install_easy

Author: bol-van

common/installer.sh

@@ -75,9 +75,9 @@ NFQWS2_UDP_PKT_IN=0
 # hostlist markers are replaced to empty string if MODE_FILTER does not satisfy
 # <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
 NFQWS2_OPT="
---filter-tcp=80 --payload=http_req --lua-desync=fake:blob=fake_default_http:tcp_md5 --lua-desync=multisplit:pos=method+2 <HOSTLIST> --new
---filter-tcp=443 --payload=tls_client_hello --lua-desync=fake:blob=fake_default_tls:tcp_md5:tcp_seq=-10000 --lua-desync=multidisorder:pos=1,midsld <HOSTLIST> --new
---filter-udp=443 --payload=quic_initial --lua-desync=fake:blob=fake_default_quic:repeats=6 <HOSTLIST_NOAUTO>
+--filter-tcp=80 --filter-l7=http <HOSTLIST> --payload=http_req --lua-desync=fake:blob=fake_default_http:tcp_md5 --lua-desync=multisplit:pos=method+2 --new
+--filter-tcp=443 --filter-l7=tls <HOSTLIST> --payload=tls_client_hello --lua-desync=fake:blob=fake_default_tls:tcp_md5:tcp_seq=-10000 --lua-desync=multidisorder:pos=1,midsld --new
+--filter-udp=443 --filter-l7=quic <HOSTLIST_NOAUTO> --payload=quic_initial --lua-desync=fake:blob=fake_default_quic:repeats=6
 "
 
 # none,ipset,hostlist,autohostlist
@@ -97,7 +97,6 @@ FLOWOFFLOAD=donttouch
 # or leave them commented if its not router
 # it's possible to specify multiple interfaces like this : IFACE_WAN="eth0 eth1 eth2"
 # if IFACE_WAN6 is not defined it take the value of IFACE_WAN
-#IFACE_LAN=eth0
 #IFACE_WAN=eth1
 #IFACE_WAN6="ipsec0 wireguard0 he_net"
 

config.default

@@ -38,3 +38,4 @@ v0.2
 v0.3
 * init.d launch scripts
 * init.d: 40-webserver custom script
+* install_easy

docs/changes.txt

@@ -6,7 +6,7 @@
 EXEDIR=$(dirname "$RC_SERVICE")
 EXEDIR="$(cd "$EXEDIR"; pwd)"
 ZAPRET_BASE="$EXEDIR/../.."
-ZAPRET_INIT="$ZAPRET_BASE/init.d/sysv/zapret"
+ZAPRET_INIT="$ZAPRET_BASE/init.d/sysv/zapret2"
 
 extra_commands="start_fw stop_fw restart_fw start_daemons stop_daemons restart_daemons reload_ifsets list_ifsets list_table"
 description="extra commands :"

init.d/openrc/zapret init.d/openrc/zapret2init.d/openrc/zapret renamed to init.d/openrc/zapret2

@@ -0,0 +1,27 @@
+#!/bin/sh
+
+# this file should be placed to /usr/local/etc/rc.d and chmod 755
+
+# copy 'lua' dir there
+ZDIR=/usr/local/etc/zapret2
+
+# prepare system
+
+kldload ipfw
+kldload ipdivert
+
+# for older pfsense versions. newer do not have these sysctls
+sysctl net.inet.ip.pfil.outbound=ipfw,pf
+sysctl net.inet.ip.pfil.inbound=ipfw,pf
+sysctl net.inet6.ip6.pfil.outbound=ipfw,pf
+sysctl net.inet6.ip6.pfil.inbound=ipfw,pf
+
+# required for newer pfsense versions (2.6.0 tested) to return ipfw to functional state
+pfctl -d ; pfctl -e
+
+# add ipfw rules and start daemon
+
+ipfw delete 100
+ipfw add 100 divert 990 tcp from any to any 80,443 out not diverted not sockarg
+pkill ^dvtws2$
+dvtws2 --daemon --port 990 --lua-init=@$ZDIR/zapret-lib.lua --lua-init=@$ZDIR/zapret-antidpi.lua --lua-desync=multisplit

init.d/pfsense/zapret2.sh

@@ -0,0 +1,2 @@
+#!/bin/sh
+/opt/zapret2/init.d/sysv/zapret2 stop

init.d/runit/zapret2/finish

@@ -0,0 +1,3 @@
+#!/bin/sh
+/opt/zapret2/init.d/sysv/zapret2 start
+exec chpst -b zapret2 sleep infinity

init.d/runit/zapret2/run

@@ -0,0 +1,2 @@
+#!/bin/execlineb -P
+exec /opt/zapret2/init.d/sysv/zapret2 stop

init.d/s6/zapret2/down

@@ -0,0 +1 @@
+oneshot

init.d/s6/zapret2/type

@@ -0,0 +1,2 @@
+#!/bin/execlineb -P
+exec /opt/zapret2/init.d/sysv/zapret2 start