From 2c037dca73e854591ab225a3d7c558b09f10db4f Mon Sep 17 00:00:00 2001 From: bol-van Date: Fri, 26 Dec 2025 10:50:20 +0300 Subject: [PATCH] init.d: 50-dht4all NFQWS_OPT_DHT_PKT_OUT --- docs/changes.txt | 4 ++++ init.d/custom.d.examples.linux/50-dht4all | 6 ++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/docs/changes.txt b/docs/changes.txt index c032d29..caed444 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -133,3 +133,7 @@ v0.7.6 * nfqws2: autohostlist reset retransmitter to break long wait * zapret-auto: stadard_failure_detector reset retransmitter to break long wait * nfqws2, init.d, windivert : dht and wg detection changes + +v0.7.7 + +* init.d: 50-dht4all NFQWS_OPT_DHT_PKT_OUT diff --git a/init.d/custom.d.examples.linux/50-dht4all b/init.d/custom.d.examples.linux/50-dht4all index d2d2f3f..76489a7 100644 --- a/init.d/custom.d.examples.linux/50-dht4all +++ b/init.d/custom.d.examples.linux/50-dht4all @@ -3,6 +3,8 @@ # can override in config : NFQWS_OPT_DESYNC_DHT="${NFQWS_OPT_DESYNC_DHT:---payload dht --lua-desync=dht_dn}" +# set it to "keepalive" to fool all packets, not just the first. or set number of packets to be fooled. +NFQWS_OPT_DHT_PKT_OUT=${NFQWS_OPT_DHT_PKT_OUT:-20} alloc_dnum DNUM_DHT4ALL alloc_qnum QNUM_DHT4ALL @@ -19,7 +21,7 @@ zapret_custom_firewall() # $1 - 1 - run, 0 - stop local f uf4 uf6 - local first_packet_only="$ipt_connbytes 1:1" + local first_packet_only=$(ipt_first_packets $NFQWS_OPT_DHT_PKT_OUT) f='-p udp -m u32 --u32' uf4='0>>22&0x3C@4>>16=13:0xFFFF&&0>>22&0x3C@8>>16=0x6431:0x6432' @@ -31,7 +33,7 @@ zapret_custom_firewall_nft() # stop logic is not required local f - local first_packet_only="$nft_connbytes 1" + local first_packet_only=$(nft_first_packets $NFQWS_OPT_DHT_PKT_OUT) f="udp length ge 13 meta l4proto udp @ih,0,16 0x6431-0x6432" nft_fw_nfqws_post "$f $first_packet_only" "$f $first_packet_only" $QNUM_DHT4ALL