Merhaba, rehber icin cok tesekkurler. Anlattiginiz gibi yapmaya calistim ancak sanirim bir yerlerde bir hata yaptim cunku bende calismiyor. Discord icin denemistim ben de.
bash scriptini discord.com icin calistirdigimda aldigim cikti:
* SUMMARY
ipv4 discord.com curl_test_http : tpws --hostspell=hoSt
ipv4 discord.com curl_test_http : tpws --hostpad=16384
ipv4 discord.com curl_test_http : tpws --split-pos=method+2 --oob
ipv4 discord.com curl_test_http : tpws --methodspace
ipv4 discord.com curl_test_http : nfqws --hostspell=hoSt
ipv4 discord.com curl_test_http : nfqws --dpi-desync=fake --dpi-desync-ttl=3 --dpi-desync-fake-http=0x00000000
ipv4 discord.com curl_test_http : nfqws --dpi-desync=fake --dpi-desync-fooling=md5sig
ipv4 discord.com curl_test_http : nfqws --dpi-desync=fakedsplit --dpi-desync-ttl=3 --dpi-desync-split-pos=midsld
ipv4 discord.com curl_test_http : nfqws --dpi-desync=fakedsplit --dpi-desync-fooling=md5sig --dpi-desync-split-pos=method+2
ipv4 discord.com curl_test_http : nfqws --dpi-desync=fakeddisorder --dpi-desync-ttl=3 --dpi-desync-split-pos=method+2
ipv4 discord.com curl_test_http : nfqws --dpi-desync=fakeddisorder --dpi-desync-fooling=md5sig --dpi-desync-split-pos=method+2
ipv4 discord.com curl_test_http : nfqws --dpi-desync=multidisorder --dpi-desync-split-pos=method+2 --dpi-desync-split-seqovl=method+1
ipv4 discord.com curl_test_http : nfqws --dpi-desync=multidisorder --dpi-desync-split-pos=midsld --dpi-desync-split-seqovl=midsld-1
ipv4 discord.com curl_test_http : nfqws --dpi-desync=multidisorder --dpi-desync-split-pos=method+2,midsld --dpi-desync-split-seqovl=method+1
ipv4 discord.com curl_test_http : nfqws --dpi-desync=fake --dpi-desync-ttl=1 --dpi-desync-autottl=1
ipv4 discord.com curl_test_http : nfqws --dpi-desync=fake --dpi-desync-ttl=1 --dpi-desync-autottl=2
ipv4 discord.com curl_test_http : nfqws --dpi-desync=fake --dpi-desync-ttl=1 --dpi-desync-autottl=3
ipv4 discord.com curl_test_http : nfqws --dpi-desync=fake --dpi-desync-ttl=1 --dpi-desync-autottl=4
ipv4 discord.com curl_test_http : nfqws --dpi-desync=fake --dpi-desync-ttl=1 --dpi-desync-autottl=5
ipv4 discord.com curl_test_http : nfqws --dpi-desync=fakedsplit --dpi-desync-ttl=1 --dpi-desync-autottl=1 --dpi-desync-split-pos=method+2
ipv4 discord.com curl_test_http : nfqws --dpi-desync=fakedsplit --dpi-desync-ttl=1 --dpi-desync-autottl=2 --dpi-desync-split-pos=method+2
