From c31fab4aaff78f39acdd5a7f1abd1413344d5e9d Mon Sep 17 00:00:00 2001
From: remittor <remittor@gmail.com>
Date: Mon, 5 May 2025 13:12:31 +0300
Subject: [PATCH] config: Add new param FILTER_TTL_EXPIRED_ICMP

Source: https://github.com/bol-van/zapret/commit/dc1dc5c8763d016e5719b7346d5abddcd5489b47
---
 .../htdocs/luci-static/resources/view/zapret/settings.js     | 4 ++++
 zapret/config.default                                        | 5 +++++
 zapret/def-cfg.sh                                            | 1 +
 zapret/sync_config.sh                                        | 1 +
 4 files changed, 11 insertions(+)

diff --git a/luci-app-zapret/htdocs/luci-static/resources/view/zapret/settings.js b/luci-app-zapret/htdocs/luci-static/resources/view/zapret/settings.js
index fa641d6..8468fde 100644
--- a/luci-app-zapret/htdocs/luci-static/resources/view/zapret/settings.js
+++ b/luci-app-zapret/htdocs/luci-static/resources/view/zapret/settings.js
@@ -86,6 +86,10 @@ return view.extend({
         o.rmempty = false;
         o.default = 0;
 
+        o = s.taboption(tabname, form.Flag, 'FILTER_TTL_EXPIRED_ICMP', 'FILTER_TTL_EXPIRED_ICMP');
+        o.rmempty = false;
+        o.default = 1;
+
         o = s.taboption(tabname, form.ListValue, 'MODE_FILTER', _('MODE_FILTER'));
         //o.value('none',         'none');
         //o.value('ipset',        'ipset');
diff --git a/zapret/config.default b/zapret/config.default
index c0d26ce..3358b7b 100644
--- a/zapret/config.default
+++ b/zapret/config.default
@@ -136,6 +136,11 @@ DISABLE_IPV4=0
 # do not work with ipv6
 DISABLE_IPV6=1
 
+# drop icmp time exceeded messages for nfqws tampered connections
+# in POSTNAT mode this can interfere with default mtr/traceroute in tcp or udp mode. use source port not redirected to nfqws
+# set to 0 if you are not expecting connection breakage due to icmp in response to TCP SYN or UDP
+FILTER_TTL_EXPIRED_ICMP=1
+
 # select which init script will be used to get ip or host list
 # possible values : get_user.sh get_antizapret.sh get_combined.sh get_reestr.sh get_hostlist.sh
 # comment if not required
diff --git a/zapret/def-cfg.sh b/zapret/def-cfg.sh
index ef70155..01c2b5f 100755
--- a/zapret/def-cfg.sh
+++ b/zapret/def-cfg.sh
@@ -14,6 +14,7 @@ function set_cfg_default_values
 		set $cfgname.config.INIT_APPLY_FW='1'
 		set $cfgname.config.DISABLE_IPV4='0'
 		set $cfgname.config.DISABLE_IPV6='1'
+		set $cfgname.config.FILTER_TTL_EXPIRED_ICMP='1'
 		set $cfgname.config.MODE_FILTER='hostlist'
 		set $cfgname.config.DISABLE_CUSTOM='0'
 		set $cfgname.config.WS_USER='daemon'
diff --git a/zapret/sync_config.sh b/zapret/sync_config.sh
index 3c0fcff..6229614 100755
--- a/zapret/sync_config.sh
+++ b/zapret/sync_config.sh
@@ -80,6 +80,7 @@ sync_param FLOWOFFLOAD
 sync_param INIT_APPLY_FW
 sync_param DISABLE_IPV4
 sync_param DISABLE_IPV6
+sync_param FILTER_TTL_EXPIRED_ICMP
 sync_param MODE_FILTER
 sync_param DISABLE_CUSTOM
 sync_param WS_USER str