🔮Интернет

COMSS dns

sudo mkdir /etc/systemd/resolved.conf.d && sudo nano /etc/systemd/resolved.conf.d/00-custom.conf

[Resolve]
DNS=76.76.2.22#comss.dns.controld.com
DNSOverTLS=yes

Также добавьте в hosts:

sudo nano /etc/hosts

127.0.1.1

Проверить состояние можно на controld.com/status.

spoofDPI

brew install spoofdpi

Запустите сервис:

brew services start spoofdpi

tor

brew install tor obfs4proxy

Создайте папку для DataDirectory:

mkdir /home/linuxbrew/.linuxbrew/var/lib/tor

Создайте файл конфигурации:

nano /home/linuxbrew/.linuxbrew/etc/tor/torrc

## Конфигурация tor для использования мостов

# Разрешить использование мостов
UseBridges 1

# Указание, как Tor должен интерактивно подключаться к мостам с использованием obfs4
ClientTransportPlugin obfs4 exec /home/linuxbrew/.linuxbrew/bin/obfs4proxy

# Добавление моста obfs4
Bridge

# Не запускать Tor в режиме сервиса
RunAsDaemon 0

# SOCKS-порт
SocksPort 9050

DataDirectory /home/linuxbrew/.linuxbrew/var/lib/tor

Запустите сервис:

brew services start tor

Адрес хоста подключения SOCKS5: 127.0.0.1:9050

zapret

git clone --depth 1 https://github.com/bol-van/zapret && cd zapret && ./install_bin.sh && ./install_prereq.sh

При необходимости запустите тест:

./blockcheck.sh

Установите сервис игнорируя предупреждения установщика:

./install_easy.sh

Конфигурация

Пример конфигурации. Используется nftables с nfqws.

/opt/zapret/config

# this file is included from init scripts
# change values here

# can help in case /tmp has not enough space
#TMPDIR=/opt/zapret/tmp

# redefine user for zapret daemons. required on Keenetic
#WS_USER=nobody

# override firewall type : iptables,nftables,ipfw
FWTYPE=nftables

# options for ipsets
# maximum number of elements in sets. also used for nft sets
SET_MAXELEM=522288
# too low hashsize can cause memory allocation errors on low RAM systems , even if RAM is enough
# too large hashsize will waste lots of RAM
IPSET_OPT="hashsize 262144 maxelem $SET_MAXELEM"
# dynamically generate additional ip. $1 = ipset/nfset/table name
#IPSET_HOOK="/etc/zapret.ipset.hook"

# options for ip2net. "-4" or "-6" auto added by ipset create script
IP2NET_OPT4="--prefix-length=22-30 --v4-threshold=3/4"
IP2NET_OPT6="--prefix-length=56-64 --v6-threshold=5"
# options for auto hostlist
AUTOHOSTLIST_RETRANS_THRESHOLD=3
AUTOHOSTLIST_FAIL_THRESHOLD=3
AUTOHOSTLIST_FAIL_TIME=60
# 1 = debug autohostlist positives to ipset/zapret-hosts-auto-debug.log
AUTOHOSTLIST_DEBUGLOG=0

# number of parallel threads for domain list resolves
MDIG_THREADS=30

# ipset/*.sh can compress large lists
GZIP_LISTS=1
# command to reload ip/host lists after update
# comment or leave empty for auto backend selection : ipset or ipfw if present
# on BSD systems with PF no auto reloading happens. you must provide your own command
# set to "-" to disable reload
#LISTS_RELOAD="pfctl -f /etc/pf.conf"

# override ports
#HTTP_PORTS=80-81,85
#HTTPS_PORTS=443,500-501
#QUIC_PORTS=443,444

# CHOOSE OPERATION MODE
# MODE : nfqws,tpws,tpws-socks,filter,custom
# nfqws : nfqws for dpi desync
# tpws : tpws transparent mode
# tpws-socks : tpws socks mode
# filter : no daemon, just create ipset or download hostlist
# custom : custom mode. should modify custom init script and add your own code
MODE=nfqws
# apply fooling to http
MODE_HTTP=0
# for nfqws only. support http keep alives. enable only if DPI checks for http request in any outgoing packet
MODE_HTTP_KEEPALIVE=0
# apply fooling to https
MODE_HTTPS=1
# apply fooling to quic
MODE_QUIC=1
# none,ipset,hostlist,autohostlist
MODE_FILTER=ipset,hostlist

