Last active
December 30, 2025 22:08
-
-
Save OmerFarukOruc/15617b4305169fe8f22443aeea98f60d to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Fedora Zapret Automatic Installation Script - Enhanced Edition | |
| # DPI Bypass Tool with Advanced Error Handling | |
| # Version: 2.0 | |
| # Usage: sudo ./fedora_zapret_install.sh | |
| set -e # Stop script on error | |
| # ============================================================================ | |
| # CONFIGURATION | |
| # ============================================================================ | |
| # Fallback version if GitHub API fails | |
| FALLBACK_VERSION="72.5" | |
| # DNS Configuration (Yandex DNS with DoT) | |
| DNS_SERVERS="77.88.8.8 77.88.8.1 2a02:6b8::feed:0ff 2a02:6b8:0:1::feed:0ff" | |
| # DPI Bypass Configuration | |
| DPI_DESYNC_METHOD="fakeddisorder" | |
| DPI_TTL="1" | |
| DPI_AUTOTTL="-5" | |
| DPI_SPLIT_POS="1" | |
| # ============================================================================ | |
| # COLORS AND FORMATTING | |
| # ============================================================================ | |
| RED='\033[0;31m' | |
| GREEN='\033[0;32m' | |
| YELLOW='\033[1;33m' | |
| BLUE='\033[0;34m' | |
| CYAN='\033[0;36m' | |
| MAGENTA='\033[0;35m' | |
| NC='\033[0m' # No Color | |
| # ============================================================================ | |
| # LOGGING FUNCTIONS | |
| # ============================================================================ | |
| log() { | |
| echo -e "${GREEN}[INFO]${NC} $1" | |
| } | |
| warn() { | |
| echo -e "${YELLOW}[WARN]${NC} $1" | |
| } | |
| error() { | |
| echo -e "${RED}[ERROR]${NC} $1" | |
| } | |
| success() { | |
| echo -e "${GREEN}[SUCCESS]${NC} $1" | |
| } | |
| header() { | |
| echo "" | |
| echo -e "${BLUE}╔════════════════════════════════════════════════════════════════╗${NC}" | |
| echo -e "${BLUE}║ $(printf '%-62s' "$1")║${NC}" | |
| echo -e "${BLUE}╚════════════════════════════════════════════════════════════════╝${NC}" | |
| echo "" | |
| } | |
| # ============================================================================ | |
| # UTILITY FUNCTIONS | |
| # ============================================================================ | |
| # Check if running as root | |
| check_root() { | |
| if [ "$EUID" -ne 0 ]; then | |
| error "This script must be run as root. Use 'sudo $0'" | |
| exit 1 | |
| fi | |
| } | |
| # Get latest Zapret version from GitHub | |
| get_zapret_version() { | |
| log "Fetching latest Zapret version from GitHub..." | |
| local version=$(curl -s --max-time 10 "https://api.github.com/repos/bol-van/zapret/releases/latest" | \ | |
| grep '"tag_name":' | \ | |
| sed -E 's/.*"([^"]+)".*/\1/' | \ | |
| sed 's/v//') | |
| if [ -z "$version" ]; then | |
| warn "Failed to fetch from GitHub API" | |
| warn "Using fallback version: v${FALLBACK_VERSION}" | |
| echo "$FALLBACK_VERSION" | |
| else | |
| log "Latest version detected: v${version}" | |
| echo "$version" | |
| fi | |
| } | |
| # Disable problematic repositories | |
| disable_esp_idf_repo() { | |
| log "Configuring DNF to skip problematic repositories..." | |
| export REPO_OPTIONS="--disablerepo=esp-idf*" | |
| } | |
