install_easy

2026-03-21 00:35:49 +00:00 · 2025-12-02 15:40:39 +03:00
parent ec6021898b
commit 69b08f0a36
18 changed files with 1872 additions and 5 deletions
--- a/init.d/openrc/zapret2
+++ b/init.d/openrc/zapret2
@@ -6,7 +6,7 @@
 EXEDIR=$(dirname "$RC_SERVICE")
 EXEDIR="$(cd "$EXEDIR"; pwd)"
 ZAPRET_BASE="$EXEDIR/../.."
-ZAPRET_INIT="$ZAPRET_BASE/init.d/sysv/zapret"
+ZAPRET_INIT="$ZAPRET_BASE/init.d/sysv/zapret2"

 extra_commands="start_fw stop_fw restart_fw start_daemons stop_daemons restart_daemons reload_ifsets list_ifsets list_table"
 description="extra commands :"
--- a/init.d/pfsense/zapret2.sh
+++ b/init.d/pfsense/zapret2.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+# this file should be placed to /usr/local/etc/rc.d and chmod 755
+
+# copy 'lua' dir there
+ZDIR=/usr/local/etc/zapret2
+
+# prepare system
+
+kldload ipfw
+kldload ipdivert
+
+# for older pfsense versions. newer do not have these sysctls
+sysctl net.inet.ip.pfil.outbound=ipfw,pf
+sysctl net.inet.ip.pfil.inbound=ipfw,pf
+sysctl net.inet6.ip6.pfil.outbound=ipfw,pf
+sysctl net.inet6.ip6.pfil.inbound=ipfw,pf
+
+# required for newer pfsense versions (2.6.0 tested) to return ipfw to functional state
+pfctl -d ; pfctl -e
+
+# add ipfw rules and start daemon
+
+ipfw delete 100
+ipfw add 100 divert 990 tcp from any to any 80,443 out not diverted not sockarg
+pkill ^dvtws2$
+dvtws2 --daemon --port 990 --lua-init=@$ZDIR/zapret-lib.lua --lua-init=@$ZDIR/zapret-antidpi.lua --lua-desync=multisplit
--- a/init.d/runit/zapret2/finish
+++ b/init.d/runit/zapret2/finish
@@ -0,0 +1,2 @@
+#!/bin/sh
+/opt/zapret2/init.d/sysv/zapret2 stop
--- a/init.d/runit/zapret2/run
+++ b/init.d/runit/zapret2/run
@@ -0,0 +1,3 @@
+#!/bin/sh
+/opt/zapret2/init.d/sysv/zapret2 start
+exec chpst -b zapret2 sleep infinity
--- a/init.d/s6/zapret2/down
+++ b/init.d/s6/zapret2/down
@@ -0,0 +1,2 @@
+#!/bin/execlineb -P
+exec /opt/zapret2/init.d/sysv/zapret2 stop
--- a/init.d/s6/zapret2/type
+++ b/init.d/s6/zapret2/type
@@ -0,0 +1 @@
+oneshot
--- a/init.d/s6/zapret2/up
+++ b/init.d/s6/zapret2/up
@@ -0,0 +1,2 @@
+#!/bin/execlineb -P
+exec /opt/zapret2/init.d/sysv/zapret2 start
--- a/init.d/windivert.filter.examples/README.txt
+++ b/init.d/windivert.filter.examples/README.txt
@@ -0,0 +1,14 @@
+Цель этих фильтров - отсекать полезную нагрузку в режиме ядра, не насилуя процессор перенаправлением целого потока на winws.
+Задействуются через `winws --wf-raw-part=@filename`. Может быть несколько частичных фильтров. Они могут сочетаться с --wf-tcp и --wf-udp.
+Однако, язык фильтров windivert не содержит операций с битовыми полями, сдвигов и побитовой логики.
+Поэтому фильтры получились более слабыми, способными передавать неправильную нагрузку.
+Дофильтрация производится силами winws.
+
+Описание языка фильтров : https://reqrypt.org/windivert-doc.html#filter_language
+Пример инстанса для пробития медиапотоков в discord : `winws --wf-raw-part=@windivert_part.discord_media.txt --wf-raw-part=@windivert_part.stun.txt --filter-l7=stun,discord --dpi-desync=fake`
+
+
+These filters are invoked using `winws --wf-raw-part=@filename`. Multiple filter parts are supported. They can be combined with --wf-tcp and --wf-udp.
+Filters are kernel mode and save great amount of CPU.
+However windivert cannot filter by bit fields, lacks shift and bitwise logic operations.
+Filters are relaxed and can pass wrong payloads. Finer filtering is done by winws.
--- a/init.d/windivert.filter.examples/windivert_part.discord_media.txt
+++ b/init.d/windivert.filter.examples/windivert_part.discord_media.txt
@@ -0,0 +1,20 @@
+  outbound and ip and
+  udp.DstPort>=50000 and udp.DstPort<=50099 and
+  udp.PayloadLength=74 and
+  udp.Payload32[0]=0x00010046 and
+  udp.Payload32[2]=0 and
+  udp.Payload32[3]=0 and
+  udp.Payload32[4]=0 and
+  udp.Payload32[5]=0 and
+  udp.Payload32[6]=0 and
+  udp.Payload32[7]=0 and
+  udp.Payload32[8]=0 and
+  udp.Payload32[9]=0 and
+  udp.Payload32[10]=0 and
+  udp.Payload32[11]=0 and
+  udp.Payload32[12]=0 and
+  udp.Payload32[13]=0 and
+  udp.Payload32[14]=0 and
+  udp.Payload32[15]=0 and
+  udp.Payload32[16]=0 and
+  udp.Payload32[17]=0
--- a/init.d/windivert.filter.examples/windivert_part.quic_initial_ietf.txt
+++ b/init.d/windivert.filter.examples/windivert_part.quic_initial_ietf.txt
@@ -0,0 +1,4 @@
+  outbound and
+  udp.PayloadLength>=256 and
+  udp.Payload[0]>=0xC0 and udp.Payload[0]<0xD0 and
+  udp.Payload[1]=0 and udp.Payload16[1]=0 and udp.Payload[4]=1
--- a/init.d/windivert.filter.examples/windivert_part.stun.txt
+++ b/init.d/windivert.filter.examples/windivert_part.stun.txt
@@ -0,0 +1,3 @@
+  outbound and
+  udp.PayloadLength>=20 and
+  udp.Payload32[1]=0x2112A442 and udp.Payload[0]<0x40
--- a/init.d/windivert.filter.examples/windivert_part.wireguard.txt
+++ b/init.d/windivert.filter.examples/windivert_part.wireguard.txt
@@ -0,0 +1,3 @@
+  outbound and
+  udp.PayloadLength=148 and
+  udp.Payload[0]=0x01