ipv4 discord.com curl_test_http : nfqws --dpi-desync=fakedsplit --dpi-desync-ttl=1 --dpi-desync-autottl=3 --dpi-desync-split-pos=method+2
ipv4 discord.com curl_test_http : nfqws --dpi-desync=fakedsplit --dpi-desync-ttl=1 --dpi-desync-autottl=4 --dpi-desync-split-pos=method+2
ipv4 discord.com curl_test_http : nfqws --dpi-desync=fakedsplit --dpi-desync-ttl=1 --dpi-desync-autottl=5 --dpi-desync-split-pos=method+2
ipv4 discord.com curl_test_http : nfqws --dpi-desync=fakeddisorder --dpi-desync-ttl=1 --dpi-desync-autottl=1 --dpi-desync-split-pos=method+2
ipv4 discord.com curl_test_http : nfqws --dpi-desync=fakeddisorder --dpi-desync-ttl=1 --dpi-desync-autottl=2 --dpi-desync-split-pos=method+2
ipv4 discord.com curl_test_http : nfqws --dpi-desync=fakeddisorder --dpi-desync-ttl=1 --dpi-desync-autottl=3 --dpi-desync-split-pos=method+2
ipv4 discord.com curl_test_http : nfqws --dpi-desync=fakeddisorder --dpi-desync-ttl=1 --dpi-desync-autottl=4 --dpi-desync-split-pos=method+2
ipv4 discord.com curl_test_http : nfqws --dpi-desync=fakeddisorder --dpi-desync-ttl=1 --dpi-desync-autottl=5 --dpi-desync-split-pos=method+2
ipv4 discord.com curl_test_https_tls12 : tpws --split-pos=2 --oob
ipv4 discord.com curl_test_https_tls12 : tpws --split-pos=2 --oob --disorder
ipv4 discord.com curl_test_https_tls12 : tpws --tlsrec=midsld
ipv4 discord.com curl_test_https_tls12 : tpws --tlsrec=midsld --oob
ipv4 discord.com curl_test_https_tls12 : tpws --tlsrec=midsld --disorder
ipv4 discord.com curl_test_https_tls12 : tpws --tlsrec=midsld --oob --disorder
ipv4 discord.com curl_test_https_tls12 : nfqws --dpi-desync=fake --dpi-desync-ttl=3
ipv4 discord.com curl_test_https_tls12 : nfqws --dpi-desync=fake --dpi-desync-fooling=md5sig
ipv4 discord.com curl_test_https_tls12 : nfqws --dpi-desync=fakedsplit --dpi-desync-ttl=3 --dpi-desync-split-pos=1
ipv4 discord.com curl_test_https_tls12 : nfqws --dpi-desync=fakedsplit --dpi-desync-fooling=md5sig --dpi-desync-split-pos=1
ipv4 discord.com curl_test_https_tls12 : nfqws --dpi-desync=fakeddisorder --dpi-desync-ttl=3 --dpi-desync-split-pos=1
ipv4 discord.com curl_test_https_tls12 : nfqws --dpi-desync=fakeddisorder --dpi-desync-fooling=md5sig --dpi-desync-split-pos=1
ipv4 discord.com curl_test_https_tls12 : nfqws --dpi-desync=multidisorder --dpi-desync-split-pos=2 --dpi-desync-split-seqovl=1
ipv4 discord.com curl_test_https_tls12 : nfqws --dpi-desync=multidisorder --dpi-desync-split-pos=sniext+1 --dpi-desync-split-seqovl=sniext
ipv4 discord.com curl_test_https_tls12 : nfqws --dpi-desync=multidisorder --dpi-desync-split-pos=sniext+4 --dpi-desync-split-seqovl=sniext+3
ipv4 discord.com curl_test_https_tls12 : nfqws --dpi-desync=multidisorder --dpi-desync-split-pos=midsld --dpi-desync-split-seqovl=midsld-1
ipv4 discord.com curl_test_https_tls12 : nfqws --dpi-desync=multidisorder --dpi-desync-split-pos=2,midsld --dpi-desync-split-seqovl=1
ipv4 discord.com curl_test_https_tls12 : nfqws --dpi-desync=fake --dpi-desync-ttl=1 --dpi-desync-autottl=1
ipv4 discord.com curl_test_https_tls12 : nfqws --dpi-desync=fake --dpi-desync-ttl=1 --dpi-desync-autottl=2 --dpi-desync-fake-tls=0x00000000
ipv4 discord.com curl_test_https_tls12 : nfqws --dpi-desync=fake --dpi-desync-ttl=1 --dpi-desync-autottl=3
ipv4 discord.com curl_test_https_tls12 : nfqws --dpi-desync=fake --dpi-desync-ttl=1 --dpi-desync-autottl=4
ipv4 discord.com curl_test_https_tls12 : nfqws --dpi-desync=fake --dpi-desync-ttl=1 --dpi-desync-autottl=5
ipv4 discord.com curl_test_https_tls12 : nfqws --dpi-desync=fakedsplit --dpi-desync-ttl=1 --dpi-desync-autottl=1 --dpi-desync-split-pos=1
ipv4 discord.com curl_test_https_tls12 : nfqws --dpi-desync=fakedsplit --dpi-desync-ttl=1 --dpi-desync-autottl=2 --dpi-desync-split-pos=1
ipv4 discord.com curl_test_https_tls12 : nfqws --dpi-desync=fakedsplit --dpi-desync-ttl=1 --dpi-desync-autottl=3 --dpi-desync-split-pos=1
ipv4 discord.com curl_test_https_tls12 : nfqws --dpi-desync=fakedsplit --dpi-desync-ttl=1 --dpi-desync-autottl=4 --dpi-desync-split-pos=1
ipv4 discord.com curl_test_https_tls12 : nfqws --dpi-desync=fakedsplit --dpi-desync-ttl=1 --dpi-desync-autottl=5 --dpi-desync-split-pos=1
ipv4 discord.com curl_test_https_tls12 : nfqws --dpi-desync=fakeddisorder --dpi-desync-ttl=1 --dpi-desync-autottl=1 --dpi-desync-split-pos=1
ipv4 discord.com curl_test_https_tls12 : nfqws --dpi-desync=fakeddisorder --dpi-desync-ttl=1 --dpi-desync-autottl=2 --dpi-desync-split-pos=1
ipv4 discord.com curl_test_https_tls12 : nfqws --dpi-desync=fakeddisorder --dpi-desync-ttl=1 --dpi-desync-autottl=3 --dpi-desync-split-pos=1
ipv4 discord.com curl_test_https_tls12 : nfqws --dpi-desync=fakeddisorder --dpi-desync-ttl=1 --dpi-desync-autottl=4 --dpi-desync-split-pos=1
ipv4 discord.com curl_test_https_tls12 : nfqws --dpi-desync=fakeddisorder --dpi-desync-ttl=1 --dpi-desync-autottl=5 --dpi-desync-split-pos=1
