|
|
@ -1,4 +1,4 @@ |
|
|
# zapret v71.2 |
|
|
# zapret v71.3 |
|
|
|
|
|
|
|
|
# SCAMMER WARNING |
|
|
# SCAMMER WARNING |
|
|
|
|
|
|
|
|
@ -1225,6 +1225,20 @@ Don't use `<HOSTLIST>` in highly specialized profiles. Use your own filter or ho |
|
|
`<HOSTLIST_NOAUTO>` marker uses standard autohostlist as usual hostlist thus disabling auto additions in this profile. |
|
|
`<HOSTLIST_NOAUTO>` marker uses standard autohostlist as usual hostlist thus disabling auto additions in this profile. |
|
|
If any other profile adds something this profile accepts the change automatically. |
|
|
If any other profile adds something this profile accepts the change automatically. |
|
|
|
|
|
|
|
|
|
|
|
***Change loop prevention mark bit***\ |
|
|
|
|
|
`DESYNC_MARK=0x40000000` |
|
|
|
|
|
|
|
|
|
|
|
***Change postnat scheme mark bit***\ |
|
|
|
|
|
`DESYNC_MARK_POSTNAT=0x20000000` |
|
|
|
|
|
|
|
|
|
|
|
***If uncommented pass to zapret only packets marked with this bit***\ |
|
|
|
|
|
`#FILTER_MARK_POSTNAT=0x10000000` |
|
|
|
|
|
|
|
|
|
|
|
Bit must be set in your own rules.. |
|
|
|
|
|
* iptables - in mangle PREROUTING and mangle OUTPUT before zapret rules (iptables -I _after_ zapret rules application). |
|
|
|
|
|
* nftables - in output and prerouting hooks with priority -102 or lower. |
|
|
|
|
|
|
|
|
|
|
|
Mark criterias can be any. For example, source IP or source interface name. |
|
|
|
|
|
|
|
|
**tpws** socks proxy mode switch |
|
|
**tpws** socks proxy mode switch |
|
|
|
|
|
|
|
|
|
bol-van
4 days ago