2021-03-04 16:30:38 +05:00
|
|
|
v1
|
|
|
|
|
|
|
|
Initial release
|
|
|
|
|
|
|
|
v2
|
|
|
|
|
|
|
|
nfqws : command line options change. now using standard getopt.
|
|
|
|
nfqws : added options for window size changing and "Host:" case change
|
|
|
|
ISP support : tested on mns.ru and beeline (corbina)
|
|
|
|
init scripts : rewritten init scripts for simple choise of ISP
|
|
|
|
create_ipset : now using 'ipset restore', it works much faster
|
|
|
|
readme : updated. now using UTF-8 charset.
|
|
|
|
|
|
|
|
v3
|
|
|
|
|
|
|
|
tpws : added transparent proxy (supports TPROXY and DNAT).
|
|
|
|
can help when ISP tracks whole HTTP session, not only the beginning
|
|
|
|
ipset : added zapret-hosts-user.txt which contain user defined host names to be resolved
|
|
|
|
and added to zapret ip list
|
|
|
|
ISP support : dom.ru support via TPROXY/DNAT
|
|
|
|
ISP support : successfully tested sknt.ru on 'domru' configuration
|
|
|
|
other configs will probably also work, but cannot test
|
|
|
|
compile : openwrt compile howto
|
|
|
|
|
|
|
|
v4
|
|
|
|
|
|
|
|
tpws : added ability to insert extra space after http method : "GET /" => "GET /"
|
|
|
|
ISP support : TKT support
|
|
|
|
|
|
|
|
v5
|
|
|
|
|
|
|
|
nfqws : ipv6 support in nfqws
|
|
|
|
|
|
|
|
v6
|
|
|
|
|
|
|
|
ipset : added "get_antizapret.sh"
|
|
|
|
|
|
|
|
v7
|
|
|
|
|
|
|
|
tpws : added ability to insert "." after Host: name
|
|
|
|
|
|
|
|
v8
|
|
|
|
|
|
|
|
openwrt init : removed hotplug.d/firewall because of race conditions. now only use /etc/firewall.user
|
|
|
|
|
|
|
|
v9
|
|
|
|
|
|
|
|
ipban : added ipban ipset. place domains banned by ip to zapret-hosts-user-ipban.txt
|
|
|
|
these IPs must be soxified for both http and https
|
|
|
|
ISP support : tiera support
|
|
|
|
ISP support : added DNS filtering to ubuntu and debian scripts
|
|
|
|
|
|
|
|
v10
|
|
|
|
|
|
|
|
tpws : added split-pos option. split every message at specified position
|
|
|
|
|
|
|
|
v11
|
|
|
|
|
|
|
|
ipset : scripts optimizations
|
|
|
|
|
|
|
|
v12
|
|
|
|
|
|
|
|
nfqws : fix wrong tcp checksum calculation if packet length is odd and platform is big-endian
|
|
|
|
|
|
|
|
v13
|
|
|
|
|
|
|
|
added binaries
|
|
|
|
|
|
|
|
v14
|
|
|
|
|
|
|
|
change get_antizapret script to work with https://github.com/zapret-info/z-i/raw/master/dump.csv
|
|
|
|
filter out 192.168.*, 127.*, 10.* from blocked ips
|
|
|
|
|
|
|
|
v15
|
|
|
|
|
|
|
|
added --hostspell option to nfqws and tpws
|
|
|
|
ISP support : beeline now catches "host" but other spellings still work
|
|
|
|
openwrt/LEDE : changed init script to work with procd
|
|
|
|
tpws, nfqws : minor cosmetic fixes
|
|
|
|
|
|
|
|
v16
|
|
|
|
|
|
|
|
tpws: split-http-req=method : split inside method name, not after
|
|
|
|
ISP support : mns.ru changed split pos to 3 (got redirect page with HEAD req : curl -I ej.ru)
|
|
|
|
|
|
|
|
v17
|
|
|
|
|
|
|
|