ipv4 discord.com curl_test_http3 : nfqws --dpi-desync=fake
resolve.conf icerigi
# Generated by NetworkManager
search hgw.local
nameserver 192.168.1.1
nameserver fe80::4aed:e6ff:fe19:9d58%enp12s0
nameserver ::1
nameserver 127.0.0.1
options edns0
zapret config dosyasinin ici
# this file is included from init scripts
# change values here
# can help in case /tmp has not enough space
#TMPDIR=/opt/zapret/tmp
# redefine user for zapret daemons. required on Keenetic
#WS_USER=nobody
# override firewall type : iptables,nftables,ipfw
FWTYPE=iptables
# nftables only : set this to 0 to use pre-nat mode. default is post-nat.
# pre-nat mode disables some bypass techniques for forwarded traffic but allows to see client IP addresses in debug log
#POSTNAT=0
# options for ipsets
# maximum number of elements in sets. also used for nft sets
SET_MAXELEM=522288
# too low hashsize can cause memory allocation errors on low RAM systems , even if RAM is enough
# too large hashsize will waste lots of RAM
IPSET_OPT="hashsize 262144 maxelem $SET_MAXELEM"
# dynamically generate additional ip. $1 = ipset/nfset/table name
#IPSET_HOOK="/etc/zapret.ipset.hook"
# options for ip2net. "-4" or "-6" auto added by ipset create script
IP2NET_OPT4="--prefix-length=22-30 --v4-threshold=3/4"
IP2NET_OPT6="--prefix-length=56-64 --v6-threshold=5"
# options for auto hostlist
AUTOHOSTLIST_RETRANS_THRESHOLD=3
AUTOHOSTLIST_FAIL_THRESHOLD=3
AUTOHOSTLIST_FAIL_TIME=60
# 1 = debug autohostlist positives to ipset/zapret-hosts-auto-debug.log
AUTOHOSTLIST_DEBUGLOG=0
# number of parallel threads for domain list resolves
MDIG_THREADS=30
# ipset/*.sh can compress large lists
GZIP_LISTS=1
# command to reload ip/host lists after update
# comment or leave empty for auto backend selection : ipset or ipfw if present
# on BSD systems with PF no auto reloading happens. you must provide your own command
# set to "-" to disable reload
#LISTS_RELOAD="pfctl -f /etc/pf.conf"
# mark bit used by nfqws to prevent loop
DESYNC_MARK=0x40000000
DESYNC_MARK_POSTNAT=0x20000000
TPWS_SOCKS_ENABLE=1
# tpws socks listens on this port on localhost and LAN interfaces
TPPORT_SOCKS=987
# use <HOSTLIST> and <HOSTLIST_NOAUTO> placeholders to engage standard hostlists and autohostlist in ipset dir
# hostlist markers are replaced to empty string if MODE_FILTER does not satisfy
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
TPWS_SOCKS_OPT="
--filter-tcp=80 --methodeol <HOSTLIST> --new
--filter-tcp=443 --split-pos=1,midsld --disorder <HOSTLIST>
"
TPWS_ENABLE=1
TPWS_PORTS=80,443
# use <HOSTLIST> and <HOSTLIST_NOAUTO> placeholders to engage standard hostlists and autohostlist in ipset dir
# hostlist markers are replaced to empty string if MODE_FILTER does not satisfy
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
TPWS_OPT="
--hostspell=hoSt
--hostpad=16384
--split-pos=method+2 --oob
--methodspace
--filter-tcp=80 --methodeol <HOSTLIST> --new
--filter-tcp=443 --split-pos=1,midsld --disorder <HOSTLIST>
"
NFQWS_ENABLE=1
# redirect outgoing traffic with connbytes limiter applied in both directions.
NFQWS_PORTS_TCP=80,443
NFQWS_PORTS_UDP=443
# PKT_OUT means connbytes dir original
# PKT_IN means connbytes dir reply
# this is --dpi-desync-cutoff=nX kernel mode implementation for linux. it saves a lot of CPU.
NFQWS_TCP_PKT_OUT=$((6+$AUTOHOSTLIST_RETRANS_THRESHOLD))
NFQWS_TCP_PKT_IN=3
NFQWS_UDP_PKT_OUT=$((6+$AUTOHOSTLIST_RETRANS_THRESHOLD))
NFQWS_UDP_PKT_IN=0
# redirect outgoing traffic without connbytes limiter and incoming with connbytes limiter
# normally it's needed only for stateless DPI that matches every packet in a single TCP session
# typical example are plain HTTP keep alives
# this mode can be very CPU consuming. enable with care !
#NFQWS_PORTS_TCP_KEEPALIVE=80
#NFQWS_PORTS_UDP_KEEPALIVE=
# use <HOSTLIST> and <HOSTLIST_NOAUTO> placeholders to engage standard hostlists and autohostlist in ipset dir
# hostlist markers are replaced to empty string if MODE_FILTER does not satisfy
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
NFQWS_OPT="
--dpi-desync=fake --dpi-desync-ttl=3
--dpi-desync=fake --dpi-desync-ttl=3 --dpi-desync-fake-http=0x00000000
--dpi-desync=fake --dpi-desync-fooling=md5sig
--dpi-desync=fakedsplit --dpi-desync-ttl=3 --dpi-desync-split-pos=midsld
--dpi-desync=fakedsplit --dpi-desync-fooling=md5sig --dpi-desync-split-pos=method+2
--dpi-desync=fakeddisorder --dpi-desync-ttl=3 --dpi-desync-split-pos=method+2
--dpi-desync=fakeddisorder --dpi-desync-fooling=md5sig --dpi-desync-split-pos=method+2
--dpi-desync=multidisorder --dpi-desync-split-pos=method+2 --dpi-desync-split-seqovl=method+1
--dpi-desync=multidisorder --dpi-desync-split-pos=midsld --dpi-desync-split-seqovl=midsld-1
--dpi-desync=multidisorder --dpi-desync-split-pos=method+2,midsld --dpi-desync-split-seqovl=method+1
--dpi-desync=fake --dpi-desync-ttl=1 --dpi-desync-autottl=1
--dpi-desync=fake --dpi-desync-ttl=1 --dpi-desync-autottl=2
--dpi-desync=fake --dpi-desync-ttl=1 --dpi-desync-autottl=3
--dpi-desync=fake --dpi-desync-ttl=1 --dpi-desync-autottl=4
--dpi-desync=fake --dpi-desync-ttl=1 --dpi-desync-autottl=5
--dpi-desync=fakedsplit --dpi-desync-ttl=1 --dpi-desync-autottl=1 --dpi-desync-split-pos=method+2
--dpi-desync=fakedsplit --dpi-desync-ttl=1 --dpi-desync-autottl=2 --dpi-desync-split-pos=method+2
--dpi-desync=fakedsplit --dpi-desync-ttl=1 --dpi-desync-autottl=3 --dpi-desync-split-pos=method+2
--dpi-desync=fakedsplit --dpi-desync-ttl=1 --dpi-desync-autottl=4 --dpi-desync-split-pos=method+2
--dpi-desync=fakedsplit --dpi-desync-ttl=1 --dpi-desync-autottl=5 --dpi-desync-split-pos=method+2
--dpi-desync=fakeddisorder --dpi-desync-ttl=1 --dpi-desync-autottl=1 --dpi-desync-split-pos=method+2
--dpi-desync=fakeddisorder --dpi-desync-ttl=1 --dpi-desync-autottl=2 --dpi-desync-split-pos=method+2
--dpi-desync=fakeddisorder --dpi-desync-ttl=1 --dpi-desync-autottl=3 --dpi-desync-split-pos=method+2
--dpi-desync=fakeddisorder --dpi-desync-ttl=1 --dpi-desync-autottl=4 --dpi-desync-split-pos=method+2
--dpi-desync=fakeddisorder --dpi-desync-ttl=1 --dpi-desync-autottl=5 --dpi-desync-split-pos=method+2
--filter-tcp=80 --dpi-desync=fake,multisplit --dpi-desync-split-pos=method+2 --dpi-desync-fooling=md5sig <HOSTLIST> --new
--filter-tcp=443 --dpi-desync=fake,multidisorder --dpi-desync-split-pos=1,midsld --dpi-desync-fooling=badseq,md5sig <HOSTLIST> --new
--filter-udp=443 --dpi-desync=fake --dpi-desync-repeats=6 <HOSTLIST_NOAUTO>
"
# none,ipset,hostlist,autohostlist
MODE_FILTER=none
# openwrt only : donttouch,none,software,hardware
FLOWOFFLOAD=donttouch
# openwrt: specify networks to be treated as LAN. default is "lan"
#OPENWRT_LAN="lan lan2 lan3"
# openwrt: specify networks to be treated as WAN. default wans are interfaces with default route
#OPENWRT_WAN4="wan vpn"
#OPENWRT_WAN6="wan6 vpn6"
# for routers based on desktop linux and macos. has no effect in openwrt.
# CHOOSE LAN and optinally WAN/WAN6 NETWORK INTERFACES
# or leave them commented if its not router
# it's possible to specify multiple interfaces like this : IFACE_LAN="eth0 eth1 eth2"
# if IFACE_WAN6 is not defined it take the value of IFACE_WAN
IFACE_LAN=enp12s0
#IFACE_WAN=
#IFACE_WAN6="ipsec0 wireguard0 he_net"
# should start/stop command of init scripts apply firewall rules ?
# not applicable to openwrt with firewall3+iptables
INIT_APPLY_FW=1
# firewall apply hooks
#INIT_FW_PRE_UP_HOOK="/etc/firewall.zapret.hook.pre_up"
#INIT_FW_POST_UP_HOOK="/etc/firewall.zapret.hook.post_up"
#INIT_FW_PRE_DOWN_HOOK="/etc/firewall.zapret.hook.pre_down"
#INIT_FW_POST_DOWN_HOOK="/etc/firewall.zapret.hook.post_down"
# do not work with ipv4
#DISABLE_IPV4=1
# do not work with ipv6
DISABLE_IPV6=0
# select which init script will be used to get ip or host list
# possible values : get_user.sh get_antizapret.sh get_combined.sh get_reestr.sh get_hostlist.sh
# comment if not required
#GETLIST=
sudo systemctl status zapret
● zapret.service
Loaded: loaded (/usr/lib/systemd/system/zapret.service; enabled; preset: disabled)
Active: active (running) since Thu 2025-01-09 00:01:58 +03; 14min ago
Invocation: 49ed44a73bee4611b0a256ea5baaf865
Process: 82071 ExecStart=/opt/zapret/init.d/sysv/zapret start (code=exited, status=0/SUCCESS)
Tasks: 17 (limit: 37121)
Memory: 1.3M (peak: 10.6M)
CPU: 301ms
CGroup: /system.slice/zapret.service
├─82126 /opt/zapret/tpws/tpws --user=tpws --socks --bind-addr=127.0.0.1 --bind-addr=::1 --bind-iface4=enp12s0 --bind-wait-ifup=30 --bind-wait-ip=30 --bind-iface6=enp12s0 --bind-linklocal=unwanted --bind-wait-ifup=30 --bind-wait-ip=30 --bind-wait-ip>
└─82146 /opt/zapret/tpws/tpws --user=tpws --bind-addr=127.0.0.127 --bind-addr=::1 --bind-iface6=enp12s0 --bind-linklocal=prefer --bind-wait-ifup=30 --bind-wait-ip=30 --bind-wait-ip-linklocal=3 --port=988 --hostspell=hoSt --hostpad=16384 --split-pos>
Jan 09 00:01:58 archura zapret[82071]: Inserting ip6tables rule for nfqws postrouting (qnum 200) : -p udp -m multiport --dports 443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:9
Jan 09 00:01:58 archura systemd[1]: Started zapret.service.
Jan 09 00:02:01 archura zapret[82146]: WARNING ! segmentation failed. total fails : 1
Jan 09 00:02:25 archura zapret[82146]: WARNING ! segmentation failed. total fails : 2
Jan 09 00:08:45 archura zapret[82146]: WARNING ! segmentation failed. total fails : 3
Jan 09 00:10:36 archura zapret[82146]: WARNING ! segmentation failed. total fails : 4
Jan 09 00:13:34 archura zapret[82146]: WARNING ! segmentation failed. total fails : 5
Jan 09 00:13:37 archura zapret[82146]: WARNING ! segmentation failed. total fails : 6
Jan 09 00:13:42 archura zapret[82146]: WARNING ! segmentation failed. total fails : 7
Jan 09 00:15:05 archura zapret[82146]: WARNING ! segmentation failed. total fails : 8
lines 1-22/22 (END)
Burada fail aliyorum neden olabilir acaba?