# CHOOSE NFQWS DAEMON OPTIONS for DPI desync mode. run "nfq/nfqws --help" for option list
# SUFFIX VARS define additional lower priority desync profile. it's required if MODE_FILTER=hostlist and strategy has hostlist-incompatible 0-phase desync methods (syndata,wssize)
DESYNC_MARK=0x40000000
DESYNC_MARK_POSTNAT=0x20000000
NFQWS_OPT_DESYNC="--dpi-desync=fake,disorder2 --dpi-desync-ttl=0 --dpi-desync-ttl6=0 --dpi-desync-fooling=md5sig,badseq --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin"
#NFQWS_OPT_DESYNC_SUFFIX="--dpi-desync=syndata"
#NFQWS_OPT_DESYNC_HTTP="--dpi-desync=fake --dpi-desync-ttl=2 --dpi-desync-fake-http=0x00000000 --hostlist=/opt/zapret/ipset/zapret-hosts-user.txt --new --dpi-desync=fake,disorder2 --dpi-desync-ttl=2 --dpi-desync-fooling=badsum"
#NFQWS_OPT_DESYNC_HTTP_SUFFIX="--dpi-desync=syndata"
#NFQWS_OPT_DESYNC_HTTPS="--dpi-desync=split --dpi-desync-split-pos=3 --dpi-desync-ttl=2 --dpi-desync-repeats=6 --hostlist=/opt/zapret/ipset/zapret-hosts-user.txt --new --dpi-desync=fake,disorder2 --dpi-desync-ttl=2 --dpi-desync-fooling=badsum"
#NFQWS_OPT_DESYNC_HTTPS_SUFFIX="--wssize 1:6"
#NFQWS_OPT_DESYNC_HTTP6=""
#NFQWS_OPT_DESYNC_HTTP6_SUFFIX="--dpi-desync=syndata"
#NFQWS_OPT_DESYNC_HTTPS6=""
#NFQWS_OPT_DESYNC_HTTPS6_SUFFIX="--wssize 1:6"
NFQWS_OPT_DESYNC_QUIC="--dpi-desync-fake --dpi-desync-repeats=6"
#NFQWS_OPT_DESYNC_QUIC_SUFFIX=""
#NFQWS_OPT_DESYNC_QUIC6="--dpi-desync=hopbyhop"
#NFQWS_OPT_DESYNC_QUIC6_SUFFIX=""

# CHOOSE TPWS DAEMON OPTIONS. run "tpws/tpws --help" for option list
TPWS_OPT="--split-pos=2 --split-http-req=method --oob"

# openwrt only : donttouch,none,software,hardware
FLOWOFFLOAD=none

# openwrt: specify networks to be treated as LAN. default is "lan"
#OPENWRT_LAN="lan lan2 lan3"
# openwrt: specify networks to be treated as WAN. default wans are interfaces with default route
#OPENWRT_WAN4="wan vpn"
#OPENWRT_WAN6="wan6 vpn6"

# for routers based on desktop linux and macos. has no effect in openwrt.
# CHOOSE LAN and optinally WAN/WAN6 NETWORK INTERFACES
# or leave them commented if its not router
# it's possible to specify multiple interfaces like this : IFACE_LAN="eth0 eth1 eth2"
# if IFACE_WAN6 is not defined it take the value of IFACE_WAN
#IFACE_LAN=eth0
#IFACE_WAN=
#IFACE_WAN6="ipsec0 wireguard0 he_net"

# should start/stop command of init scripts apply firewall rules ?
# not applicable to openwrt with firewall3+iptables
INIT_APPLY_FW=1
# firewall apply hooks
#INIT_FW_PRE_UP_HOOK="/etc/firewall.zapret.hook.pre_up"
#INIT_FW_POST_UP_HOOK="/etc/firewall.zapret.hook.post_up"
#INIT_FW_PRE_DOWN_HOOK="/etc/firewall.zapret.hook.pre_down"
#INIT_FW_POST_DOWN_HOOK="/etc/firewall.zapret.hook.post_down"

# do not work with ipv4
#DISABLE_IPV4=1
# do not work with ipv6
DISABLE_IPV6=1

# select which init script will be used to get ip or host list
# possible values : get_user.sh get_antizapret.sh get_combined.sh get_reestr.sh get_hostlist.sh
# comment if not required
GETLIST=get_antifilter_ipsmart.sh

