init.d: multiple customs

init.d/macos/custom.d.examples/10-inherit-tpws

@@ -0,0 +1,18 @@
+# this custom script applies tpws mode as it would be with MODE=tpws
+
+OVERRIDE=tpws
+
+zapret_custom_daemons()
+{
+	# $1 - 1 - run, 0 - stop
+
+	MODE_OVERRIDE=$OVERRIDE zapret_do_daemons $1
+}
+zapret_custom_firewall_v4()
+{
+	MODE_OVERRIDE=$OVERRIDE pf_anchor_zapret_v4
+}
+zapret_custom_firewall_v6()
+{
+	MODE_OVERRIDE=$OVERRIDE pf_anchor_zapret_v6
+}

init.d/macos/custom.d.examples/10-inherit-tpws-socks

@@ -0,0 +1,18 @@
+# this custom script applies tpws-socks mode as it would be with MODE=tpws-socks
+
+OVERRIDE=tpws-socks
+
+zapret_custom_daemons()
+{
+	# $1 - 1 - run, 0 - stop
+
+	MODE_OVERRIDE=$OVERRIDE zapret_do_daemons $1
+}
+zapret_custom_firewall_v4()
+{
+	MODE_OVERRIDE=$OVERRIDE pf_anchor_zapret_v4
+}
+zapret_custom_firewall_v6()
+{
+	MODE_OVERRIDE=$OVERRIDE pf_anchor_zapret_v6
+}

init.d/macos/custom.d.examples/50-extra-tpws

@@ -1,16 +1,20 @@
 # this script is an example describing how to run tpws on a custom port
 
-TPPORT_MY=987
+DNUM=100
+TPPORT_MY=${TPPORT_MY:-987}
+TPWS_OPT_MY=${TPWS_OPT_MY:-987}
+TPWS_OPT_SUFFIX_MY="${TPWS_OPT_SUFFIX_MY:-}"
+DPORTS_MY=${DPORTS_MY:-20443,20444,30000-30009}
 
 zapret_custom_daemons()
 {
 	# $1 - 1 - run, 0 - stop
 	local opt="--user=root --port=$TPPORT_MY"
 	tpws_apply_binds opt
-	opt="$opt $TPWS_OPT"
+	opt="$opt $TPWS_OPT_MY"
 	filter_apply_hostlist_target opt
-	filter_apply_suffix opt "$TPWS_OPT_SUFFIX"
-	do_daemon $1 1 "$TPWS" "$opt"
+	filter_apply_suffix opt "$TPWS_OPT_SUFFIX_MY"
+	do_daemon $1 $DNUM "$TPWS" "$opt"
 }
 
 # custom firewall functions echo rules for zapret-v4 and zapret-v6 anchors
@@ -18,9 +22,9 @@ zapret_custom_daemons()
 
 zapret_custom_firewall_v4()
 {
-	pf_anchor_zapret_v4_tpws $TPPORT_MY
+	pf_anchor_zapret_v4_tpws $TPPORT_MY $(replace_char - : $DPORTS_MY)
 }
 zapret_custom_firewall_v6()
 {
-	pf_anchor_zapret_v6_tpws $TPPORT_MY
+	pf_anchor_zapret_v6_tpws $TPPORT_MY $(replace_char - : $DPORTS_MY)
 }

init.d/macos/custom.default

@@ -1,21 +0,0 @@
-# this script contain your special code to launch daemons and configure firewall
-# use helpers from "functions" file
-# in case of upgrade keep this file only, do not modify others
-
-zapret_custom_daemons()
-{
-	# $1 - 1 - run, 0 - stop
-	:
-}
-
-# custom firewall functions echo rules for zapret-v4 and zapret-v6 anchors
-# they come after automated table definitions. so you can use <zapret> <zapret6> <zapret-user> ...
-
-zapret_custom_firewall_v4()
-{
-	:
-}
-zapret_custom_firewall_v6()
-{
-	:
-}

init.d/macos/functions

@@ -7,6 +7,8 @@ ZAPRET_CONFIG=${ZAPRET_CONFIG:-"$ZAPRET_RW/config"}
 . "$ZAPRET_BASE/common/base.sh"
 . "$ZAPRET_BASE/common/pf.sh"
 . "$ZAPRET_BASE/common/list.sh"
+. "$ZAPRET_BASE/common/custom.sh"
+CUSTOM_DIR="$ZAPRET_RW/init.d/macos"
 
 IPSET_DIR=$ZAPRET_BASE/ipset
 . "$IPSET_DIR/def.sh"
@@ -184,7 +186,7 @@ zapret_do_daemons()
 		filter)
 			;;
 		custom)
-			existf zapret_custom_daemons && zapret_custom_daemons $1
+			custom_runner zapret_custom_daemons $1
 			;;
 		*)
 			echo "unsupported MODE=$MODE"

init.d/openwrt/custom-reuse-builtin-mode

@@ -1,47 +0,0 @@
-# this custom script demonstrates how to reuse built-in modes and add something from yourself
-
-MY_TPPORT=$(($TPPORT + 1))
-MY_TPWS_OPT="--methodeol --hostcase"
-MY_DPORT=81
-
-zapret_custom_daemons()
-{
-	# stop logic is managed by procd
-
-	local MODE_OVERRIDE=tpws
-	local opt
-
-	start_daemons_procd
-
-	opt="--port=$MY_TPPORT $MY_TPWS_OPT"
-	filter_apply_hostlist_target opt
-	run_tpws 100 "$opt"
-}
-zapret_custom_firewall()
-{
-	# $1 - 1 - run, 0 - stop
-
-	local MODE_OVERRIDE=tpws
-	local f4 f6
-
-	zapret_do_firewall_rules_ipt $1
-
-	f4="-p tcp --dport $MY_DPORT"
-	f6=$f4
-	filter_apply_ipset_target f4 f6
-	fw_tpws $1 "$f4" "$f6" $MY_TPPORT
-}
-zapret_custom_firewall_nft()
-{
-	# stop logic is not required
-
-	local MODE_OVERRIDE=tpws
-	local f4 f6
-
-	zapret_apply_firewall_rules_nft
-
-	f4="tcp dport $MY_DPORT"
-	f6=$f4
-	nft_filter_apply_ipset_target f4 f6
-	nft_fw_tpws "$f4" "$f6" $MY_TPPORT
-}

init.d/openwrt/custom.d.examples/10-inherit-nfqws

@@ -0,0 +1,22 @@
+# this custom script applies nfqws mode as it would be with MODE=nfqws
+
+OVERRIDE=nfqws
+
+zapret_custom_daemons()
+{
+        # stop logic is managed by procd
+
+	MODE_OVERRIDE=$OVERRIDE start_daemons_procd
+}
+zapret_custom_firewall()
+{
+	# $1 - 1 - run, 0 - stop
+
+	MODE_OVERRIDE=$OVERRIDE zapret_do_firewall_rules_ipt $1
+}
+zapret_custom_firewall_nft()
+{
+	# stop logic is not required
+
+	MODE_OVERRIDE=$OVERRIDE zapret_apply_firewall_rules_nft
+}

init.d/openwrt/custom.d.examples/10-inherit-tpws

@@ -0,0 +1,22 @@
+# this custom script applies tpws mode as it would be with MODE=tpws
+
+OVERRIDE=tpws
+
+zapret_custom_daemons()
+{
+	# $1 - 1 - run, 0 - stop
+
+	MODE_OVERRIDE=$OVERRIDE start_daemons_procd
+}
+zapret_custom_firewall()
+{
+	# $1 - 1 - run, 0 - stop
+
+	MODE_OVERRIDE=$OVERRIDE zapret_do_firewall_rules_ipt $1
+}
+zapret_custom_firewall_nft()
+{
+	# stop logic is not required
+
+	MODE_OVERRIDE=$OVERRIDE zapret_apply_firewall_rules_nft
+}

