Mirror/zapret-openwrt
1
0
Fork 0
mirror of https://github.com/remittor/zapret-openwrt.git synced 2026-01-04 07:38:50 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: Mirror:v65-20241025-23.05
Branches Tags
Mirror:master Mirror:zap1 Mirror:gh-pages
Mirror:v0.8.20251230 Mirror:v0.8.20251229 Mirror:v0.7.20251227 Mirror:v72.20251227 Mirror:v0.7.20251226 Mirror:v0.7.20251225-r2 Mirror:v72.20251225-r2 Mirror:v0.7.20251225 Mirror:v72.20251225 Mirror:v0.7.20251224 Mirror:v0.7.20251220 Mirror:v0.7.20251219 Mirror:v72.20251219 Mirror:v72.20251218 Mirror:v72.20251217 Mirror:v72.20251216 Mirror:v72.20251213 Mirror:v72.20251212 Mirror:v72.20251122 Mirror:v72.20251022 Mirror:v72.20250924 Mirror:v71.20250918 Mirror:v71.20250708 Mirror:v71.20250607 Mirror:v70.20250505 Mirror:v70.20250419 Mirror:v70.20250405 Mirror:v70.20250323 Mirror:v70.20250213 Mirror:v70.20250210 Mirror:v70.20250116 Mirror:v70-20250109 Mirror:v70-20250109-23.05 Mirror:v69-20241206 Mirror:v69-20241206-23.05 Mirror:v69-20241123 Mirror:v69-20241123-23.05 Mirror:v69-20241121-23.05 Mirror:v69-20241121 Mirror:v69-20241118 Mirror:v69-20241118-23.05 Mirror:v68-20241115 Mirror:v68-20241115-23.05 Mirror:v68-20241110 Mirror:v68-20241110-23.05 Mirror:v67-20241030 Mirror:v67-20241030-23.05 Mirror:v66-20241026-23.05 Mirror:v66-20241026 Mirror:v65-20241025 Mirror:v65-20241025-23.05 Mirror:v65-20241023 Mirror:v65-20241023-23.05 Mirror:v65-20241018 Mirror:v65-20241018-23.05 Mirror:v65-20241016 Mirror:v65-20241016-23.05 Mirror:v64-20241014 Mirror:v64-20241014-23.05 Mirror:v64-20241012
...
compare: Mirror:v67-20241030-23.05
Branches Tags
Mirror:master Mirror:zap1 Mirror:gh-pages
Mirror:v0.8.20251230 Mirror:v0.8.20251229 Mirror:v0.7.20251227 Mirror:v72.20251227 Mirror:v0.7.20251226 Mirror:v0.7.20251225-r2 Mirror:v72.20251225-r2 Mirror:v0.7.20251225 Mirror:v72.20251225 Mirror:v0.7.20251224 Mirror:v0.7.20251220 Mirror:v0.7.20251219 Mirror:v72.20251219 Mirror:v72.20251218 Mirror:v72.20251217 Mirror:v72.20251216 Mirror:v72.20251213 Mirror:v72.20251212 Mirror:v72.20251122 Mirror:v72.20251022 Mirror:v72.20250924 Mirror:v71.20250918 Mirror:v71.20250708 Mirror:v71.20250607 Mirror:v70.20250505 Mirror:v70.20250419 Mirror:v70.20250405 Mirror:v70.20250323 Mirror:v70.20250213 Mirror:v70.20250210 Mirror:v70.20250116 Mirror:v70-20250109 Mirror:v70-20250109-23.05 Mirror:v69-20241206 Mirror:v69-20241206-23.05 Mirror:v69-20241123 Mirror:v69-20241123-23.05 Mirror:v69-20241121-23.05 Mirror:v69-20241121 Mirror:v69-20241118 Mirror:v69-20241118-23.05 Mirror:v68-20241115 Mirror:v68-20241115-23.05 Mirror:v68-20241110 Mirror:v68-20241110-23.05 Mirror:v67-20241030 Mirror:v67-20241030-23.05 Mirror:v66-20241026-23.05 Mirror:v66-20241026 Mirror:v65-20241025 Mirror:v65-20241025-23.05 Mirror:v65-20241023 Mirror:v65-20241023-23.05 Mirror:v65-20241018 Mirror:v65-20241018-23.05 Mirror:v65-20241016 Mirror:v65-20241016-23.05 Mirror:v64-20241014 Mirror:v64-20241014-23.05 Mirror:v64-20241012

14 Commits
v65-202410 ... v67-202410

Author SHA1 Message Date
remittor
2cf3d0b996 Bump version to v67-20241030 2024-10-30 15:19:16 +03:00
remittor
d463d2e39e config: Fix bug in default config (forced use google hostlist) 2024-10-30 15:18:57 +03:00
remittor
148a397051 install: Replace default hostlist "zapret-hosts-user.txt" to "zapret-hosts-google.txt" 2024-10-30 13:10:56 +03:00
remittor
9f73af44dd ipset: Rename "zapret-hosts-user.txt" to "zapret-hosts-google.txt" 2024-10-30 12:41:35 +03:00
remittor
40f0432b1c config: luci: Add support new hostlist file "zapret-hosts-google.txt" 2024-10-30 12:40:26 +03:00
remittor
ca11a6cd55 ipset: Remove empty txt files from ipset directory 2024-10-30 12:15:28 +03:00
remittor
39833fdcea config: Add info about <HOSTLIST_NOAUTO> (new in v67) 2024-10-30 11:59:40 +03:00
remittor
425fde748f luci: Add button "Reset settings" 2024-10-30 11:22:28 +03:00
remittor
0df621f443 Bump version to v66-20241026 2024-10-26 17:37:06 +03:00
remittor
f17b00c107 config: luci: Adapt settings for Zapret v66 (new config format) 2024-10-26 17:34:48 +03:00
remittor
c67ce19626 luci: Add support multiline long string editing 2024-10-26 15:46:27 +03:00
remittor
4b932b2c4a luci: Fix detect daemons status (empty instances dict) 2024-10-26 15:18:52 +03:00
remittor
a8d25b2d2b config: luci: Add AutoHostList settings 2024-10-26 11:23:45 +03:00
Oleg S.
9f40c1fcd1 readme: Add screenshot of main page 2024-10-25 15:25:29 +03:00
18 changed files with 387 additions and 242 deletions
Expand all files Collapse all files

5
README.md
View File

@@ -4,3 +4,8 @@
[Instructions for installing](https://github.com/remittor/zapret-openwrt/wiki/Installing-zapretopenwrt-package)
[Download page](https://github.com/remittor/zapret-openwrt/releases)
Screenshot:
![image](https://github.com/user-attachments/assets/b79940b3-6a0d-4310-bd58-e461be004397)