Отключите firewalld:

sudo systemctl disable firewalld

Настройте службу:

sudo nano /etc/rc.d/rc.local && sudo chmod 755 /etc/rc.d/rc.local

#!/bin/bash

exec bash /opt/zapret/init.d/sysv/zapret start

Создайте файл сервиса:

sudo nano /etc/systemd/system/rc-local.service

[Unit]
Description=Compatibility rc.local
ConditionPathExists=/etc/rc.d/rc.local

[Service]
Type=forking
ExecStart=/etc/rc.d/rc.local
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

Запустите сервис:

sudo systemctl daemon-reload && sudo systemctl enable --now rc-local.service

Список `url` для обхода замедления youtube

sudo nano /opt/zapret/ipset/zapret-hosts-user.txt

googlevideo.com
googleapis.com
i.ytimg.com
i9.ytimg.com
wide-youtube.l.google.com
youtu.be
youtube.com
youtube.googleapis.com
yt3.ggpht.com
yt3.googleusercontent.com

Last updated 12 days ago

## Конфигурация tor для использования мостов # Разрешить использование мостов UseBridges 1 # Указание, как Tor должен интерактивно подключаться к мостам с использованием obfs4 ClientTransportPlugin obfs4 exec /home/linuxbrew/.linuxbrew/bin/obfs4proxy # Добавление моста obfs4 Bridge # Не запускать Tor в режиме сервиса RunAsDaemon 0 # SOCKS-порт SocksPort 9050 DataDirectory /home/linuxbrew/.linuxbrew/var/lib/tor