init.d/openwrt/custom.d.examples/10-inherit-tpws-socks

@@ -0,0 +1,22 @@
+# this custom script applies tpws-socks mode as it would be with MODE=tpws-socks
+
+OVERRIDE=tpws-socks
+
+zapret_custom_daemons()
+{
+	# $1 - 1 - run, 0 - stop
+
+	MODE_OVERRIDE=$OVERRIDE start_daemons_procd
+}
+zapret_custom_firewall()
+{
+	# $1 - 1 - run, 0 - stop
+
+	MODE_OVERRIDE=$OVERRIDE zapret_do_firewall_rules_ipt $1
+}
+zapret_custom_firewall_nft()
+{
+	# stop logic is not required
+
+	MODE_OVERRIDE=$OVERRIDE zapret_apply_firewall_rules_nft
+}

init.d/openwrt/custom.d.examples/50-dht4all

@@ -1,31 +1,24 @@
-# this custom script in addition to MODE=nfqws runs desync to DHT packets with udp payload length 101..399 , without ipset/hostlist filtering
+# this custom script runs desync to DHT packets with udp payload length 101..399 , without ipset/hostlist filtering
 # need to add to config : NFQWS_OPT_DESYNC_DHT="--dpi-desync=fake --dpi-desync-ttl=5"
 
-QNUM2=$(($QNUM+20))
+DNUM=101
+QNUM2=$(($DNUM * 5))
 
 zapret_custom_daemons()
 {
         # stop logic is managed by procd
 
-        local MODE_OVERRIDE=nfqws
-        local opt
-
-        zapret_do_daemons $1
-
-        opt="--qnum=$QNUM2 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_DHT"
-	do_nfqws $1 100 "$opt"
+        local opt="--qnum=$QNUM2 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_DHT"
+	run_daemon $DNUM $NFQWS "$opt"
 }
 zapret_custom_firewall()
 {
         # $1 - 1 - run, 0 - stop
 
-        local MODE_OVERRIDE=nfqws
         local f uf4 uf6
         local first_packet_only="$ipt_connbytes 1:1"
         local desync="-m mark ! --mark $DESYNC_MARK/$DESYNC_MARK"
 
-        zapret_do_firewall_rules_ipt $1
-
         f='-p udp -m length --length 109:407 -m u32 --u32'
 	uf4='0>>22&0x3C@8>>16=0x6431'
 	uf6='48>>16=0x6431'
@@ -36,13 +29,10 @@ zapret_custom_firewall_nft()
 {
         # stop logic is not required
 
-        local MODE_OVERRIDE=nfqws
         local f
         local first_packet_only="$nft_connbytes 1"
         local desync="mark and $DESYNC_MARK == 0"
 
-        zapret_apply_firewall_rules_nft
-
         f="meta length 109-407 meta l4proto udp @th,64,16 0x6431"
         nft_fw_nfqws_post "$f $desync $first_packet_only" "$f $desync $first_packet_only" $QNUM2
 }

init.d/openwrt/custom.d.examples/50-quic4all

@@ -1,32 +1,25 @@
-# this custom script in addition to MODE=nfqws runs desync to all QUIC initial packets, without ipset/hostlist filtering
+# this custom script runs desync to all QUIC initial packets, without ipset/hostlist filtering
 # need to add to config : NFQWS_OPT_DESYNC_QUIC="--dpi-desync=fake"
 # NOTE : do not use TTL fooling. chromium QUIC engine breaks sessions if TTL expired in transit received
 
-QNUM2=$(($QNUM+10))
+DNUM=102
+QNUM2=$(($DNUM * 5))
 
 zapret_custom_daemons()
 {
 	# $1 - 1 - run, 0 - stop
 
-	local MODE_OVERRIDE=nfqws
-	local opt
-
-	zapret_do_daemons $1
-
-	opt="--qnum=$QNUM2 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_QUIC"
-	do_nfqws $1 100 "$opt"
+	local opt="--qnum=$QNUM2 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_QUIC"
+	run_daemon $DNUM $NFQWS "$opt"
 }
 zapret_custom_firewall()
 {
 	# $1 - 1 - run, 0 - stop
 
