Различия

Показаны различия между двумя версиями страницы.

--- router:zapret [2025/12/06 18:35] – mirocow
+++ router:zapret [2025/12/16 21:28] (текущий) – mirocow
@@ Строка 1: / Строка 1: @@
-{{tag>[asus merlin amtm entware]}}
+{{tag>[asus merlin amtm entware router]}}
 ====== Zapret - DPI bypass multi platform Topics (NFQWS)  ======
@@ Строка 63: / Строка 63: @@
 nano /opt/zapret/config
 <code bash>
-# Basic system settings
 WS_USER=nobody
 FWTYPE=iptables
-SET_MAXELEM=2097152  # Increased for more entries
+SET_MAXELEM=1048576
-IPSET_OPT="hashsize 524288 maxelem $SET_MAXELEM"  # Increased for performance
+IPSET_OPT="hashsize 262144 maxelem $SET_MAXELEM"
-IP2NET_OPT4="--prefix-length=20-30 --v4-threshold=2/3"  # Expanded prefixes
+IP2NET_OPT4="--prefix-length=22-30 --v4-threshold=3/4"
-IP2NET_OPT6="--prefix-length=44-64 --v6-threshold=2"
+IP2NET_OPT6="--prefix-length=48-64 --v6-threshold=3"
+AUTOHOSTLIST_RETRANS_THRESHOLD=3
-# Hostlist auto-update settings
+AUTOHOSTLIST_FAIL_THRESHOLD=3
-AUTOHOSTLIST_RETRANS_THRESHOLD=2
+AUTOHOSTLIST_FAIL_TIME=30
-AUTOHOSTLIST_FAIL_THRESHOLD=2
-AUTOHOSTLIST_FAIL_TIME=15  # Reduced wait time
 AUTOHOSTLIST_DEBUGLOG=0
+MDIG_THREADS=50
-# Performance
-MDIG_THREADS=200  # Significantly increased for multithreading
 GZIP_LISTS=1
-ENABLE_MEMORY_OPTIMIZATION=1  # New option for memory optimization
-# Packet marking
 DESYNC_MARK=0x40000000
 DESYNC_MARK_POSTNAT=0x20000000
-# TPWS (completely disabled to save resources)
 TPWS_SOCKS_ENABLE=0
+TPPORT_SOCKS=987
+TPWS_SOCKS_OPT="
+--filter-tcp=80 --methodeol  <HOSTLIST> --new
+--filter-tcp=443 --split-pos=1,midsld --disorder <HOSTLIST>
+"
 TPWS_ENABLE=0
+TPWS_PORTS=80,443
-# NFQWS - main method (enabled with aggressive settings)
+TPWS_OPT="
+--filter-tcp=80 --methodeol --split-pos=2,midsld --hostlist=/opt/zapret/ipset/youtube_domain_list.txt --new
+--filter-tcp=443 --split-pos=2,midsld --disorder --hostlist=/opt/zapret/ipset/youtube_domain_list.txt
+"
 NFQWS_ENABLE=1
-NFQWS_PORTS_TCP=80,443,8080  # Additional ports added
+NFQWS_PORTS_TCP=80,443
-NFQWS_PORTS_UDP=443,80
+NFQWS_PORTS_UDP=443
-NFQWS_TCP_PKT_OUT=8  # Increased for stability
+NFQWS_TCP_PKT_OUT=$((6+$AUTOHOSTLIST_RETRANS_THRESHOLD))
-NFQWS_TCP_PKT_IN=4
+NFQWS_TCP_PKT_IN=3
-NFQWS_UDP_PKT_OUT=10  # Increased for QUIC
+NFQWS_UDP_PKT_OUT=$((6+$AUTOHOSTLIST_RETRANS_THRESHOLD))
-NFQWS_UDP_PKT_IN=2
+NFQWS_UDP_PKT_IN=0
-# Enabled modes
 MODE_HTTP=1
 MODE_HTTPS=1
@@ Строка 105: / Строка 101: @@
 NFQWS_OPT="
 # YouTube rules
---filter-tcp=80 --dpi-desync=fake,multisplit --dpi-desync-ttl=0 --dpi-desync-fooling=md5sig,badsum --hostlist=/opt/zapret/ipset/youtube_domain_list.txt --new
+--filter-tcp=80 --dpi-desync=fake,multisplit --dpi-desync-ttl=1 --hostlist=/opt/zapret/ipset/youtube_domain_list.txt --new
+--filter-tcp=443 --dpi-desync=fake,multidisorder --dpi-desync-split-pos=1 --dpi-desync-ttl=1 --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin --hostlist=/opt/zapret/ipset/youtube_domain_list.txt --new
-# YouTube TCP 443 - multiple methods
+#--filter-udp=443 --dpi-desync=fake --dpi-desync-ttl=1 --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin --hostlist=/opt/zapret/ipset/youtube_domain_list.txt
---filter-tcp=443 --dpi-desync=fake,multidisorder --dpi-desync-split-pos=1 --dpi-desync-ttl=0 --dpi-desync-fooling=md5sig,badsum --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin --hostlist=/opt/zapret/ipset/youtube_domain_list.txt --new
-# YouTube UDP 443 - aggressive QUIC bypass
 --filter-udp=443 --dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-ttl=0 --dpi-desync-any-protocol --dpi-desync-cutoff=d4 --dpi-desync-fooling=md5sig,badsum --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin --hostlist=/opt/zapret/ipset/youtube_domain_list.txt
-# Main rules - enhanced
+# Main rules
-#--filter-tcp=80,443 --dpi-desync=fake --dpi-desync-ttl=0
+--filter-tcp=80,443 --dpi-desync=fake --dpi-desync-ttl=0
-#--filter-udp=443 --dpi-desync=fake --dpi-desync-ttl=0
+--filter-udp=443 --dpi-desync=fake --dpi-desync-ttl=0
 "
+NFQWS_OPT_DESYNC="--dpi-desync=fake,disorder2 --dpi-desync-split-pos=1 --dpi-desync-ttl=0 --dpi-desync-fooling=md5sig,badsum --dpi-desync-repeats=6 --dpi-desync-any-protocol --dpi-desync-cutoff=d4 --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin"
+NFQWS_OPT_DESYNC_QUIC="--dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-ttl=0 --dpi-desync-any-protocol --dpi-desync-cutoff=d4 --dpi-desync-fooling=md5sig,badsum --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin"
-# Extended desync options
+# Network settings
-#NFQWS_OPT_DESYNC="--dpi-desync=fake,disorder2 --dpi-desync-split-pos=1 --dpi-desync-ttl=0 --dpi-desync-fooling=md5sig,badsum --dpi-desync-repeats=6 --dpi-desync-any-protocol --dpi-desync-cutoff=d4 --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin"
+MODE_FILTER=none
+FLOWOFFLOAD=disable
+IFACE_LAN=br0
+IFACE_WAN=eth0
-#NFQWS_OPT_DESYNC_QUIC="--dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-ttl=0 --dpi-desync-any-protocol --dpi-desync-cutoff=d4 --dpi-desync-fooling=md5sig,badsum --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin"
+# Initialization
+INIT_APPLY_FW=1
+DISABLE_IPV6=0
+DEBUGLOG=0
+</code>
+<code bash>
 # Network settings
 MODE_FILTER=none