Различия

Показаны различия между двумя версиями страницы.

Ссылка на это сравнение

Предыдущая версия справа и слева Предыдущая версия
Следующая версия		 Предыдущая версия
router:zapret [2026/05/09 22:08] – [v2] mirocowrouter:zapret [2026/05/09 22:24] (текущий) – [v2] mirocow
Строка 138: Строка 138:
 nano /opt/zapret2/config nano /opt/zapret2/config
 <code bash> <code bash>
-# General Settings+# zapret2 configuration for Asus (Entware) 
 + 
 +# General settings
 WS_USER=nobody WS_USER=nobody
 FWTYPE=iptables FWTYPE=iptables
-SET_MAXELEM=1048576+ 
 +# IPSET limits for your domain lists 
 +SET_MAXELEM=522288
 IPSET_OPT="hashsize 262144 maxelem $SET_MAXELEM" IPSET_OPT="hashsize 262144 maxelem $SET_MAXELEM"
  
-Resource Management +List management options 
-MDIG_THREADS=50+IP2NET_OPT4="--prefix-length=22-30 --v4-threshold=3/4" 
 +IP2NET_OPT6="--prefix-length=56-64 --v6-threshold=5" 
 +MDIG_THREADS=30
 GZIP_LISTS=1 GZIP_LISTS=1
 +
 +# Marks to prevent infinite loops in nfqws
 DESYNC_MARK=0x40000000 DESYNC_MARK=0x40000000
 DESYNC_MARK_POSTNAT=0x20000000 DESYNC_MARK_POSTNAT=0x20000000
  
-# NFQWS2 Engine Settings +Enable the engine (NFQWS2 is mandatory for zapret2)
-# NFQWS_ENABLE in zapret1 is often NFQWS2_ENABLE in zapret2 scripts+
 NFQWS2_ENABLE=1 NFQWS2_ENABLE=1
-NFQWS_PORTS_TCP=80,443 +NFQWS2_PORTS_TCP=80,443 
-NFQWS_PORTS_UDP=443+NFQWS2_PORTS_UDP=443
  
-Main Zapret2 Logic (Lua-based+Packet counters (how many packets to analyze in a stream
-# You must have zapret-lib.lua and zapret-antidpi.lua in the working directory +NFQWS2_TCP_PKT_OUT=20 
-NFQWS_OPT=" +NFQWS2_TCP_PKT_IN=10 
---lua-init=@zapret-lib.lua +NFQWS2_UDP_PKT_OUT=10 
---lua-init=@zapret-antidpi.lua+NFQWS2_UDP_PKT_IN=10
  
-YouTube Rules (Lua equivalents of your old strategies+Main bypass strategy (Fixed LUA 'blob' errors) 
---filter-tcp=80 --hostlist=/opt/zapret/ipset/youtube_domain_list.txt --payload=http_req --lua-desync=multisplit:pos=2 --new +# Note: Ensure the file /opt/zapret2/ipset/youtube_domain_list.txt exists! 
---filter-tcp=443 --hostlist=/opt/zapret/ipset/youtube_domain_list.txt --payload=tls_client_hello --lua-desync=multidisorder:pos=1:fake:blob=fake_default_tls --new +NFQWS2_OPT=" 
---filter-udp=443 --hostlist=/opt/zapret/ipset/youtube_domain_list.txt --payload=quic_initial --lua-desync=fake:blob=fake_default_quic:repeats=6 --new +--filter-tcp=80 --filter-l7=http --hostlist=/opt/zapret2/ipset/youtube_domain_list.txt --payload=http_req --lua-desync=fake:blob=fake_default_http --lua-desync=multisplit:pos=2 --new 
- +--filter-tcp=443 --filter-l7=tls --hostlist=/opt/zapret2/ipset/youtube_domain_list.txt --payload=tls_client_hello --lua-desync=fake:blob=fake_default_tls --lua-desync=multidisorder:pos=1,midsld --new 
-# General Rules (Fallback) +--filter-udp=443 --filter-l7=quic --hostlist=/opt/zapret2/ipset/youtube_domain_list.txt --payload=quic_initial --lua-desync=fake:blob=fake_default_quic:repeats=6 --new 
---filter-tcp=80,443 --payload=tls_client_hello,http_req --lua-desync=fake --new +--filter-tcp=80,443 --payload=tls_client_hello,http_req --lua-desync=fake:blob=fake_default_tls --new 
---filter-udp=443 --payload=quic_initial --lua-desync=fake+--filter-udp=443 --payload=quic_initial --lua-desync=fake:blob=fake_default_quic
 " "
  
-Network settings +Filtering mode (Using hostlist to match your iptables output) 
-MODE_FILTER=none+MODE_FILTER=hostlist 
 + 
 +# Disable hardware acceleration (Required for Asus)
 FLOWOFFLOAD=disable FLOWOFFLOAD=disable
 +
 +# Network interfaces (Matches your verified iptables rules)
 IFACE_LAN=br0 IFACE_LAN=br0
 IFACE_WAN=eth0 IFACE_WAN=eth0
  
-# Initialization+# Initialization settings
 INIT_APPLY_FW=1 INIT_APPLY_FW=1
-DISABLE_IPV6=0 +DISABLE_IPV6=1 
-DEBUGLOG=0+FILTER_TTL_EXPIRED_ICMP=1
 </code> </code>