-	local MODE_OVERRIDE=nfqws
 	local f
 	local first_packets_only="$ipt_connbytes 1:3"
 	local desync="-m mark ! --mark $DESYNC_MARK/$DESYNC_MARK"
 
-	zapret_do_firewall_rules_ipt $1
-
 	f="-p udp -m multiport --dports $QUIC_PORTS_IPT"
 	fw_nfqws_post $1 "$f $desync $first_packets_only" "$f $desync $first_packets_only" $QNUM2
 
@@ -35,13 +28,10 @@ zapret_custom_firewall_nft()
 {
 	# stop logic is not required
 
-	local MODE_OVERRIDE=nfqws
 	local f
 	local first_packets_only="$nft_connbytes 1-3"
 	local desync="mark and $DESYNC_MARK == 0"
 
-	zapret_apply_firewall_rules_nft
-
 	f="udp dport {$QUIC_PORTS}"
 	nft_fw_nfqws_post "$f $desync $first_packets_only" "$f $desync $first_packets_only" $QNUM2
 }

init.d/openwrt/custom.d.examples/50-tpws4http-nfqws4https

@@ -3,7 +3,7 @@
 
 zapret_custom_daemons()
 {
-	# stop logic is managed by procd
+	# $1 - 1 - run, 0 - stop
 
 	local opt
 
@@ -15,7 +15,7 @@ zapret_custom_daemons()
 	}
 
 	[ "$MODE_HTTPS" = "1" ] && {
-		opt="--qnum=$QNUM $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTPS"
+		opt="--qnum=$QNUM $NFQWS_OPT_DESYNC_HTTPS"
 		filter_apply_hostlist_target opt
 		filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTPS_SUFFIX"
 		run_daemon 2 $NFQWS "$opt"
@@ -41,6 +41,8 @@ zapret_custom_firewall()
 		f6=$f4
 		filter_apply_ipset_target f4 f6
 		fw_nfqws_post $1 "$f4 $desync" "$f6 $desync" $QNUM
+		# for modes that require incoming traffic
+		fw_reverse_nfqws_rule $1 "$f4" "$f6" $QNUM
 	}
 }
 zapret_custom_firewall_nft()

init.d/openwrt/custom.default

@@ -1,33 +0,0 @@
-# this script contain your special code to launch daemons and configure firewall
-# use helpers from "functions" file and "zapret" init script
-# in case of upgrade keep this file only, do not modify others
-
-zapret_custom_daemons()
-{
-	# stop logic is managed by procd
-
-	# PLACEHOLDER
-	echo !!! NEED ATTENTION !!!
-	echo Start daemon\(s\)
-	echo Study how other sections work
-
-	run_daemon 1 /bin/sleep 20
-}
-zapret_custom_firewall()
-{
-	# $1 - 1 - run, 0 - stop
-
-	# PLACEHOLDER
-	echo !!! NEED ATTENTION !!!
-	echo Configure iptables for required actions
-	echo Study how other sections work
-}
-zapret_custom_firewall_nft()
-{
-	# stop logic is not required
-
-	# PLACEHOLDER
-	echo !!! NEED ATTENTION !!!
-	echo Configure nftables for required actions
-	echo Study how other sections work
-}

init.d/openwrt/functions

@@ -12,6 +12,8 @@ ZAPRET_CONFIG=${ZAPRET_CONFIG:-"$ZAPRET_RW/config"}
 . "$ZAPRET_BASE/common/nft.sh"
 . "$ZAPRET_BASE/common/linux_fw.sh"
 . "$ZAPRET_BASE/common/list.sh"
+. "$ZAPRET_BASE/common/custom.sh"
+CUSTOM_DIR="$ZAPRET_RW/init.d/openwrt"
 
