2024-10-28 06:32:24 +00:00
|
|
|
# this custom script in addition to MODE=nfqws runs desync of some udp packets to discord subnets
|
|
|
|
# idea taken from community. not tested and not optimized by author.
|
|
|
|
|
|
|
|
# can override in config :
|
|
|
|
NFQWS_OPT_DESYNC_DISCORD="${NFQWS_OPT_DESYNC_DISCORD:---dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-any-protocol}"
|
2024-10-13 13:10:55 +00:00
|
|
|
DISCORD_PORTS=${DISCORD_PORTS:-50000-50099}
|
2024-10-28 06:32:24 +00:00
|
|
|
DISCORD_SUBNETS="${DISCORD_SUBNETS:-5.200.14.249 18.165.140.0/25 23.227.38.74 34.0.48.0/24 34.0.49.64/26 34.0.50.0/25 34.0.51.0/24 34.0.52.0/22 34.0.56.0/23 34.0.59.0/24 34.0.60.0/24 34.0.62.128/25 34.0.63.228 34.0.64.0/23 34.0.66.130 34.0.82.140 34.0.129.128/25 34.0.130.0/24 34.0.131.130 34.0.132.139 34.0.133.75 34.0.134.0/24 34.0.135.251 34.0.136.51 34.0.137.0/24 34.0.139.0/24 34.0.140.0/23 34.0.142.0/25 34.0.144.0/23 34.0.146.0/24 34.0.148.25 34.0.149.101 34.0.151.0/25 34.0.153.0/24 34.0.155.0/24 34.0.156.101 34.0.157.0/25 34.0.158.247 34.0.159.188 34.0.192.0/25 34.0.193.0/24 34.0.194.0/24 34.0.195.172 34.0.196.200/29 34.0.197.81 34.0.198.25 34.0.199.0/24 34.0.200.0/24 34.0.201.81 34.0.202.34 34.0.203.0/24 34.0.204.0/23 34.0.206.0/25 34.0.207.0/25 34.0.208.195 34.0.209.0/24 34.0.210.20 34.0.211.0/26 34.0.212.0/24 34.0.213.64/26 34.0.215.128/25 34.0.216.238 34.0.217.0/24 34.0.218.83 34.0.220.103 34.0.221.0/24 34.0.222.193 34.0.223.68 34.0.227.0/24 34.0.240.0/21 34.0.248.0/23 34.0.250.0/24 34.0.251.0/25 34.1.216.0/24 34.1.221.166 35.207.64.0/23 35.207.67.116 35.207.71.0/24 35.207.72.32 35.207.73.0/24 35.207.74.0/24 35.207.75.128/25 35.207.76.128/26 35.207.77.0/24 35.207.78.129 35.207.79.0/24 35.207.80.76 35.207.81.248/30 35.207.82.0/23 35.207.84.0/24 35.207.85.160 35.207.86.41 35.207.87.184 35.207.89.188 35.207.91.146 35.207.92.230 35.207.95.0/24 35.207.97.174 35.207.99.134 35.207.100.64/26 35.207.101.130 35.207.103.64/26 35.207.104.0/24 35.207.106.128/26 35.207.107.19 35.207.108.192/27 35.207.109.185 35.207.110.0/24 35.207.111.174 35.207.114.16 35.207.115.163 35.207.116.51 35.207.117.0/24 35.207.121.204 35.207.122.0/25 35.207.124.145 35.207.125.116 35.207.126.30 35.207.129.0/24 35.207.131.128/27 35.207.132.247 35.207.135.147 35.207.136.69 35.207.137.0/24 35.207.139.0/24 35.207.140.241 35.207.141.119 35.207.142.0/24 35.207.143.96/27 35.207.144.0/25 35.207.145.0/24 35.207.146.89 35.207.147.0/24 35.207.149.0/24 35.207.150.0/24 35.207.151.61 35.207.153.117 35.207.154.0/24 35.207.155.128/25 35.207.156.254 35.207.157.7 35.207.158.192 35.207.160.160 35.207.162.239 35.207.163.0/24 35.207.164.0/25 35.207.165.147 35.207.166.0/25 35.207.167.0/24 35.207.168.116 35.207.170.0/23 35.207.172.0/24 35.207.174.55 35.207.176.128/25 35.207.178.0/24 35.207.180.152 35.207.181.76 35.207.182.125 35.207.184.101 35.207.185.192 35.207.186.128/25 35.207.187.228 35.207.188.0/24 35.207.189.0/25 35.207.190.194 35.207.191.64/26 35.207.193.165 35.207.195.75 35.207.196.0/24 35.207.198.0/23 35.207.201.186 35.207.202.169 35.207.205.211 35.207.207.4 35.207.209.0/25 35.207.210.191 35.207.211.253 35.207.213.97 35.207.214.0/24 35.207.220.147 35.207.221.58 35.207.222.105 35.207.224.151 35.207.225.210 35.207.227.0/24 35.207.229.212 35.207.232.26 35.207.234.182 35.207.238.0/24 35.207.240.0/24 35.207.245.0/24 35.207.249.0/24 35.207.250.212 35.207.251.0/27 35.212.4.134 35.212.12.148 35.212.88.11 35.212.102.50 35.212.111.0/26 35.212.117.247 35.212.120.122 35.213.0.0/24 35.213.2.8 35.213.4.185 35.213.6.118 35.213.7.128/25 35.213.8.168 35.213.10.0/24 35.213.11.21 35.213.12.224/27 35.213.13.19 35.213.14.217 35.213.16.67 35.213.17.235 35.213.23.166 35.213.25.164 35.213.26.62 35.213.27.252 35.213.32.0/24 35.213.33.74 35.213.34.204 35.213.37.81 35.213.38.186 35.213.39.253 35.213.42.0/24 35.213.43.79 35.213.45.0/24 35.213.46.136 35.213.49.17 35.213.50.0/24 35.213.51.213 35.213.52.0/25 35.213.53.0/24 35.213.54.0/24 35.213.56.0/25 35.213.59.0/24 35.213.61.58 35.213.65.0/24 35.213.67.0/24 35.213.68.192/26 35.213.70.151 35.213.72.128/25 35.213.73.245 35.213.74.131 35.213.78.0/24 35.213.79.137 35.213.80.0/25 35.213.83.128/25 35.213.84.245 35.213.85.0/24 35.213.88.145 35.213.89.80/28 35.213.90.0/24 35.213.91.195 35.213.92.0/24 35.213.93.254 35.213.94.78 35.213.95.145 35.213.96.87 35.213.98.0/24 35.213.99.126 35.213.101.214 35.213.102.0/24 35.213.105.0/24 35.213.106.128/25 35.213.107.158 35.213.109.0/24 35.213.110.40 35.213.111.0/25 35.213.115.0/25 35.213.120.0/24 35.213.122.0/24 35.213.124.89 35.213.125.40 35.213.126.185 35.213.127.0/24 35.213.128.0/22 35.213.132.0/23 35.213.1
|
|
|
|
|
2024-10-12 18:28:51 +00:00
|
|
|
alloc_dnum DNUM_DISCORD
|
|
|
|
alloc_qnum QNUM_DISCORD
|
2024-10-28 06:32:24 +00:00
|
|
|
DISCORD_SET_NAME=discord
|
|
|
|
|
|
|
|
zapret_custom_daemons()
|
|
|
|
{
|
|
|
|
# $1 - 1 - run, 0 - stop
|
|
|
|
|
|
|
|
local opt="--qnum=$QNUM_DISCORD $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_DISCORD"
|
2024-10-12 18:28:51 +00:00
|
|
|
do_nfqws $1 $DNUM_DISCORD "$opt"
|
2024-10-28 06:32:24 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
zapret_custom_firewall()
|
|
|
|
{
|
|
|
|
# $1 - 1 - run, 0 - stop
|
|
|
|
|
|
|
|
local f
|
|
|
|
local first_packets_only="$ipt_connbytes 1:1"
|
|
|
|
local desync="-m mark ! --mark $DESYNC_MARK/$DESYNC_MARK"
|
|
|
|
local DISCORD_PORTS_IPT=$(replace_char - : $DISCORD_PORTS)
|
|
|
|
local dest_set="-m set --match-set $DISCORD_SET_NAME dst"
|
|
|
|
local subnet
|
|
|
|
|
|
|
|
local DISABLE_IPV6=1
|
|
|
|
|
|
|
|
[ "$1" = 1 ] && {
|
|
|
|
ipset create $DISCORD_SET_NAME hash:net hashsize 8192 maxelem 4096 2>/dev/null
|
|
|
|
ipset flush $DISCORD_SET_NAME
|
|
|
|
for subnet in $DISCORD_SUBNETS; do
|
|
|
|
echo add $DISCORD_SET_NAME $subnet
|
|
|
|
done | ipset -! restore
|
|
|
|
}
|
|
|
|
|
|
|
|
f="-p udp -m multiport --dports $DISCORD_PORTS_IPT"
|
|
|
|
fw_nfqws_post $1 "$f $desync $first_packets_only $dest_set" "" $QNUM_DISCORD
|
|
|
|
|
|
|
|
[ "$1" = 1 ] || {
|
2024-10-12 18:28:51 +00:00
|
|
|
ipset destroy $DISCORD_SET_NAME 2>/dev/null
|
2024-10-28 06:32:24 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
zapret_custom_firewall_nft()
|
|
|
|
{
|
|
|
|
# stop logic is not required
|
|
|
|
|
|
|
|
local f
|
|
|
|
local first_packets_only="$nft_connbytes 1"
|
|
|
|
local desync="mark and $DESYNC_MARK == 0"
|
|
|
|
local dest_set="ip daddr @$DISCORD_SET_NAME"
|
|
|
|
local subnets
|
|
|
|
|
|
|
|
local DISABLE_IPV6=1
|
|
|
|
|
|
|
|
make_comma_list subnets $DISCORD_SUBNETS
|
|
|
|
nft_create_set $DISCORD_SET_NAME "type ipv4_addr; size 4096; auto-merge; flags interval;"
|
|
|
|
nft_flush_set $DISCORD_SET_NAME
|
|
|
|
nft_add_set_element $DISCORD_SET_NAME "$subnets"
|
|
|
|
|
|
|
|
f="udp dport {$DISCORD_PORTS}"
|
|
|
|
nft_fw_nfqws_post "$f $desync $first_packets_only $dest_set" "" $QNUM_DISCORD
|
|
|
|
}
|
2024-10-13 10:52:50 +00:00
|
|
|
|
|
|
|
zapret_custom_firewall_nft_flush()
|
|
|
|
{
|
|
|
|
# this function is called after all nft fw rules are deleted
|
|
|
|
# however sets are not deleted. it's desired to clear sets here.
|
|
|
|
|
|
|
|
nft_del_set $DISCORD_SET_NAME 2>/dev/null
|
|
|
|
}
|