4
luci-app-zapret/Makefile
View File

@@ -5,8 +5,8 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-zapret
PKG_RELEASE:=20241025
PKG_VERSION:=65-$(PKG_RELEASE)
PKG_RELEASE:=20241030
PKG_VERSION:=67-$(PKG_RELEASE)
PKG_LICENSE:=MIT
LUCI_TITLE:=LuCI support for zapret

62
luci-app-zapret/htdocs/luci-static/resources/view/zapret/service.js
View File

@@ -22,6 +22,7 @@ return view.extend({
restart : elems.btn_restart || document.getElementById('btn_restart'),
stop : elems.btn_stop || document.getElementById('btn_stop'),
update : elems.btn_update || document.getElementById('btn_update'),
reset : elems.btn_update || document.getElementById('btn_reset'),
};
},
@@ -33,6 +34,7 @@ return view.extend({
btn.restart.disabled = flag;
btn.stop.disabled = flag;
btn.update.disabled = true; // TODO
btn.reset.disabled = flag;
},
getAppStatus: function() {
@@ -86,6 +88,7 @@ return view.extend({
}
let btn = this.get_svc_buttons(elems);
btn.update.disabled = true; // TODO
btn.reset.disabled = false;
if (Number.isInteger(svcinfo)) {
ui.addNotification(null, E('p', _('Error')
@@ -94,7 +97,7 @@ return view.extend({
} else {
btn.enable.disabled = (svc_autorun) ? true : false;
btn.disable.disabled = (svc_autorun) ? false : true;
if (svcinfo.dmn.total == 0) {
if (!svcinfo.dmn.inited) {
btn.start.disabled = false;
btn.restart.disabled = true;
btn.stop.disabled = true;
@@ -134,7 +137,7 @@ return view.extend({
});
},
serviceActionEx: function(action, button) {
serviceActionEx: function(action, button, hide_modal = false) {
if (button) {
let elem = document.getElementById(button);
this.disableButtons(true, elem);
@@ -142,11 +145,32 @@ return view.extend({
poll.stop();
let _this = this;
return fs.exec(tools.syncCfgPath)
let exec_cmd = null;
let exec_arg = [ ];
let errmsg = 'ERROR:';
if (action == 'start' || action == 'restart') {
exec_cmd = tools.syncCfgPath;
errmsg = _('Unable to run sync_config.sh script.');
}
else if (action == 'reset') {
exec_cmd = tools.defaultCfgPath;
exec_arg = [ '-f' ];
errmsg = _('Unable to run uci-def-cfg.sh script.');
action = null;
} else {
ui.addNotification(null, E('p', 'ERROR: unknown action'));
return null;
}
return fs.exec(exec_cmd, exec_arg)
.then(function(res) {
if (res.code != 0) {
ui.addNotification(null, E('p', _('Unable to run sync_config.sh script.') + ' res.code = ' + res.code));
ui.addNotification(null, E('p', errmsg + ' res.code = ' + res.code));
action = null; // return with error
}
if (hide_modal) {
ui.hideModal();
}
if (!action) {
return _this.getAppStatus().then(
(status_array) => {
_this.setAppStatus(status_array);
@@ -156,7 +180,7 @@ return view.extend({
return _this.serviceAction(action, null);
})
.catch(e => {
ui.addNotification(null, E('p', _('Unable to run sync_config.sh script.') + ' Error: ' + e.message));
ui.addNotification(null, E('p', errmsg + ' Error: ' + e.message));
});
},
@@ -192,29 +216,29 @@ return view.extend({
);
},
dialogDestroy: function(ev) {
dialogResetCfg: function(ev) {
ev.target.blur();
let cancel_button = E('button', {
'class': btn_style_neutral,
'click': ui.hideModal,
}, _('Cancel'));
let shutdown_btn = E('button', {
'class': btn_style_warning,
}, _('Shutdown'));
shutdown_btn.onclick = ui.createHandlerFn(this, () => {
let resetcfg_btn = E('button', {
'class': btn_style_action,
}, _('Reset settings'));
resetcfg_btn.onclick = ui.createHandlerFn(this, () => {
cancel_button.disabled = true;
return this.appAction('destroy');
return this.serviceActionEx('reset', resetcfg_btn, true);
});
ui.showModal(_('Shutdown'), [
ui.showModal(_('Reset settings to default'), [
E('div', { 'class': 'cbi-section' }, [
E('p', _('The service will be disabled. Continue?')),
E('p', _('All settings will be reset to default. Continue?')),
]),
E('div', { 'class': 'right' }, [
shutdown_btn,
' ',
cancel_button,
' ',
resetcfg_btn,
])
]);
},
@@ -294,8 +318,9 @@ return view.extend({
btn_update.onclick = ui.createHandlerFn(this, () => { this.appAction('update', 'btn_update') });
layout_append(_('Update blacklist'), null, [ btn_update ] );
let btn_destroy = create_btn('btn_destroy', btn_style_negative, _('Shutdown'));
btn_destroy.onclick = L.bind(this.dialogDestroy, this);
let btn_reset = create_btn('btn_reset', btn_style_action, _('Reset settings'));
btn_reset.onclick = L.bind(this.dialogResetCfg, this);
layout_append(_('Reset settings to default'), null, [ btn_reset ] );
let elems = {
"status": status_string,
@@ -305,6 +330,7 @@ return view.extend({
"btn_restart": btn_restart,
"btn_stop": btn_stop,
"btn_update": btn_update,
"btn_reset": btn_reset,
};
this.setAppStatus(status_array, elems);

211
luci-app-zapret/htdocs/luci-static/resources/view/zapret/settings.js
View File