ISP support : athome moved from nfqws to tpws because of instability and http request hangs
|
|
|
|
tpws : added options unixeol,methodeol,hosttab
|
|
|
|
|
|
|
|
v18
|
|
|
|
|
|
|
|
tpws,nfqws : added hostnospace option
|
|
|
|
|
|
|
|
v19
|
|
|
|
|
|
|
|
tpws : added hostlist option
|
|
|
|
|
|
|
|
v20
|
|
|
|
|
|
|
|
added ip2net. ip2net groups ips from iplist into subnets and reduces ipset size twice
|
|
|
|
|
|
|
|
v21
|
|
|
|
|
|
|
|
added mdig. get_reestr.sh is *real* again
|
|
|
|
|
|
|
|
v22
|
|
|
|
|
|
|
|
total review of init script logic
|
|
|
|
dropped support of older debian 7 and ubuntu 12/14 systems
|
|
|
|
install_bin.sh : auto binaries preparation
|
|
|
|
docs: readme review. some new topics added, others deleted
|
|
|
|
docs: VPN setup with policy based routing using wireguard
|
|
|
|
docs: wireguard modding guide
|
|
|
|
|
|
|
|
v23
|
|
|
|
|
|
|
|
major init system rewrite
|
|
|
|
openwrt : separate firewall include /etc/firewall.zapret
|
|
|
|
install_easy.sh : easy setup on openwrt, debian, ubuntu, centos, fedora, opensuse
|
|
|
|
|
|
|
|
v24
|
|
|
|
|
|
|
|
separate config from init scripts
|
|
|
|
gzip support in ipset/*.sh and tpws
|
|
|
|
|
|
|
|
v25
|
|
|
|
|
|
|
|
init : move to native systemd units
|
|
|
|
use links to units, init scripts and firewall includes, no more copying
|
|
|
|
|
|
|
|
v26
|
|
|
|
|
|
|
|
ipv6 support
|
|
|
|
tpws : advanced bind options
|
|
|
|
|
|
|
|
v27
|
|
|
|
|
|
|
|
tpws : major connection code rewrite. originally it was derived from not top quality example , with many bugs and potential problems.
|
|
|
|
next generation connection code uses nonblocking sockets. now its in EXPERIMENTAL state.
|
|
|
|
|
|
|
|
v28
|
|
|
|
|
|
|
|
tpws : added socks5 support
|
|
|
|
ipset : major RKN getlist rewrite. added antifilter.network support
|
|
|
|
|
|
|
|
v29
|
|
|
|
|
|
|
|
nfqws : DPI desync attack
|
|
|
|
ip exclude system
|
|
|
|
|
|
|
|
v30
|
|
|
|
|
|
|
|
nfqws : DPI desync attack modes : fake,rst
|
|
|
|
|
|
|
|
v31
|
|
|
|
|
|
|
|
nfqws : DPI desync attack modes : disorder,disorder2,split,split2.
|
|
|
|
nfqws : DPI desync fooling mode : badseq. multiple modes supported
|
|
|
|
|
|
|
|
v32
|
|
|
|
|
|
|
|
tpws : multiple binds
|
|
|
|
init scripts : run only one instance of tpws in any case
|
|
|
|
|
|
|
|
v33
|
|
|
|
|
|
|
|
openwrt : flow offloading support
|
|
|
|
config : MODE refactoring
|
|
|
|
|
|
|
|
v34
|
|
|
|
|
|
|
|
nfqws : dpi-desync 2 mode combos
|
|
|
|
nfqws : dpi-desync without parameter no more supported. previously it meant "fake"
|
|
|
|
nfqws : custom fake http request and tls client hello
|
|
|
|
|
|
|
|
v35
|
|
|
|
|
|
|
|
limited FreeBSD and OpenBSD support
|
|
|
|
|
|
|
|
v36
|
|
|
|
|
|
|
|
full FreeBSD and OpenBSD support
|
|
|
|
|
|
|
|
v37
|
|
|
|
|
|
|
|
limited MacOS support
|
|
|
|
|
|
|
|
v38
|
|
|
|
|
|
|
|
MacOS easy install
|
2021-03-18 19:21:25 +05:00
|
|
|
|
|
|
|
v39
|
|
|
|
|
|
|
|
nfqws: conntrack, wssize
|