| # Clean old installations | |
| cleanup_old_zapret() { | |
| log "Cleaning old Zapret installations..." | |
| # Try to uninstall gracefully | |
| if [ -f "/opt/zapret/uninstall_easy.sh" ]; then | |
| echo "" | /opt/zapret/uninstall_easy.sh 2>/dev/null || true | |
| fi | |
| if [ -f "/root/zapret-v${ZAPRET_VERSION}/uninstall_easy.sh" ]; then | |
| echo "" | /root/zapret-v${ZAPRET_VERSION}/uninstall_easy.sh 2>/dev/null || true | |
| fi | |
| # Remove old files | |
| rm -rf /opt/zapret | |
| rm -rf /root/zapret-v${ZAPRET_VERSION}.zip | |
| rm -rf /root/zapret-v${ZAPRET_VERSION} | |
| success "Old installations cleaned" | |
| } | |
| # ============================================================================ | |
| # INSTALLATION FUNCTIONS | |
| # ============================================================================ | |
| # Step 1: Update /etc/hosts | |
| update_hosts_file() { | |
| header "Updating /etc/hosts" | |
| log "Installing required packages..." | |
| dnf install -y $REPO_OPTIONS hostname sed >/dev/null 2>&1 | |
| log "Updating /etc/hosts file..." | |
| sed -i "s/^127\.0\.1\.1.*/127.0.1.1\t$(hostname)/" /etc/hosts | |
| success "/etc/hosts updated" | |
| } | |
| # Step 2: Install required tools | |
| install_required_tools() { | |
| header "Installing Required System Tools" | |
| log "Updating system packages..." | |
| dnf update -y $REPO_OPTIONS >/dev/null 2>&1 | |
| log "Installing dependencies..." | |
| dnf install -y $REPO_OPTIONS \ | |
| curl \ | |
| bind-utils \ | |
| unzip \ | |
| nftables \ | |
| wget \ | |
| systemd-resolved \ | |
| git \ | |
| >/dev/null 2>&1 | |
| success "Required tools installed" | |
| } | |
| # Step 3: Configure DNS | |
| configure_dns() { | |
| header "Configuring DNS with DoT" | |
| log "Enabling systemd-resolved..." | |
| systemctl enable systemd-resolved >/dev/null 2>&1 | |
| systemctl start systemd-resolved | |
| log "Configuring DNS servers..." | |
| cat > /etc/systemd/resolved.conf <<EOF | |
| [Resolve] | |
| DNS=${DNS_SERVERS} | |
| DNSOverTLS=yes | |
| DNSSEC=allow-downgrade | |
| Cache=yes | |
| EOF | |
| log "Updating resolv.conf symlink..." | |
| ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf | |
| log "Restarting systemd-resolved..." | |
| systemctl restart systemd-resolved | |
| success "DNS configured with DNS-over-TLS" | |
| } | |
| # Step 4: Download Zapret | |
| download_zapret() { | |
| header "Downloading Zapret v${ZAPRET_VERSION}" | |
| cd /root | |
| log "Downloading Zapret archive..." | |
| wget -q --show-progress \ | |
| "https://github.com/bol-van/zapret/releases/download/v${ZAPRET_VERSION}/zapret-v${ZAPRET_VERSION}.zip" | |
| log "Extracting archive..." | |
| unzip -q "zapret-v${ZAPRET_VERSION}.zip" | |
| log "Cleaning up archive..." | |
| rm -f "zapret-v${ZAPRET_VERSION}.zip" | |
| success "Zapret v${ZAPRET_VERSION} downloaded and extracted" | |
| } | |
| # Step 5: Install prerequisites | |
| install_zapret_prerequisites() { | |
| header "Installing Zapret Prerequisites" | |
| log "Running prerequisites installer..." | |
| /root/zapret-v${ZAPRET_VERSION}/install_prereq.sh <<'PREREQ_EOF' >/dev/null 2>&1 | |
| PREREQ_EOF | |
| success "Prerequisites installed" | |