@@ -64,10 +64,10 @@ return view.extend({
//o.value('iptables', 'iptables');
//o.value('ipfw', 'ipfw');
o = s.taboption(tabname, form.ListValue, 'MODE', _('MODE'));
o.value('nfqws', 'nfqws');
//o.value('tpws', 'tpws');
o = s.taboption(tabname, form.Flag, 'POSTNAT', _('POSTNAT'));
o.rmempty = false;
o.default = 1;
o = s.taboption(tabname, form.ListValue, 'FLOWOFFLOAD', _('FLOWOFFLOAD'));
o.value('donttouch', 'donttouch');
o.value('none', 'none');
@@ -92,44 +92,6 @@ return view.extend({
o.value('hostlist', 'hostlist');
o.value('autohostlist', 'autohostlist');
o = s.taboption(tabname, form.Flag, 'MODE_HTTP', _('MODE_HTTP'));
o.rmempty = false;
o.default = 0;
o = s.taboption(tabname, form.Flag, 'MODE_HTTP_KEEPALIVE', _('MODE_HTTP_KEEPALIVE'));
o.rmempty = false;
o.default = 0;
o = s.taboption(tabname, form.Value, 'HTTP_PORTS', _('HTTP_PORTS'));
o.rmempty = false;
o.datatype = 'string';
o = s.taboption(tabname, form.Flag, 'MODE_HTTPS', _('MODE_HTTPS'));
o.rmempty = false;
o.default = 0;
o = s.taboption(tabname, form.Value, 'HTTPS_PORTS', _('HTTPS_PORTS'));
o.rmempty = false;
o.datatype = 'string';
o = s.taboption(tabname, form.Flag, 'MODE_QUIC', _('MODE_QUIC'));
o.rmempty = false;
o.default = 0;
o = s.taboption(tabname, form.Value, 'QUIC_PORTS', _('QUIC_PORTS'));
o.rmempty = false;
o.datatype = 'string';
o = s.taboption(tabname, form.Value, 'DESYNC_MARK', _('DESYNC_MARK'));
//o.description = _("nfqws option for DPI desync attack");
o.rmempty = false;
o.datatype = 'string';
o = s.taboption(tabname, form.Value, 'DESYNC_MARK_POSTNAT', _('DESYNC_MARK_POSTNAT'));
//o.description = _("nfqws option for DPI desync attack");
o.rmempty = false;
o.datatype = 'string';
/* NFQWS_OPT_DESYNC tab */
tabname = 'nfqws_params';
@@ -141,67 +103,154 @@ return view.extend({
o.default = '<hr style="width: 620px; height: 1px; margin: 1px 0 1px; border-top: 1px solid;">';
};
let add_param = function(sec, param, locname = null, rows = 10) {
let add_param = function(sec, param, locname = null, rows = 10, multiline = false) {
if (!locname)
locname = param;
let btn = sec.taboption(tabname, form.Button, '_' + param + '_btn', locname);
btn.inputtitle = _('Edit');
btn.inputstyle = 'edit btn';
let val = sec.taboption(tabname, form.DummyValue, '_' + param);
val.rawhtml = false;
val.rawhtml = multiline ? true : false;
val.cfgvalue = function(section_id) {
let name = uci.get(tools.appName, section_id, param);
if (name == null || name == "")
name = "";
return name;
let value = uci.get(tools.appName, section_id, param);
if (value == null) {
return "";
}
value = value.trim();
if (multiline == 2) {
value = value.replace(/\n --/g, "\n--");
value = value.replace(/\n --/g, "\n--");
value = value.replace(/ --/g, "\n--");
}
if (val.rawhtml) {
value = value.replace(/</g, '˂');
value = value.replace(/>/g, '˃');
value = value.replace(/\n/g, '<br/>');
}
return value;
};
val.validate = function(section_id, value) {
if (!value)
return "";
return value.trim();
return (value) ? value.trim() : "";
};
btn.onclick = () => new tools.longstrEditDialog('config', param, param, locname, rows).show();
btn.onclick = () => new tools.longstrEditDialog('config', param, param, locname, rows, multiline).show();
};
o = s.taboption(tabname, form.Flag, 'NFQWS_ENABLE', _('NFQWS_ENABLE'));
o.rmempty = false;
o.default = 1;
o = s.taboption(tabname, form.Value, 'DESYNC_MARK', _('DESYNC_MARK'));
//o.description = _("nfqws option for DPI desync attack");
o.rmempty = false;
o.datatype = 'string';
o = s.taboption(tabname, form.Value, 'DESYNC_MARK_POSTNAT', _('DESYNC_MARK_POSTNAT'));
//o.description = _("nfqws option for DPI desync attack");
o.rmempty = false;
o.datatype = 'string';
o = s.taboption(tabname, form.Value, 'NFQWS_PORTS_TCP', _('NFQWS_PORTS_TCP'));
o.rmempty = false;
o.datatype = 'string';
o = s.taboption(tabname, form.Value, 'NFQWS_PORTS_UDP', _('NFQWS_PORTS_UDP'));
o.rmempty = false;
o.datatype = 'string';
o = s.taboption(tabname, form.Value, 'NFQWS_TCP_PKT_OUT', _('NFQWS_TCP_PKT_OUT'));
o.rmempty = false;
o.datatype = 'string';
o = s.taboption(tabname, form.Value, 'NFQWS_TCP_PKT_IN', _('NFQWS_TCP_PKT_IN'));
o.rmempty = false;
o.datatype = 'string';
o = s.taboption(tabname, form.Value, 'NFQWS_UDP_PKT_OUT', _('NFQWS_UDP_PKT_OUT'));
o.rmempty = false;
o.datatype = 'string';
o = s.taboption(tabname, form.Value, 'NFQWS_UDP_PKT_IN', _('NFQWS_UDP_PKT_IN'));
o.rmempty = false;
o.datatype = 'string';
o = s.taboption(tabname, form.Value, 'NFQWS_PORTS_TCP_KEEPALIVE', _('NFQWS_PORTS_TCP_KEEPALIVE'));
o.rmempty = false;
o.datatype = 'uinteger';
o = s.taboption(tabname, form.Value, 'NFQWS_PORTS_UDP_KEEPALIVE', _('NFQWS_PORTS_UDP_KEEPALIVE'));
o.rmempty = false;
o.datatype = 'uinteger';
add_delim(s);
add_param(s, 'NFQWS_OPT_DESYNC');
add_delim(s);
add_param(s, 'NFQWS_OPT_DESYNC_SUFFIX');
add_delim(s);
add_param(s, 'NFQWS_OPT_DESYNC_HTTP');
add_delim(s);
add_param(s, 'NFQWS_OPT_DESYNC_HTTP_SUFFIX');
add_delim(s);
add_param(s, 'NFQWS_OPT_DESYNC_HTTPS');
add_delim(s);
add_param(s, 'NFQWS_OPT_DESYNC_HTTPS_SUFFIX');
add_delim(s);
add_param(s, 'NFQWS_OPT_DESYNC_HTTP6');
add_delim(s);
add_param(s, 'NFQWS_OPT_DESYNC_HTTP6_SUFFIX');
add_delim(s);
add_param(s, 'NFQWS_OPT_DESYNC_HTTPS6');
add_delim(s);
add_param(s, 'NFQWS_OPT_DESYNC_HTTPS6_SUFFIX');
add_delim(s);
add_param(s, 'NFQWS_OPT_DESYNC_QUIC');
add_delim(s);
add_param(s, 'NFQWS_OPT_DESYNC_QUIC_SUFFIX');
add_delim(s);
add_param(s, 'NFQWS_OPT_DESYNC_QUIC6');
add_delim(s);
add_param(s, 'NFQWS_OPT_DESYNC_QUIC6_SUFFIX');
add_param(s, 'NFQWS_OPT', null, 18, 2);
/* AutoHostList settings */
tabname = 'autohostlist_tab';
s.tab(tabname, _('AutoHostList'));
o = s.taboption(tabname, form.Value, 'AUTOHOSTLIST_RETRANS_THRESHOLD', _('RETRANS_THRESHOLD'));
o.rmempty = false;
o.datatype = 'uinteger';
o = s.taboption(tabname, form.Value, 'AUTOHOSTLIST_FAIL_THRESHOLD', _('FAIL_THRESHOLD'));
o.rmempty = false;
o.datatype = 'uinteger';
o = s.taboption(tabname, form.Value, 'AUTOHOSTLIST_FAIL_TIME', _('FAIL_TIME'));
o.rmempty = false;
o.datatype = 'uinteger';
o = s.taboption(tabname, form.Button, '_auto_host_btn', _('Auto host list entries'));
o.inputtitle = _('Edit');
o.inputstyle = 'edit btn';
o.description = tools.autoHostListFN;
o.onclick = () => new tools.fileEditDialog(
tools.autoHostListFN,
_('Auto host list'),
'',
'',
15
).show();
o = s.taboption(tabname, form.Flag, 'AUTOHOSTLIST_DEBUGLOG', _('DEBUGLOG'));
o.rmempty = false;
o.default = 0;
o = s.taboption(tabname, form.Button, '_auto_host_debug_btn', _('Auto host debug list entries'));
o.inputtitle = _('Edit');
o.inputstyle = 'edit btn';
o.description = tools.autoHostListDbgFN;
o.onclick = () => new tools.fileEditDialog(
tools.autoHostListDbgFN,
_('Auto host debug list'),
'',
'',
15
).show();
/* Blacklist settings */
tabname = 'blacklist_tab';
s.tab(tabname, _('Blacklist settings'));
o = s.taboption(tabname, form.Button, '_google_entries_btn', _('Google hostname entries'));
o.inputtitle = _('Edit');
o.inputstyle = 'edit btn';
o.description = tools.hostsGoogleFN;
o.onclick = () => new tools.fileEditDialog(
tools.hostsGoogleFN,
_('Google hostname entries'),
_('One hostname per line.<br />Examples:'),
'<code>youtube.com<br />googlevideo.com</code>',
15
).show();
o = s.taboption(tabname, form.Button, '_user_entries_btn', _('User hostname entries'));
o.inputtitle = _('Edit');
o.inputstyle = 'edit btn';
o.description = tools.hostsUserFN;
o.onclick = () => new tools.fileEditDialog(
o.onclick = () => new tools.fileEditDialog(
tools.hostsUserFN,
_('User entries'),
_('One hostname per line.<br />Examples:'),
@@ -213,7 +262,7 @@ return view.extend({
o.inputtitle = _('Edit');
o.inputstyle = 'edit btn';
o.description = tools.hostsUserExcludeFN;
o.onclick = () => new tools.fileEditDialog(
o.onclick = () => new tools.fileEditDialog(
tools.hostsUserExcludeFN,
_('User excluded entries'),
_('One hostname per line.<br />Examples:'),

