mirror of
https://github.com/bol-van/zapret.git
synced 2024-09-22 09:42:51 +05:00
ports override
This commit is contained in:
bol-van
parent
988af97fee
commit
b7a5f51064
@ -253,3 +253,21 @@ minsleep()
|
||||
{
|
||||
msleep 100
|
||||
}
|
||||
|
||||
replace_char()
|
||||
{
|
||||
local a=$1
|
||||
local b=$2
|
||||
shift; shift
|
||||
echo "$@" | tr $a $b
|
||||
}
|
||||
|
||||
std_ports()
|
||||
{
|
||||
HTTP_PORTS=${HTTP_PORTS:-80}
|
||||
HTTPS_PORTS=${HTTPS_PORTS:-443}
|
||||
QUIC_PORTS=${QUIC_PORTS:-443}
|
||||
HTTP_PORTS_IPT=$(replace_char - : $HTTP_PORTS)
|
||||
HTTPS_PORTS_IPT=$(replace_char - : $HTTPS_PORTS)
|
||||
QUIC_PORTS_IPT=$(replace_char - : $QUIC_PORTS)
|
||||
}
|
||||
|
||||
@ -1,3 +1,5 @@
|
||||
std_ports
|
||||
|
||||
ipt()
|
||||
{
|
||||
iptables -C "$@" >/dev/null 2>/dev/null || iptables -I "$@"
|
||||
@ -50,11 +52,11 @@ filter_apply_port_target()
|
||||
# $1 - var name of iptables filter
|
||||
local f
|
||||
if [ "$MODE_HTTP" = "1" ] && [ "$MODE_HTTPS" = "1" ]; then
|
||||
f="-p tcp -m multiport --dports 80,443"
|
||||
f="-p tcp -m multiport --dports $HTTP_PORTS_IPT,$HTTPS_PORTS_IPT"
|
||||
elif [ "$MODE_HTTPS" = "1" ]; then
|
||||
f="-p tcp --dport 443"
|
||||
f="-p tcp -m multiport --dports $HTTPS_PORTS_IPT"
|
||||
elif [ "$MODE_HTTP" = "1" ]; then
|
||||
f="-p tcp --dport 80"
|
||||
f="-p tcp -m multiport --dports $HTTP_PORTS_IPT"
|
||||
else
|
||||
echo WARNING !!! HTTP and HTTPS are both disabled
|
||||
fi
|
||||
@ -64,7 +66,7 @@ filter_apply_port_target_quic()
|
||||
{
|
||||
# $1 - var name of nftables filter
|
||||
local f
|
||||
f="-p udp --dport 443"
|
||||
f="-p udp -m multiport --dports $QUIC_PORTS_IPT"
|
||||
eval $1="\"\$$1 $f\""
|
||||
}
|
||||
filter_apply_ipset_target4()
|
||||
@ -357,7 +359,7 @@ zapret_do_firewall_rules_ipt()
|
||||
[ "$MODE_FILTER" = "autohostlist" ] && fw_nfqws_pre4 $1 "$(reverse_nfqws_rule $f4)" $qn
|
||||
else
|
||||
if [ -n "$qn" ]; then
|
||||
f4="-p tcp --dport 80"
|
||||
f4="-p tcp -m multiport --dports $HTTP_PORTS_IPT"
|
||||
ff="$f4"
|
||||
[ "$MODE_HTTP_KEEPALIVE" = "1" ] || f4="$f4 $first_packet_only"
|
||||
ff="$ff $first_packet_only"
|
||||
@ -367,7 +369,7 @@ zapret_do_firewall_rules_ipt()
|
||||
[ "$MODE_FILTER" = "autohostlist" ] && fw_nfqws_pre4 $1 "$(reverse_nfqws_rule $ff)" $qn
|
||||
fi
|
||||
if [ -n "$qns" ]; then
|
||||
f4="-p tcp --dport 443 $first_packet_only"
|
||||
f4="-p tcp -m multiport --dports $HTTPS_PORTS_IPT $first_packet_only"
|
||||
filter_apply_ipset_target4 f4
|
||||
fw_nfqws_post4 $1 "$f4 $desync" $qns
|
||||
[ "$MODE_FILTER" = "autohostlist" ] && fw_nfqws_pre4 $1 "$(reverse_nfqws_rule $f4)" $qns
