsum --dpi-desync-hostfakesplit-mod=host=ozon.ru --new
--filter-tcp=443,8443 --hostlist-domains=none.dom --hostlist-exclude-domains=googlevideo.com --hostlist-exclude=/opt/zapret/extra_strats/TCP/YT/List.txt --hostlist=/opt/zapret/extra_strats/TCP/temp/10.txt --hostlist=/opt/zapret/extra_strats/TCP/User/10.txt --dpi-desync=fake,split --dpi-desync-repeats=6 --dpi-desync-fooling=ts,badsum --dpi-desync-fakedsplit-pattern=0x00 --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin --new
--filter-tcp=443,8443 --hostlist-domains=none.dom --hostlist-exclude-domains=googlevideo.com --hostlist-exclude=/opt/zapret/extra_strats/TCP/YT/List.txt --hostlist=/opt/zapret/extra_strats/TCP/temp/11.txt --hostlist=/opt/zapret/extra_strats/TCP/User/11.txt --dpi-desync=fake,fakeddisorder --dpi-desync-split-pos=10,midsld --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin --dpi-desync-fake-tls-mod=rnd,dupsid,sni=fonts.google.com --dpi-desync-fake-tls=0x0F0F0F0F --dpi-desync-fake-tls-mod=none --dpi-desync-fakedsplit-pattern=/opt/zapret/files/fake/tls_clienthello_vk_com.bin --dpi-desync-split-seqovl=336 --dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_gosuslugi_ru.bin --dpi-desync-fooling=ts,badsum --dpi-desync-badseq-increment=0 --new
--filter-tcp=443,8443 --hostlist-domains=none.dom --hostlist-exclude-domains=googlevideo.com --hostlist-exclude=/opt/zapret/extra_strats/TCP/YT/List.txt --hostlist=/opt/zapret/extra_strats/TCP/temp/12.txt --hostlist=/opt/zapret/extra_strats/TCP/User/12.txt --dpi-desync=fake,multisplit --dpi-desync-split-seqovl=654 --dpi-desync-split-pos=1 --dpi-desync-fooling=ts,badsum --dpi-desync-repeats=8 --dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_activated.bin --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_max_ru.bin --dpi-desync-fake-tls-mod=sni=msn.com --new
--filter-tcp=443,8443 --hostlist-domains=none.dom --hostlist-exclude-domains=googlevideo.com --hostlist-exclude=/opt/zapret/extra_strats/TCP/YT/List.txt --hostlist=/opt/zapret/extra_strats/TCP/temp/13.txt --hostlist=/opt/zapret/extra_strats/TCP/User/13.txt --dpi-desync=fake,split2 --dpi-desync-repeats=6 --dpi-desync-fooling=ts,badsum --dpi-desync-badseq-increment=1000 --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin --new
--filter-tcp=443,8443 --hostlist-domains=none.dom --hostlist-exclude-domains=googlevideo.com --hostlist-exclude=/opt/zapret/extra_strats/TCP/YT/List.txt --hostlist=/opt/zapret/extra_strats/TCP/temp/14.txt --hostlist=/opt/zapret/extra_strats/TCP/User/14.txt --dpi-desync=fake --dpi-desync-fake-tls-mod=none --dpi-desync-repeats=6 --dpi-desync-fooling=ts,badsum --dpi-desync-badseq-increment=2 --new
--filter-tcp=443,8443 --hostlist-domains=none.dom --hostlist-exclude-domains=googlevideo.com --hostlist-exclude=/opt/zapret/extra_strats/TCP/YT/List.txt --hostlist=/opt/zapret/extra_strats/TCP/temp/15.txt --hostlist=/opt/zapret/extra_strats/TCP/User/15.txt --dpi-desync=fake,fakedsplit --dpi-desync-split-pos=1 --dpi-desync-fooling=ts,badsum --dpi-desync-badseq-increment=2 --dpi-desync-repeats=8 --dpi-desync-fake-tls-mod=rnd,dupsid,sni=www.google.com --new
--filter-tcp=443,8443 --hostlist-domains=none.dom --hostlist-exclude-domains=googlevideo.com --hostlist-exclude=/opt/zapret/extra_strats/TCP/YT/List.txt --hostlist=/opt/zapret/extra_strats/TCP/temp/16.txt --hostlist=/opt/zapret/extra_strats/TCP/User/16.txt --dpi-desync=fake,split2 --dpi-desync-split-seqovl=681 --dpi-desync-split-pos=1 --dpi-desync-fooling=ts,badsum --dpi-desync-repeats=8 --dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin --dpi-desync-fake-tls-mod=rnd,dupsid,sni=www.google.com --new
--filter-tcp=443,8443 --hostlist-domains=none.dom --hostlist-exclude-domains=googlevideo.com --hostlist-exclude=/opt/zapret/extra_strats/TCP/YT/List.txt --hostlist=/opt/zapret/extra_strats/TCP/temp/17.txt --hostlist=/opt/zapret/extra_strats/TCP/User/17.txt --dpi-desync=fake,multidisorder --dpi-desync-split-pos=1,midsld --dpi-desync-repeats=11 --dpi-desync-fooling=ts,badsum --dpi-desync-fake-tls-mod=rnd,dupsid,sni=www.google.com --new
'Запасные стратегии googlevideo.com'
--filter-tcp=443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/GV/1.txt --dpi-desync=fake,multidisorder --dpi-desync-split-pos=1,midsld --dpi-desync-fooling=badsum --dpi-desync-fake-tls-mod=rnd,dupsid,sni=www.google.com --new
--filter-tcp=443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/GV/2.txt --dpi-desync=fake --dpi-desync-fooling=ts --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_max_ru.bin --dpi-desync-fake-tls-mod=sni=msn.com --new
--filter-tcp=443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/GV/3.txt --dpi-desync=fake,multisplit --dpi-desync-split-pos=sld+1 --dpi-desync-fake-tls=0x0F0F0E0F --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_14.bin --dpi-desync-fake-tls-mod=rnd,dupsid --dpi-desync-fooling=md5sig --dup=2 --dup-fooling=md5sig --dup-cutoff=n3 --new
--filter-tcp=443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/GV/4.txt --dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-fooling=ts --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_max_ru.bin --dpi-desync-fake-tls-mod=sni=msn.com --new
--filter-tcp=443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/GV/5.txt --dpi-desync=hostfakesplit --dpi-desync-hostfakesplit-mod=host=rzd.ru --dpi-desync-hostfakesplit-midhost=host-2 --dpi-desync-split-seqovl=726 --dpi-desync-fooling=badsum,badseq --dpi-desync-badseq-increment=0 --new
--filter-tcp=443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/GV/6.txt --dpi-desync=multisplit --dpi-desync-split-pos=1,sniext+1 --dpi-desync-split-seqovl=1 --new
--filter-tcp=443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/GV/7.txt --orig-mod-start=s1 --orig-mod-cutoff=d1 --new
--filter-tcp=443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/GV/8.txt --dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-fooling=ts --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin --new
--filter-tcp=443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/GV/9.txt --ip-id=zero --dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-fooling=ts --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin --new
--filter-tcp=443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/GV/10.txt --dpi-desync=fake,split --dpi-desync-repeats=6 --dpi-desync-fooling=ts --dpi-desync-fakedsplit-pattern=0x00 --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin --new
--filter-tcp=443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/GV/11.txt --dpi-desync=fake,fakeddisorder --dpi-desync-split-pos=10,midsld --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin --dpi-desync-fake-tls-mod=rnd,dupsid,sni=fonts.google.com --dpi-desync-fake-tls=0x0F0F0F0F --dpi-desync-fake-tls-mod=none --dpi-desync-fakedsplit-pattern=/opt/zapret/files/fake/tls_clienthello_vk_com.bin --dpi-desync-split-seqovl=336 --dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_gosuslugi_ru.bin --dpi-desync-fooling=ts --dpi-desync-badseq-increment=0 --new
--filter-tcp=443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/GV/12.txt --dpi-desync=fake,multisplit --dpi-desync-split-seqovl=654 --dpi-desync-split-pos=1 --dpi-desync-fooling=ts --dpi-desync-repeats=8 --dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_activated.bin --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_max_ru.bin --dpi-desync-fake-tls-mod=sni=msn.com --new
--filter-tcp=443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/GV/13.txt --dpi-desync=fake --dpi-desync=multisplit --dpi-desync-split-seqovl=1 --new
--filter-tcp=443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/GV/14.txt --dpi-desync=fake --dpi-desync-fake-tls-mod=none --dpi-desync-repeats=6 --dpi-desync-fooling=ts --dpi-desync-badseq-increment=2 --new
--filter-tcp=443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/GV/15.txt --dpi-desync=fake,fakedsplit --dpi-desync-split-pos=1 --dpi-desync-fooling=ts --dpi-desync-badseq-increment=2 --dpi-desync-repeats=8 --dpi-desync-fake-tls-mod=rnd,dupsid,sni=www.google.com --new
--filter-tcp=443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/GV/16.txt --dpi-desync=multidisorder --dpi-desync-split-pos=2,5,105,host+5,sld-1,endsld-5,endsld --new
--filter-tcp=443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/GV/17.txt --dpi-desync=fake,multidisorder --dpi-desync-split-pos=1,midsld --dpi-desync-repeats=11 --dpi-desync-fooling=ts --dpi-desync-fake-tls-mod=rnd,dupsid,sni=www.google.com --new
'Строка безразборного режима'
--filter-tcp=443,2053,2083,2087,2096,8443 --hostlist-exclude-domains=googlevideo.com --hostlist-exclude=/opt/zapret/extra_strats/TCP/YT/List.txt --hostlist-domains=bezrazbor.disabled --new
'Запасные стратегии TCP YouTube интерфейса и остального РКН листа'
--filter-tcp=443,2053,2083,2087,2096,8443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/YT/1.txt --hostlist=/opt/zapret/extra_strats/TCP/RKN/1.txt --dpi-desync=fake,multidisorder --dpi-desync-split-pos=1,midsld --dpi-desync-fooling=badsum --dpi-desync-fake-tls-mod=rnd,dupsid,sni=www.google.com --new
--filter-tcp=443,2053,2083,2087,2096,8443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/YT/2.txt --hostlist=/opt/zapret/extra_strats/TCP/RKN/2.txt --dpi-desync=fake --dpi-desync-fooling=ts,badsum --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_max_ru.bin --dpi-desync-fake-tls-mod=sni=msn.com --new
--filter-tcp=443,2053,2083,2087,2096,8443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/YT/3.txt --hostlist=/opt/zapret/extra_strats/TCP/RKN/3.txt --dpi-desync=fake,multisplit --dpi-desync-split-pos=sld+1 --dpi-desync-fake-tls=0x0F0F0E0F --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_14.bin --dpi-desync-fake-tls-mod=rnd,dupsid --dpi-desync-fooling=md5sig --dup=2 --dup-fooling=md5sig --dup-cutoff=n3 --new
--filter-tcp=443,2053,2083,2087,2096,8443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/YT/4.txt --hostlist=/opt/zapret/extra_strats/TCP/RKN/4.txt --dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-fooling=ts,badsum --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_max_ru.bin --dpi-desync-fake-tls-mod=sni=msn.com --new
--filter-tcp=443,2053,2083,2087,2096,8443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/YT/5.txt --hostlist=/opt/zapret/extra_strats/TCP/RKN/5.txt --dpi-desync=hostfakesplit --dpi-desync-hostfakesplit-mod=host=rzd.ru --dpi-desync-hostfakesplit-midhost=host-2 --dpi-desync-split-seqovl=726 --dpi-desync-fooling=badsum,badseq --dpi-desync-badseq-increment=0 --new
--filter-tcp=443,2053,2083,2087,2096,8443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/YT/6.txt --hostlist=/opt/zapret/extra_strats/TCP/RKN/6.txt --ipcache-hostname --dpi-desync=syndata,multisplit --dpi-desync-split-seqovl=1 --dpi-desync-split-pos=1,sld+1,endsld-2 --dpi-desync-fake-syndata=/opt/zapret/files/fake/syn_packet.bin --dup=2 --dup-cutoff=n3 --new
--filter-tcp=443,2053,2083,2087,2096,8443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/YT/7.txt --hostlist=/opt/zapret/extra_strats/TCP/RKN/7.txt --dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-fooling=ts,badsum --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_4pda_to.bin --dpi-desync-fake-tls-mod=none --new
--filter-tcp=443,2053,2083,2087,2096,8443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/YT/8.txt --hostlist=/opt/zapret/extra_strats/TCP/RKN/8.txt --dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-fooling=ts,badsum --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin --new
--filter-tcp=443,2053,2083,2087,2096,8443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/YT/9.txt --hostlist=/opt/zapret/extra_strats/TCP/RKN/9.txt --dpi-desync=hostfakesplit --dpi-desync-repeats=4 --dpi-desync-fooling=ts,badsum --dpi-desync-hostfakesplit-mod=host=ozon.ru --new
--filter-tcp=443,2053,2083,2087,2096,8443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/YT/10.txt --hostlist=/opt/zapret/extra_strats/TCP/RKN/10.txt --dpi-desync=fake,split --dpi-desync-repeats=6 --dpi-desync-fooling=ts,badsum --dpi-desync-fakedsplit-pattern=0x00 --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin --new
--filter-tcp=443,2053,2083,2087,2096,8443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/YT/11.txt --hostlist=/opt/zapret/extra_strats/TCP/RKN/11.txt --dpi-desync=fake,fakeddisorder --dpi-desync-split-pos=10,midsld --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin --dpi-desync-fake-tls-mod=rnd,dupsid,sni=fonts.google.com --dpi-desync-fake-tls=0x0F0F0F0F --dpi-desync-fake-tls-mod=none --dpi-desync-fakedsplit-pattern=/opt/zapret/files/fake/tls_clienthello_vk_com.bin --dpi-desync-split-seqovl=336 --dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_gosuslugi_ru.bin --dpi-desync-fooling=ts,badsum --dpi-desync-badseq-increment=0 --new
--filter-tcp=443,2053,2083,2087,2096,8443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/YT/12.txt --hostlist=/opt/zapret/extra_strats/TCP/RKN/12.txt --dpi-desync=fake,multisplit --dpi-desync-split-seqovl=654 --dpi-desync-split-pos=1 --dpi-desync-fooling=ts,badsum --dpi-desync-repeats=8 --dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_activated.bin --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_max_ru.bin --dpi-desync-fake-tls-mod=sni=msn.com --new
--filter-tcp=443,2053,2083,2087,2096,8443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/YT/13.txt --hostlist=/opt/zapret/extra_strats/TCP/RKN/13.txt --dpi-desync=fake --dpi-desync=multisplit --dpi-desync-split-seqovl=1 --new
--filter-tcp=443,2053,2083,2087,2096,8443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/YT/14.txt --hostlist=/opt/zapret/extra_strats/TCP/RKN/14.txt --dpi-desync=fake --dpi-desync-fake-tls-mod=none --dpi-desync-repeats=6 --dpi-desync-fooling=ts,badsum --dpi-desync-badseq-increment=2 --new
--filter-tcp=443,2053,2083,2087,2096,8443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/YT/15.txt --hostlist=/opt/zapret/extra_strats/TCP/RKN/15.txt --dpi-desync=fake,fakedsplit --dpi-desync-split-pos=1 --dpi-desync-fooling=ts,badsum --dpi-desync-badseq-increment=2 --dpi-desync-repeats=8 --dpi-desync-fake-tls-mod=rnd,dupsid,sni=www.google.com --new
--filter-tcp=443,2053,2083,2087,2096,8443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/YT/16.txt --hostlist=/opt/zapret/extra_strats/TCP/RKN/16.txt --dpi-desync=multidisorder --dpi-desync-split-pos=2,5,105,host+5,sld-1,endsld-5,endsld --new
--filter-tcp=443,2053,2083,2087,2096,8443 --hostlist-domains=none.dom --hostlist=/opt/zapret/extra_strats/TCP/YT/17.txt --hostlist=/opt/zapret/extra_strats/TCP/RKN/17.txt --dpi-desync=fake,multidisorder --dpi-desync-split-pos=1,midsld --dpi-desync-repeats=11 --dpi-desync-fooling=ts,badsum --dpi-desync-fake-tls-mod=rnd,dupsid,sni=www.google.com --new
'Две стратегии googlevideo.com YT. Если подбором не активированы стратегии выше, то используются они'
--filter-tcp=443 --hostlist-domains=googlevideo.com --ipcache-hostname --dpi-desync=syndata,multisplit --dpi-desync-split-seqovl=1 --dpi-desync-split-pos=1,sld+1,endsld-2 --dpi-desync-fake-syndata=/opt/zapret/files/fake/syn_packet.bin --dup=2 --dup-cutoff=n3 --new
--filter-udp=443 --hostlist-domains=googlevideo.com --dpi-desync=fake --dpi-desync-repeats=6 --new
'Стратегия исходящих трансляций'
--filter-tcp=443 --ipset=/opt/zapret/lists/russia-youtube-rtmps.txt --dpi-desync=syndata --dpi-desync-fake-syndata=/opt/zapret/files/fake/syn_packet.bin --dup=2 --dup-cutoff=n3 --new
'Стратегия YouTube UDP QUIC, кроме GV'
--filter-udp=443 --hostlist=/opt/zapret/lists/russia-youtubeQ.txt --dpi-desync=fake,udplen --dpi-desync-udplen-increment=8 --dpi-desync-udplen-pattern=0x0F0F0E0F --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_6.bin --dpi-desync-cutoff=n3 --dpi-desync-repeats=2 --new
'Стратегия YouTube TCP без GV'
--skip --filter-tcp=443 --hostlist=/opt/zapret/lists/russia-youtube.txt --dpi-desync=fake,multidisorder --dpi-desync-split-pos=7,sld+1 --dpi-desync-fake-tls=0x0F0F0F0F --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_4.bin --dpi-desync-fake-tls-mod=rnd,dupsid,sni=fonts.google.com --dpi-desync-fooling=ts,badsum --new
--filter-tcp=443 --hostlist=/opt/zapret/lists/russia-youtube.txt --ipcache-hostname --dpi-desync=syndata,multisplit --dpi-desync-split-seqovl=1 --dpi-desync-split-pos=1,sld+1,endsld-2 --dpi-desync-fake-syndata=/opt/zapret/files/fake/syn_packet.bin --dup=2 --dup-cutoff=n3 --new
'Обход блокировки анонсеров rutracker.org и сайтов по HTTP'
--filter-tcp=80 --hostlist-domains=t-ru.org --hostlist=/opt/zapret/extra_strats/TCP/RKN/List.txt --dpi-desync=fake,multisplit --dpi-desync-split-seqovl=2 --dpi-desync-split-pos=host+1 --dpi-desync-fake-http=0x0E0E0F0E --dpi-desync-fooling=md5sig --new
'Обход сайтов по httpS'
--filter-tcp=443,2053,2083,2087,2096,8443 --hostlist=/opt/zapret/extra_strats/TCP/RKN/List.txt --dpi-desync=fake --dpi-desync-fooling=ts,badsum --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_max_ru.bin --dpi-desync-fake-tls-mod=sni=msn.com --new
'Обход войса Discord. Отключено в дефолте, если обход скриптом bol-van'
--skip --filter-udp=50000-50099,1400,3478-3481,5349,19294-19344 --filter-l7=discord,stun --dpi-desync=fake --dpi-desync-fake-discord=/opt/zapret/files/fake/quic_initial_www_google_com.bin --dpi-desync-fake-stun=/opt/zapret/files/fake/quic_initial_www_google_com.bin --dpi-desync-repeats=6 --new
'Стратегия обхода UDP игр и т.п.'
--skip --filter-udp=1026-65531 --dpi-desync=fake --dpi-desync-repeats=10 --dpi-desync-any-protocol=1 --dpi-desync-fake-unknown-udp=/opt/zapret/files/fake/quic_initial_www_google_com.bin --dpi-desync-cutoff=n2 --new
'Логгирование недоступных доменов'
--filter-tcp=443 --hostlist-domains=emptylistfix.com --hostlist-auto-fail-threshold=2 --hostlist-auto-retrans-threshold=2 --hostlist-auto=/opt/zapret/lists/autohostlist.txt --hostlist-exclude=/opt/zapret/extra_strats/TCP/RKN/List.txt
"
# none,ipset,hostlist,autohostlist
MODE_FILTER=none
# openwrt only : donttouch,none,software,hardware
FLOWOFFLOAD=donttouch
# openwrt: specify networks to be treated as LAN. default is "lan"
#OPENWRT_LAN="lan lan2 lan3"
# openwrt: specify networks to be treated as WAN. default wans are interfaces with default route
#OPENWRT_WAN4="wan vpn"
#OPENWRT_WAN6="wan6 vpn6"
# for routers based on desktop linux and macos. has no effect in openwrt.
# CHOOSE LAN and optinally WAN/WAN6 NETWORK INTERFACES
# or leave them commented if its not router
# it's possible to specify multiple interfaces like this : IFACE_LAN="eth0 eth1 eth2"
# if IFACE_WAN6 is not defined it take the value of IFACE_WAN
#IFACE_LAN=eth0
#IFACE_WAN=eth0
#IFACE_WAN6="ipsec0 wireguard0 he_net"
# should start/stop command of init scripts apply firewall rules ?
# not applicable to openwrt with firewall3+iptables
INIT_APPLY_FW=1
# firewall apply hooks
#INIT_FW_PRE_UP_HOOK="/etc/firewall.zapret.hook.pre_up"
#INIT_FW_POST_UP_HOOK="/etc/firewall.zapret.hook.post_up"
#INIT_FW_PRE_DOWN_HOOK="/etc/firewall.zapret.hook.pre_down"
#INIT_FW_POST_DOWN_HOOK="/etc/firewall.zapret.hook.post_down"
# do not work with ipv4
#DISABLE_IPV4=1
# do not work with ipv6
DISABLE_IPV6=0
# drop icmp time exceeded messages for nfqws tampered connections
# in POSTNAT mode this can interfere with default mtr/traceroute in tcp or udp mode. use source port not redirected to nfqws
# set to 0 if you are not expecting connection breakage due to icmp in response to TCP SYN or UDP
FILTER_TTL_EXPIRED_ICMP=1
# select which init script will be used to get ip or host list
# possible values : get_user.sh get_antizapret.sh get_combined.sh get_reestr.sh get_hostlist.sh
# comment if not required
#GETLIST=
Reference in a new issue View git blame Copy permalink