gandc/zapret2
Template
1
0
Fork 0
mirror of https://github.com/bol-van/zapret2.git synced 2026-03-14 06:13:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

zapret-obfs: fix comment

Browse Source
This commit is contained in:
bol-van
2026-01-30 21:59:11 +03:00
parent d5306fb97a
commit 27d387c76d
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lua/zapret-obfs.lua
View File

@@ -272,7 +272,7 @@ end
-- nft add rule inet ztest pre meta mark & 0x40000000 == 0x00000000 tcp dport { 80, 443 } tcp flags & (fin | syn | rst | ack | urg) == ack tcp option 172 exists queue flags bypass to 200
-- nft add rule inet ztest pre meta mark & 0x40000000 == 0x00000000 tcp dport { 80, 443 } tcp flags & (fin | syn | rst | ack | urg) == ack @th,100,4 != 0 queue flags bypass to 200
-- nft add rule inet ztest pre meta mark & 0x40000000 == 0x00000000 tcp dport { 80, 443 } tcp flags & (fin | syn | rst | ack | urg) == ack ct state new queue flags bypass to 200
-- hides tcp handshake from DPI optinally using ghost SYN packed with low ttl to punch NAT hole
-- hides tcp handshake from DPI optionally using ghost SYN packet with low ttl to punch NAT hole
-- NOTE: linux conntrack treats packets without SYN in SYN_SENT state as INVALID ! NAT does not work !
-- NOTE: the only found workaround - put NFQUEUE handler to that packet. It should only return pass verdict.
-- NOTE: BSD and CGNAT should work