From f7bca9c60e468a334c5ae16bf60a767433a46580 Mon Sep 17 00:00:00 2001 From: yaroslav Date: Sun, 2 Nov 2025 21:49:54 +0300 Subject: [PATCH] fuck zapret --- flake.lock | 79 ++++--- flake.nix | 11 +- hosts/generic/zapret.nix | 448 --------------------------------------- 3 files changed, 57 insertions(+), 481 deletions(-) delete mode 100644 hosts/generic/zapret.nix diff --git a/flake.lock b/flake.lock index 4db4167..220e2ad 100644 --- a/flake.lock +++ b/flake.lock @@ -92,6 +92,24 @@ "type": "indirect" } }, + "flake-utils_3": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "flakey-profile": { "locked": { "lastModified": 1712898590, @@ -333,16 +351,16 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1716044191, - "narHash": "sha256-V/JRCf9iOKGMmmMCs/K1n+vOP01Y7ZPJntHXxDEvzWM=", + "lastModified": 1761114652, + "narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fdfdc52e33e11634eb7b37f65e96e63d1beb7e45", + "rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c", "type": "github" }, "original": { "owner": "NixOS", - "ref": "master", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -358,7 +376,7 @@ "nixpkgs-stable": "nixpkgs-stable", "nixpkgs-unstable": "nixpkgs-unstable", "yandex-music": "yandex-music", - "zapret": "zapret" + "zapret-discord-youtube": "zapret-discord-youtube" } }, "rust-overlay": { @@ -412,6 +430,21 @@ "type": "github" } }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "yandex-music": { "inputs": { "flake-utils": "flake-utils_2", @@ -444,38 +477,22 @@ "url": "https://music-desktop-application.s3.yandex.net/stable/Yandex_Music_x64_5.69.1.exe" } }, - "zapret": { + "zapret-discord-youtube": { "inputs": { - "nixpkgs": "nixpkgs_3", - "zapret-src": "zapret-src" + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1749371039, - "narHash": "sha256-EVIawvOWpEBduVzez0alq12WVH7vjmKJK8rvbQVIzls=", - "owner": "n0vvvonder", - "repo": "zapret-flake.nix", - "rev": "3eadb90423a3a67ff4e5bc7fbd0f015cee62f267", + "lastModified": 1761153471, + "narHash": "sha256-7+AEk4GpFyMQXWnk7unWti/2pnYcjBLMiaL7Aqj1ULg=", + "owner": "kartavkun", + "repo": "zapret-discord-youtube", + "rev": "045baa0d58680456c53c3b5421df464aef59e767", "type": "github" }, "original": { - "owner": "n0vvvonder", - "repo": "zapret-flake.nix", - "type": "github" - } - }, - "zapret-src": { - "flake": false, - "locked": { - "lastModified": 1724486371, - "narHash": "sha256-wnjRnUhdPBHrrk+LwhEbmKm1OyfwcLCbf2H4morw5vY=", - "owner": "bol-van", - "repo": "zapret", - "rev": "faea968cd4ab24887236051ad4bcbbd0a824c734", - "type": "github" - }, - "original": { - "owner": "bol-van", - "repo": "zapret", + "owner": "kartavkun", + "repo": "zapret-discord-youtube", "type": "github" } } diff --git a/flake.nix b/flake.nix index 008aecd..5b30430 100644 --- a/flake.nix +++ b/flake.nix @@ -26,11 +26,11 @@ url = "git+https://git.lix.systems/lix-project/nixos-module"; inputs.nixpkgs.follows = "nixpkgs-unstable"; }; - zapret.url = "github:n0vvvonder/zapret-flake.nix"; + zapret-discord-youtube.url = "github:kartavkun/zapret-discord-youtube"; chaotic.url = "github:chaotic-cx/nyx/nyxpkgs-unstable"; }; - outputs = { self, nixpkgs-unstable, impermanence, home-manager, zapret, nixpkgs-stable, hm-stable, lix-module, asus-numberpad-driver, chaotic, ...