Различия

Показаны различия между двумя версиями страницы.

--- router:zapret [2025/10/29 16:38] – 192.168.1.159
+++ router:zapret [2025/12/16 21:28] (текущий) – mirocow
@@ Строка 1: / Строка 1: @@
+{{tag>[asus merlin amtm entware router]}}
 ====== Zapret - DPI bypass multi platform Topics (NFQWS)  ======
   * [[:nfqws]]
-===== Entware - Software repository =====
+===== Подготовка =====
 <code bash>
@@ Строка 15: / Строка 18: @@
 <code bash>
-$ wget https://github.com/bol-van/zapret/releases/download/v71.4/zapret-v72.2.tar.gz
+$ wget https://github.com/bol-van/zapret/releases/download/v72.3/zapret-v72.3.tar.gz
-$ tar -xvzf zapret-v72.2.tar.gz
+$ tar -xvzf zapret-v72.3.tar.gz
-$ cd zapret-v72.2
+$ cd zapret-v72.3
 $ ./install_easy.sh
 - Y
@@ Строка 30: / Строка 33: @@
 - N
 - 3 - br0
-- 8 - eth3
+- 8 - eth0
 - 3
 </code>
@@ Строка 37: / Строка 40: @@
   * **Выбираем имя внутреннего сетевого интерфейса (LAN), br0 - обычно в роутере**
   * **Выбираем режим фильтрации трафика (none, ipset, hostlist, autohostlist). - none**
+===== Обновление =====
+<code bash>
+$ wget https://github.com/bol-van/zapret/releases/download/v72.3/zapret-v72.3.tar.gz
+$ tar -xvzf zapret-v72.3.tar.gz
+$ cd zapret-v72.3
+$ ./install_bin.sh
+</code>
 ==== Режимы фильтрации ====
@@ Строка 93: / Строка 105: @@
 #--filter-udp=443 --dpi-desync=fake --dpi-desync-ttl=1 --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin --hostlist=/opt/zapret/ipset/youtube_domain_list.txt
 --filter-udp=443 --dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-ttl=0 --dpi-desync-any-protocol --dpi-desync-cutoff=d4 --dpi-desync-fooling=md5sig,badsum --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin --hostlist=/opt/zapret/ipset/youtube_domain_list.txt
 # Main rules
 --filter-tcp=80,443 --dpi-desync=fake --dpi-desync-ttl=0
@@ Строка 100: / Строка 112: @@
 NFQWS_OPT_DESYNC="--dpi-desync=fake,disorder2 --dpi-desync-split-pos=1 --dpi-desync-ttl=0 --dpi-desync-fooling=md5sig,badsum --dpi-desync-repeats=6 --dpi-desync-any-protocol --dpi-desync-cutoff=d4 --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin"
 NFQWS_OPT_DESYNC_QUIC="--dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-ttl=0 --dpi-desync-any-protocol --dpi-desync-cutoff=d4 --dpi-desync-fooling=md5sig,badsum --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin"
+# Network settings
 MODE_FILTER=none
 FLOWOFFLOAD=disable
 IFACE_LAN=br0
 IFACE_WAN=eth0
+# Initialization
 INIT_APPLY_FW=1
 DISABLE_IPV6=0
 DEBUGLOG=0
 </code>
+<code bash>
+# Network settings
+MODE_FILTER=none
+FLOWOFFLOAD=disable
+IFACE_LAN=br0
+IFACE_WAN=eth0
+BIND_INTERFACE=1  # Interface binding for stability
+# Caching and performance
+ENABLE_DNS_CACHE=1
+DNS_CACHE_SIZE=10000
+DNS_CACHE_TTL=300
+# Initialization
+INIT_APPLY_FW=1
+DISABLE_IPV6=0
+DEBUGLOG=0
+# Additional optimizations
+#SKIP_IPv4_DISABLED=1
+#SKIP_IPv6_DISABLED=1
+ENABLE_FAST_START=1
+PRELOAD_IPSETS=1  # Ipsets preloading for speed
+# YouTube-specific optimizations
+YOUTUBE_CDN_OPTIMIZE=1
+ENABLE_QUIC_BYPASS=1
+AGGRESSIVE_RETRANSMISSION=1
+</code>
+==== Подготовка листа доменов для обработки ====
 <code bash>
@@ Строка 328: / Строка 375: @@
 yt3.ggpht.com
 ytimg.com
+i.ytimg.com
+static.doubleclick.net
+googleads.g.doubleclick.net
 </code>
@@ Строка 378: / Строка 428: @@
 <code bash>
 $ chmod +x /opt/etc/init.d/S00fix
+</code>
+/tmp/mnt/SYS/entware/zapret/ipset/get_refilter_domains.sh
+<code bash>
+#!/bin/sh
+IPSET_DIR="$(dirname "$0")"
+IPSET_DIR="$(cd "$IPSET_DIR"; pwd)"
+. "$IPSET_DIR/def.sh"
+TMPLIST="$TMPDIR/list.txt"
+URL="https://github.com/1andrevich/Re-filter-lists/releases/latest/download/domains_all.lst"
+dl()
+{
+  # $1 - url
+  # $2 - file
+  # $3 - minsize
+  # $4 - maxsize
+  curl -L -H "Accept-Encoding: gzip" -k --fail --max-time 60 --connect-timeout 10 --retry 4 --max-filesize $4 -o "$TMPLIST" "$1" ||
+  {
+   echo list download failed : $1
+   exit 2
+  }
+  dlsize=$(LC_ALL=C LANG=C wc -c "$TMPLIST" | xargs | cut -f 1 -d ' ')
+  if test $dlsize -lt $3; then
+   echo list is too small : $dlsize bytes. can be bad.
+   exit 2
+  fi
+  zzcopy "$TMPLIST" "$2"
+  rm -f "$TMPLIST"
+}
+# useful in case ipban set is used in custom scripts
+FAIL=
+getipban || FAIL=1
+"$IPSET_DIR/create_ipset.sh"
+[ -n "$FAIL" ] && exit
+dl "$URL" "$ZHOSTLIST" 32768 4194304
+hup_zapret_daemons
+exit 0
 </code>