|
||||
@ -381,7 +383,7 @@ zapret_do_firewall_rules_ipt()
|
||||
[ "$MODE_FILTER" = "autohostlist" ] && fw_nfqws_pre6 $1 "$(reverse_nfqws_rule $f6)" $qn
|
||||
else
|
||||
if [ -n "$qn6" ]; then
|
||||
f6="-p tcp --dport 80"
|
||||
f6="-p tcp -m multiport --dports $HTTP_PORTS_IPT"
|
||||
ff="$f6"
|
||||
[ "$MODE_HTTP_KEEPALIVE" = "1" ] || f6="$f6 $first_packet_only"
|
||||
ff="$ff $first_packet_only"
|
||||
@ -391,7 +393,7 @@ zapret_do_firewall_rules_ipt()
|
||||
[ "$MODE_FILTER" = "autohostlist" ] && fw_nfqws_pre6 $1 "$(reverse_nfqws_rule $ff)" $qn6
|
||||
fi
|
||||
if [ -n "$qns6" ]; then
|
||||
f6="-p tcp --dport 443 $first_packet_only"
|
||||
f6="-p tcp -m multiport --dports $HTTPS_PORTS_IPT $first_packet_only"
|
||||
filter_apply_ipset_target6 f6
|
||||
fw_nfqws_post6 $1 "$f6 $desync" $qns6
|
||||
[ "$MODE_FILTER" = "autohostlist" ] && fw_nfqws_pre6 $1 "$(reverse_nfqws_rule $f6)" $qns6
|
||||
|
||||
@ -2,6 +2,7 @@
|
||||
|
||||
# required for : nft -f -
|
||||
create_dev_stdin
|
||||
std_ports
|
||||
|
||||
nft_create_table()
|
||||
{
|
||||
@ -279,11 +280,11 @@ nft_filter_apply_port_target()
|
||||
# $1 - var name of nftables filter
|
||||
local f
|
||||
if [ "$MODE_HTTP" = "1" ] && [ "$MODE_HTTPS" = "1" ]; then
|
||||
f="tcp dport {80,443}"
|
||||
f="tcp dport {$HTTP_PORTS,$HTTPS_PORTS}"
|
||||
elif [ "$MODE_HTTPS" = "1" ]; then
|
||||
f="tcp dport 443"
|
||||
f="tcp dport {$HTTPS_PORTS}"
|
||||
elif [ "$MODE_HTTP" = "1" ]; then
|
||||
f="tcp dport 80"
|
||||
f="tcp dport {$HTTP_PORTS}"
|
||||
else
|
||||
echo WARNING !!! HTTP and HTTPS are both disabled
|
||||
fi
|
||||
@ -293,7 +294,7 @@ nft_filter_apply_port_target_quic()
|
||||
{
|
||||
# $1 - var name of nftables filter
|
||||
local f
|
||||
f="udp dport 443"
|
||||
f="udp dport {$QUIC_PORTS}"
|
||||
eval $1="\"\$$1 $f\""
|
||||
}
|
||||
nft_filter_apply_ipset_target4()
|
||||
@ -604,7 +605,7 @@ zapret_apply_firewall_rules_nft()
|
||||
[ "$MODE_FILTER" = "autohostlist" ] && nft_fw_nfqws_pre4 "$(nft_reverse_nfqws_rule $f4)" $qn
|
||||
else
|
||||
if [ -n "$qn" ]; then
|
||||
f4="tcp dport 80"
|
||||
f4="tcp dport {$HTTP_PORTS}"
|
||||
ff="$f4"
|
||||
[ "$MODE_HTTP_KEEPALIVE" = "1" ] || f4="$f4 $first_packet_only"
|
||||
ff="$ff $first_packet_only"
|
||||
@ -614,7 +615,7 @@ zapret_apply_firewall_rules_nft()
|
||||
[ "$MODE_FILTER" = "autohostlist" ] && nft_fw_nfqws_pre4 "$(nft_reverse_nfqws_rule $ff)" $qn
|
||||
fi
|
||||
if [ -n "$qns" ]; then
|
||||
f4="tcp dport 443 $first_packet_only"
|
||||
f4="tcp dport {$HTTPS_PORTS} $first_packet_only"
|
||||