}@inputs: { + outputs = { self, nixpkgs-unstable, impermanence, home-manager, nixpkgs-stable, hm-stable, lix-module, asus-numberpad-driver, chaotic, zapret-discord-youtube, ...}@inputs: { nixosConfigurations = { Ratchet = nixpkgs-unstable.lib.nixosSystem { system = "x86_64-linux"; @@ -98,6 +98,13 @@ ]; }; } + zapret-discord-youtube.nixosModules.default { + services.zapret-discord-youtube = { + enable = true; + config = "general(ALT2)"; # Или любой конфиг из папки configs (general, general(ALT), general (SIMPLE FAKE) и т.д.) + firewallType = "iptables"; + }; + } ]; }; Qwark = nixpkgs-stable.lib.nixosSystem { diff --git a/hosts/generic/zapret.nix b/hosts/generic/zapret.nix deleted file mode 100644 index e7ad882..0000000 --- a/hosts/generic/zapret.nix +++ /dev/null @@ -1,448 +0,0 @@ -{ ... }: -{ - services.zapret = { - enable = true; - configureFirewall = false; - params = [ - ''--filter-udp=443 --dpi-desync=fake --dpi-desync-repeats=6 --new'' - ''--filter-udp=50000-50100 --filter-l7=discord,stun --dpi-desync=fake --dpi-desync-repeats=6 --new'' - ''--filter-tcp=80 --dpi-desync=fake,multisplit --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig --new'' - ''--filter-tcp=443 --dpi-desync=multisplit --dpi-desync-split-seqovl=652 --dpi-desync-split-pos=2 --new'' - ''--filter-udp=443 --dpi-desync=fake --dpi-desync-repeats=6 --new'' - ''--filter-tcp=80 --dpi-desync=fake,multisplit --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig --new'' - ]; - - }; - networking.nftables.ruleset = '' - table inet zapret { - set zapret { - type ipv4_addr - size 522288 - flags interval - auto-merge - } - - set ipban { - type ipv4_addr - size 522288 - flags interval - auto-merge - } - - set nozapret { - type ipv4_addr - size 65536 - flags interval - auto-merge - elements = { 10.0.0.0/8, 169.254.0.0/16, - 172.16.0.0/12, 192.168.0.0/16 } - } - - set lanif { - type ifname - } - - set wanif { - type ifname - } - - set wanif6 { - type ifname - } - - map link_local { - type ifname : ipv6_addr - } - - set discord { - type ipv4_addr - size 4096 - flags interval - auto-merge - elements = { 5.200.14.249, 18.165.140.0/25, - 23.227.38.74, 34.0.48.0/24, - 34.0.49.64/26, 34.0.50.0/25, - 34.0.51.0-34.0.57.255, 34.0.59.0-34.0.60.255, - 34.0.62.128/25, 34.0.63.228, - 34.0.64.0/23, 34.0.66.130, - 34.0.82.140, 34.0.129.128-34.0.130.255, - 34.0.131.130, 34.0.132.139, - 34.0.133.75, 34.0.134.0/24, - 34.0.135.251, 34.0.136.51, - 34.0.137.0/24, 34.0.139.0-34.0.142.127, - 34.0.144.0-34.0.146.255, 34.0.148.25, - 34.0.149.101, 34.0.151.0/25, - 34.0.153.0/24, 34.0.155.0/24, - 34.0.156.101, 34.0.157.0/25, - 34.0.158.247, 34.0.159.188, - 34.0.192.0/25, 34.0.193.0-34.0.194.255, - 34.0.195.172, 34.0.196.200/29, - 34.0.197.81, 34.0.198.25, - 34.0.199.0-34.0.200.255, 34.0.201.81, - 34.0.202.34, 34.0.203.0-34.0.206.127, - 34.0.207.0/25, 34.0.208.195, - 34.0.209.0/24, 34.0.210.20, - 34.0.211.0/26, 34.0.212.0/24, - 34.0.213.64/26, 34.0.215.128/25, - 34.0.216.238, 34.0.217.0/24, - 34.0.218.83, 34.0.220.103, - 34.0.221.0/24, 34.0.222.193, - 34.0.223.68, 34.0.227.0/24, - 34.0.240.0-34.0.251.127, 34.1.216.0/24, - 34.1.221.166, 35.207.64.0/23, - 35.207.67.116, 35.207.71.0/24, - 35.207.72.32, 