67
luci-app-zapret/htdocs/luci-static/resources/view/zapret/tools.js
View File

@@ -38,7 +38,9 @@ return baseclass.extend({
appName : 'zapret',
execPath : '/etc/init.d/zapret',
syncCfgPath : '/opt/zapret/sync_config.sh',
defaultCfgPath : '/opt/zapret/uci-def-cfg.sh',
hostsGoogleFN : '/opt/zapret/ipset/zapret-hosts-google.txt',
hostsUserFN : '/opt/zapret/ipset/zapret-hosts-user.txt',
hostsUserExcludeFN: '/opt/zapret/ipset/zapret-hosts-user-exclude.txt',
iplstExcludeFN : '/opt/zapret/ipset/zapret-ip-exclude.txt',
@@ -47,6 +49,9 @@ return baseclass.extend({
custFileMax : 4,
custFileTemplate : '/opt/zapret/ipset/cust%s.txt',
autoHostListFN : '/opt/zapret/ipset/zapret-hosts-auto.txt',
autoHostListDbgFN : '/opt/zapret/ipset/zapret-hosts-auto-debug.log',
infoLabelRunning : '<span class="label-status running">' + _('Running') + '</span>',
infoLabelStarting : '<span class="label-status starting">' + _('Starting') + '</span>',
infoLabelStopped : '<span class="label-status stopped">' + _('Stopped') + '</span>',
@@ -140,6 +145,7 @@ return baseclass.extend({
let result = {
"autorun": svc_autorun,
"dmn": {
inited: false,
total: 0,
running: 0,
working: 0,
@@ -159,18 +165,18 @@ return baseclass.extend({
return -3;
}
if (typeof(jdata.zapret) == 'object') {
result.dmn.inited = true;
let dmn_list = jdata.zapret.instances;
if (typeof(dmn_list) !== 'object') {
return -4;
}
for (const [dmn_name, daemon] of Object.entries(dmn_list)) {
result.dmn.total += 1;
if (daemon.running) {
result.dmn.running += 1;
}
if (daemon.pid !== undefined && daemon.pid != null) {
if (plist.includes(daemon.pid)) {
result.dmn.working += 1;
if (typeof(dmn_list) == 'object') {
for (const [dmn_name, daemon] of Object.entries(dmn_list)) {
result.dmn.total += 1;
if (daemon.running) {
result.dmn.running += 1;
}
if (daemon.pid !== undefined && daemon.pid != null) {
if (plist.includes(daemon.pid)) {
result.dmn.working += 1;
}
}
}
}
@@ -179,7 +185,7 @@ return baseclass.extend({
if (result.dmn.total == 0) {
result.status = (!svc_autorun) ? this.statusDict.disabled : this.statusDict.stopped;
} else {
result.status = (!result.dmn.working) ? this.statusDict.started : this.statusDict.running;
result.status = (result.dmn.inited) ? this.statusDict.started : this.statusDict.running;
}
return result;
},
@@ -190,7 +196,7 @@ return baseclass.extend({
if (typeof(svcinfo) == 'object') {
svc_autorun = (svcinfo.autorun) ? _('Enabled') : _('Disabled');
if (svcinfo.dmn.total == 0) {
if (!svcinfo.dmn.inited) {
svc_daemons = _('Stopped');
} else {
svc_daemons = (!svcinfo.dmn.working) ? _('Starting') : _('Running');
@@ -346,18 +352,24 @@ return baseclass.extend({
}),
longstrEditDialog: baseclass.extend({
__init__: function(cfgsec, cfgparam, title, desc, rows = 10) {
__init__: function(cfgsec, cfgparam, title, desc, rows = 10, multiline = false) {
this.cfgsec = cfgsec;
this.cfgparam = cfgparam;
this.title = title;
this.desc = desc;
this.rows = rows;
this.multiline = multiline;
},
load: function() {
let value = uci.get('zapret', this.cfgsec, this.cfgparam);
if (typeof(value) === 'string') {
return value.trim();
value = value.trim();
if (this.multiline == 2) {
value = value.replace(/\n --/g, "\n--");
value = value.replace(/\n --/g, "\n--");
value = value.replace(/ --/g, "\n--");
}
}
return value;
},
@@ -397,15 +409,36 @@ return baseclass.extend({
handleSave: function(ev) {
let txt = document.getElementById('widget.modal_content');
let value = txt.value.trim().replace(/\r\n/g, ' ').replace(/\r/g, ' ').replace(/\n/g, ' ').trim();
let value = txt.value.trim();
if (this.multiline) {
value = value.replace(/\r/g, '');
if (value != "" && value != "\t") {
value = '\n' + value + '\n';
}
} else {
value = value.replace(/\r\n/g, ' ');
value = value.replace(/\r/g, ' ');
value = value.replace(/\n/g, ' ');
value = value.trim();
}
if (value == "") {
value = "\t";
}
value = value.replace(/˂/g, '<');
value = value.replace(/˃/g, '>');
uci.set('zapret', this.cfgsec, this.cfgparam, value);
uci.save();
let elem = document.getElementById("cbi-zapret-" + this.cfgsec + "-_" + this.cfgparam);
if (elem) {
elem.querySelector('div').textContent = value;
let val = value.trim();
if (this.multiline) {
val = val.replace(/</g, '˂');
val = val.replace(/>/g, '˃');
val = val.replace(/\n/g, '<br/>');
elem.querySelector('div').innerHTML = val;
} else {
elem.querySelector('div').textContent = val;
}
}
ui.hideModal();
/*

