Skip to content

Instantly share code, notes, and snippets.

@OmerFarukOruc

OmerFarukOruc/fedora_zapret_install.sh

Created September 9, 2025 12:07
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save OmerFarukOruc/15617b4305169fe8f22443aeea98f60d to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save OmerFarukOruc/15617b4305169fe8f22443aeea98f60d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
fedora_zapret_install.sh
#!/bin/bash
# Fedora Zapret Automatic Installation Script
# DPI Bypass Tool - Enhanced Version
# Usage: sudo ./fedora_zapret_install.sh
set -e # Stop script on error
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Log functions
log() {
echo -e "${GREEN}[INFO]${NC} $1"
}
warn() {
echo -e "${YELLOW}[WARN]${NC} $1"
}
error() {
echo -e "${RED}[ERROR]${NC} $1"
}
header() {
echo -e "${BLUE}======================================${NC}"
echo -e "${BLUE}$1${NC}"
echo -e "${BLUE}======================================${NC}"
}
# Root check
if [ "$EUID" -ne 0 ]; then
error "This script must be run as root. Use 'sudo $0'"
exit 1
fi
# Get latest Zapret version automatically
log "Checking latest Zapret version..."
ZAPRET_VERSION=$(curl -s "https://api.github.com/repos/bol-van/zapret/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/' | sed 's/v//')
if [ -z "$ZAPRET_VERSION" ]; then
error "Failed to get latest Zapret version from GitHub API"
exit 1
fi
log "Using Zapret version: v$ZAPRET_VERSION"
header "Enhanced Fedora Zapret Installation Starting"
# 1. Update /etc/hosts
header "1. Updating /etc/hosts"
log "Installing required packages..."
dnf install -y hostname sed
log "Updating /etc/hosts file..."
sed -i "s/^127\.0\.1\.1.*/127.0.1.1\t$(hostname)/" /etc/hosts
# 2. Install Required Tools
header "2. Installing Required Tools"
log "Updating system packages..."
dnf update -y
log "Installing required packages..."
dnf install -y curl bind-utils unzip nftables wget systemd-resolved
# 3. DNS Configuration (Enhanced)
header "3. DNS Configuration Setup"
log "Configuring systemd-resolved for better DNS..."
systemctl enable systemd-resolved
systemctl start systemd-resolved
# Configure DNS with Yandex DNS servers (good for DPI bypass)
cat > /etc/systemd/resolved.conf << EOF
[Resolve]
DNS=77.88.8.8 77.88.8.1 2a02:6b8::feed:0ff 2a02:6b8:0:1::feed:0ff
DNSOverTLS=yes
EOF
ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
systemctl restart systemd-resolved
log "DNS configuration completed"
# 4. Download Zapret
header "4. Downloading Zapret"
log "Cleaning old Zapret files..."
cd /root
rm -rf zapret-v${ZAPRET_VERSION}.zip zapret-v${ZAPRET_VERSION}
log "Downloading Zapret v${ZAPRET_VERSION}..."
wget -q --show-progress https://github.com/bol-van/zapret/releases/download/v${ZAPRET_VERSION}/zapret-v${ZAPRET_VERSION}.zip
log "Extracting Zapret archive..."
unzip -q zapret-v${ZAPRET_VERSION}.zip
rm -f zapret-v${ZAPRET_VERSION}.zip
# 5. Zapret Installation Preparation
header "5. Zapret Installation Preparation"
log "Cleaning old Zapret installation..."
/root/zapret-v${ZAPRET_VERSION}/uninstall_easy.sh 2>/dev/null || true
/opt/zapret/uninstall_easy.sh 2>/dev/null || true
rm -rf /opt/zapret
log "Installing Zapret prerequisites..."
/root/zapret-v${ZAPRET_VERSION}/install_prereq.sh << EOF
EOF
log "Installing Zapret binary files..."
/root/zapret-v${ZAPRET_VERSION}/install_bin.sh << EOF
EOF
# 6. Main Zapret Installation with Enhanced Configuration
header "6. Main Zapret Installation"
log "Starting Zapret service installation..."
# Enhanced installation with proper answers
/root/zapret-v${ZAPRET_VERSION}/install_easy.sh << EOF
Y
2
N
1
1
N
N
Y
Y
1
1
EOF
# 7. Advanced Zapret Configuration
header "7. Advanced Zapret Configuration"
log "Creating optimized Zapret configuration..."
# Backup original config
cp /opt/zapret/config /opt/zapret/config.backup.$(date +%Y%m%d_%H%M%S)
