RouterichAX3000_configs/config_files/zapret

config main 'config'
	option run_on_boot '1'
	option FWTYPE 'nftables'
	option POSTNAT '1'
	option FLOWOFFLOAD 'none'
	option INIT_APPLY_FW '1'
	option DISABLE_IPV4 '0'
	option DISABLE_IPV6 '1'
	option FILTER_TTL_EXPIRED_ICMP '1'
	option MODE_FILTER 'hostlist'
	option DISABLE_CUSTOM '0'
	option WS_USER 'daemon'
	option DAEMON_LOG_ENABLE '0'
	option DAEMON_LOG_FILE '/tmp/zapret+<DAEMON_NAME>+<DAEMON_IDNUM>+<DAEMON_CFGNAME>.log'
	option AUTOHOSTLIST_RETRANS_THRESHOLD '3'
	option AUTOHOSTLIST_FAIL_THRESHOLD '3'
	option AUTOHOSTLIST_FAIL_TIME '60'
	option AUTOHOSTLIST_DEBUGLOG '0'
	option NFQWS_ENABLE '1'
	option DESYNC_MARK '0x40000000'
	option DESYNC_MARK_POSTNAT '0x20000000'
	option NFQWS_PORTS_TCP '80,443'
	option NFQWS_PORTS_UDP '443'
	option NFQWS_TCP_PKT_OUT '9'
	option NFQWS_TCP_PKT_IN '3'
	option NFQWS_UDP_PKT_OUT '9'
	option NFQWS_UDP_PKT_IN '0'
	option NFQWS_PORTS_TCP_KEEPALIVE '0'
	option NFQWS_PORTS_UDP_KEEPALIVE '0'
	option NFQWS_OPT '
--filter-tcp=443
--dpi-desync=fake,fakeddisorder
--dpi-desync-split-pos=10,midsld
--dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--dpi-desync-fake-tls-mod=rnd,dupsid,sni=fonts.google.com
--dpi-desync-fake-tls=0x0F0F0F0F
--dpi-desync-fake-tls-mod=none
--dpi-desync-fakedsplit-pattern=/opt/zapret/files/fake/tls_clienthello_vk_com.bin
--dpi-desync-split-seqovl=336
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_gosuslugi_ru.bin
--dpi-desync-fooling=badseq,badsum
--dpi-desync-badseq-increment=0
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
<HOSTLIST>
--new
--filter-udp=443
--dpi-desync=fake
--dpi-desync-repeats=4
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
<HOSTLIST>
'