1
luci-app-zapret/root/usr/share/rpcd/acl.d/luci-app-zapret.json
View File

@@ -10,6 +10,7 @@
"/etc/init.d/zapret*": [ "exec" ],
"/bin/ps*": [ "exec" ],
"/bin/opkg*": [ "exec" ],
"/opt/zapret/uci-def-cfg.sh*": [ "exec" ],
"/opt/zapret/sync_config.sh*": [ "exec" ]
},
"uci": [ "zapret", "network" ],

8
zapret-ip2net/Makefile
View File

@@ -1,8 +1,8 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=zapret-ip2net
PKG_VERSION:=65
PKG_RELEASE:=20241025
PKG_VERSION:=67
PKG_RELEASE:=20241030
PKG_MAINTAINER:=bol-van
PKG_LICENSE:=MIT
@@ -10,8 +10,8 @@ PKG_LICENSE_FILES:=docs/LICENSE.txt
PKG_SOURCE_URL:=https://github.com/bol-van/zapret.git
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=2c68d1c94f293470bf3a87b28c4d15242e22218c
PKG_SOURCE_DATE:=2024-10-25
PKG_SOURCE_VERSION:=f22dcb24877ec9fe6be63ce3cf64d5433a3061b3
PKG_SOURCE_DATE:=2024-10-30
#PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
#PKG_SOURCE_URL:=https://github.com/bol-van/zapret/archive/refs/tags/v$(PKG_VERSION).tar.gz?

8
zapret-mdig/Makefile
View File

@@ -1,8 +1,8 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=zapret-mdig
PKG_VERSION:=65
PKG_RELEASE:=20241025
PKG_VERSION:=67
PKG_RELEASE:=20241030
PKG_MAINTAINER:=bol-van
PKG_LICENSE:=MIT
@@ -10,8 +10,8 @@ PKG_LICENSE_FILES:=docs/LICENSE.txt
PKG_SOURCE_URL:=https://github.com/bol-van/zapret.git
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=2c68d1c94f293470bf3a87b28c4d15242e22218c
PKG_SOURCE_DATE:=2024-10-25
PKG_SOURCE_VERSION:=f22dcb24877ec9fe6be63ce3cf64d5433a3061b3
PKG_SOURCE_DATE:=2024-10-30
#PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
#PKG_SOURCE_URL:=https://github.com/bol-van/zapret/archive/refs/tags/v$(PKG_VERSION).tar.gz?

8
zapret-tpws/Makefile
View File

@@ -1,8 +1,8 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=zapret-tpws
PKG_VERSION:=65
PKG_RELEASE:=20241025
PKG_VERSION:=67
PKG_RELEASE:=20241030
PKG_MAINTAINER:=bol-van
PKG_LICENSE:=MIT
@@ -10,8 +10,8 @@ PKG_LICENSE_FILES:=docs/LICENSE.txt
PKG_SOURCE_URL:=https://github.com/bol-van/zapret.git
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=2c68d1c94f293470bf3a87b28c4d15242e22218c
PKG_SOURCE_DATE:=2024-10-25
PKG_SOURCE_VERSION:=f22dcb24877ec9fe6be63ce3cf64d5433a3061b3
PKG_SOURCE_DATE:=2024-10-30
#PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
#PKG_SOURCE_URL:=https://github.com/bol-van/zapret/archive/refs/tags/v$(PKG_VERSION).tar.gz?

