Zapret : Fix iptables on start.
This commit is contained in:
parent
5f3a4ed284
commit
bc426526cf
|
@ -52,7 +52,7 @@ in {
|
||||||
networking = {
|
networking = {
|
||||||
firewall = {
|
firewall = {
|
||||||
extraCommands = ''
|
extraCommands = ''
|
||||||
iptables -t mangle -I POSTROUTING -o "${config.container.interface}" -p tcp -m multiport --dports 80,443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass
|
iptables -t mangle -I POSTROUTING -p tcp -m multiport --dports 80,443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass
|
||||||
'';
|
'';
|
||||||
#iptables -A OUTPUT -p tcp -m tcp --sport 443 --tcp-flags SYN,ACK SYN,ACK -j NFQUEUE --queue-num 200 --queue-bypass
|
#iptables -A OUTPUT -p tcp -m tcp --sport 443 --tcp-flags SYN,ACK SYN,ACK -j NFQUEUE --queue-num 200 --queue-bypass
|
||||||
};
|
};
|
||||||
|
@ -100,20 +100,58 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services = {
|
systemd = {
|
||||||
|
timers = {
|
||||||
|
tor = {
|
||||||
|
timerConfig = {
|
||||||
|
OnBootSec = 5;
|
||||||
|
Unit = "tor.service";
|
||||||
|
};
|
||||||
|
wantedBy = [ "timers.target" ];
|
||||||
|
};
|
||||||
|
zapret = {
|
||||||
|
timerConfig = {
|
||||||
|
OnBootSec = 5;
|
||||||
|
Unit = "zapret.service";
|
||||||
|
};
|
||||||
|
wantedBy = [ "timers.target" ];
|
||||||
|
};
|
||||||
|
routes = {
|
||||||
|
timerConfig = {
|
||||||
|
OnBootSec = 5;
|
||||||
|
Unit = "routes.service";
|
||||||
|
};
|
||||||
|
wantedBy = [ "timers.target" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services = {
|
||||||
|
tor.wantedBy = lib.mkForce [];
|
||||||
zapret = {
|
zapret = {
|
||||||
description = "FRKN";
|
description = "FRKN";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ ];
|
||||||
requires = [ "network.target" ];
|
requires = [ "network.target" ];
|
||||||
|
path = with pkgs; [ zapret ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${pkgs.zapret}/bin/nfqws --pidfile=/run/nfqws.pid --dpi-desync=disorder --dpi-desync-ttl=1 --dpi-desync-split-pos=3 --qnum=200";
|
ExecStart = "${pkgs.zapret}/bin/nfqws --pidfile=/run/nfqws.pid --dpi-desync=disorder --dpi-desync-ttl=1 --dpi-desync-split-pos=3 --qnum=200";
|
||||||
Type = "forking";
|
Type = "simple";
|
||||||
PIDFile = "/run/nfqws.pid";
|
PIDFile = "/run/nfqws.pid";
|
||||||
ExecReload = "/bin/kill -HUP $MAINPID";
|
ExecReload = "/bin/kill -HUP $MAINPID";
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
RestartSec = "5s";
|
RestartSec = "5s";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
routes = {
|
||||||
|
description = "FRKN routes";
|
||||||
|
wantedBy = [ ];
|
||||||
|
requires = [ "network.target" ];
|
||||||
|
path = with pkgs; [ iptables ];
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = "iptables -t mangle -I POSTROUTING -p tcp -m multiport --dports 80,443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass";
|
||||||
|
Type = "oneshot";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
text = ''
|
text = ''
|
||||||
# FRKN.
|
# FRKN.
|
||||||
function zapret() {
|
function zapret() {
|
||||||
iptables -t mangle -I POSTROUTING -o "enp4s0" -p tcp -m multiport --dports 80,443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass
|
iptables -t mangle -I POSTROUTING -p tcp -m multiport --dports 80,443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass
|
||||||
nfqws --pidfile=/run/nfqws.pid --dpi-desync=disorder --dpi-desync-ttl=1 --dpi-desync-split-pos=3 --qnum=200
|
nfqws --pidfile=/run/nfqws.pid --dpi-desync=disorder --dpi-desync-ttl=1 --dpi-desync-split-pos=3 --qnum=200
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -76,11 +76,12 @@ in {
|
||||||
};
|
};
|
||||||
"addon@darkreader.org" = mkExtension "https://addons.mozilla.org/firefox/downloads/latest/darkreader/latest.xpi";
|
"addon@darkreader.org" = mkExtension "https://addons.mozilla.org/firefox/downloads/latest/darkreader/latest.xpi";
|
||||||
"cliget@zaidabdulla.com" = mkExtension "https://addons.mozilla.org/firefox/downloads/latest/cliget/latest.xpi";
|
"cliget@zaidabdulla.com" = mkExtension "https://addons.mozilla.org/firefox/downloads/latest/cliget/latest.xpi";
|
||||||
|
"foxyproxy@eric.h.jung" = mkExtension "https://addons.mozilla.org/firefox/downloads/latest/foxyproxy-standard/latest.xpi";
|
||||||
"uBlock0@raymondhill.net" = mkExtension "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
|
"uBlock0@raymondhill.net" = mkExtension "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
|
||||||
"{446900e4-71c2-419f-a6a7-df9c091e268b}" = mkExtension "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi";
|
"{446900e4-71c2-419f-a6a7-df9c091e268b}" = mkExtension "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi";
|
||||||
|
"{a6c4a591-f1b2-4f03-b3ff-767e5bedf4e7}" = mkExtension "https://addons.mozilla.org/firefox/downloads/latest/user-agent-string-switcher/latest.xpi";
|
||||||
"{d7742d87-e61d-4b78-b8a1-b469842139fa}" = mkExtension "https://addons.mozilla.org/firefox/downloads/latest/vimium-ff/latest.xpi";
|
"{d7742d87-e61d-4b78-b8a1-b469842139fa}" = mkExtension "https://addons.mozilla.org/firefox/downloads/latest/vimium-ff/latest.xpi";
|
||||||
"{e7625f06-e252-479d-ac7a-db68aeaff2cb}" = mkExtension "https://addons.mozilla.org/firefox/downloads/latest/togglefonts/latest.xpi";
|
"{e7625f06-e252-479d-ac7a-db68aeaff2cb}" = mkExtension "https://addons.mozilla.org/firefox/downloads/latest/togglefonts/latest.xpi";
|
||||||
"{a6c4a591-f1b2-4f03-b3ff-767e5bedf4e7}" = mkExtension "https://addons.mozilla.org/firefox/downloads/latest/user-agent-string-switcher/latest.xpi";
|
|
||||||
# NOTE: This extension is helpful to find the required parameters for this config.
|
# NOTE: This extension is helpful to find the required parameters for this config.
|
||||||
# Or find them yourself inside the `about:support`.
|
# Or find them yourself inside the `about:support`.
|
||||||
# "queryamoid@kaply.com" = mkExtension "https://github.com/mkaply/queryamoid/releases/download/v0.1/query_amo_addon_id-0.1-fx.xpi";
|
# "queryamoid@kaply.com" = mkExtension "https://github.com/mkaply/queryamoid/releases/download/v0.1/query_amo_addon_id-0.1-fx.xpi";
|
||||||
|
|
Loading…
Reference in a new issue