# Remove problematic lines
sed -i '/HOSTLIST/d' /opt/zapret/config
sed -i '/NFQWS_OPT_DESYNC_HTTP/d' /opt/zapret/config
sed -i '/NFQWS_OPT_DESYNC_HTTPS/d' /opt/zapret/config
sed -i '/NFQWS_OPT_DESYNC_QUIC/d' /opt/zapret/config
# Clean up existing configuration
sed -i '/^MODE_FILTER=/d' /opt/zapret/config
sed -i '/^NFQWS_PORTS_TCP=/d' /opt/zapret/config
sed -i '/^NFQWS_PORTS_UDP=/d' /opt/zapret/config
sed -i '/^NFQWS_TCP_PKT_OUT=/d' /opt/zapret/config
sed -i '/^NFQWS_TCP_PKT_IN=/d' /opt/zapret/config
sed -i '/^NFQWS_UDP_PKT_OUT=/d' /opt/zapret/config
sed -i '/^NFQWS_UDP_PKT_IN=/d' /opt/zapret/config
sed -i '/^NFQWS_OPT=/d' /opt/zapret/config
# Add optimized configuration based on blockcheck results
cat >> /opt/zapret/config << EOF
# Enhanced DPI Bypass Configuration
# Based on comprehensive blockcheck testing
MODE_FILTER=nfqws
NFQWS_PORTS_TCP=80,443
NFQWS_PORTS_UDP=443
NFQWS_TCP_PKT_OUT=9
NFQWS_TCP_PKT_IN=3
NFQWS_UDP_PKT_OUT=9
NFQWS_UDP_PKT_IN=0
NFQWS_OPT="--dpi-desync=fakeddisorder --dpi-desync-ttl=1 --dpi-desync-autottl=-5 --dpi-desync-split-pos=1"
EOF
log "Configuration updated with optimal DPI bypass settings"
# 8. Service Activation
header "8. Service Activation"
log "Starting and enabling Zapret service..."
systemctl daemon-reload
systemctl enable zapret
systemctl restart zapret
# Wait for service to start
sleep 5
# 9. Cleanup
header "9. Cleanup"
log "Cleaning temporary files..."
rm -rf /root/zapret-v${ZAPRET_VERSION}
# 10. Testing and Verification
header "10. Installation Verification"
log "Checking service status..."
if systemctl is-active --quiet zapret; then
log "✅ Zapret service is running successfully!"
STATUS="✅ ACTIVE"
else
warn "⚠️ Zapret service is not running properly!"
STATUS="❌ INACTIVE"
fi
# Check nftables rules
if nft list tables 2>/dev/null | grep -q "zapret"; then
log "✅ nftables rules are properly configured!"
NFTABLES_STATUS="✅ CONFIGURED"
else
warn "⚠️ nftables rules may not be active!"
NFTABLES_STATUS="❌ NOT CONFIGURED"
fi
# 11. Summary and Instructions
header "Installation Summary"
echo
log "🎉 Enhanced Fedora Zapret installation completed!"
echo
echo -e "${BLUE}📊 Installation Status:${NC}"
echo "🔧 Zapret Version: v${ZAPRET_VERSION}"
echo "⚙️ Service Status: ${STATUS}"
echo "🔥 nftables: ${NFTABLES_STATUS}"
echo "🌐 DNS: Enhanced with DoT"
echo "🎯 Method: fakeddisorder + autottl"
echo
echo -e "${BLUE}🚀 Service Management:${NC}"
echo "Status: systemctl status zapret"
echo "Start: systemctl start zapret"
echo "Stop: systemctl stop zapret"
echo "Restart: systemctl restart zapret"
echo "Logs: journalctl -u zapret -f"
echo
echo -e "${BLUE}📁 Configuration Files:${NC}"
echo "Main config: /opt/zapret/config"
echo "Backup: /opt/zapret/config.backup.*"
echo
echo -e "${BLUE}🧪 Testing Instructions:${NC}"
echo "1. Test blocked sites (Discord, Twitter, etc.)"
echo "2. Check logs: journalctl -u zapret -f"
echo "3. Monitor traffic: /opt/zapret/blockcheck.sh"
echo
echo -e "${BLUE}⚙️ Advanced Configuration:${NC}"
echo "To customize settings for your specific needs:"
echo "1. Run: /opt/zapret/blockcheck.sh"
echo "2. Test with blocked domain (e.g., discord.com)"
echo "3. Update NFQWS_OPT in /opt/zapret/config"
echo "4. Restart: systemctl restart zapret"
echo
echo -e "${BLUE}🔧 Current Optimal Settings:${NC}"
echo 'NFQWS_OPT="--dpi-desync=fakeddisorder --dpi-desync-ttl=1 --dpi-desync-autottl=-5 --dpi-desync-split-pos=1"'
echo
log "🎯 DPI Bypass is now active and optimized!"
echo
warn "💡 Pro Tip: If some sites still don't work, run blockcheck.sh to find better parameters!"
# Show detailed service status
echo
header "Detailed Service Status"
systemctl status zapret --no-pager -l
echo
log "🌟 Installation completed successfully! Enjoy unrestricted internet!"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment