ForkMaster/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2025-01-06 08:20:34 +05:00
Code Issues Actions Packages Projects Releases Wiki Activity

readme.eng typos

Browse Source
This commit is contained in:
bol-van 2021-06-28 22:06:49 +03:00
parent 9a354ee972
commit 69dab1a9d4
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/readme.eng.txt
View File

@ -89,7 +89,7 @@ iptables -t mangle -I POSTROUTING -o <external_interface> -p tcp --dport 80 -m s
Some DPIs catch only the first http request, ignoring subsequent requests in a keep-alive session. Some DPIs catch only the first http request, ignoring subsequent requests in a keep-alive session.
Then we can reduce CPU load, refusing to process unnecessary packets. Then we can reduce CPU load, refusing to process unnecessary packets.
iptables -t mangle -I POSTROUTING -o <внешний_интерфейс> -p tcp --dport 80 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:4 -m mark ! --mark 0x40000000/0x40000000 -m set --match-set zapret dst -j NFQUEUE --queue-num 200 --queue-bypass iptables -t mangle -I POSTROUTING -o <external_interface> -p tcp --dport 80 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:4 -m mark ! --mark 0x40000000/0x40000000 -m set --match-set zapret dst -j NFQUEUE --queue-num 200 --queue-bypass
Mark filter does not allow nfqws-generated packets to enter the queue again. Mark filter does not allow nfqws-generated packets to enter the queue again.
Its necessary to use this filter when also using "connbytes 1:4". Without it packet ordering can be changed breaking the whole idea. Its necessary to use this filter when also using "connbytes 1:4". Without it packet ordering can be changed breaking the whole idea.
@ -393,10 +393,9 @@ split-pos works by default only on http and TLS ClientHello. use --split-any-pro
tpws can bind to multiple interfaces and IP addresses (up to 32). tpws can bind to multiple interfaces and IP addresses (up to 32).
Port number is always the same. Port number is always the same.
Parameters --bind-iface* и --bind-addr create new bind. Parameters --bind-iface* and --bind-addr create new bind.
Other parameters --bind-* are related to the last bind. Other parameters --bind-* are related to the last bind.
Выбор режима использования link local ipv6 адресов (fe80::/8) : link local ipv6 (fe80::/8) mode selection :
ipv6 link local usage modes :
--bind-iface6 --bind-linklocal=no : first selects private address fd00::/8, then global address --bind-iface6 --bind-linklocal=no : first selects private address fd00::/8, then global address
--bind-iface6 --bind-linklocal=unwanted : first selects private address fd00::/8, then global address, then LL --bind-iface6 --bind-linklocal=unwanted : first selects private address fd00::/8, then global address, then LL
--bind-iface6 --bind-linklocal=prefer : first selects LL, then private address fd00::/8, then global address --bind-iface6 --bind-linklocal=prefer : first selects LL, then private address fd00::/8, then global address