| --- | |
| - name: Update dat files | |
| hosts: all | |
| become: yes | |
| vars: | |
| - base_path: /etc/mosdns | |
| - restart_daemon: yes | |
| - daemon_service_name: mosdns | |
| - clean_up_after: yes |
something like this will add a great regularly updated malware file for it to use. More security and privacy to you! Specifically, this uses https://github.com/StevenBlack/hosts Choose one of the Raw Hosts file from there to use.
To setup DNSMasq, follow the below ...
wget -O- https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts | awk '$1 == "0.0.0.0" { print "address=/"$2"/0.0.0.0/"}' > /etc/dnsmasq.d/malware.conf`
| # 2017-10-01T14:14:44+00:00 | |
| 108.175.32.0/20 | |
| 108.175.34.0/24 | |
| 108.175.35.0/24 | |
| 192.173.64.0/18 | |
| 198.38.100.0/24 | |
| 198.38.101.0/24 | |
| 198.38.108.0/24 | |
| 198.38.109.0/24 |
| # Generate a BaseSystem.dmg with 10.13 Install Packages | |
| hdiutil attach /Applications/Install\ macOS\ 10.13\ Beta.app/Contents/SharedSupport/InstallESD.dmg -noverify -mountpoint /Volumes/highsierra | |
| hdiutil create -o /tmp/HighSierraBase.cdr -size 7316m -layout SPUD -fs HFS+J | |
| hdiutil attach /tmp/HighSierraBase.cdr.dmg -noverify -mountpoint /Volumes/install_build | |
| asr restore -source /Applications/Install\ macOS\ 10.13\ Beta.app/Contents/SharedSupport/BaseSystem.dmg -target /Volumes/install_build -noprompt -noverify -erase | |
| cp -R /Volumes/highsierra/Packages /Volumes/OS\ X\ Base\ System/System/Installation | |
| hdiutil detach /Volumes/OS\ X\ Base\ System/ | |
| hdiutil detach /Volumes/highsierra/ | |
| mv /tmp/HighSierraBase.cdr.dmg /tmp/BaseSystem.dmg |
This gist was essentially created out of my own rant about Netflix being hostile to IPv6 tunnel services since June 2016. You are welcome to read my opinion on the matter, this is the more technical side to the issue and how to combat it within your own network.
Since I wrote this, various GitHub users have contributed their thoughts and ideas which has been incorporated into this gist. Thank you to everyone who have contributed their own methods and implementations.
Netflix now treats IPv6 tunnel brokers (such as Hurricane Electric) as proxy servers. A while ago it became apparent to users and Netflix that somewhat by accident, IPv6 tunnel users were being served content outside of their geolocation because of the way Netflix was identifyi
| # 你可以从该 URL 下载这个配置文件: http://surge.run/config-example/ios.conf | |
| # 用编辑器编辑后,再通过 iTunes, URL, AirDrop 或者 iCloud Drive 复制回 iOS 设备 | |
| # Version 2.0 | |
| [General] | |
| # 日志等级: warning, notify, info, verbose (默认值: notify) | |
| loglevel = notify | |
| # 跳过某个域名或者 IP 段,这些目标主机将不会由 Surge Proxy 处理。(在 macOS | |
| # 版本中,如果启用了 Set as System Proxy, 那么这些值会被写入到系统网络代理 | |
| # 设置中.) |
| #!/bin/bash | |
| #自动翻墙脚本,配合shadowsocks-libev的ss-redir使用。需要ipset | |
| chnroute_file=~/.chnroute | |
| ignore_ips=( | |
| 45.32.50.160 | |
| 45.127.93.239 | |
| 103.214.68.175 | |
| 0.0.0.0/8 | |
| 10.0.0.0/8 | |
| 127.0.0.0/8 |
| #!/bin/bash | |
| # CHANGE THESE | |
| auth_email="user@example.com" | |
| auth_key="c2547eb745079dac9320b638f5e225cf483cc5cfdda41" # found in cloudflare account settings | |
| zone_name="example.com" | |
| record_name="www.example.com" | |
| # MAYBE CHANGE THESE | |
| ip=$(curl -s http://ipv4.icanhazip.com) |
由于路由管控系统的建立,实时动态黑洞路由已成为最有效的封锁手段,TCP连接重置和DNS污染成为次要手段,利用漏洞的穿墙方法已不再具有普遍意义。对此应对方法是多样化协议的VPN来抵抗识别。这里介绍一种太简单、有时很朴素的“穷人VPN”。
朴素VPN只需要一次内核配置(Linux内核),即可永久稳定运行,不需要任何用户态守护进程。所有流量转换和加密全部由内核完成,原生性能,开销几乎没有。静态配置,避免动态握手和参数协商产生指纹特征导致被识别。并且支持NAT,移动的内网用户可以使用此方法。支持广泛,基于L2TPv3标准,Linux内核3.2+都有支持,其他操作系统原则上也能支持。但有两个局限:需要root权限;一个隧道只支持一个用户。
朴素VPN利用UDP封装的静态L2TP隧道实现VPN,内核XFRM实现静态IPsec。实际上IP-in-IP隧道即可实现VPN,但是这种协议无法穿越NAT,因此必须利用UDP封装。内核3.18将支持Foo-over-UDP,在UDP里面直接封装IP,与静态的L2TP-over-UDP很类似。
| ---- | |
| Linux 基于策略的路由(Linux Policy Routing) | |
| Linux 有传统的基于数据包目的地址的路由算法,和新的基于策略的路由算法 | |
| 新算法优点:支持多个路由表,支持按数据报属性(源地址、目的地址、协议、端口、数据包大小、内容等)选择不同路由表 | |
| # 查看规则命令,后面可跟其它参数,默认为 show(list) 显示全部 | |
| ip rule |