35.207.73.0-35.207.74.255, - 35.207.75.128/25, 35.207.76.128/26, - 35.207.77.0/24, 35.207.78.129, - 35.207.79.0/24, 35.207.80.76, - 35.207.81.248/30, 35.207.82.0-35.207.84.255, - 35.207.85.160, 35.207.86.41, - 35.207.87.184, 35.207.89.188, - 35.207.91.146, 35.207.92.230, - 35.207.95.0/24, 35.207.97.174, - 35.207.99.134, 35.207.100.64/26, - 35.207.101.130, 35.207.103.64/26, - 35.207.104.0/24, 35.207.106.128/26, - 35.207.107.19, 35.207.108.192/27, - 35.207.109.185, 35.207.110.0/24, - 35.207.111.174, 35.207.114.16, - 35.207.115.163, 35.207.116.51, - 35.207.117.0/24, 35.207.121.204, - 35.207.122.0/25, 35.207.124.145, - 35.207.125.116, 35.207.126.30, - 35.207.129.0/24, 35.207.131.128/27, - 35.207.132.247, 35.207.135.147, - 35.207.136.69, 35.207.137.0/24, - 35.207.139.0/24, 35.207.140.241, - 35.207.141.119, 35.207.142.0/24, - 35.207.143.96/27, 35.207.144.0/25, - 35.207.145.0/24, 35.207.146.89, - 35.207.147.0/24, 35.207.149.0-35.207.150.255, - 35.207.151.61, 35.207.153.117, - 35.207.154.0/24, 35.207.155.128/25, - 35.207.156.254, 35.207.157.7, - 35.207.158.192, 35.207.160.160, - 35.207.162.239, 35.207.163.0-35.207.164.127, - 35.207.165.147, 35.207.166.0/25, - 35.207.167.0/24, 35.207.168.116, - 35.207.170.0-35.207.172.255, 35.207.174.55, - 35.207.176.128/25, 35.207.178.0/24, - 35.207.180.152, 35.207.181.76, - 35.207.182.125, 35.207.184.101, - 35.207.185.192, 35.207.186.128/25, - 35.207.187.228, 35.207.188.0-35.207.189.127, - 35.207.190.194, 35.207.191.64/26, - 35.207.193.165, 35.207.195.75, - 35.207.196.0/24, 35.207.198.0/23, - 35.207.201.186, 35.207.202.169, - 35.207.205.211, 35.207.207.4, - 35.207.209.0/25, 35.207.210.191, - 35.207.211.253, 35.207.213.97, - 35.207.214.0/24, 35.207.220.147, - 35.207.221.58, 35.207.222.105, - 35.207.224.151, 35.207.225.210, - 35.207.227.0/24, 35.207.229.212, - 35.207.232.26, 35.207.234.182, - 35.207.238.0/24, 35.207.240.0/24, - 35.207.245.0/24, 35.207.249.0/24, - 35.207.250.212, 35.207.251.0/27, - 35.212.4.134, 35.212.12.148, - 35.212.88.11, 35.212.102.50, - 35.212.111.0/26, 35.212.117.247, - 35.212.120.122, 35.213.0.0/24, - 35.213.2.8, 35.213.4.185, - 35.213.6.118, 35.213.7.128/25, - 35.213.8.168, 35.213.10.0/24, - 35.213.11.21, 35.213.12.224/27, - 35.213.13.19, 35.213.14.217, - 35.213.16.67, 35.213.17.235, - 35.213.23.166, 35.213.25.164, - 35.213.26.62, 35.213.27.252, - 35.213.32.0/24, 35.213.33.74, - 35.213.34.204, 35.213.37.81, - 35.213.38.186, 35.213.39.253, - 35.213.42.0/24, 35.213.43.79, - 35.213.45.0/24, 35.213.46.136, - 35.213.49.17, 35.213.50.0/24, - 35.213.51.213, 35.213.52.0/25, - 35.213.53.0-35.213.54.255, 35.213.56.0/25, - 35.213.59.0/24, 35.213.61.58, - 35.213.65.0/24, 35.213.67.0/24, - 35.213.68.192/26, 35.213.70.151, - 35.213.72.128/25, 35.213.73.245, - 35.213.74.131, 35.213.78.0/24, - 35.213.79.137, 35.213.80.0/25, - 35.213.83.128/25, 35.213.84.245, - 35.213.85.0/24, 35.213.88.145, - 35.213.89.80/28, 35.213.90.0/24, - 35.213.91.195, 35.213.92.0/24, - 35.213.93.254, 35.213.94.78, - 35.213.95.145, 35.213.96.87, - 35.213.98.0/24, 35.213.99.126, - 35.213.101.214, 35.213.102.0/24, - 35.213.105.0/24, 35.213.106.128/25, - 35.213.107.158, 35.213.109.0/24, - 35.213.110.40, 35.213.111.0/25, - 35.213.115.0/25, 35.213.120.0/24, - 