 [ -n "$QNUM" ] || QNUM=200
 [ -n "$TPPORT" ] || TPPORT=988
@@ -27,9 +29,6 @@ LINKLOCAL_WAIT_SEC=5
 
 IPSET_CR="$ZAPRET_BASE/ipset/create_ipset.sh"
 
-CUSTOM_SCRIPT="$ZAPRET_BASE/init.d/openwrt/custom"
-[ -f "$CUSTOM_SCRIPT" ] && . "$CUSTOM_SCRIPT"
-
 IPSET_EXCLUDE="-m set ! --match-set nozapret"
 IPSET_EXCLUDE6="-m set ! --match-set nozapret6"
 

init.d/openwrt/zapret

@@ -173,7 +173,7 @@ start_daemons_procd()
 			}
 			;;
 		custom)
-	    		existf zapret_custom_daemons && zapret_custom_daemons $1
+	    		custom_runner zapret_custom_daemons $1
 			;;
 	esac
 

init.d/sysv/custom-reuse-builtin-mode

@@ -1,47 +0,0 @@
-# this custom script demonstrates how to reuse built-in modes and add something from yourself
-
-MY_TPPORT=$(($TPPORT + 1))
-MY_TPWS_OPT="--methodeol --hostcase"
-MY_DPORT=81
-
-zapret_custom_daemons()
-{
-	# $1 - 1 - run, 0 - stop
-
-	local MODE_OVERRIDE=tpws
-	local opt
-
-	zapret_do_daemons $1
-
-	opt="--port=$MY_TPPORT $MY_TPWS_OPT"
-	filter_apply_hostlist_target opt
-	do_tpws $1 100 "$opt"
-}
-zapret_custom_firewall()
-{
-	# $1 - 1 - run, 0 - stop
-
-	local MODE_OVERRIDE=tpws
-	local f4 f6
-
-	zapret_do_firewall_rules_ipt $1
-
-	f4="-p tcp --dport $MY_DPORT"
-	f6=$f4
-	filter_apply_ipset_target f4 f6
-	fw_tpws $1 "$f4" "$f6" $MY_TPPORT
-}
-zapret_custom_firewall_nft()
-{
-	# stop logic is not required
-
-	local MODE_OVERRIDE=tpws
-	local f4 f6
-
-	zapret_apply_firewall_rules_nft
-
-	f4="tcp dport $MY_DPORT"
-	f6=$f4
-	nft_filter_apply_ipset_target f4 f6
-	nft_fw_tpws "$f4" "$f6" $MY_TPPORT
-}

init.d/sysv/custom.d.examples/10-inherit-nfqws

@@ -0,0 +1,22 @@
+# this custom script applies nfqws mode as it would be with MODE=nfqws
+
+OVERRIDE=nfqws
+
+zapret_custom_daemons()
+{
+	# $1 - 1 - run, 0 - stop
+
+	MODE_OVERRIDE=$OVERRIDE zapret_do_daemons $1
+}
+zapret_custom_firewall()
+{
+	# $1 - 1 - run, 0 - stop
+
+	MODE_OVERRIDE=$OVERRIDE zapret_do_firewall_rules_ipt $1
+}
+zapret_custom_firewall_nft()
+{
+	# stop logic is not required
+
+	MODE_OVERRIDE=$OVERRIDE zapret_apply_firewall_rules_nft
+}

init.d/sysv/custom.d.examples/10-inherit-tpws

@@ -0,0 +1,22 @@
+# this custom script applies tpws mode as it would be with MODE=tpws
+
+OVERRIDE=tpws
+
+zapret_custom_daemons()
+{
+	# $1 - 1 - run, 0 - stop
+
+	MODE_OVERRIDE=$OVERRIDE zapret_do_daemons $1
+}
+zapret_custom_firewall()
+{
+	# $1 - 1 - run, 0 - stop
+
+	MODE_OVERRIDE=$OVERRIDE zapret_do_firewall_rules_ipt $1
+}
+zapret_custom_firewall_nft()
+{
+	# stop logic is not required
+
+	MODE_OVERRIDE=$OVERRIDE zapret_apply_firewall_rules_nft
+}

