# Provider network interface, e.g. eth3
# You can specify multiple interfaces separated by space, e.g. ISP_INTERFACE="eth3 nwg1"
ISP_INTERFACE="ppp0"

# Lists
HOSTLIST_USER="--hostlist=/opt/etc/nfqws/user.list"
HOSTLIST_AUTO="--hostlist-auto=/opt/etc/nfqws/auto.list"
HOSTLIST_AUTO_DEBUG="--hostlist-auto-debug=/opt/var/log/nfqws.log"
HOSTLIST_EXCLUDE="--hostlist-exclude=/opt/etc/nfqws/exclude.list"
IPSET="--ipset=/opt/etc/nfqws/ipset.list --ipset-exclude=/opt/etc/nfqws/ipset_exclude.list"

# Mode
#HOSTLIST="$HOSTLIST_USER $HOSTLIST_AUTO $HOSTLIST_AUTO_DEBUG $HOSTLIST_EXCLUDE --comment AUTO"
HOSTLIST="$HOSTLIST_USER --comment LIST"
#HOSTLIST="$HOSTLIST_EXCLUDE --comment ALL"

# All arguments here: https://github.com/bol-van/zapret (search for `nfqws` on the page)
# HTTP(S) strategy

ARGS_HTTPS="--filter-tcp=443 $IPSET --dpi-desync=multisplit --dpi-desync-split-pos=1,midsld --dpi-desync-ttl=0 --dpi-desync-repeats=2 --dpi-desync-fooling=badsum --dpi-desync-split-seqovl=652 --dpi-desync-split-seqovl-pattern=/opt/etc/nfqws/tls_clienthello.bin --new"
ARGS_HTTPS="$ARGS_HTTPS --filter-tcp=80 $HOSTLIST --dpi-desync=fake,multidisorder --dpi-desync-split-pos=1,method+2 --dpi-desync-ttl=0 --dpi-desync-repeats=2 --dpi-desync-fooling=badsum --new"
ARGS_HTTPS="$ARGS_HTTPS --filter-tcp=443 $HOSTLIST --dpi-desync=fake,multisplit --dpi-desync-split-pos=1,midsld --dpi-desync-ttl=0 --dpi-desync-repeats=2 --dpi-desync-fooling=badseq --dpi-desync-fake-tls-mod=rnd,dupsid,sni=www.google.com --new"
ARGS_HTTPS="$ARGS_HTTPS --filter-tcp=1024-65535 $HOSTLIST --dpi-desync=multisplit --dpi-desync-split-pos=1,midsld --dpi-desync-ttl=0 --dpi-desync-repeats=2 --dpi-desync-fooling=badsum --dpi-desync-split-seqovl=2108 --dpi-desync-split-seqovl-pattern=/opt/etc/nfqws/tls_clienthello.bin"

# QUIC strategy
ARGS_QUIC="--filter-udp=443 $HOSTLIST --dpi-desync=fake --dpi-desync-repeats=11 --dpi-desync-fake-quic=/opt/etc/nfqws/quic_initial.bin"

# UDP strategy (doesn't use lists from NFQWS_EXTRA_ARGS)
ARGS_UDP="--filter-udp=1024-65534 $IPSET --dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-any-protocol=1 --dpi-desync-cutoff=n2 --dpi-desync-fake-unknown-udp=/opt/etc/nfqws/quic_initial.bin --new"
ARGS_UDP="$ARGS_UDP --filter-udp=1024-65534 $HOSTLIST --dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-any-protocol=1 --dpi-desync-cutoff=n2 --dpi-desync-fake-unknown-udp=/opt/etc/nfqws/quic_initial.bin --new"
ARGS_UDP="$ARGS_UDP --filter-udp=50000-50099 --filter-l7=discord,stun --dpi-desync=fake --dpi-desync-repeats=6"

# Custom arguments, e.g. NFQWS_ARGS_CUSTOM="--filter-tcp=80 --dpi-desync=fakedsplit --new --filter-tcp=443 --dpi-desync=fake"
NFQWS_ARGS_CUSTOM="$ARGS_HTTPS --new $ARGS_QUIC --new $ARGS_UDP"

# IPv6 support
IPV6_ENABLED=0

# TCP ports for iptables rules
TCP_PORTS=80,443,1024:65535

# UDP ports for iptables rules
UDP_PORTS=443,1024:65535

# Keenetic policy name
POLICY_NAME="nfqws"
# Policy mode (0 - include, 1 - exclude)
POLICY_EXCLUDE=0

# Syslog logging level (0 - silent, 1 - debug)
LOG_LEVEL=0

NFQUEUE_NUM=200
USER=nobody
CONFIG_VERSION=8