35.213.122.0/24, 35.213.124.89, - 35.213.125.40, 35.213.126.185, - 35.213.127.0-35.213.133.255, 35.213.134.140, - 35.213.135.0-35.213.137.255, 35.213.138.128-35.213.140.127, - 35.213.141.164, 35.213.142.128-35.213.150.255, - 35.213.152.0/23, 35.213.154.137, - 35.213.155.134, 35.213.156.144, - 35.213.157.0/24, 35.213.158.64/26, - 35.213.160.90, 35.213.161.253, - 35.213.162.0/25, 35.213.163.0-35.213.165.255, - 35.213.166.106, 35.213.167.160/27, - 35.213.168.0/24, 35.213.169.179, - 35.213.170.0/24, 35.213.171.201, - 35.213.172.159, 35.213.173.0/24, - 35.213.174.128/25, 35.213.175.128/26, - 35.213.176.0-35.213.177.127, 35.213.179.139, - 35.213.180.0-35.213.181.127, 35.213.182.0-35.213.185.255, - 35.213.186.70, 35.213.187.0/24, - 35.213.188.128/25, 35.213.190.158, - 35.213.191.0/24, 35.213.192.240/31, - 35.213.193.74, 35.213.194.0/25, - 35.213.195.178, 35.213.196.38, - 35.213.197.68, 35.213.198.0-35.213.202.127, - 35.213.203.195, 35.213.204.32/27, - 35.213.205.170, 35.213.207.128/25, - 35.213.208.85, 35.213.210.0/24, - 35.213.211.176/29, 35.213.212.0/24, - 35.213.213.225, 35.213.214.0/25, - 35.213.215.255, 35.213.217.0/24, - 35.213.218.248, 35.213.219.0/25, - 35.213.220.211, 35.213.221.0/24, - 35.213.222.215, 35.213.223.0/24, - 35.213.225.0/24, 35.213.227.227, - 35.213.229.17, 35.213.230.89, - 35.213.231.0/24, 35.213.233.0/24, - 35.213.234.134, 35.213.236.0/24, - 35.213.237.212, 35.213.238.0/24, - 35.213.240.212, 35.213.241.0/24, - 35.213.242.10, 35.213.243.219, - 35.213.244.146, 35.213.245.119, - 35.213.246.0/23, 35.213.249.79, - 35.213.250.0/24, 35.213.251.74, - 35.213.252.0/24, 35.213.253.155, - 35.213.254.89, 35.214.128.248, - 35.214.129.220, 35.214.130.217, - 35.214.131.144, 35.214.132.189, - 35.214.133.0/24, 35.214.134.163, - 35.214.137.0-35.214.138.127, 35.214.140.0/24, - 35.214.142.0/24, 35.214.143.41, - 35.214.144.26, 35.214.145.200, - 35.214.146.9, 35.214.147.135, - 35.214.148.89, 35.214.149.110, - 35.214.151.128-35.214.152.255, 35.214.156.115, - 35.214.158.181, 35.214.159.128/25, - 35.214.160.128/25, 35.214.161.217, - 35.214.162.0/24, 35.214.163.28, - 35.214.165.102, 35.214.167.77, - 35.214.169.0/24, 35.214.170.2, - 35.214.171.0/25, 35.214.172.128-35.214.173.255, - 35.214.175.0/24, 35.214.177.183, - 35.214.179.46, 35.214.180.0/23, - 35.214.184.179, 35.214.185.28, - 35.214.186.3, 35.214.187.0/24, - 35.214.191.0/24, 35.214.192.128-35.214.193.255, - 35.214.194.128-35.214.195.127, 35.214.196.64/26, - 35.214.197.0/24, 35.214.198.7, - 35.214.199.224, 35.214.201.0/25, - 35.214.203.155, 35.214.204.0/23, - 35.214.207.0/24, 35.214.208.128/25, - 35.214.209.64, 35.214.210.0/24, - 35.214.211.3, 35.214.212.64/26, - 35.214.213.0/25, 35.214.214.0/24, - 35.214.215.64/26, 35.214.216.0/23, - 35.214.218.140, 35.214.219.0/24, - 35.214.220.149, 35.214.221.0/24, - 35.214.222.149, 35.214.223.0/24, - 35.214.224.71, 35.214.225.0-35.214.229.255, - 35.214.231.187, 35.214.233.8, - 35.214.235.38, 35.214.237.0-35.214.238.127, - 35.214.239.0/24, 35.214.240.87, - 35.214.241.0/24, 35.214.243.21, - 35.214.244.0/24, 35.214.245.16/28, - 35.214.246.106, 35.214.248.119, - 35.214.249.154, 35.214.250.0/24, - 35.214.251.128/25, 35.214.252.187, - 35.214.253.0/24, 35.214.255.154, - 35.215.72.85, 35.215.73.65, - 