Различия

Показаны различия между двумя версиями страницы.

--- router:zapret [2025/11/05 12:26] – mirocow
+++ router:zapret [2026/05/09 22:24] (текущий) – [v2] mirocow
@@ Строка 1: / Строка 1: @@
+{{tag>[asus merlin amtm entware router]}}
 ====== Zapret - DPI bypass multi platform Topics (NFQWS)  ======
   * [[:nfqws]]
-===== Entware - Software repository =====
+===== Подготовка =====
 <code bash>
@@ Строка 15: / Строка 18: @@
 <code bash>
-$ wget https://github.com/bol-van/zapret/releases/download/v72.2/zapret-v72.2.tar.gz
+$ wget https://github.com/bol-van/zapret/releases/download/v72.3/zapret-v72.3.tar.gz
-$ tar -xvzf zapret-v72.2.tar.gz
+$ tar -xvzf zapret-v72.3.tar.gz
-$ cd zapret-v72.2
+$ cd zapret-v72.3
 $ ./install_easy.sh
 - Y
@@ Строка 30: / Строка 33: @@
 - N
 - 3 - br0
-- 8 - eth3
+- 8 - eth0
 - 3
+</code>
+<code bash>
+$ wget https://github.com/bol-van/zapret2/releases/download/v0.9.5.2/zapret2-v0.9.5.2.tar.gz
+$ tar -xvzf zapret2-v0.9.5.2.tar.gz
+$ cd zapret2-v0.9.5.2
+$ ./install_easy.sh
 </code>
@@ Строка 37: / Строка 47: @@
   * **Выбираем имя внутреннего сетевого интерфейса (LAN), br0 - обычно в роутере**
   * **Выбираем режим фильтрации трафика (none, ipset, hostlist, autohostlist). - none**
+===== Обновление =====
+<code bash>
+$ wget https://github.com/bol-van/zapret/releases/download/v72.3/zapret-v72.3.tar.gz
+$ tar -xvzf zapret-v72.3.tar.gz
+$ cd zapret-v72.3
+$ ./install_bin.sh
+</code>
 ==== Режимы фильтрации ====
@@ Строка 48: / Строка 67: @@
 ==== Текущие настройки ====
+=== v1 ===
 nano /opt/zapret/config
@@ Строка 93: / Строка 114: @@
 #--filter-udp=443 --dpi-desync=fake --dpi-desync-ttl=1 --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin --hostlist=/opt/zapret/ipset/youtube_domain_list.txt
 --filter-udp=443 --dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-ttl=0 --dpi-desync-any-protocol --dpi-desync-cutoff=d4 --dpi-desync-fooling=md5sig,badsum --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin --hostlist=/opt/zapret/ipset/youtube_domain_list.txt
 # Main rules
 --filter-tcp=80,443 --dpi-desync=fake --dpi-desync-ttl=0
@@ Строка 100: / Строка 121: @@
 NFQWS_OPT_DESYNC="--dpi-desync=fake,disorder2 --dpi-desync-split-pos=1 --dpi-desync-ttl=0 --dpi-desync-fooling=md5sig,badsum --dpi-desync-repeats=6 --dpi-desync-any-protocol --dpi-desync-cutoff=d4 --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin"
 NFQWS_OPT_DESYNC_QUIC="--dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-ttl=0 --dpi-desync-any-protocol --dpi-desync-cutoff=d4 --dpi-desync-fooling=md5sig,badsum --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin"
+# Network settings
 MODE_FILTER=none
 FLOWOFFLOAD=disable
 IFACE_LAN=br0
 IFACE_WAN=eth0
+# Initialization
 INIT_APPLY_FW=1
 DISABLE_IPV6=0
 DEBUGLOG=0
 </code>
+=== v2 ===
+nano /opt/zapret2/config
+<code bash>
+# zapret2 configuration for Asus (Entware)
+# General settings
+WS_USER=nobody
+FWTYPE=iptables
+# IPSET limits for your domain lists
+SET_MAXELEM=522288
+IPSET_OPT="hashsize 262144 maxelem $SET_MAXELEM"
+# List management options
+IP2NET_OPT4="--prefix-length=22-30 --v4-threshold=3/4"
+IP2NET_OPT6="--prefix-length=56-64 --v6-threshold=5"
+MDIG_THREADS=30
+GZIP_LISTS=1
+# Marks to prevent infinite loops in nfqws
+DESYNC_MARK=0x40000000
+DESYNC_MARK_POSTNAT=0x20000000
+# Enable the engine (NFQWS2 is mandatory for zapret2)
+NFQWS2_ENABLE=1
+NFQWS2_PORTS_TCP=80,443
+NFQWS2_PORTS_UDP=443
+# Packet counters (how many packets to analyze in a stream)
+NFQWS2_TCP_PKT_OUT=20
+NFQWS2_TCP_PKT_IN=10
+NFQWS2_UDP_PKT_OUT=10
+NFQWS2_UDP_PKT_IN=10
+# Main bypass strategy (Fixed LUA 'blob' errors)
+# Note: Ensure the file /opt/zapret2/ipset/youtube_domain_list.txt exists!
+NFQWS2_OPT="
+--filter-tcp=80 --filter-l7=http --hostlist=/opt/zapret2/ipset/youtube_domain_list.txt --payload=http_req --lua-desync=fake:blob=fake_default_http --lua-desync=multisplit:pos=2 --new
+--filter-tcp=443 --filter-l7=tls --hostlist=/opt/zapret2/ipset/youtube_domain_list.txt --payload=tls_client_hello --lua-desync=fake:blob=fake_default_tls --lua-desync=multidisorder:pos=1,midsld --new
+--filter-udp=443 --filter-l7=quic --hostlist=/opt/zapret2/ipset/youtube_domain_list.txt --payload=quic_initial --lua-desync=fake:blob=fake_default_quic:repeats=6 --new
+--filter-tcp=80,443 --payload=tls_client_hello,http_req --lua-desync=fake:blob=fake_default_tls --new
+--filter-udp=443 --payload=quic_initial --lua-desync=fake:blob=fake_default_quic
+"
+# Filtering mode (Using hostlist to match your iptables output)
+MODE_FILTER=hostlist
+# Disable hardware acceleration (Required for Asus)
+FLOWOFFLOAD=disable
+# Network interfaces (Matches your verified iptables rules)
+IFACE_LAN=br0
+IFACE_WAN=eth0
+# Initialization settings
+INIT_APPLY_FW=1
+DISABLE_IPV6=1
+FILTER_TTL_EXPIRED_ICMP=1
+</code>
+==== Подготовка листа доменов для обработки ====
 <code bash>
@@ Строка 328: / Строка 416: @@
 yt3.ggpht.com
 ytimg.com
+i.ytimg.com
+static.doubleclick.net
+googleads.g.doubleclick.net
 </code>
@@ Строка 381: / Строка 472: @@
 /tmp/mnt/SYS/entware/zapret/ipset/get_refilter_domains.sh
-<code>
+<code bash>
 #!/bin/sh