init.d/sysv/custom.d.examples/10-inherit-tpws-socks

@@ -0,0 +1,22 @@
+# this custom script applies tpws-socks mode as it would be with MODE=tpws-socks
+
+OVERRIDE=tpws-socks
+
+zapret_custom_daemons()
+{
+	# $1 - 1 - run, 0 - stop
+
+	MODE_OVERRIDE=$OVERRIDE zapret_do_daemons $1
+}
+zapret_custom_firewall()
+{
+	# $1 - 1 - run, 0 - stop
+
+	MODE_OVERRIDE=$OVERRIDE zapret_do_firewall_rules_ipt $1
+}
+zapret_custom_firewall_nft()
+{
+	# stop logic is not required
+
+	MODE_OVERRIDE=$OVERRIDE zapret_apply_firewall_rules_nft
+}

init.d/sysv/custom.d.examples/50-dht4all

@@ -1,47 +1,39 @@
-# this custom script in addition to MODE=nfqws runs desync to DHT packets with udp payload length 101..399 , without ipset/hostlist filtering
+# this custom script runs desync to DHT packets with udp payload length 101..399 , without ipset/hostlist filtering
 # need to add to config : NFQWS_OPT_DESYNC_DHT="--dpi-desync=fake --dpi-desync-ttl=5"
 
-QNUM2=$(($QNUM+20))
+DNUM=101
+QNUM2=$(($DNUM * 5))
 
 zapret_custom_daemons()
 {
         # stop logic is managed by procd
 
-        local MODE_OVERRIDE=nfqws
-        local opt
-
-        start_daemons_procd
-
-        opt="--qnum=$QNUM2 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_DHT"
-        run_daemon 100 $NFQWS "$opt"
+        local opt="--qnum=$QNUM2 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_DHT"
+	do_nfqws $1 $DNUM "$opt"
 }
 zapret_custom_firewall()
 {
         # $1 - 1 - run, 0 - stop
 
-        local MODE_OVERRIDE=nfqws
         local f uf4 uf6
         local first_packet_only="$ipt_connbytes 1:1"
         local desync="-m mark ! --mark $DESYNC_MARK/$DESYNC_MARK"
 
-        zapret_do_firewall_rules_ipt $1
-
         f='-p udp -m length --length 109:407 -m u32 --u32'
 	uf4='0>>22&0x3C@8>>16=0x6431'
 	uf6='48>>16=0x6431'
         fw_nfqws_post $1 "$f $uf4 $desync $first_packet_only"  "$f $uf6 $desync $first_packet_only" $QNUM2
+
 }
 zapret_custom_firewall_nft()
 {
         # stop logic is not required
 
-        local MODE_OVERRIDE=nfqws
         local f
         local first_packet_only="$nft_connbytes 1"
         local desync="mark and $DESYNC_MARK == 0"
 
-        zapret_apply_firewall_rules_nft
-
         f="meta length 109-407 meta l4proto udp @th,64,16 0x6431"
         nft_fw_nfqws_post "$f $desync $first_packet_only" "$f $desync $first_packet_only" $QNUM2
 }
+

init.d/sysv/custom.d.examples/50-quic4all

@@ -1,32 +1,25 @@
-# this custom script in addition to MODE=nfqws runs desync to all QUIC initial packets, without ipset/hostlist filtering
+# this custom script runs desync to all QUIC initial packets, without ipset/hostlist filtering
 # need to add to config : NFQWS_OPT_DESYNC_QUIC="--dpi-desync=fake"
 # NOTE : do not use TTL fooling. chromium QUIC engine breaks sessions if TTL expired in transit received
 
-QNUM2=$(($QNUM+10))
+DNUM=102
+QNUM2=$(($DNUM * 5))
 
 zapret_custom_daemons()
 {
-	# stop logic is managed by procd
+	# $1 - 1 - run, 0 - stop
 
