diff --git a/config/Dpi.nix b/config/Dpi.nix index 5b5c3ee..0d8f8e3 100644 --- a/config/Dpi.nix +++ b/config/Dpi.nix @@ -67,14 +67,14 @@ in udpPorts = lib.concatStringsSep "," cfg.udpPorts; in '' - iptables -t mangle -I POSTROUTING -p tcp --dport 443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num ${qnum} --queue-bypass - '' + ip46tables -t mangle -I POSTROUTING -p tcp --dport 443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num ${qnum} --queue-bypass + '' + lib.optionalString (cfg.httpSupport) '' - iptables -t mangle -I POSTROUTING -p tcp --dport 80 ${httpParams} -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num ${qnum} --queue-bypass - '' + ip46tables -t mangle -I POSTROUTING -p tcp --dport 80 ${httpParams} -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num ${qnum} --queue-bypass + '' + lib.optionalString (cfg.udpSupport) '' - iptables -t mangle -A POSTROUTING -p udp -m multiport --dports ${udpPorts} -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num ${qnum} --queue-bypass - ''; + ip46tables -t mangle -A POSTROUTING -p udp -m multiport --dports ${udpPorts} -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num ${qnum} --queue-bypass + ''; }) ] ); diff --git a/host/x86_64-linux/home/default.nix b/host/x86_64-linux/home/default.nix index 8b99266..d20a003 100644 --- a/host/x86_64-linux/home/default.nix +++ b/host/x86_64-linux/home/default.nix @@ -22,16 +22,17 @@ }; dpi.bypass = { enable = true; + udpSupport = true; params = [ "--dpi-desync=fake,disorder2" "--dpi-desync-ttl=1" "--dpi-desync-autottl=2" - # "--dpi-desync-ttl6=1" - # "--dpi-desync-autottl6=2" + "--dpi-desync-ttl6=1" + "--dpi-desync-autottl6=2" - # "--dpi-desync-any-protocol" + "--dpi-desync-any-protocol" ]; whitelist = [ "youtube.com" @@ -44,6 +45,9 @@ "t-ru.org" "medium.com" ]; + udpPorts = [ + "443" + ]; }; amd = { cpu.enable = true;