35.215.83.0, 35.215.108.111, - 35.215.115.120, 35.215.126.35, - 35.215.127.34, 35.215.128.0-35.215.136.63, - 35.215.137.0-35.215.140.255, 35.215.141.64/27, - 35.215.142.0/24, 35.215.143.83, - 35.215.144.128-35.215.146.255, 35.215.147.86, - 35.215.148.0-35.215.150.63, 35.215.151.0-35.215.152.255, - 35.215.153.128/25, 35.215.154.240/28, - 35.215.155.20, 35.215.156.0/24, - 35.215.158.0/23, 35.215.160.192-35.215.161.255, - 35.215.163.0-35.215.164.255, 35.215.165.236, - 35.215.166.128/25, 35.215.167.128-35.215.168.255, - 35.215.169.12, 35.215.170.0-35.215.176.255, - 35.215.177.72, 35.215.178.0/24, - 35.215.179.161, 35.215.180.0/22, - 35.215.184.253, 35.215.185.64/26, - 35.215.186.0/25, 35.215.187.0-35.215.190.255, - 35.215.191.61, 35.215.192.0/23, - 35.215.194.192/28, 35.215.195.0-35.215.196.127, - 35.215.197.0/25, 35.215.198.230, - 35.215.199.204, 35.215.200.0-35.215.203.127, - 35.215.204.128-35.215.205.127, 35.215.206.0-35.215.209.127, - 35.215.210.0-35.215.219.255, 35.215.221.0/24, - 35.215.222.128/25, 35.215.223.126, - 35.215.224.0-35.215.227.127, 35.215.228.0/24, - 35.215.229.64, 35.215.230.89, - 35.215.231.0-35.215.233.127, 35.215.234.37, - 35.215.235.0/24, 35.215.238.0/25, - 35.215.239.119, 35.215.240.0/24, - 35.215.241.128-35.215.242.127, 35.215.243.0-35.215.245.255, - 35.215.246.222, 35.215.247.0-35.215.252.255, - 35.215.253.118, 35.215.254.0/23, - 35.217.0.0/24, 35.217.1.64/26, - 35.217.2.5, 35.217.3.0/24, - 35.217.4.72, 35.217.5.0/25, - 35.217.6.0/24, 35.217.8.0/25, - 35.217.9.0/24, 35.217.11.186, - 35.217.12.0/24, 35.217.14.192/26, - 35.217.15.65, 35.217.16.75, - 35.217.17.128-35.217.18.255, 35.217.19.183, - 35.217.20.0/24, 35.217.21.128/25, - 35.217.22.128/25, 35.217.23.128-35.217.24.255, - 35.217.25.81, 35.217.26.0/24, - 35.217.27.128/25, 35.217.28.128-35.217.30.127, - 35.217.31.0/25, 35.217.32.128-35.217.33.255, - 35.217.35.128-35.217.37.255, 35.217.38.179, - 35.217.39.186, 35.217.40.176, - 35.217.41.204, 35.217.43.0/24, - 35.217.45.248, 35.217.46.0/24, - 35.217.47.128/25, 35.217.48.195, - 35.217.49.160/27, 35.217.50.0/25, - 35.217.51.0/24, 35.217.52.117, - 35.217.53.128-35.217.54.127, 35.217.55.96/27, - 35.217.56.6, 35.217.57.184, - 35.217.58.0/24, 35.217.59.64/26, - 35.217.60.0/24, 35.217.61.128-35.217.62.255, - 35.217.63.128/25, 35.219.225.149, - 35.219.226.57, 35.219.227.0/24, - 35.219.228.37, 35.219.229.128-35.219.231.255, - 35.219.235.0/24, 35.219.236.198, - 35.219.238.115, 35.219.239.0/24, - 35.219.241.0/24, 35.219.242.221, - 35.219.243.191, 35.219.244.1, - 35.219.245.0/24, 35.219.246.159, - 35.219.247.0/26, 35.219.248.0/24, - 35.219.249.126, 35.219.251.186, - 35.219.252.0-35.219.254.255, 64.233.161.207, - 64.233.162.207, 64.233.163.207, - 64.233.164.207, 64.233.165.207, - 66.22.196.0/26, 66.22.197.0-66.22.198.63, - 66.22.199.0-66.22.200.63, 66.22.202.0/26, - 66.22.204.0/24, 66.22.206.0/24, - 66.22.208.0/25, 66.22.210.0/26, - 66.22.212.0/24, 66.22.214.0/24, - 66.22.216.0/23, 66.22.220.0/25, - 66.22.221.0-66.22.224.127, 66.22.225.0/26, - 66.22.226.0/25, 66.22.227.0/25, - 66.22.228.0/22, 66.22.233.0-66.22.234.255, - 66.22.236.0-66.22.238.255, 66.22.240.0-66.22.245.255, - 66.22.248.0/24, 74.125.131.207, - 74.125.205.207, 104.17.51.93, - 104.17.117.93, 