admin/keenetic-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
keenetic-configs/opt/etc/nfqws/nfqws.conf
vchikalkin 1a24b62ed7 nfqws: add files
2026-03-17 15:31:46 +03:00

55 lines
2.8 KiB
Plaintext
Raw Blame History

# Provider network interface, e.g. eth3
# You can specify multiple interfaces separated by space, e.g. ISP_INTERFACE="eth3 nwg1"
ISP_INTERFACE="eth3"
# All arguments here: https://github.com/bol-van/zapret (search for `nfqws` on the page)
# HTTP(S) strategy
#NFQWS_ARGS="--dpi-desync=fakedsplit --dpi-desync-split-pos=1 --dpi-desync-ttl=0 --dpi-desync-repeats=16 --dpi-desync-fooling=md5sig --dpi-desync-fake-tls-mod=padencap --dpi-desync-fake-tls=/opt/etc/nfqws/tls_clienthello.bin"
#NFQWS_ARGS="--dpi-desync=fake,multidisorder --dpi-desync-split-pos=1,midsld --dpi-desync-repeats=11 --dpi-desync-fooling=md5sig --dpi-desync-fake-tls-mod=rnd,dupsid,sni=www.google.com"
#NFQWS_ARGS="--dpi-desync=fake,multidisorder --dpi-desync-fake-tls=0x00000000 --dpi-desync-fake-tls=! --dpi-desync-split-pos=1,midsld --dpi-desync-repeats=2 --dpi-desync-fooling=badseq --dpi-desync-fake-tls-mod=rnd,dupsid,sni=www.google.com"
#NFQWS_ARGS="--dpi-desync=fake,multisplit --dpi-desync-fake-tls=0x00000000 --dpi-desync-fake-tls=! --dpi-desync-split-pos=1,midsld --dpi-desync-repeats=2 --dpi-desync-fooling=badseq --dpi-desync-fake-tls-mod=rnd,dupsid,sni=www.google.com"
NFQWS_ARGS="--ip-id=zero --dpi-desync=fake,multisplit --dpi-desync-split-seqovl=681 --dpi-desync-split-pos=1 --dpi-desync-fooling=ts --dpi-desync-repeats=8 --dpi-desync-fake-tls-mod=rnd,dupsid,sni=www.google.com"
# QUIC strategy
NFQWS_ARGS_QUIC="--filter-udp=443 --dpi-desync=fake --dpi-desync-repeats=11 --dpi-desync-fake-quic=/opt/etc/nfqws/quic_initial.bin"
# UDP strategy (doesn't use lists from NFQWS_EXTRA_ARGS)
NFQWS_ARGS_UDP="--filter-udp=590-600,1400,3478-3481,5349,19294-19344,50000-65535 --filter-l7=discord,stun --dpi-desync=fake --dpi-desync-repeats=6"
# Working modes, don't change
MODE_LIST="--hostlist=/opt/etc/nfqws/user.list"
MODE_ALL="--hostlist-exclude=/opt/etc/nfqws/exclude.list"
MODE_AUTO="$MODE_LIST --hostlist-auto=/opt/etc/nfqws/auto.list --hostlist-auto-debug=/opt/var/log/nfqws.log $MODE_ALL"
# $MODE_AUTO - automatically detects blocked resources and adds them to the auto.list
# $MODE_LIST - applies rules only to domains in the user.list
# $MODE_ALL - applies rules to all traffic except domains from exclude.list
NFQWS_EXTRA_ARGS="$MODE_LIST"
# IP-lists
NFQWS_ARGS_IPSET="--ipset=/opt/etc/nfqws/ipset.list --ipset-exclude=/opt/etc/nfqws/ipset_exclude.list"
# Custom arguments, e.g. NFQWS_ARGS_CUSTOM="--filter-tcp=80 --dpi-desync=fakedsplit --new --filter-tcp=443 --dpi-desync=fake"
NFQWS_ARGS_CUSTOM=""
# IPv6 support
IPV6_ENABLED=0
# TCP ports for iptables rules
TCP_PORTS=443,2053,2083,2087,2096,8443
# UDP ports for iptables rules
UDP_PORTS=443,590:600,1400,3478:3481,5349,19294:19344,50000:65535
# Keenetic policy name
POLICY_NAME="nfqws"
# Policy mode (0 - include, 1 - exclude)
POLICY_EXCLUDE=0
# Syslog logging level (0 - silent, 1 - debug)
LOG_LEVEL=0
NFQUEUE_NUM=200
USER=nobody
CONFIG_VERSION=8
Reference in New Issue View Git Blame Copy Permalink