# this file is included from init scripts # change values here # can help in case /tmp has not enough space #TMPDIR=/opt/zapret/tmp # redefine user for zapret daemons. required on Keenetic #WS_USER=nobody # override firewall type : iptables,nftables,ipfw FWTYPE=nftables # options for ipsets # maximum number of elements in sets. also used for nft sets SET_MAXELEM=522288 # too low hashsize can cause memory allocation errors on low RAM systems , even if RAM is enough # too large hashsize will waste lots of RAM IPSET_OPT="hashsize 262144 maxelem $SET_MAXELEM" # dynamically generate additional ip. $1 = ipset/nfset/table name #IPSET_HOOK="/etc/zapret.ipset.hook" # options for ip2net. "-4" or "-6" auto added by ipset create script IP2NET_OPT4="--prefix-length=22-30 --v4-threshold=3/4" IP2NET_OPT6="--prefix-length=56-64 --v6-threshold=5" # options for auto hostlist AUTOHOSTLIST_RETRANS_THRESHOLD=3 AUTOHOSTLIST_FAIL_THRESHOLD=3 AUTOHOSTLIST_FAIL_TIME=60 # 1 = debug autohostlist positives to ipset/zapret-hosts-auto-debug.log AUTOHOSTLIST_DEBUGLOG=0 # number of parallel threads for domain list resolves MDIG_THREADS=30 # ipset/*.sh can compress large lists GZIP_LISTS=1 # command to reload ip/host lists after update # comment or leave empty for auto backend selection : ipset or ipfw if present # on BSD systems with PF no auto reloading happens. you must provide your own command # set to "-" to disable reload #LISTS_RELOAD="pfctl -f /etc/pf.conf" # override ports #HTTP_PORTS=80-81,85 #HTTPS_PORTS=443,500-501 #QUIC_PORTS=443,444 # CHOOSE OPERATION MODE # MODE : nfqws,tpws,tpws-socks,filter,custom # nfqws : nfqws for dpi desync # tpws : tpws transparent mode # tpws-socks : tpws socks mode # filter : no daemon, just create ipset or download hostlist # custom : custom mode. should modify custom init script and add your own code MODE=nfqws # apply fooling to http MODE_HTTP=0 # for nfqws only. support http keep alives. enable only if DPI checks for http request in any outgoing packet MODE_HTTP_KEEPALIVE=0 # apply fooling to https MODE_HTTPS=1 # apply fooling to quic MODE_QUIC=1 # none,ipset,hostlist,autohostlist MODE_FILTER=ipset,hostlist # CHOOSE NFQWS DAEMON OPTIONS for DPI desync mode. run "nfq/nfqws --help" for option list # SUFFIX VARS define additional lower priority desync profile. it's required if MODE_FILTER=hostlist and strategy has hostlist-incompatible 0-phase desync methods (syndata,wssize) DESYNC_MARK=0x40000000 DESYNC_MARK_POSTNAT=0x20000000 NFQWS_OPT_DESYNC="--dpi-desync=fake,disorder2 --dpi-desync-ttl=0 --dpi-desync-ttl6=0 --dpi-desync-fooling=md5sig,badseq --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin" #NFQWS_OPT_DESYNC_SUFFIX="--dpi-desync=syndata" #NFQWS_OPT_DESYNC_HTTP="--dpi-desync=fake --dpi-desync-ttl=2 --dpi-desync-fake-http=0x00000000 --hostlist=/opt/zapret/ipset/zapret-hosts-user.txt --new --dpi-desync=fake,disorder2 --dpi-desync-ttl=2 --dpi-desync-fooling=badsum" #NFQWS_OPT_DESYNC_HTTP_SUFFIX="--dpi-desync=syndata" #NFQWS_OPT_DESYNC_HTTPS="--dpi-desync=split --dpi-desync-split-pos=3 --dpi-desync-ttl=2 --dpi-desync-repeats=6 --hostlist=/opt/zapret/ipset/zapret-hosts-user.txt --new --dpi-desync=fake,disorder2 --dpi-desync-ttl=2 --dpi-desync-fooling=badsum" #NFQWS_OPT_DESYNC_HTTPS_SUFFIX="--wssize 1:6" #NFQWS_OPT_DESYNC_HTTP6="" #NFQWS_OPT_DESYNC_HTTP6_SUFFIX="--dpi-desync=syndata" #NFQWS_OPT_DESYNC_HTTPS6="" #NFQWS_OPT_DESYNC_HTTPS6_SUFFIX="--wssize 1:6" NFQWS_OPT_DESYNC_QUIC="--dpi-desync-fake --dpi-desync-repeats=6" #NFQWS_OPT_DESYNC_QUIC_SUFFIX="" #NFQWS_OPT_DESYNC_QUIC6="--dpi-desync=hopbyhop" #NFQWS_OPT_DESYNC_QUIC6_SUFFIX="" # CHOOSE TPWS DAEMON OPTIONS. run "tpws/tpws --help" for option list TPWS_OPT="--split-pos=2 --split-http-req=method --oob" # openwrt only : donttouch,none,software,hardware FLOWOFFLOAD=none # openwrt: specify networks to be treated as LAN. default is "lan" #OPENWRT_LAN="lan lan2 lan3" # openwrt: specify networks to be treated as WAN. default wans are interfaces with default route #OPENWRT_WAN4="wan vpn" #OPENWRT_WAN6="wan6 vpn6" # for routers based on desktop linux and macos. has no effect in openwrt. # CHOOSE LAN and optinally WAN/WAN6 NETWORK INTERFACES # or leave them commented if its not router # it's possible to specify multiple interfaces like this : IFACE_LAN="eth0 eth1 eth2" # if IFACE_WAN6 is not defined it take the value of IFACE_WAN #IFACE_LAN=eth0 #IFACE_WAN= #IFACE_WAN6="ipsec0 wireguard0 he_net" # should start/stop command of init scripts apply firewall rules ? # not applicable to openwrt with firewall3+iptables INIT_APPLY_FW=1 # firewall apply hooks #INIT_FW_PRE_UP_HOOK="/etc/firewall.zapret.hook.pre_up" #INIT_FW_POST_UP_HOOK="/etc/firewall.zapret.hook.post_up" #INIT_FW_PRE_DOWN_HOOK="/etc/firewall.zapret.hook.pre_down" #INIT_FW_POST_DOWN_HOOK="/etc/firewall.zapret.hook.post_down" # do not work with ipv4 #DISABLE_IPV4=1 # do not work with ipv6 DISABLE_IPV6=1 # select which init script will be used to get ip or host list # possible values : get_user.sh get_antizapret.sh get_combined.sh get_reestr.sh get_hostlist.sh # comment if not required GETLIST=get_antifilter_ipsmart.sh

[Unit] Description=Compatibility rc.local ConditionPathExists=/etc/rc.d/rc.local [Service] Type=forking ExecStart=/etc/rc.d/rc.local TimeoutSec=0 StandardOutput=tty RemainAfterExit=yes [Install] WantedBy=multi-user.target

COMSS dns

spoofDPI

tor

zapret

Список url для обхода замедления youtube

COMSS dns

spoofDPI

tor

zapret

Список url для обхода замедления youtube

Список `url` для обхода замедления youtube

Список `url` для обхода замедления youtube