What's new

Does the DPI Bypass "zapret" work with Merlin firmware?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Sora

New Around Here
Although the DOT function was added to the merlin firmware. but
I need to bypass DPI because I live in a country where isp censors the Internet.
I've been very stressed since I started censoring at my country ISP last month.
An alternative is to install goodbyedpi( https://github.com/ValdikSS/GoodbyeDPI )
and green tunnel( https://github.com/SadeghHayeri/GreenTunnel ) on the device,
but I want to do DPI bypass at the router level.

https://github.com/bol-van/zapret/blob/master/docs/readme.eng.txt
https://github.com/bol-van/zapret

There is a manual that can be installed on Openwrt, but I would like to install and work on the merlin firmware.
I'm a simple user so I don't know the details
I would be grateful if someone could give me the information .
If not, please tell me how to use the DPI bypass on the Merlin firmware.Thank you.
--------
Please understand that my English is lacking.
 
Last edited:
Yes this is a really necessary feature.
If so, it would be perfect.
Simply entering these four commands allows the crucial NFQUEUE firewall rule to be activated for the two current IPv4 IPs for 'kinozal.tv'
Code:
modprobe xt_NFQUEUE

ipset create zapret hash:net

nslookup kinozal.tv;for IP in $(nslookup "kinozal.tv" | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}' | grep -v "127.0.0.1");do ipset add zapret $IP;done;ipset list zapret

iptables -t mangle -I PREROUTING -p tcp --sport 80 --tcp-flags SYN,ACK SYN,ACK -m set --match-set zapret src -j NFQUEUE --queue-num 200 --queue-bypass
No idea if it does what it is supposed to do when you then attempt to access 'kinozal.tv'.

However, if DPI seemingly can't be bypassed using the 'splitting a request into segments' PREROUTING method, try the 'mangle "Host:" HTTP header' POSTROUTING method
Code:
iptables -t mangle -D PREROUTING -p tcp --sport 80 --tcp-flags SYN,ACK SYN,ACK -m set --match-set zapret src -j NFQUEUE --queue-num 200 --queue-bypass 2>/dev/null

iptables -t mangle -I POSTROUTING -p tcp --dport 80 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:5 -m set --match-set zapret dst -j NFQUEUE --queue-num 200 --queue-bypass
 
Last edited:
So would these commands need to be entered for every site that is being blocked or is there a way to enable it for all sites?
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top