54
zapret/Makefile
View File

@@ -5,8 +5,8 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=zapret
PKG_VERSION:=65
PKG_RELEASE:=20241025
PKG_VERSION:=67
PKG_RELEASE:=20241030
PKG_MAINTAINER:=bol-van
PKG_LICENSE:=MIT
@@ -14,8 +14,8 @@ PKG_LICENSE_FILES:=docs/LICENSE.txt
PKG_SOURCE_URL:=https://github.com/bol-van/zapret.git
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=2c68d1c94f293470bf3a87b28c4d15242e22218c
PKG_SOURCE_DATE:=2024-10-25
PKG_SOURCE_VERSION:=f22dcb24877ec9fe6be63ce3cf64d5433a3061b3
PKG_SOURCE_DATE:=2024-10-30
#PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
#PKG_SOURCE_URL:=https://github.com/bol-van/zapret/archive/refs/tags/v$(PKG_VERSION).tar.gz?
@@ -79,15 +79,9 @@ define Package/$(PKG_NAME)/install
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) $(PKG_BUILD_DIR)/init.d/openwrt/zapret $(1)/etc/init.d/zapret
$(INSTALL_CONF) ./config.default $(1)/opt/zapret/config.default
#$(INSTALL_CONF) ./ipset/zapret-hosts-auto.txt $(1)/opt/zapret/ipset/zapret-hosts-auto.txt
$(INSTALL_CONF) ./ipset/zapret-hosts-user.txt $(1)/opt/zapret/ipset/zapret-hosts-user.txt
$(INSTALL_CONF) ./ipset/zapret-hosts-google.txt $(1)/opt/zapret/ipset/zapret-hosts-google.txt
$(INSTALL_CONF) ./ipset/zapret-hosts-user-exclude.txt $(1)/opt/zapret/ipset/zapret-hosts-user-exclude.txt
$(INSTALL_CONF) ./ipset/zapret-hosts-user-ipban.txt $(1)/opt/zapret/ipset/zapret-hosts-user-ipban.txt
#$(INSTALL_CONF) ./ipset/zapret-ip.txt $(1)/opt/zapret/ipset/zapret-ip.txt
$(INSTALL_CONF) ./ipset/zapret-ip-exclude.txt $(1)/opt/zapret/ipset/zapret-ip-exclude.txt
$(INSTALL_CONF) ./ipset/zapret-ip-user.txt $(1)/opt/zapret/ipset/zapret-ip-user.txt
$(INSTALL_CONF) ./ipset/zapret-ip-user-exclude.txt $(1)/opt/zapret/ipset/zapret-ip-user-exclude.txt
$(INSTALL_CONF) ./ipset/zapret-ip-user-ipban.txt $(1)/opt/zapret/ipset/zapret-ip-user-ipban.txt
$(INSTALL_BIN) ./sync_config.sh $(1)/opt/zapret/sync_config.sh
$(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_BIN) ./uci-def-cfg.sh $(1)/etc/uci-defaults/zapret-uci-def-cfg.sh
@@ -109,7 +103,15 @@ if [ -z "$${IPKG_INSTROOT}" ]; then
# stop service if PKG_UPGRADE
[ -x "/etc/init.d/zapret" ] && /etc/init.d/zapret stop >/dev/null 2>&1
fi
fi
if [ ! -f "/opt/zapret/ipset/zapret-hosts-google.txt" ]; then
if [ -f "/opt/zapret/ipset/zapret-hosts-user.txt" ]; then
CFGLISTHASH=$$( md5sum "/opt/zapret/ipset/zapret-hosts-user.txt" | awk '{print $$1;}' )
if [ "$${CFGLISTHASH}" = "79e35df62b0d1ae455d0a7e04c4cecac" ]; then
rm -f "/opt/zapret/ipset/zapret-hosts-user.txt"
fi
fi
fi
fi
exit 0
endef
@@ -119,6 +121,27 @@ define Package/$(PKG_NAME)/postinst
if [ -z "$${IPKG_INSTROOT}" ]; then
ZAPRET_CONFIG=/opt/zapret/config
ZAPRET_CONFIG_DEF="/opt/zapret/config.default"
# creating main config if its not exists
if [ ! -f "$${ZAPRET_CONFIG}" ]; then
cp -f "$${ZAPRET_CONFIG_DEF}" "$${ZAPRET_CONFIG}"
fi
# check obsolete format for main config
if grep -qE "^NFQWS_OPT_DESYNC=|^MODE_HTTP=|^MODE_HTTPS=|^MODE_QUIC=|^MODE=" "$${ZAPRET_CONFIG}" ; then
echo "Detect obsolute format for main config!"
ZAPRET_CONFIG_BACKUP="$${ZAPRET_CONFIG}.backup"
cp -f "$${ZAPRET_CONFIG}" "$${ZAPRET_CONFIG_BACKUP}"
echo "Current file $${ZAPRET_CONFIG} backuped to $${ZAPRET_CONFIG_BACKUP}"
cp -f "$${ZAPRET_CONFIG_DEF}" "$${ZAPRET_CONFIG}"
fi
# create empty txt files into ipset directory
[ ! -f "/opt/zapret/ipset/zapret-hosts-google.txt" ] && touch "/opt/zapret/ipset/zapret-hosts-google.txt"
#[ ! -f "/opt/zapret/ipset/zapret-hosts-auto.txt" ] && touch "/opt/zapret/ipset/zapret-hosts-auto.txt"
[ ! -f "/opt/zapret/ipset/zapret-hosts-user.txt" ] && touch "/opt/zapret/ipset/zapret-hosts-user.txt"
[ ! -f "/opt/zapret/ipset/zapret-hosts-user-ipban.txt" ] && touch "/opt/zapret/ipset/zapret-hosts-user-ipban.txt"
#[ ! -f "/opt/zapret/ipset/zapret-ip.txt" ] && touch "/opt/zapret/ipset/zapret-ip.txt"
[ ! -f "/opt/zapret/ipset/zapret-ip-user.txt" ] && touch "/opt/zapret/ipset/zapret-ip-user.txt"
[ ! -f "/opt/zapret/ipset/zapret-ip-user-exclude.txt" ] && touch "/opt/zapret/ipset/zapret-ip-user-exclude.txt"
[ ! -f "/opt/zapret/ipset/zapret-ip-user-ipban.txt" ] && touch "/opt/zapret/ipset/zapret-ip-user-ipban.txt"
# check existing uci-config
[ -f "/etc/config/zapret" ] && ZAPRET_CFG_EXISTS=1 || ZAPRET_CFG_EXISTS=0
# create or merge uci-config
@@ -126,11 +149,8 @@ if [ -z "$${IPKG_INSTROOT}" ]; then
[ "$${ZAPRET_CFG_EXISTS}" = "1" ] && echo "Config /etc/config/zapret merged with default uci-config"
# remove uci-default script from system dir (used into /etc/init.d/boot)
rm -f /etc/uci-defaults/zapret-uci-def-cfg.sh
# creating main config if its not exists
if [ ! -f "$${ZAPRET_CONFIG}" ]; then
cp -f "$${ZAPRET_CONFIG_DEF}" "$${ZAPRET_CONFIG}"
/opt/zapret/sync_config.sh
fi
# copy (sync) all params from uci-config to main config
/opt/zapret/sync_config.sh
# enable main service
/etc/init.d/zapret enable
# stop all

94
zapret/config.default
View File

@@ -7,6 +7,10 @@
# override firewall type : iptables,nftables,ipfw
FWTYPE=nftables
# nftables only : set this to 0 to use pre-nat mode. default is post-nat.
# pre-nat mode disables some bypass techniques for forwarded traffic but allows to see client IP addresses in debug log
POSTNAT=1
# options for ipsets
# maximum number of elements in sets. also used for nft sets
SET_MAXELEM=522288
@@ -41,66 +45,56 @@ GZIP_LISTS=0
# set to "-" to disable reload
#LISTS_RELOAD="pfctl -f /etc/pf.conf"
# override ports
HTTP_PORTS=80
HTTPS_PORTS=443
QUIC_PORTS=443
# CHOOSE OPERATION MODE
# MODE : nfqws,tpws,tpws-socks,filter,custom
# nfqws : nfqws for dpi desync
# tpws : tpws transparent mode
# tpws-socks : tpws socks mode
# filter : no daemon, just create ipset or download hostlist
# custom : custom mode. should modify custom init script and add your own code
MODE=nfqws
MODE_HTTP=1
MODE_HTTP_KEEPALIVE=0
MODE_HTTPS=1
MODE_QUIC=1
# none,ipset,hostlist,autohostlist
MODE_FILTER=hostlist
# CHOOSE NFQWS DAEMON OPTIONS for DPI desync mode. run "nfq/nfqws --help" for option list
# mark bit used by nfqws to prevent loop
DESYNC_MARK=0x40000000
DESYNC_MARK_POSTNAT=0x20000000
NFQWS_OPT_DESYNC="--dpi-desync=fake,split2 --dpi-desync-ttl=7 --dpi-desync-ttl6=0 --dpi-desync-repeats=20 --dpi-desync-fooling=md5sig,badseq --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin"
TPWS_SOCKS_ENABLE=0
# tpws socks listens on this port on localhost and LAN interfaces
TPPORT_SOCKS=987
# use <HOSTLIST> and <HOSTLIST_NOAUTO> placeholders to engage standard hostlists and autohostlist in ipset dir
# hostlist markers are replaced to empty string if MODE_FILTER does not satisfy
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
TPWS_SOCKS_OPT="--filter-tcp=80 --methodeol <HOSTLIST> --new --filter-tcp=443 --split-tls=sni --disorder <HOSTLIST>"
NFQWS_OPT_DESYNC_SUFFIX=""
NFQWS_OPT_DESYNC_HTTP=""
NFQWS_OPT_DESYNC_HTTP_SUFFIX=""
NFQWS_OPT_DESYNC_HTTPS=""
NFQWS_OPT_DESYNC_HTTPS_SUFFIX=""
NFQWS_OPT_DESYNC_HTTP6=""
NFQWS_OPT_DESYNC_HTTP6_SUFFIX=""
NFQWS_OPT_DESYNC_HTTPS6=""
NFQWS_OPT_DESYNC_HTTPS6_SUFFIX=""
NFQWS_OPT_DESYNC_QUIC="--dpi-desync=fake,split2 --dpi-desync-repeats=15 --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin --new --dpi-desync=fake --dpi-desync-repeats=15"
NFQWS_OPT_DESYNC_QUIC_SUFFIX=""
NFQWS_OPT_DESYNC_QUIC6=""
NFQWS_OPT_DESYNC_QUIC6_SUFFIX=""
TPWS_ENABLE=0
TPWS_PORTS="80,443"
# use <HOSTLIST> and <HOSTLIST_NOAUTO> placeholders to engage standard hostlists and autohostlist in ipset dir
# hostlist markers are replaced to empty string if MODE_FILTER does not satisfy
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
TPWS_OPT="--filter-tcp=80 --methodeol <HOSTLIST> --new --filter-tcp=443 --split-tls=sni --disorder <HOSTLIST>"
# CHOOSE TPWS DAEMON OPTIONS. run "tpws/tpws --help" for option list
# SUFFIX VARS define additional lower priority desync profile. it's required if MODE_FILTER=hostlist and strategy has hostlist-incompatible 0-phase desync methods (mss)
TPWS_OPT="--hostspell=HOST --split-http-req=method --split-pos=3 --oob"
#TPWS_OPT_SUFFIX="--mss 88"
NFQWS_ENABLE=1
# redirect outgoing traffic with connbytes limiter applied in both directions.
NFQWS_PORTS_TCP="80,443"
NFQWS_PORTS_UDP="443"
# PKT_OUT means connbytes dir original
# PKT_IN means connbytes dir reply
# this is --dpi-desync-cutoff=nX kernel mode implementation for linux. it saves a lot of CPU.
NFQWS_TCP_PKT_OUT="9"
NFQWS_TCP_PKT_IN="3"
NFQWS_UDP_PKT_OUT="9"
NFQWS_UDP_PKT_IN="0"
# redirect outgoing traffic without connbytes limiter and incoming with connbytes limiter
# normally it's needed only for stateless DPI that matches every packet in a single TCP session
# typical example are plain HTTP keep alives
# this mode can be very CPU consuming. enable with care !
NFQWS_PORTS_TCP_KEEPALIVE=0
NFQWS_PORTS_UDP_KEEPALIVE=0
# use <HOSTLIST> and <HOSTLIST_NOAUTO> placeholders to engage standard hostlists and autohostlist in ipset dir
# hostlist markers are replaced to empty string if MODE_FILTER does not satisfy
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
NFQWS_OPT="--filter-tcp=80 <HOSTLIST> --dpi-desync=fake,split2 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig --new --filter-tcp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-google.txt --dpi-desync=fake,split2 --dpi-desync-repeats=11 --dpi-desync-fooling=md5sig --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin --new --filter-udp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-google.txt --dpi-desync=fake --dpi-desync-repeats=11 --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin --new --filter-udp=443 <HOSTLIST_NOAUTO> --dpi-desync=fake --dpi-desync-repeats=11 --new <HOSTLIST> --dpi-desync=fake,disorder2 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig"
# FlowOffload mode : donttouch,none,software,hardware
FLOWOFFLOAD=none

0
zapret/ipset/zapret-hosts-user.txt → zapret/ipset/zapret-hosts-google.txt
View File

0
zapret/ipset/zapret-hosts-user-ipban.txt
View File

0
zapret/ipset/zapret-ip-user-exclude.txt
View File

0
zapret/ipset/zapret-ip-user-ipban.txt
View File

0
zapret/ipset/zapret-ip-user.txt
View File

41
zapret/sync_config.sh
View File

@@ -80,33 +80,28 @@ if [ ! -f "$ZAPRET_CONFIG" ]; then
fi
fi
sync_param MODE
sync_param FWTYPE
sync_param POSTNAT
sync_param FLOWOFFLOAD
sync_param INIT_APPLY_FW
sync_param DISABLE_IPV4
sync_param DISABLE_IPV6
sync_param MODE_FILTER
sync_param AUTOHOSTLIST_RETRANS_THRESHOLD
sync_param AUTOHOSTLIST_FAIL_THRESHOLD
sync_param AUTOHOSTLIST_FAIL_TIME
sync_param AUTOHOSTLIST_DEBUGLOG
sync_param NFQWS_ENABLE
sync_param DESYNC_MARK
sync_param DESYNC_MARK_POSTNAT
sync_param NFQWS_OPT_DESYNC str
sync_param NFQWS_OPT_DESYNC_SUFFIX str
sync_param MODE_HTTP
sync_param MODE_HTTP_KEEPALIVE
sync_param HTTP_PORTS
sync_param NFQWS_OPT_DESYNC_HTTP str
sync_param NFQWS_OPT_DESYNC_HTTP_SUFFIX str
sync_param NFQWS_OPT_DESYNC_HTTP6 str
sync_param NFQWS_OPT_DESYNC_HTTP6_SUFFIX str
sync_param MODE_HTTPS
sync_param HTTPS_PORTS
sync_param NFQWS_OPT_DESYNC_HTTPS str
sync_param NFQWS_OPT_DESYNC_HTTPS_SUFFIX str
sync_param NFQWS_OPT_DESYNC_HTTPS6 str
sync_param NFQWS_OPT_DESYNC_HTTPS6_SUFFIX str
sync_param MODE_QUIC
sync_param QUIC_PORTS
sync_param NFQWS_OPT_DESYNC_QUIC str
sync_param NFQWS_OPT_DESYNC_QUIC_SUFFIX str
sync_param NFQWS_OPT_DESYNC_QUIC6 str
sync_param NFQWS_OPT_DESYNC_QUIC6_SUFFIX str
sync_param NFQWS_PORTS_TCP str
sync_param NFQWS_PORTS_UDP str
sync_param NFQWS_TCP_PKT_OUT str
sync_param NFQWS_TCP_PKT_IN str
sync_param NFQWS_UDP_PKT_OUT str
sync_param NFQWS_UDP_PKT_IN str
sync_param NFQWS_PORTS_TCP_KEEPALIVE
sync_param NFQWS_PORTS_UDP_KEEPALIVE
sync_param NFQWS_OPT str

66
zapret/uci-def-cfg.sh
View File

@@ -22,36 +22,58 @@ function set_default_values
local TAB="$( echo -n -e '\t' )"
uci batch <<-EOF
set $cfgname.config.autostart='0'
# settings for zapret service
set $cfgname.config.FWTYPE='nftables'
set $cfgname.config.MODE='nfqws'
set $cfgname.config.POSTNAT='1'
set $cfgname.config.FLOWOFFLOAD='none'
set $cfgname.config.INIT_APPLY_FW='1'
set $cfgname.config.DISABLE_IPV4='0'
set $cfgname.config.DISABLE_IPV6='1'
set $cfgname.config.MODE_FILTER='hostlist'
# autohostlist options
set $cfgname.config.AUTOHOSTLIST_RETRANS_THRESHOLD='3'
set $cfgname.config.AUTOHOSTLIST_FAIL_THRESHOLD='3'
set $cfgname.config.AUTOHOSTLIST_FAIL_TIME='60'
set $cfgname.config.AUTOHOSTLIST_DEBUGLOG='0'
# nfqws options
set $cfgname.config.NFQWS_ENABLE='1'
set $cfgname.config.DESYNC_MARK='0x40000000'
set $cfgname.config.DESYNC_MARK_POSTNAT='0x20000000'
set $cfgname.config.NFQWS_OPT_DESYNC='--dpi-desync=fake,split2 --dpi-desync-ttl=7 --dpi-desync-ttl6=0 --dpi-desync-repeats=20 --dpi-desync-fooling=md5sig,badseq --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin'
set $cfgname.config.NFQWS_OPT_DESYNC_SUFFIX="$TAB"
set $cfgname.config.MODE_HTTP='1'
set $cfgname.config.MODE_HTTP_KEEPALIVE='0'
set $cfgname.config.HTTP_PORTS='80'
set $cfgname.config.NFQWS_OPT_DESYNC_HTTP="$TAB"
set $cfgname.config.NFQWS_OPT_DESYNC_HTTP_SUFFIX="$TAB"
set $cfgname.config.NFQWS_OPT_DESYNC_HTTP6="$TAB"
set $cfgname.config.NFQWS_OPT_DESYNC_HTTP6_SUFFIX="$TAB"
set $cfgname.config.MODE_HTTPS='1'
set $cfgname.config.HTTPS_PORTS='443'
set $cfgname.config.NFQWS_OPT_DESYNC_HTTPS="$TAB"
set $cfgname.config.NFQWS_OPT_DESYNC_HTTPS_SUFFIX="$TAB"
set $cfgname.config.NFQWS_OPT_DESYNC_HTTPS6="$TAB"
set $cfgname.config.NFQWS_OPT_DESYNC_HTTPS6_SUFFIX="$TAB"
set $cfgname.config.MODE_QUIC='1'
set $cfgname.config.QUIC_PORTS='443'
set $cfgname.config.NFQWS_OPT_DESYNC_QUIC='--dpi-desync=fake,split2 --dpi-desync-repeats=15 --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin --new --dpi-desync=fake --dpi-desync-repeats=15'
set $cfgname.config.NFQWS_OPT_DESYNC_QUIC_SUFFIX="$TAB"
set $cfgname.config.NFQWS_OPT_DESYNC_QUIC6="$TAB"
set $cfgname.config.NFQWS_OPT_DESYNC_QUIC6_SUFFIX="$TAB"
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
set $cfgname.config.NFQWS_PORTS_UDP='443'
set $cfgname.config.NFQWS_TCP_PKT_OUT='9'
set $cfgname.config.NFQWS_TCP_PKT_IN='3'
set $cfgname.config.NFQWS_UDP_PKT_OUT='9'
set $cfgname.config.NFQWS_UDP_PKT_IN='0'
set $cfgname.config.NFQWS_PORTS_TCP_KEEPALIVE='0'
set $cfgname.config.NFQWS_PORTS_UDP_KEEPALIVE='0'
set $cfgname.config.NFQWS_OPT="
--filter-tcp=80 <HOSTLIST>
--dpi-desync=fake,split2
--dpi-desync-autottl=2
--dpi-desync-fooling=md5sig
--new
--filter-tcp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--dpi-desync=fake,split2
--dpi-desync-repeats=11
--dpi-desync-fooling=md5sig
--dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--new
--filter-udp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--dpi-desync=fake
--dpi-desync-repeats=11
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
--new
--filter-udp=443 <HOSTLIST_NOAUTO>
--dpi-desync=fake
--dpi-desync-repeats=11
--new
<HOSTLIST>
--dpi-desync=fake,disorder2
--dpi-desync-autottl=2
--dpi-desync-fooling=md5sig
"
# save changes
commit $cfgname
EOF
return 0