nft_filter_apply_ipset_target4 f4
|
||||
nft_fw_nfqws_post4 "$f4 $desync" $qns
|
||||
[ "$MODE_FILTER" = "autohostlist" ] && nft_fw_nfqws_pre4 "$(nft_reverse_nfqws_rule $f4)" $qns
|
||||
@ -628,7 +629,7 @@ zapret_apply_firewall_rules_nft()
|
||||
[ "$MODE_FILTER" = "autohostlist" ] && nft_fw_nfqws_pre6 "$(nft_reverse_nfqws_rule $f6)" $qn
|
||||
else
|
||||
if [ -n "$qn6" ]; then
|
||||
f6="tcp dport 80"
|
||||
f6="tcp dport {$HTTP_PORTS}"
|
||||
ff="$f6"
|
||||
[ "$MODE_HTTP_KEEPALIVE" = "1" ] || f6="$f6 $first_packet_only"
|
||||
ff="$ff $first_packet_only"
|
||||
@ -638,7 +639,7 @@ zapret_apply_firewall_rules_nft()
|
||||
[ "$MODE_FILTER" = "autohostlist" ] && nft_fw_nfqws_pre6 "$(nft_reverse_nfqws_rule $ff)" $qn6
|
||||
fi
|
||||
if [ -n "$qns6" ]; then
|
||||
f6="tcp dport 443 $first_packet_only"
|
||||
f6="tcp dport {$HTTPS_PORTS} $first_packet_only"
|
||||
nft_filter_apply_ipset_target6 f6
|
||||
nft_fw_nfqws_post6 "$f6 $desync" $qns6
|
||||
[ "$MODE_FILTER" = "autohostlist" ] && nft_fw_nfqws_pre6 "$(nft_reverse_nfqws_rule $f6)" $qns6
|
||||
|
||||
@ -4,6 +4,8 @@ PF_ANCHOR_ZAPRET="$PF_ANCHOR_DIR/zapret"
|
||||
PF_ANCHOR_ZAPRET_V4="$PF_ANCHOR_DIR/zapret-v4"
|
||||
PF_ANCHOR_ZAPRET_V6="$PF_ANCHOR_DIR/zapret-v6"
|
||||
|
||||
std_ports
|
||||
|
||||
pf_anchor_root_reload()
|
||||
{
|
||||
echo reloading PF root anchor
|
||||
@ -107,11 +109,11 @@ pf_anchor_zapret_tables()
|
||||
pf_anchor_port_target()
|
||||
{
|
||||
if [ "$MODE_HTTP" = "1" ] && [ "$MODE_HTTPS" = "1" ]; then
|
||||
echo "{80,443}"
|
||||
echo "{$HTTP_PORTS_IPT,$HTTPS_PORTS_IPT}"
|
||||
elif [ "$MODE_HTTPS" = "1" ]; then
|
||||
echo "443"
|
||||
echo "{$HTTPS_PORTS_IPT}"
|
||||
elif [ "$MODE_HTTP" = "1" ]; then
|
||||
echo "80"
|
||||
echo "{$HTTP_PORTS_IPT}"
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
7
config
7
config
@ -37,6 +37,11 @@ GZIP_LISTS=1
|
||||
# set to "-" to disable reload
|
||||
#LISTS_RELOAD="pfctl -f /etc/pf.conf"
|
||||
|
||||
# override ports
|
||||
#HTTP_PORTS=80-81,85
|
||||
#HTTPS_PORTS=443,500-501
|
||||
#QUIC_PORTS=443,444
|
||||
|
||||
# CHOOSE OPERATION MODE
|
||||
# MODE : nfqws,tpws,tpws-socks,filter,custom
|
||||
# nfqws : nfqws for dpi desync
|
||||
@ -96,7 +101,7 @@ INIT_APPLY_FW=1
|
||||
# do not work with ipv4
|
||||
#DISABLE_IPV4=1
|
||||
# do not work with ipv6
|
||||
DISABLE_IPV6=1
|
||||
#DISABLE_IPV6=1
|
||||
|
||||
# select which init script will be used to get ip or host list
|
||||
# possible values : get_user.sh get_antizapret.sh get_combined.sh get_reestr.sh get_hostlist.sh
|
||||
|
||||
Loading…
Reference in New Issue
Block a user