Zapret : Fix iptables on start.

2024-08-01 19:51:04 +03:00 · 2024-08-01 19:51:04 +03:00 · bc426526cf
parent 5f3a4ed284
commit bc426526cf
3 changed files with 54 additions and 15 deletions
--- a/container/Zapret.nix
+++ b/container/Zapret.nix
@ -52,7 +52,7 @@ in {
 				networking = {
 					firewall = {
 						extraCommands = ''
-							iptables -t mangle -I POSTROUTING -o "${config.container.interface}" -p tcp -m multiport --dports 80,443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass
+							iptables -t mangle -I POSTROUTING -p tcp -m multiport --dports 80,443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass
 						'';
 						#iptables -A OUTPUT -p tcp -m tcp --sport 443 --tcp-flags SYN,ACK SYN,ACK -j NFQUEUE --queue-num 200 --queue-bypass
 					};
@ -100,20 +100,58 @@ in {
 					};
 				};

-				systemd.services = {
+				systemd = {
+					timers = {
+						tor = {
+							timerConfig = {
+								OnBootSec = 5;
+								Unit      = "tor.service";
+							};
+							wantedBy = [ "timers.target" ];
+						};
+						zapret = {
+							timerConfig = {
+								OnBootSec = 5;
+								Unit      = "zapret.service";
+							};
+							wantedBy = [ "timers.target" ];
+						};
+						routes = {
+							timerConfig = {
+								OnBootSec = 5;
+								Unit      = "routes.service";
+							};
+							wantedBy = [ "timers.target" ];
+						};
+					};
+
+					services = {
+						tor.wantedBy = lib.mkForce [];
 						zapret = {
 							description = "FRKN";
-						wantedBy = [ "multi-user.target" ];
+							wantedBy = [ ];
 							requires = [ "network.target" ];
+							path = with pkgs; [ zapret ];
 							serviceConfig = {
 								ExecStart  = "${pkgs.zapret}/bin/nfqws --pidfile=/run/nfqws.pid --dpi-desync=disorder --dpi-desync-ttl=1 --dpi-desync-split-pos=3 --qnum=200";
-							Type       = "forking";
+								Type       = "simple";
 								PIDFile    = "/run/nfqws.pid";
 								ExecReload = "/bin/kill -HUP $MAINPID";
 								Restart    = "always";
 								RestartSec = "5s";
 							};
 						};
+						routes = {
+							description = "FRKN routes";
+							wantedBy = [ ];
+							requires = [ "network.target" ];
+							path = with pkgs; [ iptables ];
+							serviceConfig = {
+								ExecStart = "iptables -t mangle -I POSTROUTING -p tcp -m multiport --dports 80,443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass";
+								Type = "oneshot";
+							};
+						};
+					};
 				};
 			};
 		};
--- a/home/program/bash/module/Zapret.nix
+++ b/home/program/bash/module/Zapret.nix
@ -2,7 +2,7 @@
 	text = ''
 		# FRKN.
 		function zapret() {
-			iptables -t mangle -I POSTROUTING -o "enp4s0" -p tcp -m multiport --dports 80,443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass
+			iptables -t mangle -I POSTROUTING -p tcp -m multiport --dports 80,443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass
 			nfqws --pidfile=/run/nfqws.pid --dpi-desync=disorder --dpi-desync-ttl=1 --dpi-desync-split-pos=3 --qnum=200
 		}
 	'';
--- a/home/program/firefox/default.nix
+++ b/home/program/firefox/default.nix
@ -76,11 +76,12 @@ in {
 			};
 			"addon@darkreader.org"                   = mkExtension "https://addons.mozilla.org/firefox/downloads/latest/darkreader/latest.xpi";
 			"cliget@zaidabdulla.com"                 = mkExtension "https://addons.mozilla.org/firefox/downloads/latest/cliget/latest.xpi";
+			"foxyproxy@eric.h.jung"                  = mkExtension "https://addons.mozilla.org/firefox/downloads/latest/foxyproxy-standard/latest.xpi";
 			"uBlock0@raymondhill.net"                = mkExtension "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
 			"{446900e4-71c2-419f-a6a7-df9c091e268b}" = mkExtension "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi";
+			"{a6c4a591-f1b2-4f03-b3ff-767e5bedf4e7}" = mkExtension "https://addons.mozilla.org/firefox/downloads/latest/user-agent-string-switcher/latest.xpi";
 			"{d7742d87-e61d-4b78-b8a1-b469842139fa}" = mkExtension "https://addons.mozilla.org/firefox/downloads/latest/vimium-ff/latest.xpi";
 			"{e7625f06-e252-479d-ac7a-db68aeaff2cb}" = mkExtension "https://addons.mozilla.org/firefox/downloads/latest/togglefonts/latest.xpi";
-			"{a6c4a591-f1b2-4f03-b3ff-767e5bedf4e7}" = mkExtension "https://addons.mozilla.org/firefox/downloads/latest/user-agent-string-switcher/latest.xpi";
 			# NOTE: This extension is helpful to find the required parameters for this config.
 			# Or find them yourself inside the `about:support`.
 			# "queryamoid@kaply.com"                   = mkExtension "https://github.com/mkaply/queryamoid/releases/download/v0.1/query_amo_addon_id-0.1-fx.xpi";