- Установить подключение до VPN сервера
- Настроить DoT (DNS-over-TLS) или DoH (DNS-over-HTTPS). Сетевые правила > Интернет-фильтры > Настройка DNS > Добавить сервер. Подходит, например, сервер от яндекса: https://yandex.com/support/dns/keenetic.html
- Прописать статические маршруты до желаемых сервисов. Удобнее всего через bat-файл. Как узнать адреса и маски: https://forum.keenetic.com/topic/14251-%D0%BC%D0%B0%D1%80%D1%88%D1%80%D1%83%D1%82%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F-instagram/
Last active
March 5, 2024 18:22
-
-
Save artrey/3c7d3a41232738219d12bd3a8fe26393 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| route ADD 104.18.0.0 MASK 255.255.0.0 192.168.42.1 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ~ # nslookup instagram.com | |
| Server: 127.0.0.1 | |
| Address 1: 127.0.0.1 localhost | |
| Name: instagram.com | |
| Address 1: 31.13.72.174 instagram-p42-shv-01-arn2.fbcdn.net | |
| Address 2: 2a03:2880:f20a:e5:face:b00c:0:4420 | |
| ~ # whois -h whois.radb.net 31.13.72.174 | |
| route: 31.13.72.0/24 | |
| descr: Facebook, Inc. | |
| origin: AS32934 | |
| mnt-by: MAINT-AS32934 | |
| changed: [email protected] 20111025 | |
| source: RADB | |
| ~ # whois -h whois.radb.net '!gAS32934' | |
| A3359 | |
| 69.63.176.0/20 66.220.144.0/20 66.220.144.0/21 69.63.184.0/21 69.63.176.0/21 74.119.76.0/22 69.171.255.0/24 173.252.64.0/18 69.171.224.0/19 69.171.224.0/20 103.4.96.0/22 173.252.64.0/19 31.13.64.0/18 31.13.24.0/21 66.220.152.0/21 69.171.239.0/24 69.171.240.0/20 31.13.64.0/19 31.13.64.0/24 31.13.65.0/24 31.13.67.0/24 31.13.68.0/24 31.13.69.0/24 31.13.70.0/24 31.13.71.0/24 31.13.72.0/24 31.13.73.0/24 31.13.74.0/24 31.13.75.0/24 31.13.76.0/24 31.13.77.0/24 31.13.96.0/19 31.13.66.0/24 173.252.96.0/19 69.63.178.0/24 31.13.78.0/24 31.13.79.0/24 31.13.80.0/24 31.13.82.0/24 31.13.83.0/24 31.13.84.0/24 31.13.85.0/24 31.13.86.0/24 31.13.87.0/24 31.13.88.0/24 31.13.89.0/24 31.13.91.0/24 31.13.92.0/24 31.13.93.0/24 31.13.94.0/24 31.13.95.0/24 31.13.81.0/24 179.60.192.0/22 179.60.192.0/24 179.60.193.0/24 179.60.194.0/24 179.60.195.0/24 185.60.216.0/22 45.64.40.0/22 185.60.216.0/24 185.60.217.0/24 185.60.218.0/24 185.60.219.0/24 129.134.0.0/16 157.240.0.0/16 157.240.8.0/24 157.240.0.0/24 157.240.1.0/24 157.240.2.0/24 157.240.3.0/24 157.240.5.0/24 157.240.6.0/24 157.240.7.0/24 157.240.9.0/24 157.240.10.0/24 157.240.16.0/24 157.240.19.0/24 157.240.11.0/24 157.240.12.0/24 157.240.13.0/24 157.240.14.0/24 157.240.15.0/24 157.240.17.0/24 157.240.18.0/24 157.240.20.0/24 157.240.21.0/24 157.240.22.0/24 157.240.23.0/24 157.240.0.0/17 69.171.250.0/24 204.15.20.0/22 157.240.192.0/24 157.240.198.0/24 102.132.96.0/20 102.132.96.0/24 102.132.97.0/24 157.240.26.0/24 157.240.27.0/24 157.240.28.0/24 157.240.29.0/24 157.240.30.0/24 129.134.28.0/24 129.134.29.0/24 157.240.208.0/24 157.240.193.0/24 157.240.194.0/24 157.240.195.0/24 157.240.197.0/24 157.240.196.0/24 157.240.200.0/24 157.240.201.0/24 157.240.203.0/24 157.240.204.0/24 157.240.205.0/24 157.240.206.0/24 157.240.207.0/24 157.240.209.0/24 157.240.210.0/24 157.240.211.0/24 157.240.212.0/24 157.240.213.0/24 157.240.214.0/24 157.240.215.0/24 157.240.216.0/24 157.240.222.0/24 129.134.30.0/24 129.134.31.0/24 129.134.30.0/23 129.134.25.0/24 129 | |
| .134.26.0/24 129.134.27.0/24 102.132.99.0/24 102.132.101.0/24 129.134.64.0/24 129.134.65.0/24 129.134.66.0/24 129.134.67.0/24 157.240.219.0/24 157.240.217.0/24 157.240.218.0/24 157.240.199.0/24 129.134.127.0/24 157.240.223.0/24 157.240.192.0/18 157.240.221.0/24 157.240.220.0/24 173.252.88.0/21 129.134.68.0/24 129.134.69.0/24 129.134.70.0/24 157.240.24.0/24 157.240.25.0/24 102.132.100.0/24 157.240.31.0/24 157.240.224.0/24 129.134.71.0/24 157.240.225.0/24 157.240.226.0/24 157.240.227.0/24 129.134.0.0/17 129.134.72.0/24 129.134.73.0/24 129.134.74.0/24 185.89.218.0/24 185.89.219.0/24 185.89.218.0/23 157.240.228.0/24 157.240.229.0/24 129.134.76.0/24 129.134.75.0/24 157.240.239.0/24 157.240.240.0/24 157.240.241.0/24 157.240.231.0/24 157.240.232.0/24 157.240.233.0/24 157.240.234.0/24 157.240.235.0/24 157.240.236.0/24 129.134.77.0/24 129.134.78.0/24 129.134.79.0/24 157.240.237.0/24 157.240.238.0/24 157.240.242.0/24 157.240.243.0/24 129.134.112.0/24 157.240.100.0/24 157.240.98.0/24 157.240.96.0/24 157.240.99.0/24 157.240.101.0/24 129.134.113.0/24 129.134.114.0/24 157.240.97.0/24 129.134.115.0/24 157.240.244.0/24 157.240.245.0/24 157.240.246.0/24 157.240.247.0/24 157.240.248.0/24 185.89.219.0/24 185.89.218.0/24 185.89.218.0/23 185.89.216.0/22 147.75.208.0/20 204.15.20.0/22 69.63.176.0/20 69.63.176.0/21 69.63.184.0/21 66.220.144.0/20 69.63.176.0/20 | |
| C | |
| ~ # | |
| ~ # nslookup fasebook.com | |
| Server: 127.0.0.1 | |
| Address 1: 127.0.0.1 localhost | |
| Name: fasebook.com | |
| Address 1: 31.13.72.8 edge-star-shv-01-arn2.facebook.com | |
| Address 2: 2a03:2880:f00a:8:face:b00c:0:2 | |
| ~ # whois -h whois.radb.net 31.13.72.8 | |
| route: 31.13.72.0/24 | |
| descr: Facebook, Inc. | |
| origin: AS32934 | |
| mnt-by: MAINT-AS32934 | |
| changed: [email protected] 20111025 | |
| source: RADB |
- Download startup-config from Keenetic
- Ping
<desired site>to get ip - Find origin:
whois -h whois.radb.net <ip> - Find all ip addresses:
whois -h whois.radb.net '!g<origin>' - Prepare new lines:
import ipaddress
ips = """...insert all ips..."""
ips = ips.split(" ")
tmpl = "ip route {address} {mask} L2TP0 auto reject !LinkedIn"
for ip in ips:
x = ipaddress.ip_network(ip)
print(tmpl.format(address=str(x.network_address), mask=str(x.netmask)))- Insert them into startup-config
- Upload to the Keenetic
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| route ADD 147.75.208.0 MASK 255.255.240.0 192.168.42.1 | |
| route ADD 185.89.216.0 MASK 255.255.252.0 192.168.42.1 | |
| route ADD 31.13.24.0 MASK 255.255.248.0 192.168.42.1 | |
| route ADD 31.13.64.0 MASK 255.255.224.0 192.168.42.1 | |
| route ADD 31.13.96.0 MASK 255.255.224.0 192.168.42.1 | |
| route ADD 45.64.40.0 MASK 255.255.252.0 192.168.42.1 | |
| route ADD 66.220.144.0 MASK 255.255.240.0 192.168.42.1 | |
| route ADD 69.63.176.0 MASK 255.255.240.0 192.168.42.1 | |
| route ADD 69.171.224.0 MASK 255.255.224.0 192.168.42.1 | |
| route ADD 74.119.76.0 MASK 255.255.252.0 192.168.42.1 | |
| route ADD 102.132.96.0 MASK 255.255.240.0 192.168.42.1 | |
| route ADD 103.4.96.0 MASK 255.255.252.0 192.168.42.1 | |
| route ADD 129.134.0.0 MASK 255.255.0.0 192.168.42.1 | |
| route ADD 173.252.64.0 MASK 255.255.192.0 192.168.42.1 | |
| route ADD 179.60.192.0 MASK 255.255.252.0 192.168.42.1 | |
| route ADD 185.60.216.0 MASK 255.255.252.0 192.168.42.1 | |
| route ADD 204.15.20.0 MASK 255.255.252.0 192.168.42.1 | |
| route ADD 157.240.0.0 MASK 255.255.0.0 192.168.42.1 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # pip install python-whois netaddr | |
| import functools | |
| import ipaddress | |
| import re | |
| import socket | |
| import typing as ty | |
| import netaddr | |
| import whois | |
| origin_lookup = re.compile(r"origin:\s+([a-zA-Z0-9]+)") | |
| @functools.cache | |
| def _get_ip(hostname: str) -> str: | |
| return socket.gethostbyname(hostname) | |
| def get_ips(hostname: str) -> list[str]: | |
| pivot_ip = _get_ip(hostname) | |
| query = whois.NICClient().whois(pivot_ip, _get_ip("whois.radb.net"), 0) | |
| origins = set(origin_lookup.findall(query)) | |
| result = set() | |
| for origin in origins: | |
| data = whois.NICClient().whois(f"!g{origin}", _get_ip("whois.radb.net"), 0) | |
| result |= set(data.split("\n")[1].split(" ")) | |
| return sorted(map(str, netaddr.IPSet(result).iter_cidrs())) | |
| def prepare_routes(hostname: str, description: str | None = None) -> ty.Generator[str, None, None]: | |
| description = description or hostname | |
| tmpl = f"ip route {{address}} {{mask}} L2TP0 auto reject !{description}" | |
| for ip in get_ips(hostname): | |
| addr = ipaddress.ip_network(ip) | |
| yield tmpl.format(address=str(addr.network_address), mask=str(addr.netmask)) | |
| print("\n".join(prepare_routes("instagram.com", "Facebook/Instagram"))) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment