auto_detect_blocked_websites.sh

#!/bin/bash

# opkg install bash conntrack curl ca-bundle
# conntrack -E -p tcp --dport 443 | ./this-script

SECONDS=0
declare -A last
declare -A current


function test_direct() {
  # curl -I https://$1 -k --connect-timeout 2 > /dev/null 2>&1
  # http can have better timeout
  curl -I http://$1 --connect-timeout 1 > /dev/null 2>&1
  ret=$?
  return $ret
}

function test_proxy() {
  TEST_INTERFACE=`ip route get 8.8.8.8 | awk '/src/{ print $7 }'`
  # curl -I --interface $TEST_INTERFACE https://$1 -k --connect-timeout 2 > /dev/null 2>&1
  # http can have better timeout
  curl -I --interface $TEST_INTERFACE http://$1 --connect-timeout 1 > /dev/null 2>&1
  ret=$?
  return $ret
}

while read line; do

  if (( SECONDS > 1 )); then

    echo dip..

    # echo result
    for ip in "${!last[@]}"; do
      test_direct $ip
      test_result=$?
      if (( test_result > 0 )); then
        test_proxy $ip
        test_result=$?
        if (( test_result > 0 )); then
          echo $ip cannot access via proxy as well, skip.
        else
          echo $ip is accessable via proxy, add to IPSet.
          ipset add auto_detect $ip
        fi
      else
        echo $ip is accessable directly, skip.
      fi

    done

    # reset time
    SECONDS=0

    # copy from current to last
    unset last
    declare -A last
    for ip in "${!current[@]}"; do
      last[$ip]=1
    done

    # clear current
    unset current
    declare -A current

  fi

  dst=${line#*dst=}
  dst=${dst%% sport=*}

  # echo $dst

  if [[ ${line:1:3} == NEW ]]; then
    current[$dst]=1
  else
    unset current[$dst]
    unset last[$dst]
  fi

done

run this file by this:

#!/bin/sh

(while true; do 

  (conntrack -E -p tcp --dport 443 | /root/auto_detect_blocked_websites)
  sleep 10

done) &