| } | |
| # Step 6: Install binaries | |
| install_zapret_binaries() { | |
| header "Installing Zapret Binaries" | |
| log "Detecting system architecture..." | |
| log "Installing binary files..." | |
| /root/zapret-v${ZAPRET_VERSION}/install_bin.sh >/dev/null 2>&1 | |
| success "Binaries installed" | |
| } | |
| # Step 7: Main Zapret installation | |
| install_zapret_main() { | |
| header "Main Zapret Installation" | |
| log "Running easy installer with automated answers..." | |
| # Enhanced installation with proper answers | |
| /root/zapret-v${ZAPRET_VERSION}/install_easy.sh <<'INSTALL_EOF' | |
| Y | |
| 2 | |
| N | |
| 1 | |
| 1 | |
| N | |
| N | |
| Y | |
| Y | |
| 1 | |
| 1 | |
| INSTALL_EOF | |
| success "Main installation completed" | |
| } | |
| # Step 8: Create optimized configuration | |
| configure_zapret_optimized() { | |
| header "Creating Optimized Configuration" | |
| log "Backing up original configuration..." | |
| if [ -f "/opt/zapret/config" ]; then | |
| cp /opt/zapret/config "/opt/zapret/config.backup.$(date +%Y%m%d_%H%M%S)" | |
| fi | |
| log "Creating optimized DPI bypass configuration..." | |
| cat > /opt/zapret/config <<EOF | |
| # ============================================================================ | |
| # Zapret Enhanced Configuration | |
| # Generated: $(date) | |
| # ============================================================================ | |
| # Firewall Mode | |
| MODE=nfqws | |
| MODE_HTTP=1 | |
| MODE_HTTP_KEEPALIVE=0 | |
| MODE_HTTPS=1 | |
| MODE_QUIC=1 | |
| MODE_FILTER=nfqws | |
| # Port Configuration | |
| NFQWS_PORTS_TCP=80,443 | |
| NFQWS_PORTS_UDP=443 | |
| # Packet Capture Configuration | |
| NFQWS_TCP_PKT_OUT=9 | |
| NFQWS_TCP_PKT_IN=3 | |
| NFQWS_UDP_PKT_OUT=9 | |
| NFQWS_UDP_PKT_IN=0 | |
| # KeepAlive Configuration (disabled for better performance) | |
| NFQWS_PORTS_TCP_KEEPALIVE= | |
| NFQWS_PORTS_UDP_KEEPALIVE= | |
| # DPI Bypass Options - Optimized for Maximum Compatibility | |
| NFQWS_OPT="--dpi-desync=${DPI_DESYNC_METHOD} --dpi-desync-ttl=${DPI_TTL} --dpi-desync-autottl=${DPI_AUTOTTL} --dpi-desync-split-pos=${DPI_SPLIT_POS}" | |
| # Additional Options (uncomment if needed) | |
| # NFQWS_OPT_DESYNC_HTTP="" | |
| # NFQWS_OPT_DESYNC_HTTPS="" | |
| # NFQWS_OPT_DESYNC_HTTP6="" | |
| # NFQWS_OPT_DESYNC_HTTPS6="" | |
| # NFQWS_OPT_DESYNC_QUIC="" | |
| # NFQWS_OPT_DESYNC_QUIC6="" | |
| # Filtering Mode | |
| GETLIST= | |
| AUTOHOSTLIST= | |
| HOSTLIST_AUTO_FAIL_THRESHOLD=3 | |
| HOSTLIST_AUTO_FAIL_TIME=60 | |
| HOSTLIST_AUTO_RETRANS_THRESHOLD=3 | |
| AUTOHOSTLIST_DEBUGLOG=0 | |
| # Advanced Options | |
| INIT_APPLY_FW=1 | |
| DISABLE_IPV4=0 | |
| DISABLE_IPV6=1 | |
| # ============================================================================ | |
| # Performance Tuning | |
| # ============================================================================ | |
| # For high-speed connections, consider: | |
| # NFQWS_TCP_PKT_OUT=1-9 | |
| # NFQWS_UDP_PKT_OUT=1-9 | |
| # ============================================================================ | |
| EOF | |
| success "Optimized configuration created" | |
| } | |
| # Step 9: Start and enable service | |
| start_zapret_service() { | |