104.18.4.161, - 104.18.5.161, 104.18.8.105, - 104.18.9.105, 104.18.30.128, - 104.18.31.128, 104.21.2.204, - 104.21.25.51, 104.21.40.151, - 104.21.59.128, 104.21.72.221, - 104.21.82.160, 108.177.14.207, - 138.128.140.240/28, 142.250.150.207, - 142.251.1.207, 162.159.128.232/30, - 162.159.129.232/30, 162.159.130.232/30, - 162.159.133.232/30, 162.159.134.232/30, - 162.159.135.232/30, 162.159.136.232/30, - 162.159.137.232/30, 162.159.138.232/30, - 172.65.202.19, 172.66.41.34, - 172.66.42.222, 172.67.152.224/28, - 172.67.155.163, 172.67.159.89, - 172.67.177.131, 172.67.222.182, - 173.194.73.207, 173.194.220.207, - 173.194.221.207, 173.194.222.207, - 188.114.96.2, 188.114.97.2, - 188.114.98.224, 188.114.99.224, - 204.11.56.48, 209.85.233.207 } - } - - chain dnat_output { - type nat hook output priority -101; policy accept; - } - - chain dnat_pre { - type nat hook prerouting priority dstnat - 1; policy accept; - } - - chain forward { - type filter hook forward priority filter - 1; policy accept; - } - - chain input { - type filter hook input priority filter - 1; policy accept; - iif != "lo" jump localnet_protect - } - - chain flow_offload { - tcp dport { 80, 443 } ct original packets 1-9 ip daddr != @nozapret return comment "direct flow offloading exemption" - udp dport 443 ct original packets 1-9 ip daddr != @nozapret return comment "direct flow offloading exemption" - udp dport 50000-50099 ct original packets 1-3 ip daddr @discord ip daddr != @nozapret return comment "direct flow offloading exemption" - } - - chain localnet_protect { - ip daddr 127.0.0.127 return comment "route_localnet allow access to tpws" - ip daddr 127.0.0.0/8 drop comment "route_localnet remote access protection" - } - - chain postrouting { - } - - chain postrouting_hook { - type filter hook postrouting priority srcnat - 1; policy accept; - meta mark & 0x40000000 == 0x00000000 jump postrouting - } - - chain postnat { - udp dport 50000-50099 ct original packets 1-3 ip daddr @discord ip daddr != @nozapret meta mark set meta mark | 0x20000000 queue flags bypass to 65400 - udp dport 443 ct original packets 1-9 ip daddr != @nozapret meta mark set meta mark | 0x20000000 queue flags bypass to 200 - tcp dport { 80, 443 } ct original packets 1-9 ip daddr != @nozapret meta mark set meta mark | 0x20000000 queue flags bypass to 200 - } - - chain postnat_hook { - type filter hook postrouting priority srcnat + 1; policy accept; - meta mark & 0x40000000 == 0x00000000 jump postnat - } - - chain prerouting { - type filter hook prerouting priority dstnat + 1; policy accept; - } - - chain prenat { - type filter hook prerouting priority dstnat - 1; policy accept; - tcp sport { 80, 443 } ct reply packets 1-3 ip saddr != @nozapret queue flags bypass to 200 - } - - chain predefrag { - type filter hook output priority -401; policy accept; - meta mark & 0x40000000 != 0x00000000 jump predefrag_nfqws comment "nfqws generated : avoid drop by INVALID conntrack state" - } - - chain predefrag_nfqws { - meta mark & 0x20000000 != 0x00000000 notrack comment "postnat traffic" - ip frag-off != 0 notrack comment "ipfrag" - exthdr frag exists notrack comment "ipfrag" - tcp flags ! syn,rst,ack notrack comment "datanoack" - } -}''; - -}