-	local MODE_OVERRIDE=nfqws
-	local opt
-
-	start_daemons_procd
-
-	opt="--qnum=$QNUM2 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_QUIC"
-	run_daemon 100 $NFQWS "$opt"
+	local opt="--qnum=$QNUM2 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_QUIC"
+	do_nfqws $1 $DNUM "$opt"
 }
 zapret_custom_firewall()
 {
 	# $1 - 1 - run, 0 - stop
 
-	local MODE_OVERRIDE=nfqws
 	local f
 	local first_packets_only="$ipt_connbytes 1:3"
 	local desync="-m mark ! --mark $DESYNC_MARK/$DESYNC_MARK"
 
-	zapret_do_firewall_rules_ipt $1
-
 	f="-p udp -m multiport --dports $QUIC_PORTS_IPT"
 	fw_nfqws_post $1 "$f $desync $first_packets_only" "$f $desync $first_packets_only" $QNUM2
 
@@ -35,13 +28,10 @@ zapret_custom_firewall_nft()
 {
 	# stop logic is not required
 
-	local MODE_OVERRIDE=nfqws
 	local f
 	local first_packets_only="$nft_connbytes 1-3"
 	local desync="mark and $DESYNC_MARK == 0"
 
-	zapret_apply_firewall_rules_nft
-
 	f="udp dport {$QUIC_PORTS}"
 	nft_fw_nfqws_post "$f $desync $first_packets_only" "$f $desync $first_packets_only" $QNUM2
 }

init.d/sysv/custom.default

@@ -1,34 +0,0 @@
-# this script contain your special code to launch daemons and configure firewall
-# use helpers from "functions" file
-# in case of upgrade keep this file only, do not modify others
-
-zapret_custom_daemons()
-{
-	# $1 - 1 - run, 0 - stop
-
-	# PLACEHOLDER
-	echo !!! NEED ATTENTION !!!
-	echo Start daemon\(s\)
-	echo Study how other sections work
-
-	do_daemon $1 1 /bin/sleep 20
-}
-zapret_custom_firewall()
-{
-	# $1 - 1 - run, 0 - stop
-
-	# PLACEHOLDER
-	echo !!! NEED ATTENTION !!!
-	echo Configure iptables for required actions
-	echo Study how other sections work
-}
-
-zapret_custom_firewall_nft()
-{
-	# stop logic is not required
-
-	# PLACEHOLDER
-	echo !!! NEED ATTENTION !!!
-	echo Configure nftables for required actions
-	echo Study how other sections work
-}

init.d/sysv/functions

@@ -12,6 +12,8 @@ ZAPRET_CONFIG=${ZAPRET_CONFIG:-"$ZAPRET_RW/config"}
 . "$ZAPRET_BASE/common/nft.sh"
 . "$ZAPRET_BASE/common/linux_fw.sh"
 . "$ZAPRET_BASE/common/list.sh"
+. "$ZAPRET_BASE/common/custom.sh"
+CUSTOM_DIR="$ZAPRET_RW/init.d/sysv"
 
 
 user_exists()
@@ -91,9 +93,6 @@ TPWS_OPT_BASE6_PRE="--bind-linklocal=prefer $TPWS_WAIT --bind-wait-ip-linklocal=
 # max wait time for the link local ipv6 on the LAN interface
 LINKLOCAL_WAIT_SEC=5
 
-CUSTOM_SCRIPT="$ZAPRET_BASE/init.d/sysv/custom"
-[ -f "$CUSTOM_SCRIPT" ] && . "$CUSTOM_SCRIPT"
-
 IPSET_EXCLUDE="-m set ! --match-set nozapret"
 IPSET_EXCLUDE6="-m set ! --match-set nozapret6"
 
@@ -341,7 +340,7 @@ zapret_do_daemons()
 			}
 			;;
 		custom)
-	    		existf zapret_custom_daemons && zapret_custom_daemons $1
+			custom_runner zapret_custom_daemons $1
 			;;
 	esac