| header "Starting Zapret Service" | |
| log "Reloading systemd daemon..." | |
| systemctl daemon-reload | |
| log "Enabling Zapret service..." | |
| systemctl enable zapret >/dev/null 2>&1 | |
| log "Starting Zapret service..." | |
| systemctl restart zapret | |
| log "Waiting for service to stabilize..." | |
| sleep 5 | |
| # Verify service status | |
| if systemctl is-active --quiet zapret; then | |
| success "Zapret service is running" | |
| else | |
| warn "Zapret service may not be running properly" | |
| warn "Check logs with: journalctl -u zapret -n 50" | |
| fi | |
| } | |
| # Step 10: Cleanup temporary files | |
| cleanup_temp_files() { | |
| header "Cleaning Up Temporary Files" | |
| log "Removing temporary installation files..." | |
| rm -rf /root/zapret-v${ZAPRET_VERSION} | |
| success "Cleanup completed" | |
| } | |
| # Step 11: Verify installation | |
| verify_installation() { | |
| header "Verifying Installation" | |
| local service_status="❌ INACTIVE" | |
| local nftables_status="❌ NOT CONFIGURED" | |
| local dns_status="❌ NOT WORKING" | |
| # Check service status | |
| if systemctl is-active --quiet zapret; then | |
| service_status="✅ ACTIVE" | |
| log "Service check: PASSED" | |
| else | |
| warn "Service check: FAILED" | |
| fi | |
| # Check nftables rules | |
| if nft list tables 2>/dev/null | grep -q "zapret"; then | |
| nftables_status="✅ CONFIGURED" | |
| log "nftables check: PASSED" | |
| else | |
| warn "nftables check: FAILED" | |
| fi | |
| # Check DNS | |
| if host google.com >/dev/null 2>&1; then | |
| dns_status="✅ WORKING" | |
| log "DNS check: PASSED" | |
| else | |
| warn "DNS check: FAILED" | |
| fi | |
| # Export status for summary | |
| export SERVICE_STATUS="$service_status" | |
| export NFTABLES_STATUS="$nftables_status" | |
| export DNS_STATUS="$dns_status" | |
| } | |
| # ============================================================================ | |
| # DISPLAY FUNCTIONS | |
| # ============================================================================ | |
| display_summary() { | |
| header "Installation Summary" | |
| echo -e "${CYAN}╔════════════════════════════════════════════════════════════════╗${NC}" | |
| echo -e "${CYAN}║ INSTALLATION COMPLETE ║${NC}" | |
| echo -e "${CYAN}╚════════════════════════════════════════════════════════════════╝${NC}" | |
| echo "" | |
| echo -e "${BLUE}📊 System Status:${NC}" | |
| echo -e " 🔧 Zapret Version: ${GREEN}v${ZAPRET_VERSION}${NC}" | |
| echo -e " ⚙️ Service Status: ${SERVICE_STATUS}" | |
| echo -e " 🔥 nftables: ${NFTABLES_STATUS}" | |
| echo -e " 🌐 DNS Status: ${DNS_STATUS}" | |
| echo -e " 🎯 DPI Method: ${GREEN}${DPI_DESYNC_METHOD}${NC}" | |
| echo "" | |
| echo -e "${BLUE}🚀 Service Management:${NC}" | |
| echo -e " ${CYAN}systemctl status zapret${NC} - Check service status" | |
| echo -e " ${CYAN}systemctl start zapret${NC} - Start service" | |
| echo -e " ${CYAN}systemctl stop zapret${NC} - Stop service" | |
| echo -e " ${CYAN}systemctl restart zapret${NC} - Restart service" | |
| echo -e " ${CYAN}journalctl -u zapret -f${NC} - View live logs" | |
| echo "" | |
| echo -e "${BLUE}📁 Important Files:${NC}" | |
| echo -e " Config: ${CYAN}/opt/zapret/config${NC}" | |
| echo -e " Backup: ${CYAN}/opt/zapret/config.backup.*${NC}" | |
| echo -e " Logs: ${CYAN}journalctl -u zapret${NC}" | |
| echo "" | |
| echo -e "${BLUE}🧪 Testing Commands:${NC}" | |
| echo -e " ${CYAN}curl -I https://discord.com${NC}" | |
| echo -e " ${CYAN}curl -I https://twitter.com${NC}" | |
| echo -e " ${CYAN}/opt/zapret/blockcheck.sh${NC} - Advanced testing" | |
| echo "" | |
| echo -e "${BLUE}⚙️ Current DPI Configuration:${NC}" | |
| echo -e " ${GREEN}NFQWS_OPT=\"--dpi-desync=${DPI_DESYNC_METHOD} \\${NC}" | |
| echo -e " ${GREEN} --dpi-desync-ttl=${DPI_TTL} \\${NC}" | |
| echo -e " ${GREEN} --dpi-desync-autottl=${DPI_AUTOTTL} \\${NC}" | |
| echo -e " ${GREEN} --dpi-desync-split-pos=${DPI_SPLIT_POS}\"${NC}" | |
| echo "" | |
| echo -e "${BLUE}🔧 Advanced Tuning:${NC}" | |
| echo -e " 1. Run blockcheck: ${CYAN}/opt/zapret/blockcheck.sh${NC}" | |
| echo -e " 2. Edit config: ${CYAN}nano /opt/zapret/config${NC}" | |
| echo -e " 3. Restart service: ${CYAN}systemctl restart zapret${NC}" | |
| echo "" | |
| echo -e "${YELLOW}💡 Troubleshooting:${NC}" | |
| echo -e " • If sites don't work: Run ${CYAN}blockcheck.sh${NC} for optimal parameters" | |
| echo -e " • Check logs: ${CYAN}journalctl -u zapret -n 50${NC}" | |
| echo -e " • Verify rules: ${CYAN}nft list ruleset | grep zapret${NC}" | |
| echo "" | |
| } | |
| display_detailed_status() { | |
| header "Detailed Service Status" | |
| systemctl status zapret --no-pager -l | |
| echo "" | |
| } | |
| # ============================================================================ | |
| # MAIN EXECUTION | |
| # ============================================================================ | |
| main() { | |
| clear | |
| echo -e "${MAGENTA}" | |
| cat << "EOF" | |
| ███████╗ █████╗ ██████╗ ██████╗ ███████╗████████╗ | |
| ╚══███╔╝██╔══██╗██╔══██╗██╔══██╗██╔════╝╚══██╔══╝ | |
| ███╔╝ ███████║██████╔╝██████╔╝█████╗ ██║ | |
| ███╔╝ ██╔══██║██╔═══╝ ██╔══██╗██╔══╝ ██║ | |
| ███████╗██║ ██║██║ ██║ ██║███████╗ ██║ | |
| ╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝ ╚═╝╚══════╝ ╚═╝ | |
| Enhanced Installation Script v2.0 - Fedora Edition | |
| DPI Bypass & Internet Freedom Tool | |
| EOF | |
| echo -e "${NC}" | |
| echo "" | |
| # Pre-flight checks | |
| check_root | |
| disable_esp_idf_repo | |
| # Get version | |
| ZAPRET_VERSION=$(get_zapret_version) | |
| # Installation steps | |
| update_hosts_file | |
| install_required_tools | |
| configure_dns | |
| cleanup_old_zapret | |
| download_zapret | |
| install_zapret_prerequisites | |
| install_zapret_binaries | |
| install_zapret_main | |
| configure_zapret_optimized | |
| start_zapret_service | |
| cleanup_temp_files | |
| verify_installation | |
| # Display results | |
| display_summary | |
| display_detailed_status | |
| echo -e "${GREEN}╔════════════════════════════════════════════════════════════════╗${NC}" | |
| echo -e "${GREEN}║ 🎉 Installation Completed Successfully! Enjoy Free Internet! ║${NC}" | |
| echo -e "${GREEN}╚════════════════════════════════════════════════════════════════╝${NC}" | |
| echo "" | |
| } | |
| # Run main function | |
| main "$@" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment